scapy - dns sniffer

How to parse dns request and response ? Scapy is a powerful tool, and it can help us for dns detail.

#!/usr/bin/env python
# -*- coding: utf8 -*-

"""
execute demo py with root privilege, and finish double dns query as follow.

    $ nslookup search.yahoo.com
    $ nslookup github.com

dns sniffer will parse dns requests and responses automatically.

    root:scapy/ #  python scapy-dns_sniff.py
    WARNING: No route found for IPv6 destination :: (no default route?)

    [*] request: 192.168.1.108:49771 -> 192.168.1.1:53 : search.yahoo.com.
    [*] response: 192.168.1.108:49771 <- 192.168.1.1:53 : search.yahoo.com. - ds-global.l7.search.ystg1.b.yahoo.com.
    [*] response: 192.168.1.108:49771 <- 192.168.1.1:53 : ds-global.l7.search.ystg1.b.yahoo.com. - ds-any-global.l7.search.ysta1.b.yahoo.com.
    [*] response: 192.168.1.108:49771 <- 192.168.1.1:53 : ds-any-global.l7.search.ysta1.b.yahoo.com. - 188.125.66.104

    [*] request: 192.168.1.108:40813 -> 192.168.1.1:53 : github.com.
    [*] response: 192.168.1.108:40813 <- 192.168.1.1:53 : github.com. - 192.30.252.128

"""

from scapy.all import *

# disable verbose mode
conf.verb = 0

def parse_dnspkt(pkt):
    """ parse dns request / response packet """
    if pkt and pkt.haslayer(‘UDP‘) and pkt.haslayer(‘DNS‘):
        ip = pkt[‘IP‘]
        udp = pkt[‘UDP‘]
        dns = pkt[‘DNS‘]

        # dns query packet
        if int(udp.dport) == 53:
            qname = dns.qd.qname

            print "\n[*] request: %s:%d -> %s:%d : %s" % (
                ip.src, udp.sport,
                ip.dst, udp.dport,
                qname)

        # dns reply packet
        elif int(udp.sport) == 53:
            # dns DNSRR count (answer count)
            for i in range(dns.ancount):
                dnsrr = dns.an[i]
                print "[*] response: %s:%s <- %s:%d : %s - %s" % (
                    ip.dst, udp.dport,
                    ip.src, udp.sport,
                    dnsrr.rrname, dnsrr.rdata)

def sniffer():
    sniff(filter="udp port 53", prn=parse_dnspkt)

if __name__ == "__main__":
    sniffer()

You can get more details, when you open blog.csdn.net. So many noisy dns requests have been sent.

root:scapy/ #  python scapy-dns_sniff.py
WARNING: No route found for IPv6 destination :: (no default route?)

[*] request: 192.168.1.108:46387 -> 192.168.1.1:53 : c.csdnimg.cn.

[*] request: 192.168.1.108:48780 -> 192.168.1.1:53 : static.blog.csdn.net.

[*] request: 192.168.1.108:48780 -> 192.168.1.1:53 : static.blog.csdn.net.

[*] request: 192.168.1.108:58082 -> 192.168.1.1:53 : creatim.allyes.com.cn.
[*] response: 192.168.1.108:58082 <- 192.168.1.1:53 : creatim.allyes.com.cn. - creatim.allyes.com.cn.wscdns.com.
[*] response: 192.168.1.108:58082 <- 192.168.1.1:53 : creatim.allyes.com.cn.wscdns.com. - opt.xdwscache.glb0.lxdns.com.
[*] response: 192.168.1.108:58082 <- 192.168.1.1:53 : opt.xdwscache.glb0.lxdns.com. - 220.168.132.115
[*] response: 192.168.1.108:58082 <- 192.168.1.1:53 : opt.xdwscache.glb0.lxdns.com. - 220.169.243.176

[*] request: 192.168.1.108:58082 -> 192.168.1.1:53 : creatim.allyes.com.cn.

[*] request: 192.168.1.108:46387 -> 192.168.1.1:53 : c.csdnimg.cn.
[*] response: 192.168.1.108:48780 <- 192.168.1.1:53 : static.blog.csdn.net. - static.blog.csdn.net.w.kunlungem.com.

[*] request: 192.168.1.108:47620 -> 192.168.1.1:53 : blog.csdn.net.

[*] request: 192.168.1.108:47620 -> 192.168.1.1:53 : blog.csdn.net.
[*] response: 192.168.1.108:58082 <- 192.168.1.1:53 : creatim.allyes.com.cn. - creatim.allyes.com.cn.wscdns.com.
[*] response: 192.168.1.108:58082 <- 192.168.1.1:53 : creatim.allyes.com.cn.wscdns.com. - opt.xdwscache.glb0.lxdns.com.

[*] request: 192.168.1.108:38075 -> 192.168.1.1:53 : blog.csdn.net.

