Code Monkey home page Code Monkey logo

dnspeep's Introduction

dnspeep

dnspeep lets you spy on the DNS queries your computer is making.

Here's some example output:

$ sudo dnspeep
query name                           server IP       response
A     incoming.telemetry.mozilla.org 192.168.1.1     CNAME: telemetry-incoming.r53-2.services.mozilla.com, CNAME: pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com, A: 52.39.144.189, A: 54.191.136.131, A: 34.215.151.143, A: 54.149.208.57, A: 44.226.235.191, A: 52.10.174.113, A: 35.160.138.173, A: 44.238.190.78
AAAA  incoming.telemetry.mozilla.org 192.168.1.1     CNAME: telemetry-incoming.r53-2.services.mozilla.com, CNAME: pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com
A     www.google.com                 192.168.1.1     A: 172.217.13.132
AAAA  www.google.com                 192.168.1.1     AAAA: 2607:f8b0:4020:807::2004
A     www.neopets.com                192.168.1.1     CNAME: r9c3n8d2.stackpathcdn.com, A: 151.139.128.11
AAAA  www.neopets.com                192.168.1.1     CNAME: r9c3n8d2.stackpathcdn.com

experimental software warning

dnspeep is experimental and unmaintained, it definitely has bugs, I do not trust that its output is always correct

How to install

You can install dnspeep using the different methods below.

Installing the binary release

  1. Download recent release of dnspeep from the GitHub releases page
  2. Unpack it
  3. Put the dnspeep binary in your PATH (for example in /usr/local/bin)

Compile and installing from source

  1. Download recent source release of dnspeep from the GitHub releases page or git clone this repository.
  2. Unpack it
  3. Run cargo build --release
  4. Change to the "target/release" directory there.
  5. Put the dnspeep binary in your PATH (for example in /usr/local/bin)

Installing from a Linux package manager

  • If you are using Arch Linux, then you can install dnspeep from the AUR.

How it works

It uses libpcap to capture packets on port 53, and then matches up DNS request and response packets so that it can show the request and response together on the same line.

It also tracks DNS queries which didn't get a response within 1 second and prints them out with the response <no response>.

Limitations

  • Only supports the DNS query types supported by the dns_parser crate (here's a list)
  • Doesn't support TCP DNS queries, only UDP
  • It can't show DNS-over-HTTPS queries (because it would need to MITM the HTTPS connection)

dnspeep's People

Contributors

chris-short avatar cwkingjr avatar jahway603 avatar jvns avatar l0s avatar thomasmerz avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

isgasho evie404 dnsbackup neorainer fanweixiao tiamat-tech midnex ahlfors rustbunker githangar mckellygit silentsoul04 jnitcoloon songit41y8n dix12uodkean pefkiay nomyfan eecn2tu lambdai imranansari cra7e891t mu-l mamh-mixed jahway603 omerkahani vijay-velu maniacs-oss isiaon rm1984 mlynchcogent huaishui bigbrobro dky 5l1v3r1 wolfgangbai acce1erat0r jorik041 xbeninni changsongyang imlonghao slice912 gh0st0ne jdixoncs inc775 murzindima icodein studioblvck nasa03 pshanoop l0s thomasmerz doytsujin nishanthb crt-fork horki rootsec1 rihenperry iq-scm

dnspeep's Issues

MacOS: "no response" for all queries with VPN

On MacOS in home office I'm getting no response for all queries. For example:

