dnstrack: golang 实现的基于 bpf 特性的 dns 查询追踪工具
chenjiandongx 2024-05-29 10:03:09 +08:00 1701 次点击这是一个创建于 550 天前的主题,其中的信息可能已经有所发展或是发生改变。
dnstrack 是一款使用 golang+bpf 实现的 dns 查询最追踪工具,可以查看机器上的 dns 查询事件。
项目地址: https://github.com/chenjiandongx/dnstrack
用法
> dnstrack -h # A dns-query tracking tool written in go Usage: dnstrack [flags] Examples: # list all the net-devices $ dnstrack -l # filters google dns server packet attached in lo0 dev and output with json format $ dnstrack -s 8.8.8.8 -o j -d '^lo0$' Flags: -a, --all-devices listen all devices if present (default true) -d, --devices string devices regex pattern filter -h, --help help for dnstrack -l, --list list all devices name -o, --output-format string output format [json(j)|yaml(y)|question(q)|verbose(v)] (default "verbose") -s, --server string dns server filter -t, --type string dns query type filter [A/AAAA/CNAME/...] -v, --version version for dnstrack 示例
--output-format verbose
> dnstrack -d '^lo$|^ens' -------------------- ; <ens160>@172.16.22.2:53, ID: 49390, OpCpde: Query, Status: Success ;; When: 2024-05-29T00:42:52+08:00 ;; Query Time: 57.667s ;; Msg Size: 292B ;; Question Section: google.com. A ;; Answer Section: google.com. 5 A INET 93.46.8.90 ;; Authority Section: google.com. NS INET ns2.google.com. google.com. NS INET ns1.google.com. google.com. NS INET ns4.google.com. google.com. NS INET ns3.google.com. ;; Additional Section: ns2.google.com. AAAA INET 2001:4860:4802:34::a ns4.google.com. AAAA INET 2001:4860:4802:38::a ns3.google.com. AAAA INET 2001:4860:4802:36::a ns1.google.com. AAAA INET 2001:4860:4802:32::a ns2.google.com. A INET 216.239.34.10 ns4.google.com. A INET 216.239.38.10 ns3.google.com. A INET 216.239.36.10 ns1.google.com. A INET 216.239.32.10 --output-format question
> dnstrack -d '^lo$|^ens' -oq 2024-05-29T00:44:02+08:00 <ens160>@172.16.22.2:53 A 44.959s facebook.com. 2024-05-29T00:44:02+08:00 <lo>@127.0.0.53:53 A 16.416s facebook.com. 2024-05-29T00:44:02+08:00 <lo>@127.0.0.53:53 A 33.125s facebook.com. 2024-05-29T00:44:04+08:00 <lo>@127.0.0.53:53 A 35.125s twitter.com. 2024-05-29T00:44:04+08:00 <lo>@127.0.0.53:53 A 59.166s twitter.com. 2024-05-29T00:44:04+08:00 <ens160>@172.16.22.2:53 A 72.373058ms twitter.com. 2024-05-29T00:44:08+08:00 <ens160>@172.16.22.2:53 A 72.008765ms google.com. 2024-05-29T00:44:08+08:00 <lo>@127.0.0.53:53 A 72.072515ms google.com. 2024-05-29T00:44:08+08:00 <lo>@127.0.0.53:53 A 72.309974ms google.com. 2024-05-29T00:44:13+08:00 <ens160>@172.16.22.2:53 A 80.584s x.com. 2024-05-29T00:44:13+08:00 <lo>@127.0.0.53:53 A 39.667s x.com. 2024-05-29T00:44:13+08:00 <lo>@127.0.0.53:53 A 72.417s x.com.  | 1 wentx 2024-05-29 10:18:53 +08:00 这个应用场景是啥? |
 | 2 chenjiandongx OP 监听网卡监测机器上正在执行哪些 dns 查询 |
 | 3 povsister 2024-05-29 10:36:32 +08:00 是仅支持检测 UDP DNS query ? |
| 4 chenjiandongx OP 是的,基于 tcp 的暂时还不支持。 |
 | 5 sbilly 2024-10-04 14:16:17 +08:00 dig www.sina.com.cn +trace |
Select Language