[*] request: 192.168.1.108:34865 -> 192.168.1.1:53 : static.csdn.net.
[*] response: 192.168.1.108:46387 <- 192.168.1.1:53 : c.csdnimg.cn. - c.csdnimg.cn.w.kunlungem.com.
[*] response: 192.168.1.108:46387 <- 192.168.1.1:53 : c.csdnimg.cn.w.kunlungem.com. - 124.232.157.110
[*] response: 192.168.1.108:46387 <- 192.168.1.1:53 : c.csdnimg.cn.w.kunlungem.com. - 124.232.157.120
[*] response: 192.168.1.108:48780 <- 192.168.1.1:53 : static.blog.csdn.net. - static.blog.csdn.net.w.kunlungem.com.
[*] response: 192.168.1.108:48780 <- 192.168.1.1:53 : static.blog.csdn.net.w.kunlungem.com. - 124.232.157.120
[*] response: 192.168.1.108:48780 <- 192.168.1.1:53 : static.blog.csdn.net.w.kunlungem.com. - 124.232.157.110

[*] request: 192.168.1.108:58992 -> 192.168.1.1:53 : csdnimg.cn.

[*] request: 192.168.1.108:58992 -> 192.168.1.1:53 : csdnimg.cn.
[*] response: 192.168.1.108:46387 <- 192.168.1.1:53 : c.csdnimg.cn. - c.csdnimg.cn.w.kunlungem.com.
[*] response: 192.168.1.108:58992 <- 192.168.1.1:53 : csdnimg.cn. - 117.79.93.221

[*] request: 192.168.1.108:58804 -> 192.168.1.1:53 : csdnim.allyes.com.

[*] request: 192.168.1.108:58804 -> 192.168.1.1:53 : csdnim.allyes.com.
[*] response: 192.168.1.108:47620 <- 192.168.1.1:53 : blog.csdn.net. - 114.112.73.198
[*] response: 192.168.1.108:38075 <- 192.168.1.1:53 : blog.csdn.net. - 114.112.73.198
[*] response: 192.168.1.108:34865 <- 192.168.1.1:53 : static.csdn.net. - static.csdn.net.w.kunlungem.com.
[*] response: 192.168.1.108:34865 <- 192.168.1.1:53 : static.csdn.net.w.kunlungem.com. - 124.232.157.120
[*] response: 192.168.1.108:34865 <- 192.168.1.1:53 : static.csdn.net.w.kunlungem.com. - 124.232.157.110

[*] request: 192.168.1.108:34865 -> 192.168.1.1:53 : static.csdn.net.
[*] response: 192.168.1.108:58804 <- 192.168.1.1:53 : csdnim.allyes.com. - imediacast.cdn.allyes.com.
[*] response: 192.168.1.108:58804 <- 192.168.1.1:53 : imediacast.cdn.allyes.com. - 115.236.16.222
[*] response: 192.168.1.108:58804 <- 192.168.1.1:53 : imediacast.cdn.allyes.com. - 118.26.144.201
[*] response: 192.168.1.108:58804 <- 192.168.1.1:53 : csdnim.allyes.com. - imediacast.cdn.allyes.com.

[*] request: 192.168.1.108:42427 -> 192.168.1.1:53 : www.google-analytics.com.

[*] request: 192.168.1.108:42427 -> 192.168.1.1:53 : www.google-analytics.com.
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www.google-analytics.com. - www-google-analytics.l.google.com.
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 2404:6800:4005:80b::200e
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www.google-analytics.com. - www-google-analytics.l.google.com.
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.162
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.165
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.160
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.163
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.161
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.174
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.168
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.167
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.166
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.169
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.164

[*] request: 192.168.1.108:37409 -> 192.168.1.1:53 : bdimg.share.baidu.com.

[*] request: 192.168.1.108:37409 -> 192.168.1.1:53 : bdimg.share.baidu.com.
[*] response: 192.168.1.108:37409 <- 192.168.1.1:53 : bdimg.share.baidu.com. - baecdn.baidu.com.
[*] response: 192.168.1.108:37409 <- 192.168.1.1:53 : baecdn.baidu.com. - bae.jomodns.com.
[*] response: 192.168.1.108:37409 <- 192.168.1.1:53 : bae.jomodns.com. - 124.232.162.48
[*] response: 192.168.1.108:37409 <- 192.168.1.1:53 : bdimg.share.baidu.com. - baecdn.baidu.com.
[*] response: 192.168.1.108:37409 <- 192.168.1.1:53 : baecdn.baidu.com. - bae.jomodns.com.

[*] request: 192.168.1.108:33151 -> 192.168.1.1:53 : message.csdn.net.

[*] request: 192.168.1.108:33151 -> 192.168.1.1:53 : message.csdn.net.
[*] response: 192.168.1.108:33151 <- 192.168.1.1:53 : message.csdn.net. - 117.79.93.203
[*] response: 192.168.1.108:34865 <- 192.168.1.1:53 : static.csdn.net. - static.csdn.net.w.kunlungem.com.

[*] request: 192.168.1.108:40500 -> 192.168.1.1:53 : dc.csdn.net.
[*] response: 192.168.1.108:40500 <- 192.168.1.1:53 : dc.csdn.net. - 117.79.93.210

[*] request: 192.168.1.108:40500 -> 192.168.1.1:53 : dc.csdn.net.

[*] request: 192.168.1.108:54553 -> 192.168.1.1:53 : apps.bdimg.com.

[*] request: 192.168.1.108:54553 -> 192.168.1.1:53 : apps.bdimg.com.
[*] response: 192.168.1.108:54553 <- 192.168.1.1:53 : apps.bdimg.com. - apps.bdimg.jomodns.com.
[*] response: 192.168.1.108:54553 <- 192.168.1.1:53 : apps.bdimg.jomodns.com. - 124.232.162.49
[*] response: 192.168.1.108:54553 <- 192.168.1.1:53 : apps.bdimg.com. - apps.bdimg.jomodns.com.