๐ŸŽ โœ˜ [58%] โšก ๐ŸŒฑ๐Ÿƒ๐Ÿฃ๐ŸŒธ Thomas.Merz@dm-C02CGH01MD6M:~/Downloads [ttys003/2865]
10:19 $ s dnspeep | grep outlook.office365.com
Error parsing DNS packet: Failed to parse DNS packet: query type 65 is invalid
Error parsing DNS packet: Failed to parse DNS packet: query type 65 is invalid
Error parsing DNS packet: Failed to parse DNS packet: query type 65 is invalid
Error parsing DNS packet: Failed to parse DNS packet: query type 65 is invalid
AAAA  outlook.office365.com          172.23.104.73        <no response>
A     outlook.office365.com          172.23.104.73        <no response>
Error parsing DNS packet: Failed to parse DNS packet: query type 65 is invalid
Error parsing DNS packet: Failed to parse DNS packet: query type 65 is invalid
^C

But both host and nslookup are responding with an IP adress:

๐ŸŽ โœ˜ [58%] โšก ๐ŸŒฑ๐Ÿƒ๐Ÿฃ๐ŸŒธ Thomas.Merz@dm-C02CGH01MD6M:~/Downloads [ttys003/2866]
10:20 $ host outlook.office365.com
outlook.office365.com is an alias for outlook.ha.office365.com.
outlook.ha.office365.com is an alias for outlook.ms-acdc.office.com.
outlook.ms-acdc.office.com is an alias for FRA-efz.ms-acdc.office.com.
FRA-efz.ms-acdc.office.com has address 52.97.201.114
FRA-efz.ms-acdc.office.com has address 52.97.179.194
FRA-efz.ms-acdc.office.com has address 40.101.121.2
FRA-efz.ms-acdc.office.com has IPv6 address 2603:1026:204::2
FRA-efz.ms-acdc.office.com has IPv6 address 2603:1026:207:14::2
FRA-efz.ms-acdc.office.com has IPv6 address 2603:1026:207:cd::2
๐Ÿ โœ” [58%] โšก ๐ŸŒฑ๐Ÿƒ๐Ÿฃ๐ŸŒธ Thomas.Merz@dm-C02CGH01MD6M:~/Downloads [ttys003/2867]
10:20 $ nslookup outlook.office365.com
Server:         172.23.104.73
Address:        172.23.104.73#53

Non-authoritative answer:
outlook.office365.com   canonical name = outlook.ha.office365.com.
outlook.ha.office365.com        canonical name = outlook.ms-acdc.office.com.
outlook.ms-acdc.office.com      canonical name = FRA-efz.ms-acdc.office.com.
Name:   FRA-efz.ms-acdc.office.com
Address: 52.97.179.194
Name:   FRA-efz.ms-acdc.office.com
Address: 40.101.121.2
Name:   FRA-efz.ms-acdc.office.com
Address: 52.97.201.114

๐Ÿ โœ” [58%] โšก ๐ŸŒฑ๐Ÿƒ๐Ÿฃ๐ŸŒธ Thomas.Merz@dm-C02CGH01MD6M:~/Downloads [ttys003/2868]
10:20 $

On my linux client (192.168.42.241) at home I see a good response:

A     outlook.office365.com          192.168.42.241       CNAME: outlook.ha.office365.com, A: 52.98.41.162, A: 52.98.66.210, A: 40.101.146.178, A: 52.98.37.98, A: 40.101.147.114, A: 52.98.89.34, A: 40.101.146.194, A: 52.98.82.210
Error parsing DNS packet: Failed to parse DNS packet: query type 65 is invalid
Error parsing DNS packet: Failed to parse DNS packet: query type 65 is invalid
Error parsing DNS packet: Failed to parse DNS packet: query type 65 is invalid
AAAA  outlook.office365.com          192.168.42.241       CNAME: outlook.ha.office365.com, AAAA: 2603:1046:404:15::2, AAAA: 2603:1046:c09:1003::2, AAAA: 2603:1046:c09:1802::2, AAAA: 2603:1046:404:a::2, AAAA: 2603:1046:403::2, AAAA: 2603:1046:c09:1120::2, AAAA: 2603:1046:402:1::2, AAAA: 2603:1046:c09:1804::2

172.23.104.73 is DNS resolver in my home office VPN (Cisco AnyConnect) for my MacOS.

