ok by wiz@.
Changes:
2012-03-22
Added -Y option to specify the IP address of responses that
should not be captured. This option is useful when you want
to capture queries and spoofed response (DDoS attack) traffic,
but not the normal response traffic.
Added -L option to specify that dnscap should capture both
VLAN-tagged and un-tagged packets. This is in contrast
to the existing -l option which causes untagged packets
to be ignored.
dnscap is a network capture utility designed specifically for DNS
traffic. It produces binary data in pcap(3) format. This utility is
similar to tcpdump(1), but has a number of features tailored to DNS
transactions and protocol options.
OARC likes to use dnscap for DITL data collections. Some of its
features include:
+ Understands both IPv4 and IPv6
+ Captures UDP, TCP, and IP fragments.
+ Collect only queries, responses, or both (-s option)
+ Collect for only certain source/destination addresses (-a -z -A -Z
options)
+ Periodically creates new pcap files (-t option)
+ Spawns an upload script after closing a pcap file (-k option)
+ Will start and stop collecting at specific times (-B -E options)