[*] request: 192.168.1.108:33118 -> 192.168.1.1:53 : avatar.csdn.net.

[*] request: 192.168.1.108:33118 -> 192.168.1.1:53 : avatar.csdn.net.
[*] response: 192.168.1.108:33118 <- 192.168.1.1:53 : avatar.csdn.net. - 117.79.93.221

[*] request: 192.168.1.108:49441 -> 192.168.1.1:53 : pagead2.googlesyndication.com.
[*] response: 192.168.1.108:49441 <- 192.168.1.1:53 : pagead2.googlesyndication.com. - pagead46.l.doubleclick.net.
[*] response: 192.168.1.108:49441 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.154
[*] response: 192.168.1.108:49441 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.153
[*] response: 192.168.1.108:49441 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.141

[*] request: 192.168.1.108:49441 -> 192.168.1.1:53 : pagead2.googlesyndication.com.
[*] response: 192.168.1.108:49441 <- 192.168.1.1:53 : pagead2.googlesyndication.com. - pagead46.l.doubleclick.net.
[*] response: 192.168.1.108:49441 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 2404:6800:4005:80a::2002

[*] request: 192.168.1.108:40008 -> 192.168.1.1:53 : a.yunshipei.com.

[*] request: 192.168.1.108:40008 -> 192.168.1.1:53 : a.yunshipei.com.

[*] request: 192.168.1.108:33907 -> 192.168.1.1:53 : passport.csdn.net.

[*] request: 192.168.1.108:33907 -> 192.168.1.1:53 : passport.csdn.net.
[*] response: 192.168.1.108:40008 <- 192.168.1.1:53 : a.yunshipei.com. - yspstore.blob.core.chinacloudapi.cn.
[*] response: 192.168.1.108:40008 <- 192.168.1.1:53 : yspstore.blob.core.chinacloudapi.cn. - blob.bjbprdstr01a.store.core.chinacloudapi.cn.
[*] response: 192.168.1.108:33907 <- 192.168.1.1:53 : passport.csdn.net. - 114.112.73.194
[*] response: 192.168.1.108:40008 <- 192.168.1.1:53 : a.yunshipei.com. - yspstore.blob.core.chinacloudapi.cn.
[*] response: 192.168.1.108:40008 <- 192.168.1.1:53 : yspstore.blob.core.chinacloudapi.cn. - blob.bjbprdstr01a.store.core.chinacloudapi.cn.
[*] response: 192.168.1.108:40008 <- 192.168.1.1:53 : blob.bjbprdstr01a.store.core.chinacloudapi.cn. - 42.159.16.14

[*] request: 192.168.1.108:39252 -> 192.168.1.1:53 : img.my.csdn.net.
[*] response: 192.168.1.108:39252 <- 192.168.1.1:53 : img.my.csdn.net. - old-my.qiniudn.com.
[*] response: 192.168.1.108:39252 <- 192.168.1.1:53 : old-my.qiniudn.com. - wsall.qiniudn.com.wscdns.com.
[*] response: 192.168.1.108:39252 <- 192.168.1.1:53 : wsall.qiniudn.com.wscdns.com. - qiniunor.xdwscache.glb0.lxdns.com.
[*] response: 192.168.1.108:39252 <- 192.168.1.1:53 : qiniunor.xdwscache.glb0.lxdns.com. - 218.76.105.75
[*] response: 192.168.1.108:39252 <- 192.168.1.1:53 : qiniunor.xdwscache.glb0.lxdns.com. - 124.228.90.88

[*] request: 192.168.1.108:39252 -> 192.168.1.1:53 : img.my.csdn.net.
[*] response: 192.168.1.108:39252 <- 192.168.1.1:53 : img.my.csdn.net. - old-my.qiniudn.com.
[*] response: 192.168.1.108:39252 <- 192.168.1.1:53 : old-my.qiniudn.com. - wsall.qiniudn.com.wscdns.com.
[*] response: 192.168.1.108:39252 <- 192.168.1.1:53 : wsall.qiniudn.com.wscdns.com. - qiniunor.xdwscache.glb0.lxdns.com.

[*] request: 192.168.1.108:60243 -> 192.168.1.1:53 : csdnimg.cn.
[*] response: 192.168.1.108:60243 <- 192.168.1.1:53 : csdnimg.cn. - 117.79.93.221

[*] request: 192.168.1.108:58021 -> 192.168.1.1:53 : dc2.csdn.net.

[*] request: 192.168.1.108:49515 -> 192.168.1.1:53 : dc2.csdn.net.
[*] response: 192.168.1.108:58021 <- 192.168.1.1:53 : dc2.csdn.net. - 117.79.93.210
[*] response: 192.168.1.108:49515 <- 192.168.1.1:53 : dc2.csdn.net. - 117.79.93.210

[*] request: 192.168.1.108:58021 -> 192.168.1.1:53 : dc2.csdn.net.

[*] request: 192.168.1.108:52646 -> 192.168.1.1:53 : www.google-analytics.com.
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www.google-analytics.com. - www-google-analytics.l.google.com.
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.130
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.134
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.142
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.128
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.131
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.129
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.137
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.135
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.136
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.132
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.133

[*] request: 192.168.1.108:37743 -> 192.168.1.1:53 : cpro.baidustatic.com.