On a linux server at my work I also see a good response with 172.23.104.73 as DNS resolver:

๐Ÿง  [email protected]:~$ s ./dnspeep
query name                           server IP            response
A     lxos-monitoring-probe.dm-drogeriemarkt.com 127.0.0.1            A: 172.23.75.243
A     web.de                         172.23.104.73        A: 82.165.230.17, A: 82.165.229.138
AAAA  web.de                         172.23.104.73        NOERROR

Without VPN my local DNS resolvers 192.168.0.1 or 192.168.42.241 (in different home-Wifis) are used on MacOS and responses are good:

CNAME: outlook.office365.com, CNAME: outlook.ha.office365.com, CNAME: outlook.ms-acdc.office.com, CNAME: FRA-efz.ms-acdc.office.com, A: 52.97.135.114, A: 40.101.121.2, A: 40.101.12.34

โ“ Is this a general problem related to VPNs?

sudo and libpcap error

I tried to run this on WSL on an x86 machine and got this error:

$ sudo ./dnspeep
Error: Failed to start. You need to run this as root.

Caused by:
    libpcap error: socket: Address family not supported by protocol

Location:
    src/main.rs:91:10

I am not sure why it says You need to run this as root. when I am running it as sudo. And there is also the libpcap error, which I am hoping is because of the sudo error.

index out of bounds

Hi there,

dnspeep crashed on me with the following error:

thread 'main' panicked at 'index out of bounds: the len is 0 but the index is 0', src/main.rs:283:29

I'm using v0.1.3 on a debian 11 host. I'm not sure the exact query that caused it.

RUST_BACKTRACE=full gave this:

thread 'main' panicked at 'index out of bounds: the len is 0 but the index is 0', src/main.rs:283:29
stack backtrace:
   0:     0x55fc0c437bac - std::backtrace_rs::backtrace::libunwind::trace::h093d4af0eabdfc15
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/../../backtrace/src/backtrace/libunwind.rs:93:5
   1:     0x55fc0c437bac - std::backtrace_rs::backtrace::trace_unsynchronized::h2b90813d74c759ca
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
   2:     0x55fc0c437bac - std::sys_common::backtrace::_print_fmt::hfaa8856bf3eca13f
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/sys_common/backtrace.rs:67:5
   3:     0x55fc0c437bac - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h0cbaef3adcb5a454
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/sys_common/backtrace.rs:46:22
   4:     0x55fc0c453f0c - core::fmt::write::h35a8eb836b847360
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/core/src/fmt/mod.rs:1149:17
   5:     0x55fc0c4339b5 - std::io::Write::write_fmt::h45f2b8390f189782
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/io/mod.rs:1697:15
   6:     0x55fc0c439780 - std::sys_common::backtrace::_print::h56f62073b0e62985
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/sys_common/backtrace.rs:49:5
   7:     0x55fc0c439780 - std::sys_common::backtrace::print::h152fba05ec38941b
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/sys_common/backtrace.rs:36:9
   8:     0x55fc0c439780 - std::panicking::default_hook::{{closure}}::ha3121a0b8482251f
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/panicking.rs:211:50
   9:     0x55fc0c439335 - std::panicking::default_hook::hde5d78c11ae3b8f6
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/panicking.rs:228:9
  10:     0x55fc0c439e34 - std::panicking::rust_panic_with_hook::he6f55c3e7ed1777c
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/panicking.rs:606:17
  11:     0x55fc0c439910 - std::panicking::begin_panic_handler::{{closure}}::h4b51effcc76f0c14
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/panicking.rs:502:13
  12:     0x55fc0c438074 - std::sys_common::backtrace::__rust_end_short_backtrace::haae2fe666128308b
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/sys_common/backtrace.rs:139:18
  13:     0x55fc0c439879 - rust_begin_unwind
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/panicking.rs:498:5
  14:     0x55fc0c3bc631 - core::panicking::panic_fmt::h6434c641853e4979
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/core/src/panicking.rs:107:14
  15:     0x55fc0c3bc5f2 - core::panicking::panic_bounds_check::hd2e90cd3a5796c1e
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/core/src/panicking.rs:75:5
  16:     0x55fc0c3c1030 - dnspeep::print_packet::h9985260f066d850e
  17:     0x55fc0c3bfc6b - <dnspeep::PrintCodec as pcap::stream::PacketCodec>::decode::ha260d4f958e3b203
  18:     0x55fc0c3d04d5 - <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll::hed3e041945391826
  19:     0x55fc0c3d202b - tokio::runtime::thread_pool::ThreadPool::block_on::hcf8432d7d01f7b1a
  20:     0x55fc0c3c3611 - tokio::runtime::context::enter::h00a39a78da050049
  21:     0x55fc0c3cdf5c - tokio::runtime::handle::Handle::enter::h410d8a5f4625952c
  22:     0x55fc0c3c2607 - dnspeep::main::hc1f6200c9eb8a3af
  23:     0x55fc0c3c6203 - std::sys_common::backtrace::__rust_begin_short_backtrace::h5437e2fc43d81ce6
  24:     0x55fc0c3c621d - std::rt::lang_start::{{closure}}::h79c1b7b898fd4d67
  25:     0x55fc0c43783b - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::h7422298f811ee14d
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/core/src/ops/function.rs:259:13
  26:     0x55fc0c43783b - std::panicking::try::do_call::hcba55cf6d5b5533e
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/panicking.rs:406:40
  27:     0x55fc0c43783b - std::panicking::try::h0b2a05128a4ee609
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/panicking.rs:370:19
  28:     0x55fc0c43783b - std::panic::catch_unwind::he1deef49e02fb06c
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/panic.rs:133:14
  29:     0x55fc0c43783b - std::rt::lang_start_internal::{{closure}}::hf44e73ef18e45ffd
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/rt.rs:128:48
  30:     0x55fc0c43783b - std::panicking::try::do_call::h894daf8a782b48f4
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/panicking.rs:406:40
  31:     0x55fc0c43783b - std::panicking::try::hd3e4f8d86f3a7fb5
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/panicking.rs:370:19
  32:     0x55fc0c43783b - std::panic::catch_unwind::h2e69404746fb3d50
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/panic.rs:133:14
  33:     0x55fc0c43783b - std::rt::lang_start_internal::hec7f1b06f38d8409
                               at /rustc/02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/rt.rs:128:20
  34:     0x55fc0c3c2712 - main
  35:     0x7f285cfd0d0a - __libc_start_main
  36:     0x55fc0c3bce2e - _start
  37:                0x0 - <unknown>

"libpcap error: BIOCSETIF failed: Device not configured" on FreeBSD

Hi,
I get this error when running dnspeep on FreeBSD:

query name                           server IP            response
Error: Failed to start. This may be because you need to run this as root.

Caused by:
    libpcap error: BIOCSETIF failed: Device not configured

Location:
    src/main.rs:176:10

This is because FreeBSD doesn't support sniffing on the "any" interface.
Please add an command line option to indicate a specific network interface to listen on.

Cheers,
Riccardo

"Warning: got response for unknown query ID โ€ฆ"

What does this mean and to which query is this related?
Please advice/explain or add more information into output. Thanks a lot.

