Difference between revisions of "Dnstop"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (New page: dnstop is a libpcap application (ala tcpdump) that displays various tables of DNS traffic on your network. Currently dnstop displays tables of: Source IP addresses Destination IP addresse...) |
Onnowpurbo (talk | contribs) |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | dnstop | + | dnstop adalah sebuah aplikasi libpcap (seperti tcpdump) yang akan menayangkan berbagai tabel dari traffic DNS di jaringan kita. |
| + | Saat ini, dnstop akan menampilkan tabel: | ||
| − | Source IP addresses | + | Source IP addresses |
| − | Destination IP addresses | + | Destination IP addresses |
| − | Query types | + | Query types |
| − | Response codes | + | Response codes |
| − | Opcodes | + | Opcodes |
| − | Top level domains | + | Top level domains |
| − | Second level domains | + | Second level domains |
| − | Third level domains | + | Third level domains |
| − | + | dll .. | |
| − | dnstop | + | dnstop mendukung IPv4 dan IPv6 address |
| − | + | Untuk memudahkan dalam mencari DNS query yang tidak di inginkan, dnstop memberikan beberapa filter. Filter akan memerintahkan dnstop untuk menayangkan hanya tipe query berikut: | |
| − | For unknown/invalid TLDs | + | For unknown/invalid TLDs |
| − | A queries where the query name is already an IP address | + | A queries where the query name is already an IP address |
| − | PTR queries for RFC1918 address space | + | PTR queries for RFC1918 address space |
| − | Responses with code REFUSED | + | Responses with code REFUSED |
| − | dnstop | + | dnstop dapat membaca packet dari live capture device, atau dari tcpdump savefile. |
| − | Install DNSTOP | + | ==Install DNSTOP== |
| − | + | sudo apt-get install dnstop | |
| − | + | ==DNSTOP Syntax== | |
| − | + | Penggunaan | |
| − | + | usage: dnstop [opts] netdevice|savefile | |
| + | -4 Count IPv4 packets | ||
| + | -6 Count IPv6 packets | ||
| + | -Q Count queries | ||
| + | -R Count responses | ||
| + | -a Anonymize IP Addrs | ||
| + | -b expr BPF program code | ||
| + | -i addr Ignore this source IP address | ||
| + | -n name Count only messages in this domain | ||
| + | -p Don't put interface in promiscuous mode | ||
| + | -P Print "progress" messages in non-interactive mode | ||
| + | -r Redraw interval, in seconds | ||
| + | -l N Enable domain stats up to N components | ||
| + | -X Don't tabulate the "source + query name" stats | ||
| + | -f filter-name | ||
| + | |||
| + | Available filters: | ||
| + | unknown-tlds | ||
| + | A-for-A | ||
| + | rfc1918-ptr | ||
| + | refused | ||
| + | qtype-any | ||
| − | |||
| − | + | Contoh, dengan -l 2, dnstop akan menyimpan dua tabel: satu dengan top-level domain name, dan satu lagi dengan second-level domain name. | |
| + | Menambahkan level akan memberikan data yang lebih detail, tapi juga membutuhkan memory & CPU. | ||
| − | + | ==Contoh== | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | dnstop eth0 | |
| − | + | Contoh hasil | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| + | Queries: 0 new, 179 total Wed Jun 24 12:47:25 2015 | ||
| + | |||
| + | Sources Count % cum% | ||
| + | ------------- --------- ------ ------ | ||
| + | 192.168.10.11 179 100.0 100.0 | ||
==Referensi== | ==Referensi== | ||
* http://www.ubuntugeek.com/dnstop-stay-on-top-of-your-dns-traffic.html | * http://www.ubuntugeek.com/dnstop-stay-on-top-of-your-dns-traffic.html | ||
Latest revision as of 12:54, 24 June 2015
dnstop adalah sebuah aplikasi libpcap (seperti tcpdump) yang akan menayangkan berbagai tabel dari traffic DNS di jaringan kita. Saat ini, dnstop akan menampilkan tabel:
Source IP addresses Destination IP addresses Query types Response codes Opcodes Top level domains Second level domains Third level domains dll ..
dnstop mendukung IPv4 dan IPv6 address
Untuk memudahkan dalam mencari DNS query yang tidak di inginkan, dnstop memberikan beberapa filter. Filter akan memerintahkan dnstop untuk menayangkan hanya tipe query berikut:
For unknown/invalid TLDs A queries where the query name is already an IP address PTR queries for RFC1918 address space Responses with code REFUSED
dnstop dapat membaca packet dari live capture device, atau dari tcpdump savefile.
Install DNSTOP
sudo apt-get install dnstop
DNSTOP Syntax
Penggunaan
usage: dnstop [opts] netdevice|savefile -4 Count IPv4 packets -6 Count IPv6 packets -Q Count queries -R Count responses -a Anonymize IP Addrs -b expr BPF program code -i addr Ignore this source IP address -n name Count only messages in this domain -p Don't put interface in promiscuous mode -P Print "progress" messages in non-interactive mode -r Redraw interval, in seconds -l N Enable domain stats up to N components -X Don't tabulate the "source + query name" stats -f filter-name Available filters: unknown-tlds A-for-A rfc1918-ptr refused qtype-any
Contoh, dengan -l 2, dnstop akan menyimpan dua tabel: satu dengan top-level domain name, dan satu lagi dengan second-level domain name.
Menambahkan level akan memberikan data yang lebih detail, tapi juga membutuhkan memory & CPU.
Contoh
dnstop eth0
Contoh hasil
Queries: 0 new, 179 total Wed Jun 24 12:47:25 2015 Sources Count % cum% ------------- --------- ------ ------ 192.168.10.11 179 100.0 100.0