wok annotate dnstop/description.txt @ rev 25337

suricata: set variable LIBS
author Hans-G?nter Theisgen
date Sat Jul 23 20:18:41 2022 +0100 (2022-07-23)
parents
children
rev   line source
Hans-G?nter@24492 1 Dnstop is a libpcap application (like tcpdump) that displays
Hans-G?nter@24492 2 various tables of DNS traffic on your network.
Hans-G?nter@24492 3 Currently dnstop displays tables of:
Hans-G?nter@24492 4
Hans-G?nter@24492 5 * Source IP addresses
Hans-G?nter@24492 6 * Destination IP addresses
Hans-G?nter@24492 7 * Query types
Hans-G?nter@24492 8 * Response codes
Hans-G?nter@24492 9 * Opcodes
Hans-G?nter@24492 10 * Top level domains
Hans-G?nter@24492 11 * Second level domains
Hans-G?nter@24492 12 * Third level domains
Hans-G?nter@24492 13
Hans-G?nter@24492 14 Dnstop supports both IPv4 and IPv6 addresses.
Hans-G?nter@24492 15
Hans-G?nter@24492 16 To help find especially undesirable DNS queries, dnstop provides
Hans-G?nter@24492 17 a number of filters. The filters tell dnstop to display only the
Hans-G?nter@24492 18 following types of queries:
Hans-G?nter@24492 19
Hans-G?nter@24492 20 * For unknown or invalid TLDs
Hans-G?nter@24492 21 * A queries where the query name is already an IP address
Hans-G?nter@24492 22 * PTR queries for RFC1918 address space
Hans-G?nter@24492 23 * Responses with code REFUSED
Hans-G?nter@24492 24
Hans-G?nter@24492 25 Dnstop can either read packets from the live capture device,
Hans-G?nter@24492 26 or from a tcpdump savefile.