[*] request: 192.168.1.108:50101 -> 192.168.1.1:53 : cpro.baidustatic.com.
[*] response: 192.168.1.108:37743 <- 192.168.1.1:53 : cpro.baidustatic.com. - wmjs.jomodns.com.
[*] response: 192.168.1.108:37743 <- 192.168.1.1:53 : wmjs.jomodns.com. - 124.232.162.34

[*] request: 192.168.1.108:37743 -> 192.168.1.1:53 : cpro.baidustatic.com.
[*] response: 192.168.1.108:50101 <- 192.168.1.1:53 : cpro.baidustatic.com. - wmjs.jomodns.com.
[*] response: 192.168.1.108:50101 <- 192.168.1.1:53 : wmjs.jomodns.com. - 124.232.162.34
[*] response: 192.168.1.108:37743 <- 192.168.1.1:53 : cpro.baidustatic.com. - wmjs.jomodns.com.

[*] request: 192.168.1.108:56226 -> 192.168.1.1:53 : pos.baidu.com.

[*] request: 192.168.1.108:56226 -> 192.168.1.1:53 : pos.baidu.com.

[*] request: 192.168.1.108:47155 -> 192.168.1.1:53 : pos.baidu.com.
[*] response: 192.168.1.108:56226 <- 192.168.1.1:53 : pos.baidu.com. - cb.e.shifen.com.
[*] response: 192.168.1.108:56226 <- 192.168.1.1:53 : pos.baidu.com. - cb.e.shifen.com.
[*] response: 192.168.1.108:56226 <- 192.168.1.1:53 : cb.e.shifen.com. - 115.239.210.141
[*] response: 192.168.1.108:47155 <- 192.168.1.1:53 : pos.baidu.com. - cb.e.shifen.com.
[*] response: 192.168.1.108:47155 <- 192.168.1.1:53 : cb.e.shifen.com. - 115.239.210.141

[*] request: 192.168.1.108:50784 -> 192.168.1.1:53 : googleads.g.doubleclick.net.

[*] request: 192.168.1.108:50784 -> 192.168.1.1:53 : googleads.g.doubleclick.net.

[*] request: 192.168.1.108:50611 -> 192.168.1.1:53 : googleads.g.doubleclick.net.
[*] response: 192.168.1.108:50784 <- 192.168.1.1:53 : googleads.g.doubleclick.net. - pagead46.l.doubleclick.net.
[*] response: 192.168.1.108:50784 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.153
[*] response: 192.168.1.108:50784 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.141
[*] response: 192.168.1.108:50784 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.154
[*] response: 192.168.1.108:50611 <- 192.168.1.1:53 : googleads.g.doubleclick.net. - pagead46.l.doubleclick.net.
[*] response: 192.168.1.108:50611 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.154
[*] response: 192.168.1.108:50611 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.153
[*] response: 192.168.1.108:50611 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.141
[*] response: 192.168.1.108:50784 <- 192.168.1.1:53 : googleads.g.doubleclick.net. - pagead46.l.doubleclick.net.
[*] response: 192.168.1.108:50784 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 2404:6800:4005:80a::2002

[*] request: 192.168.1.108:56254 -> 192.168.1.1:53 : cpro.baidu.com.

[*] request: 192.168.1.108:56254 -> 192.168.1.1:53 : cpro.baidu.com.

[*] request: 192.168.1.108:36829 -> 192.168.1.1:53 : cpro.baidu.com.

[*] request: 192.168.1.108:44883 -> 192.168.1.1:53 : wn.pos.baidu.com.

[*] request: 192.168.1.108:44883 -> 192.168.1.1:53 : wn.pos.baidu.com.

[*] request: 192.168.1.108:43746 -> 192.168.1.1:53 : wn.pos.baidu.com.
[*] response: 192.168.1.108:56254 <- 192.168.1.1:53 : cpro.baidu.com. - cpro.e.shifen.com.
[*] response: 192.168.1.108:56254 <- 192.168.1.1:53 : cpro.e.shifen.com. - 115.239.211.17
[*] response: 192.168.1.108:56254 <- 192.168.1.1:53 : cpro.baidu.com. - cpro.e.shifen.com.
[*] response: 192.168.1.108:43746 <- 192.168.1.1:53 : wn.pos.baidu.com. - wn.pos.e.shifen.com.
[*] response: 192.168.1.108:43746 <- 192.168.1.1:53 : wn.pos.e.shifen.com. - 115.239.211.206
[*] response: 192.168.1.108:36829 <- 192.168.1.1:53 : cpro.baidu.com. - cpro.e.shifen.com.
[*] response: 192.168.1.108:36829 <- 192.168.1.1:53 : cpro.e.shifen.com. - 115.239.211.17
[*] response: 192.168.1.108:44883 <- 192.168.1.1:53 : wn.pos.baidu.com. - wn.pos.e.shifen.com.
[*] response: 192.168.1.108:44883 <- 192.168.1.1:53 : wn.pos.baidu.com. - wn.pos.e.shifen.com.
[*] response: 192.168.1.108:44883 <- 192.168.1.1:53 : wn.pos.e.shifen.com. - 115.239.211.206

[*] request: 192.168.1.108:54813 -> 192.168.1.1:53 : ubmcmm.baidustatic.com.

[*] request: 192.168.1.108:43240 -> 192.168.1.1:53 : ubmcmm.baidustatic.com.

