DNSTOP: STAY ON TOP OF YOUR DNS TRAFFIC

dnstop is a libpcap application (like tcpdump) that displays various tables of DNS traffic on your network. Currently dnstop displays tables of:

Source IP addresses
Destination IP addresses
Query types
Response codes
Opcodes
Top level domains
Second level domains
Third level domains
etc...

dnstop supports both IPv4 and IPv6 addresses.

To help find especially undesirable DNS queries, dnstop provides a number of filters. The filters tell dnstop to display only the following types of queries:

For unknown/invalid TLDs
A queries where the query name is already an IP address
PTR queries for RFC1918 address space
Responses with code REFUSED
Responses with code SERVFAIL
Responses with code NXDOMAIN

dnstop can either read packets from the live capture device, or from a tcpdump savefile.

See also http://dns.measurement-factory.com/tools/dnstop/.

For compatibility with musl libc, define CFLAGS=-D_GNU_SOURCE during configure.

Name	Name	Last commit message	Last commit date
Latest commit BrianDead and wessels Added text names for new Q Types 64 (SVCB) and 65 (HTTPS) introduced … Jul 8, 2024 aaf21ba · Jul 8, 2024 History 229 Commits
CHANGES	CHANGES	document new-gtlds changes	Sep 12, 2014
LICENSE	LICENSE	Initial revision	Dec 24, 2002
Makefile.in	Makefile.in	Fix broken man by adding directory creation statement in install	Mar 29, 2021
README.md	README.md	Add a hint for compatibility with musl libc	Jan 13, 2022
config.h.in	config.h.in	Added LDFLAGS=@LDFLAGS@ to Makefile.in	May 2, 2011
configure	configure	Added LDFLAGS=@LDFLAGS@ to Makefile.in	May 2, 2011
configure.scan	configure.scan	Tell configure to #include <pcap.h> when checking for struct bpf_timeval	Jan 13, 2011
dnstop.8	dnstop.8	Add nxdomain filter	Mar 16, 2021
dnstop.c	dnstop.c	Added text names for new Q Types 64 (SVCB) and 65 (HTTPS) introduced …	Jul 8, 2024
hashtbl.c	hashtbl.c	When iterating the hash table to free it, must save "next" pointer be…	Sep 15, 2014
hashtbl.h	hashtbl.h	Replace unlicensed "SuperFastHash" with public domain "lookup3.c"	May 11, 2007
inX_addr.c	inX_addr.c	Convert to use inX_addr to hold IP addresses	Jan 4, 2011
inX_addr.h	inX_addr.h	Convert to use inX_addr to hold IP addresses	Jan 4, 2011
install-sh	install-sh	adding a ./configure script	Apr 29, 2008
known_tlds.h	known_tlds.h	updating known_tlds.h	Feb 26, 2018
lookup3.c	lookup3.c	adding a ./configure script	Apr 29, 2008
mk-known-tlds.sh	mk-known-tlds.sh	Adding the "new-gtlds" filter. This will count messages for which	Sep 12, 2014
mk-newgtlds.sh	mk-newgtlds.sh	Adding the "new-gtlds" filter. This will count messages for which	Sep 12, 2014
new_gtlds.h	new_gtlds.h	updating new_gtlds.h, noting that "known TLDs" is now a superset of t…	Feb 26, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

DNSTOP: STAY ON TOP OF YOUR DNS TRAFFIC

About

Releases

Packages

Contributors 6

Languages

License

measurement-factory/dnstop

Folders and files

Latest commit

History

Repository files navigation

DNSTOP: STAY ON TOP OF YOUR DNS TRAFFIC

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 6

Languages

Packages