./net/dnstop, Diagnose tcpdump trace for DNS queries/replies

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 20140915nb2, Package name: dnstop-20140915nb2, Maintainer: pkgsrc-users

dnstop is a libpcap application (ala tcpdump) that displays various
tables of DNS traffic on your network. Currently dnstop displays
tables of:

* Source IP addresses
* Destination IP addresses
* Query types
* Top level domains
* Second level domains


Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: af1567d6b53e8be697b884508a2a3a0edbea5e01
RMD160: cf21ac48c0d16c4656f0ffc4f28ff9187cf200bc
Filesize: 76.091 KB

Version history: (Expand)


CVS history: (Expand)


   2017-01-04 11:01:44 by Roy Marples | Files touched by this commit (1)
Log message:
Use the curses framework.
   2015-11-04 01:35:47 by Alistair G. Crooks | Files touched by this commit (748)
Log message:
Add SHA512 digests for distfiles for net category

Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-08-18 09:31:20 by Thomas Klausner | Files touched by this commit (282)
Log message:
Bump all packages that depend on curses.bui* or terminfo.bui* since they
might incur ncurses dependencies on some platforms, and ncurses just bumped
its shlib.
Some packages were bumped twice now, sorry for that.
   2015-08-17 19:11:32 by Thomas Klausner | Files touched by this commit (178) | Package updated
Log message:
Bump PKGREVISION for ncurses shlib bump.
   2015-08-14 23:21:24 by Leonardo Taccari | Files touched by this commit (3) | Package updated
Log message:
Update net/dnstop to dnstop-20140915, based on patches from Benedek Gergely
via pkgsrc-users@.

ok by wiz@.

Changes:
2014/09/12 Duane Wessels

    Added 'new-gtlds' filter, which includes only queries for names
    ending with one of the new (2013/2014) generic TLDs.  This may
    be useful to find hosts/servers using internal names which may
    collide with new gTLDs once they become active.  If you use
    short (not fully qualified) names internally you may be uknownlying
    relying on root (or other) name servers to return NXDOMAIN for
    them.  If so, "you're gonna have a bad time."

    Along with this new feature, TLD lists are now hashed in the
    code for faster lookups.

2012/11/30 Duane Wessels

    Added more entries to the table of known query type names (HINFO,
    AFSDB, PX, SSHFP, NSEC3, NSEC3PARAM, TLSA, DLV).

2012/10/15 Duane Wessels

    The 'refused' filter only works on responses, which are not
    processed by default.  Now, if the 'refused' filter is specified,
    dnstop will automatically process responses and ignore queries.

2012/06/11 Duane Wessels

    Added "qtype-any" filter for displaying ANY queries which are
    now fashionable in DNS based attacks.

2011/05/02 Duane Wessels

    Anand Buddhev pointed out that LDFLAGS= is missing from Makefile.in.
    Also updated known_tlds.h.

2011/01/27 Duane Wessels

    Fixed some portability bugs (OpenBSD, gmake 3.82) and other
    minor bugs.

    Added a feature (-n option) to restrict counting to a given
    query name.

2011/01/05 Duane Wessels

    Found a fixed a few problems after spending some quality time
    looking at the code.

    1) Hash table performance was terrible and has been improved.
       The hash table size is now configurable via command line
       option.

    2) Some things were double-counted when both -Q and -R were
       given.

    3) Added cumulative percentage totals to the tables

    4) Added -X option to disable the source+queryname tables, which
       could consume a lot of memory.

    5) Imported "inX_addr" mini-library for storing IPv4/IPv6
       addresses.

2010/12/27 Duane Wessels

    Fixed a bug where if stdout was a TTY but stdin was not a TTY,
    then dnstop would enter a loop on keyboard input and consume
    100% CPU.  Now it checks that stdin is a TTY as well.
   2013-02-06 20:31:06 by Jonathan Perkin | Files touched by this commit (76) | Package updated
Log message:
PKGREVISION bumps for net/libpcap update.
   2012-10-23 19:19:22 by Aleksej Saushev | Files touched by this commit (671)
Log message:
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
   2009-07-25 12:26:17 by OBATA Akio | Files touched by this commit (2) | Package updated
Log message:
Update dnstop to 20090128.
Based on PR 41779 by Fredrik Pettai.

Version 20090128:

I added a new feature to dnstop today that filters on "refused" \ 
response codes.
This might be useful in tracking the ongoing DNS-based DDoS attacks.

To use this new feature:

    dnstop -R -f refused eth0

Version 20080321:

The interesting changes came in a patch from Dave Plonka:

       Fixed a bug that cause dnstop to Memory fault when processing
       a DNS packet greater than PCAP_SNAPLEN (previously 1460) bytes
       in size.

       Raised PCAP_SNAPLEN to 65535 to avoid truncating large DNS
       packets.

       Eliminated unnecessary stack buffers and memcpy calls when
       handling packets.

Also some variables have been added to the Makefile at the request
of a packager so that it may be easier to customize where files are
installed, etc.