[*] request: 192.168.1.108:54813 -> 192.168.1.1:53 : ubmcmm.baidustatic.com.
[*] response: 192.168.1.108:43240 <- 192.168.1.1:53 : ubmcmm.baidustatic.com. - wmpic.jomodns.com.
[*] response: 192.168.1.108:43240 <- 192.168.1.1:53 : wmpic.jomodns.com. - 124.232.162.45
[*] response: 192.168.1.108:54813 <- 192.168.1.1:53 : ubmcmm.baidustatic.com. - wmpic.jomodns.com.
[*] response: 192.168.1.108:54813 <- 192.168.1.1:53 : wmpic.jomodns.com. - 124.232.162.45
[*] response: 192.168.1.108:54813 <- 192.168.1.1:53 : ubmcmm.baidustatic.com. - wmpic.jomodns.com.

[*] request: 192.168.1.108:50122 -> 192.168.1.1:53 : cpro2.baidustatic.com.

[*] request: 192.168.1.108:50122 -> 192.168.1.1:53 : cpro2.baidustatic.com.
[*] response: 192.168.1.108:50122 <- 192.168.1.1:53 : cpro2.baidustatic.com. - wmjs.jomodns.com.
[*] response: 192.168.1.108:50122 <- 192.168.1.1:53 : wmjs.jomodns.com. - 124.232.162.34
[*] response: 192.168.1.108:50122 <- 192.168.1.1:53 : cpro2.baidustatic.com. - wmjs.jomodns.com.

[*] request: 192.168.1.108:33779 -> 192.168.1.1:53 : static.googleadsserving.cn.

[*] request: 192.168.1.108:33779 -> 192.168.1.1:53 : static.googleadsserving.cn.

[*] request: 192.168.1.108:45978 -> 192.168.1.1:53 : static.googleadsserving.cn.
[*] response: 192.168.1.108:33779 <- 192.168.1.1:53 : static.googleadsserving.cn. - pagead46.l.doubleclick.net.
[*] response: 192.168.1.108:33779 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.154
[*] response: 192.168.1.108:33779 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.153
[*] response: 192.168.1.108:33779 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.141
[*] response: 192.168.1.108:45978 <- 192.168.1.1:53 : static.googleadsserving.cn. - pagead46.l.doubleclick.net.
[*] response: 192.168.1.108:45978 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.141
[*] response: 192.168.1.108:45978 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.154
[*] response: 192.168.1.108:45978 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.153
[*] response: 192.168.1.108:33779 <- 192.168.1.1:53 : static.googleadsserving.cn. - pagead46.l.doubleclick.net.
[*] response: 192.168.1.108:33779 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 2404:6800:4005:808::2002

[*] request: 192.168.1.108:56201 -> 192.168.1.1:53 : cm.g.doubleclick.net.

[*] request: 192.168.1.108:46410 -> 192.168.1.1:53 : cm.g.doubleclick.net.

[*] request: 192.168.1.108:56201 -> 192.168.1.1:53 : cm.g.doubleclick.net.
[*] response: 192.168.1.108:56201 <- 192.168.1.1:53 : cm.g.doubleclick.net. - pagead.l.doubleclick.net.
[*] response: 192.168.1.108:56201 <- 192.168.1.1:53 : cm.g.doubleclick.net. - pagead.l.doubleclick.net.
[*] response: 192.168.1.108:56201 <- 192.168.1.1:53 : pagead.l.doubleclick.net. - 203.208.48.154
[*] response: 192.168.1.108:56201 <- 192.168.1.1:53 : pagead.l.doubleclick.net. - 203.208.48.153
[*] response: 192.168.1.108:56201 <- 192.168.1.1:53 : pagead.l.doubleclick.net. - 203.208.48.141
[*] response: 192.168.1.108:46410 <- 192.168.1.1:53 : cm.g.doubleclick.net. - pagead.l.doubleclick.net.
[*] response: 192.168.1.108:46410 <- 192.168.1.1:53 : pagead.l.doubleclick.net. - 203.208.48.153
[*] response: 192.168.1.108:46410 <- 192.168.1.1:53 : pagead.l.doubleclick.net. - 203.208.48.141
[*] response: 192.168.1.108:46410 <- 192.168.1.1:53 : pagead.l.doubleclick.net. - 203.208.48.154

[*] request: 192.168.1.108:54065 -> 192.168.1.1:53 : counter.csdn.net.

[*] request: 192.168.1.108:38979 -> 192.168.1.1:53 : counter.csdn.net.

[*] request: 192.168.1.108:54065 -> 192.168.1.1:53 : counter.csdn.net.
[*] response: 192.168.1.108:54065 <- 192.168.1.1:53 : counter.csdn.net. - 117.79.93.222
[*] response: 192.168.1.108:38979 <- 192.168.1.1:53 : counter.csdn.net. - 117.79.93.222

[*] request: 192.168.1.108:34785 -> 192.168.1.1:53 : s10-im-notify.csdn.net.

[*] request: 192.168.1.108:34785 -> 192.168.1.1:53 : s10-im-notify.csdn.net.
[*] response: 192.168.1.108:34785 <- 192.168.1.1:53 : s10-im-notify.csdn.net. - 117.79.93.218

[*] request: 192.168.1.108:54145 -> 192.168.1.1:53 : ask.csdn.net.