08:55:01.565   A     bla.mooo.com.             45.90.28.39          10ms      A: 123.123.123.123
08:55:01.580   A     bla.mooo.com.             45.90.28.39          10ms      A: 123.123.123.123
08:55:01.592   A     bla.mooo.com.             45.90.28.39          11ms      A: 123.123.123.123
08:55:01.606   A     bla.mooo.com.             45.90.28.39          10ms      A: 123.123.123.123
08:55:01.785   A     bla.mooo.com.             45.90.30.39          3ms       A: 123.123.123.123
08:55:01.792   A     bla.mooo.com.             45.90.30.39          3ms       A: 123.123.123.123
08:55:01.798   A     bla.mooo.com.             45.90.30.39          3ms       A: 123.123.123.123
08:55:01.803   A     bla.mooo.com.             45.90.30.39          3ms       A: 123.123.123.123
08:55:01.958   A     bla.mooo.com.             1.1.1.1              513ms     A: 123.123.123.123
08:55:02.473   A     bla.mooo.com.             1.1.1.1              5ms       A: 123.123.123.123
08:55:02.481   A     bla.mooo.com.             1.1.1.1              244ms     A: 123.123.123.123
08:55:02.727   A     bla.mooo.com.             1.1.1.1              6ms       A: 123.123.123.123
08:55:02.860   A     bla.mooo.com.             1.0.0.1              135ms     A: 123.123.123.123
08:55:03.000   A     bla.mooo.com.             1.0.0.1              13ms      A: 123.123.123.123
08:55:03.016   A     bla.mooo.com.             1.0.0.1              131ms     A: 123.123.123.123
08:55:03.150   A     bla.mooo.com.             1.0.0.1              9ms       A: 123.123.123.123
08:55:03.300   A     bla.mooo.com.             8.8.8.8              128ms     A: 123.123.123.123
08:55:03.432   A     bla.mooo.com.             8.8.8.8              4ms       A: 123.123.123.123
08:55:03.437   A     bla.mooo.com.             8.8.8.8              125ms     A: 123.123.123.123
08:55:03.564   A     bla.mooo.com.             8.8.8.8              149ms     A: 123.123.123.123
08:55:03.873   A     bla.mooo.com.             8.8.4.4              207ms     A: 123.123.123.123
08:55:04.084   A     bla.mooo.com.             8.8.4.4              127ms     A: 123.123.123.123
08:55:04.212   A     bla.mooo.com.             8.8.4.4              4ms       A: 123.123.123.123
08:55:04.219   A     bla.mooo.com.             8.8.4.4              124ms     A: 123.123.123.123
08:55:04.479   A     bla.mooo.com.             208.67.222.222       102ms     A: 123.123.123.123
08:55:04.586   A     bla.mooo.com.             208.67.222.222       102ms     A: 123.123.123.123
08:55:04.689   A     bla.mooo.com.             208.67.222.222       372ms     A: 123.123.123.123
08:55:05.063   A     bla.mooo.com.             208.67.222.222       126ms     A: 123.123.123.123
08:55:05.347   A     bla.mooo.com.             208.67.220.220       102ms     A: 123.123.123.123
08:55:05.453   A     bla.mooo.com.             208.67.220.220       102ms     A: 123.123.123.123
08:55:05.558   A     bla.mooo.com.             208.67.220.220       102ms     A: 123.123.123.123
08:55:05.662   A     bla.mooo.com.             208.67.220.220       127ms     A: 123.123.123.123
08:55:05.920   A     bla.mooo.com.             84.200.69.80                   <no response>
Warning: got response for unknown query ID 56239
08:55:07.660   A     bla.mooo.com.             84.200.69.80         3ms       A: 123.123.123.123
08:55:07.667   A     bla.mooo.com.             84.200.69.80         3ms       A: 123.123.123.123
08:55:07.673   A     bla.mooo.com.             84.200.69.80         3ms       A: 123.123.123.123
08:55:07.824   A     bla.mooo.com.             84.200.70.40         137ms     A: 123.123.123.123
08:55:07.965   A     bla.mooo.com.             84.200.70.40         3ms       A: 123.123.123.123
08:55:07.970   A     bla.mooo.com.             84.200.70.40         3ms       A: 123.123.123.123
08:55:07.975   A     bla.mooo.com.             84.200.70.40         4ms       A: 123.123.123.123
08:55:08.120   A     bla.mooo.com.             9.9.9.11                       <no response>
Warning: got response for unknown query ID 1714
08:55:09.962   A     bla.mooo.com.             9.9.9.11                       <no response>
Warning: got response for unknown query ID 61869
08:55:11.009   A     bla.mooo.com.             9.9.9.11                       <no response>
Warning: got response for unknown query ID 49932
08:55:12.052   A     bla.mooo.com.             9.9.9.11             15ms      A: 123.123.123.123
08:55:12.201   A     bla.mooo.com.             149.112.112.11       13ms      A: 123.123.123.123
08:55:12.218   A     bla.mooo.com.             149.112.112.11       13ms      A: 123.123.123.123
08:55:12.234   A     bla.mooo.com.             149.112.112.11       13ms      A: 123.123.123.123
08:55:12.249   A     bla.mooo.com.             149.112.112.11       10ms      A: 123.123.123.123
08:55:12.407   A     bla.mooo.com.             127.0.0.1            0ms       A: 123.123.123.123
08:55:12.407   A     bla.mooo.com.             127.0.0.1            0ms       A: 123.123.123.123
08:55:12.407   A     bla.mooo.com.             127.0.0.1            1ms       A: 123.123.123.123
08:55:12.411   A     bla.mooo.com.             127.0.0.1            0ms       A: 123.123.123.123
08:55:12.411   A     bla.mooo.com.             127.0.0.1            0ms       A: 123.123.123.123
08:55:12.411   A     bla.mooo.com.             127.0.0.1            0ms       A: 123.123.123.123
08:55:12.413   A     bla.mooo.com.             127.0.0.1            0ms       A: 123.123.123.123
08:55:12.413   A     bla.mooo.com.             127.0.0.1            0ms       A: 123.123.123.123
08:55:12.413   A     bla.mooo.com.             127.0.0.1            0ms       A: 123.123.123.123
08:55:12.414   A     bla.mooo.com.             127.0.0.1            0ms       A: 123.123.123.123
08:55:12.414   A     bla.mooo.com.             127.0.0.1            0ms       A: 123.123.123.123
08:55:12.414   A     bla.mooo.com.             127.0.0.1            0ms       A: 123.123.123.123

