Commit graph

13 commits

Author SHA1 Message Date
obache
d42132137f Update dnstop to 20090128.
Based on PR 41779 by Fredrik Pettai.

Version 20090128:

I added a new feature to dnstop today that filters on "refused" response codes.
This might be useful in tracking the ongoing DNS-based DDoS attacks.

To use this new feature:

    dnstop -R -f refused eth0

Version 20080321:

The interesting changes came in a patch from Dave Plonka:

       Fixed a bug that cause dnstop to Memory fault when processing
       a DNS packet greater than PCAP_SNAPLEN (previously 1460) bytes
       in size.

       Raised PCAP_SNAPLEN to 65535 to avoid truncating large DNS
       packets.

       Eliminated unnecessary stack buffers and memcpy calls when
       handling packets.

Also some variables have been added to the Makefile at the request
of a packager so that it may be easier to customize where files are
installed, etc.
2009-07-25 10:26:17 +00:00
dogcow
85401cea82 update dnstop to version 20070219.
IPv6 support is now included; less CPU is required; miscellaneous bugfixes.
See CHANGES for more detailed information.
2007-03-04 06:49:43 +00:00
obache
b9245429b3 Update dnstop to 20060517.
Patch provided by Martin Wilke via PR 34425.

- Changelog

    A few fixes for OS X.

    1) select()ing on a pcap FD doesn't always work.  Advice from
       tcpdump mailing list archive is to put it into non-blocking
       mode and ignore the select() return value.

    2) Added $(LDFLAGS) to link command line in Makefile to have
       dnstop linked with specific libraries.  LDFLAGS will be
       picked up from the environment.

    3) OS X needs to #include <arpa/nameser_compat.h>

2006/04/24 Duane Wessels

    Adriaan Peeters reported that the list of known TLDs is
    out-of-date.  In particular, the .EU domain is not in the list.

2005/04/05 Duane Wessels

    Mark Foster found a bug with the source+SLD list.  It was being
    updated for 3RD-level domain names as well.  Mark also suggested
    that the '@' key should display the source+SLD screen, just as
    '3' and '#' work for 3RD-level.
2006-10-08 12:43:38 +00:00
wiz
a3133cae45 Update to 20050203:
2005/01/21 Sam Norris

    Added support for third-level domain statistics.  Use the -t
    command line option to enable collection of 3rd-level stats,
    and use '3' while running to display them.  Note that enabling
    3rd-level stats collection does not automatically also enable
    2nd-level stats.

2005/01/13 Duane Wessels

    Added a non-interactive mode.  If you specify a savefile and
    stdout is not a TTY, dnstop prints each table at the end.

2004/03/09 Duane Wessels

    Added filter support.  Filters can be used to restrict the input
    stream to queries with certain characteristics.  The currently
    defined filters are:

    unknown-tlds        Only includes queries for TLDs that are
			bogus.  Useful for identifying hosts/servers
			that leak queries for things like "localhost"
			or "workgroup."

    A-for-A             Only includes A queries for names that are
			already IP addresses.  Certain Microsoft
			Windows DNS servers have a known bug that
			forward these queries.

    rfc1918-ptr         PTR queries for addresses in RFC1918 space.
			These should never leak from inside an
			organization.

2003/11/13 Mark Foster <mark@foster.cc>

    Added 'c' to display options. This screen will combine the
    source and sld fields to show "who is querying for what" -
    reason: we see alot of duplicate querys for whatever reason.
    This will help separate the legitimate queries from the broken
    resolvers, etc. See http://www.circleid.com/article/102_0_1_0_C/
    for more about that.

Closes PR 29807.
2005-03-28 02:01:50 +00:00
agc
b12d62efb5 Add RMD160 digests. 2005-02-24 12:13:41 +00:00
wiz
777c415929 Change DIST_SUBDIR from PKGNAME_NOREV to PKGNAME, since the man page
changed again (see previous commit) and to avoid breakage for people
who have the old distfile.
2004-09-16 23:20:42 +00:00
he
e5d94703c2 The checksum for dnstop.8 changed; sync to the new one. 2004-09-16 16:20:41 +00:00
cjep
8ab74c6cff Use DIST_SUBDIR=${PKGNAME_NOREV} as dnstop.8 has no version number. 2004-01-11 15:05:43 +00:00
kim
dbf5c6ce6f manpage revised
.\" $Id: dnstop.8,v 1.5 2003/11/13 21:12:57 wessels Exp $
2004-01-09 04:49:02 +00:00
wiz
53d75525f8 Man page got updated:
1c1
< .\" $Id: dnstop.8,v 1.2 2002/12/24 19:20:28 wessels Exp $
---
> .\" $Id: dnstop.8,v 1.3 2003/01/24 17:44:23 wessels Exp $
53c53
< display the desitination address table
---
> display the destination address table
Noted by Jeremy C. Reed in PR 21286.
2003-04-23 16:38:49 +00:00
cjep
52a85d79e4 Include the manual page in the distinfo. Don't attempt to extract the
manual page.
2003-01-01 14:26:36 +00:00
wiz
328b3db284 Update to 20021224, now BSD-licensed and with man page. 2002-12-25 00:44:46 +00:00
itojun
9f672efa57 dnstop is a libpcap application (ala tcpdump) that displays various
tables of DNS traffic on your network. Currently dnstop displays
tables of:

* Source IP addresses
* Destination IP addresses
* Query types
* Top level domains
* Second level domains

http://dnstop.measurement-factory.com/
2002-10-30 21:13:35 +00:00