[*] request: 192.168.1.108:54145 -> 192.168.1.1:53 : ask.csdn.net.

[*] request: 192.168.1.108:43052 -> 192.168.1.1:53 : ask.csdn.net.
[*] response: 192.168.1.108:54145 <- 192.168.1.1:53 : ask.csdn.net. - 114.112.73.210
[*] response: 192.168.1.108:43052 <- 192.168.1.1:53 : ask.csdn.net. - 114.112.73.210

[*] request: 192.168.1.108:60517 -> 192.168.1.1:53 : m.baidu.com.

[*] request: 192.168.1.108:60517 -> 192.168.1.1:53 : m.baidu.com.
[*] response: 192.168.1.108:60517 <- 192.168.1.1:53 : m.baidu.com. - wap.n.shifen.com.
[*] response: 192.168.1.108:60517 <- 192.168.1.1:53 : m.baidu.com. - wap.n.shifen.com.
[*] response: 192.168.1.108:60517 <- 192.168.1.1:53 : wap.n.shifen.com. - 115.239.210.14

[*] request: 192.168.1.108:33958 -> 192.168.1.1:53 : openapi.baidu.com.
[*] response: 192.168.1.108:33958 <- 192.168.1.1:53 : openapi.baidu.com. - developer.n.shifen.com.
[*] response: 192.168.1.108:33958 <- 192.168.1.1:53 : developer.n.shifen.com. - 180.149.132.248

[*] request: 192.168.1.108:33958 -> 192.168.1.1:53 : openapi.baidu.com.
[*] response: 192.168.1.108:33958 <- 192.168.1.1:53 : openapi.baidu.com. - developer.n.shifen.com.

[*] request: 192.168.1.108:43541 -> 192.168.1.1:53 : dup.baidustatic.com.

[*] request: 192.168.1.108:43541 -> 192.168.1.1:53 : dup.baidustatic.com.
[*] response: 192.168.1.108:43541 <- 192.168.1.1:53 : dup.baidustatic.com. - ecomcbjs.jomodns.com.
[*] response: 192.168.1.108:43541 <- 192.168.1.1:53 : ecomcbjs.jomodns.com. - 124.232.162.49
[*] response: 192.168.1.108:43541 <- 192.168.1.1:53 : dup.baidustatic.com. - ecomcbjs.jomodns.com.

[*] request: 192.168.1.108:59842 -> 192.168.1.1:53 : ec.pos.baidu.com.

[*] request: 192.168.1.108:59842 -> 192.168.1.1:53 : ec.pos.baidu.com.
[*] response: 192.168.1.108:59842 <- 192.168.1.1:53 : ec.pos.baidu.com. - e.pos.e.shifen.com.
[*] response: 192.168.1.108:59842 <- 192.168.1.1:53 : ec.pos.baidu.com. - e.pos.e.shifen.com.
[*] response: 192.168.1.108:59842 <- 192.168.1.1:53 : e.pos.e.shifen.com. - 123.125.115.85

[*] request: 192.168.1.108:59656 -> 192.168.1.1:53 : www.csdn.net.

[*] request: 192.168.1.108:58114 -> 192.168.1.1:53 : geek.csdn.net.

[*] request: 192.168.1.108:48773 -> 192.168.1.1:53 : u.download.csdn.net.

[*] request: 192.168.1.108:48773 -> 192.168.1.1:53 : u.download.csdn.net.
[*] response: 192.168.1.108:48773 <- 192.168.1.1:53 : u.download.csdn.net. - 117.79.93.204
[*] response: 192.168.1.108:58114 <- 192.168.1.1:53 : geek.csdn.net. - 117.79.93.222

[*] request: 192.168.1.108:58114 -> 192.168.1.1:53 : geek.csdn.net.
[*] response: 192.168.1.108:59656 <- 192.168.1.1:53 : www.csdn.net. - 114.112.73.194

[*] request: 192.168.1.108:59656 -> 192.168.1.1:53 : www.csdn.net.

[*] request: 192.168.1.108:54656 -> 192.168.1.1:53 : bbs.csdn.net.

[*] request: 192.168.1.108:54656 -> 192.168.1.1:53 : bbs.csdn.net.
[*] response: 192.168.1.108:54656 <- 192.168.1.1:53 : bbs.csdn.net. - 114.112.73.200

[*] request: 192.168.1.108:45781 -> 192.168.1.1:53 : write.blog.csdn.net.

[*] request: 192.168.1.108:45781 -> 192.168.1.1:53 : write.blog.csdn.net.
[*] response: 192.168.1.108:45781 <- 192.168.1.1:53 : write.blog.csdn.net. - 114.112.73.198

[*] request: 192.168.1.108:47999 -> 192.168.1.1:53 : code.csdn.net.

[*] request: 192.168.1.108:58157 -> 192.168.1.1:53 : my.csdn.net.

[*] request: 192.168.1.108:58157 -> 192.168.1.1:53 : my.csdn.net.
[*] response: 192.168.1.108:47999 <- 192.168.1.1:53 : code.csdn.net. - 223.6.248.58

[*] request: 192.168.1.108:47999 -> 192.168.1.1:53 : code.csdn.net.
[*] response: 192.168.1.108:58157 <- 192.168.1.1:53 : my.csdn.net. - 114.112.73.194

[*] request: 192.168.1.108:57511 -> 192.168.1.1:53 : download.csdn.net.