query type 65 is invalid

Ran it for a while on Mac OS X, get a bunch of:

Error parsing DNS packet: Failed to parse DNS packet: query type 65 is invalid

Project license?

I am packaging this project, and I would like to know the license for the code. I've looked around in all the usual places but I can't find any indication of any particular license. Various dependencies have the licenses "Apache-2.0 BSD-3-Clause ISC MIT Unlicense", but I can't find anything for this project.

Index out of bounds panic in main.rs:153:21

Running dnspeep on a Fedora 33 machine with both IPv4 and IPv6 connectivity I can sometimes see queries but then sooner or later I get:

thread 'main' panicked at 'index out of bounds: the len is 0 but the index is 0', src/main.rs:153:21
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

The backtrace doesn't seem to be very useful; it appears to be failing where it says it's failing, in the line:

    let question = &dns_packet.questions[0];

This seems to be the result of the authoritative DNS server I'm running on this machine answering a query by telling the sender to go away (I think):

In  IP [RANDOM-IP].30279 > [MYIP].domain: 5140+ [1au] ANY? . (33)
Out IP [MYIP].domain > [RANDOM-IP].30279: 5140-| [0q] 0/0/1 (23)

Wireshark confirms that the relevant DNS reply packet has no questions, no answer RRs, no authority RRs, and one additional RR of type OPT.

(This has already been useful, I had no idea people were spraying my authoritative nameserver with these queries.)

RFE: source process and response time

Thanks for this project! It sure makes life a lot easier, so I don't need to remember the BPF syntax.

I would like to ask for two enhancements, if possible:
a) The source name or PID of the process which generated the query.
b) The time that it took to receive the response.

Thank you!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.