dpa - Online Linux Manual PageSection : 1
Updated : 1 Nov 2005
NAMEdpa − DNS Packet Analyzer. Analyze DNS packets in ip trace files
SYNOPSISdpa [ OPTION ] TRACEFILE
DESCRIPTIONdpa is used to analyze dns packets in trace files. It has 3 main options: count, filter, and count uniques (i.e. count all different occurences).
OPTIONS-c expressionlist  Count occurrences of matching expressions -f expression  Filter: only process packets that match the expression -h  Show usage -p  Show the total number of correct DNS packets, and percentage of -u and -c values (of the total of matching on the -f filter. if no filter is given, percentages are on all correct dns packets) -of file  Write all packets that match the -f flag to file, as pcap data. -ofh file  Write all packets that match the -f flag to file, in hexadecimal format, readable by drill. -s  Show possible match names -s matchname  show possible match operators and values for name -sf  Only evaluate packets (in representation format) that match the -f filter. If no -f was given, evaluate all correct dns packets. -u matchnamelist  Count every occurence of every value of the matchname (for instance, count all packetsizes, see EXAMPLES in ldns-dpa(1) ). -ua  For every matchname in -u, show the average value of all matches. Behaviour for match types that do not have an integer value is undefined. -uac  For every matchname in -u, show the average number of times this value was encountered. -um number  Only show the results from -u for values that occurred more than <number> times. -v level  Set verbosity to level (1-5, 5 being the highest). Mostly used for debugging. -notip file  Write packets that were not recognized as IP packets to file (as pcap data). -baddns file  Write dns packets that were too mangled to parse to file (as pcap data). -version  Show version and exit
LIST AND MATCHESA <matchnamelist> is a comma separated list of match names (use -s to see possible match names). A <expressionlist> is a comma separated list of expressions. An expression has the following form: <expr>: (<expr>)
        <expr> | <expr>
        <expr> & <expr>
        <match> <match>: <matchname> <operator> <value> <operator>: =equal to <value> !=not equal to <value> >greater than <value> <lesser than <value> >=greater than or equal to <value> <=lesser than or equal to <value> ~=contains <value> See the -s option for possible matchnames, operators and values.
EXAMPLESldns-dpa -u packetsize -p test.tr  Count all different packetsizes in test.tr and show the precentages. ldns-dpa -f "edns=1&qr=0" -of edns.tr test.tr  Filter out all edns enable queries in test.tr and put them in edns.tr ldns-dpa -f edns=1 -c tc=1 -u rcode test.tr  For all edns packets, count the number of truncated packets and all their rcodes in test.tr. ldns-dpa -c tc=1,qr=0,qr=1,opcode=QUERY test.tr  For all packets, count the number of truncated packets, the number of packets with qr=0, the number of packets with qr=1 and the number of queries in test.tr. ldns-dpa -u packetsize -ua test.tr  Show all packet sizes and the average packet size per packet. ldns-dpa -u srcaddress -uac test.tr  Show all packet source addresses and the average number of packets sent from this address. sudo tcpdump -i eth0 -s 0 -U -w - port 53 | ldns-dpa -f qr=0 -sf  Print all query packets seen on the specified interface.
AUTHORWritten by Jelte Jansen for NLnetLabs.
REPORTING BUGSReport bugs to <jelte@nlnetlabs.nl>.
COPYRIGHTCopyright (C) 2005 NLnet Labs. This is free software. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 0
Johanes Gumabo
Data Size   :   17,017 byte
man-ldns-dpa.1Build   :   2024-12-05, 20:55   :  
Visitor Screen   :   x
Visitor Counter ( page / site )   :   3 / 193,141
Visitor ID   :     :  
Visitor IP   :   3.145.70.108   :  
Visitor Provider   :   AMAZON-02   :  
Provider Position ( lat x lon )   :   39.962500 x -83.006100   :   x
Provider Accuracy Radius ( km )   :   1000   :  
Provider City   :   Columbus   :  
Provider Province   :   Ohio ,   :   ,
Provider Country   :   United States   :  
Provider Continent   :   North America   :  
Visitor Recorder   :   Version   :  
Visitor Recorder   :   Library   :  
Online Linux Manual Page   :   Version   :   Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page   :   Library   :   lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page   :   Library   :   lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base   :   Version   :   Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base   :   Library   :   lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36
Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.