[*] request: 192.168.1.108:57511 -> 192.168.1.1:53 : download.csdn.net.
[*] response: 192.168.1.108:57511 <- 192.168.1.1:53 : download.csdn.net. - 114.112.73.197

[*] request: 192.168.1.108:42849 -> 192.168.1.1:53 : hero.csdn.net.

[*] request: 192.168.1.108:42849 -> 192.168.1.1:53 : hero.csdn.net.

[*] request: 192.168.1.108:38651 -> 192.168.1.1:53 : job.csdn.net.
[*] response: 192.168.1.108:42849 <- 192.168.1.1:53 : hero.csdn.net. - 114.112.73.232
[*] response: 192.168.1.108:38651 <- 192.168.1.1:53 : job.csdn.net. - 114.112.73.231

[*] request: 192.168.1.108:38651 -> 192.168.1.1:53 : job.csdn.net.

[*] request: 192.168.1.108:56730 -> 192.168.1.1:53 : edu.csdn.net.

[*] request: 192.168.1.108:56730 -> 192.168.1.1:53 : edu.csdn.net.
[*] response: 192.168.1.108:56730 <- 192.168.1.1:53 : edu.csdn.net. - 114.112.73.210

[*] request: 192.168.1.108:40769 -> 192.168.1.1:53 : huiyi.csdn.net.
[*] response: 192.168.1.108:40769 <- 192.168.1.1:53 : huiyi.csdn.net. - 117.79.92.153

[*] request: 192.168.1.108:40769 -> 192.168.1.1:53 : huiyi.csdn.net.

[*] request: 192.168.1.108:54976 -> 192.168.1.1:53 : www.csto.com.

[*] request: 192.168.1.108:54976 -> 192.168.1.1:53 : www.csto.com.

[*] request: 192.168.1.108:49404 -> 192.168.1.1:53 : mall.csdn.net.

[*] request: 192.168.1.108:49404 -> 192.168.1.1:53 : mall.csdn.net.
[*] response: 192.168.1.108:49404 <- 192.168.1.1:53 : mall.csdn.net. - 114.112.73.210
[*] response: 192.168.1.108:54976 <- 192.168.1.1:53 : www.csto.com. - 117.79.93.200

[*] request: 192.168.1.108:47159 -> 192.168.1.1:53 : cto.csdn.net.

[*] request: 192.168.1.108:47159 -> 192.168.1.1:53 : cto.csdn.net.
[*] response: 192.168.1.108:47159 <- 192.168.1.1:53 : cto.csdn.net. - 117.79.92.153

[*] request: 192.168.1.108:51543 -> 192.168.1.1:53 : student.csdn.net.
[*] response: 192.168.1.108:51543 <- 192.168.1.1:53 : student.csdn.net. - 117.79.92.153

[*] request: 192.168.1.108:51543 -> 192.168.1.1:53 : student.csdn.net.

[*] request: 192.168.1.108:45813 -> 192.168.1.1:53 : vote.blog.csdn.net.

[*] request: 192.168.1.108:45813 -> 192.168.1.1:53 : vote.blog.csdn.net.
[*] response: 192.168.1.108:45813 <- 192.168.1.1:53 : vote.blog.csdn.net. - 114.112.73.198

[*] request: 192.168.1.108:33059 -> 192.168.1.1:53 : surveies.csdn.net.

[*] request: 192.168.1.108:53482 -> 192.168.1.1:53 : wangmeng.baidu.com.

[*] request: 192.168.1.108:53482 -> 192.168.1.1:53 : wangmeng.baidu.com.
[*] response: 192.168.1.108:53482 <- 192.168.1.1:53 : wangmeng.baidu.com. - wangmeng.e.shifen.com.
[*] response: 192.168.1.108:53482 <- 192.168.1.1:53 : wangmeng.e.shifen.com. - 220.181.57.71
[*] response: 192.168.1.108:53482 <- 192.168.1.1:53 : wangmeng.e.shifen.com. - 220.181.163.64
[*] response: 192.168.1.108:53482 <- 192.168.1.1:53 : wangmeng.baidu.com. - wangmeng.e.shifen.com.

[*] request: 192.168.1.108:50269 -> 192.168.1.1:53 : www.baidu.com.

[*] request: 192.168.1.108:50269 -> 192.168.1.1:53 : www.baidu.com.
[*] response: 192.168.1.108:50269 <- 192.168.1.1:53 : www.baidu.com. - www.a.shifen.com.
[*] response: 192.168.1.108:50269 <- 192.168.1.1:53 : www.baidu.com. - www.a.shifen.com.
[*] response: 192.168.1.108:50269 <- 192.168.1.1:53 : www.a.shifen.com. - 180.97.33.108
[*] response: 192.168.1.108:50269 <- 192.168.1.1:53 : www.a.shifen.com. - 180.97.33.107

[*] request: 192.168.1.108:32816 -> 192.168.1.1:53 : www.google.com.

