kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
freeswitch/libs/ldns/examples/ldns-dpa.1

152 lines
3.8 KiB
Groff
Raw Blame History

.TH dpa 1 "1 Nov 2005"
.SH NAME
dpa \- DNS Packet Analyzer. Analyze DNS packets in ip trace files
.SH SYNOPSIS
.B dpa
[
.IR OPTION
]
.IR TRACEFILE
.SH DESCRIPTION
\fBdpa\fR is used to analyze dns packets in trace files. It has 3 main options: count, filter, and count uniques (i.e. count all different occurences).
.SH OPTIONS
.TP
\fB-c\fR \fIexpressionlist\fR
Count occurrences of matching expressions
.TP
\fB-f\fR \fIexpression\fR
Filter: only process packets that match the expression
.TP
\fB-h\fR
Show usage
.TP
\fB-p\fR
Show the total number of correct DNS packets, and percentage of -u and
-c values (of the total of matching on the -f filter. if no filter is
given, percentages are on all correct dns packets)
.TP
\fB-of\fR \fIfile\fR
Write all packets that match the -f flag to file, as pcap data.
.TP
\fB-ofh\fR \fIfile\fR
Write all packets that match the -f flag to file, in hexadecimal format,
readable by drill.
.TP
\fB-s\fR
Show possible match names
.TP
\fB-s\fR \fImatchname\fR
show possible match operators and values for name
.TP
\fB-sf\fR
Only evaluate packets (in representation format) that match the -f filter.
If no -f was given, evaluate all correct dns packets.
.TP
\fB-u\fR \fImatchnamelist\fR
Count every occurence of every value of the matchname (for instance, count all packetsizes, see EXAMPLES in ldns-dpa(1) ).
.TP
\fB-ua\fR
For every matchname in -u, show the average value of all matches. Behaviour for match types that do not have an integer value is undefined.
.TP
\fB-uac\fR
For every matchname in -u, show the average number of times this value was encountered.
.TP
\fB-um\fR \fInumber\fR
Only show the results from -u for values that occurred more than <number> times.
.TP
\fB-v\fR \fIlevel\fR
Set verbosity to level (1-5, 5 being the highest). Mostly used for debugging.
.TP
\fB-notip\fR \fIfile\fR
Write packets that were not recognized as IP packets to file (as pcap data).
.TP
\fB-baddns\fR \fIfile\fR
Write dns packets that were too mangled to parse to file (as pcap data).
.TP
\fB-version\fR
Show version and exit
.SH LIST AND MATCHES
A <matchnamelist> is a comma separated list of match names (use -s to see possible match names).
A <expressionlist> is a comma separated list of expressions.
An expression has the following form:
<expr>: (<expr>)
<expr> | <expr>
<expr> & <expr>
<match>
<match>: <matchname> <operator> <value>
<operator>:
= equal to <value>
!= not equal to <value>
> greater than <value>
< lesser than <value>
>= greater than or equal to <value>
<= lesser than or equal to <value>
~= contains <value>
See the -s option for possible matchnames, operators and values.
.SH EXAMPLES
.TP
ldns-dpa -u packetsize -p test.tr
Count all different packetsizes in test.tr and show the precentages.
.TP
ldns-dpa -f "edns=1&qr=0" -of edns.tr test.tr
Filter out all edns enable queries in test.tr and put them in edns.tr
.TP
ldns-dpa -f edns=1 -c tc=1 -u rcode test.tr
For all edns packets, count the number of truncated packets and all their rcodes in test.tr.
.TP
ldns-dpa -c tc=1,qr=0,qr=1,opcode=QUERY test.tr
For all packets, count the number of truncated packets, the number of packets with qr=0, the number of packets with qr=1 and the number of queries in test.tr.
.TP
ldns-dpa -u packetsize -ua test.tr
Show all packet sizes and the average packet size per packet.
.TP
ldns-dpa -u srcaddress -uac test.tr
Show all packet source addresses and the average number of packets sent from this address.
.TP
sudo tcpdump -i eth0 -s 0 -U -w - port 53 | ldns-dpa -f qr=0 -sf
Print all query packets seen on the specified interface.
.SH AUTHOR
Written by Jelte Jansen for NLnetLabs.
.SH REPORTING BUGS
Report bugs to <jelte@nlnetlabs.nl>.
.SH COPYRIGHT
Copyright (C) 2005 NLnet Labs. This is free software. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.
Reference in New Issue View Git Blame Copy Permalink