Decodes the DNS request and response packets.
The output fields are as follows:
- additionals: Other additional records (array)
- answers: Answer resource records from the DNS server (array)
- authorities: Information of authoritative DNS servers (array)
- bytes: Size (integer) of the DNS payload
- direction: Direction of the transaction (string)
c->s: Request from the client
s->c: Response from the server
- domain: Domain address to be queried (string)
- dst_ip: Destination IP address of the DNS transaction (IP address)
- dst_port: Destination port of the DNS transaction (integer)
- flags: DNS header flag. Refer to: https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-12
- ip: IP address connected to the domain address (IP address)
- src_ip: Source IP address of the DNS transaction (IP address)
- src_port: Source port of the DNS transaction (integer)
- status: Query result. If there is an error, an error message is displayed.
FORMAT_ERROR: The DNS server could not interpret the request.
NAME_ERROR: The domain name in the request does not exist.
NO_ERROR: No error.
NOT_IMPLEMENTED: The DNS server does not support the type of request.
REFUSED: The DNS server refused the request.
SERVER_FAILURE: The DNS server was unable to process the request due to an internal server error.
- txid: DNS transaction ID (hexadecimal string)
- type: DNS record type (strings such as
TXT). Refer to: https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4
Decode DNS packets from a pcap file.
pcapfile /opt/logpresso/pcap/abnormal_traffic.pcap | decodedns