[*] request: 192.168.1.108:32816 -> 192.168.1.1:53 : www.google.com.
[*] response: 192.168.1.108:32816 <- 192.168.1.1:53 : www.google.com. - 74.125.203.99
[*] response: 192.168.1.108:32816 <- 192.168.1.1:53 : www.google.com. - 74.125.203.147
[*] response: 192.168.1.108:32816 <- 192.168.1.1:53 : www.google.com. - 74.125.203.103
[*] response: 192.168.1.108:32816 <- 192.168.1.1:53 : www.google.com. - 74.125.203.106
[*] response: 192.168.1.108:32816 <- 192.168.1.1:53 : www.google.com. - 74.125.203.104
[*] response: 192.168.1.108:32816 <- 192.168.1.1:53 : www.google.com. - 74.125.203.105
[*] response: 192.168.1.108:32816 <- 192.168.1.1:53 : www.google.com. - 2404:6800:4008:c01::69
[*] response: 192.168.1.108:33059 <- 192.168.1.1:53 : surveies.csdn.net. - 117.79.93.206

[*] request: 192.168.1.108:33059 -> 192.168.1.1:53 : surveies.csdn.net.

[*] request: 192.168.1.108:35127 -> 192.168.1.1:53 : eclick.baidu.com.

[*] request: 192.168.1.108:34846 -> 192.168.1.1:53 : eclick.baidu.com.
[*] response: 192.168.1.108:35127 <- 192.168.1.1:53 : eclick.baidu.com. - eclick.e.shifen.com.
[*] response: 192.168.1.108:35127 <- 192.168.1.1:53 : eclick.e.shifen.com. - 180.149.131.35
[*] response: 192.168.1.108:34846 <- 192.168.1.1:53 : eclick.baidu.com. - eclick.e.shifen.com.
[*] response: 192.168.1.108:34846 <- 192.168.1.1:53 : eclick.e.shifen.com. - 180.149.131.35

[*] request: 192.168.1.108:35127 -> 192.168.1.1:53 : eclick.baidu.com.
[*] response: 192.168.1.108:35127 <- 192.168.1.1:53 : eclick.baidu.com. - eclick.e.shifen.com.

Please dig yourself.

时间: 2024-10-08 21:49:35

scapy - dns sniffer的相关文章

python scapy中sniffer的用法以及过滤器

Sniff方法定义: sniff(filter="",iface="any", prn=function, count=N) 1.filter的规则使用 Berkeley Packet Filter (BPF)语法,具体参考:http://blog.csdn.net/qwertyupoiuytr/article/details/54670477 2.iface用来指定要在哪个网络接口上进行抓包[即网卡的名称](通常不指定即所有网络接口):例如: dpkg = sni

python 使用scapy编写DNS Fuzzer

1. 描述 使用scapy库,编写一个DNS Fuzzer工具,并测试.在这之前,先说明一下DNS协议请求包是封装在IP包中的UDP包(有些情况也可使用TCP)中,且UDP的端口为53.进入scapy,查看一下UDP和DNS包的封装情况. 2. 代码示例 代码中,我们需要对输入的IP地址做合法性校验.这需要用到netaddr中的valid_ipv4,可以执行sudo pip install netaddr进行安装,如果系统上没有安装pip,可以先安装pip,Ubuntu上运行sudo apt-g

python scapy网络嗅探

1. 介绍 scapy是一个可用于网络嗅探的非常强大的第三方库.在网络嗅探方面前面的博文介绍过通过Raw Socket进行网络嗅探,但是Raw Socket比较底层,使用起来可能不太容易而且在不同的系统上也有一定的区别. 在网络流量嗅探方面,常用的一些第三方库: pylibpcap pycapy pypcap impacket scapy 接下来我详细介绍下scapy的使用,它在这些库中功能最强大使用也最灵活.具有以下几个特点: 交互模式,用作第三方库. 可以用来做packet嗅探和伪造pack

Python中的网络扫描大杀器Scapy初探

Python中的网络扫描大杀器Scapy初探     最近经历了Twisted的打击,这个网络编程实在看不懂,都摸不透它的内在逻辑,看来网络编程不是那么好弄的.还好,看到了scapy,这种网络的大杀器,让我一看就爱不释手,这才是我需要的网络工具啊.Scapy的功能如此之多,以至于...我到现在还是没看懂.在官方网站也介绍的不多,后来搜了一下,有一本书Security Power Tools一书中,第六章介绍了Scapy,虽然简单,但是还是不明白,这两天一直在忙活着看Scapy.看了几个应用,比较

小白日记9:kali渗透测试之主动信息收集(二)四层发现:TCP、UDP、nmap、hping、scapy

四层发现 四层发现的目的是扫描出可能存活的IP地址,四层发现虽然涉及端口扫描,但是并不对端口的状态进行精确判断,其本质是利用四层协议的一些通信来识别主机ip是否存在. 四层发现的优点: 1.可路由且结果可靠: 2.不太可能被防火墙过滤,甚至可以发现所有端口都被过滤的主机.[一些比较严格的防火墙还是会过滤掉]   缺点:是基于状态过滤的防火墙可能过滤扫描:全端口(UDP+TCP十几万个端口)扫描的速度慢. 一.TCP探测[基于特征] tcp连接是通过三次握手建立通信过程. 1.未经请求的ACK[直

Python写的嗅探器——Pyside,Scapy

使用Python的Pyside和Scapy写的嗅探器原型,拥有基本框架,但是功能并不十分完善,供参考. 1 import sys 2 import time 3 import binascii 4 from PySide.QtCore import * 5 from PySide.QtGui import * 6 from scapy.all import * 7 8 # Every Qt application must have one and only one QApplication o

python绝技 — 用Scapy测试无线网卡的嗅探功能

代码 #!/usr/share/env python #--*--coding=utf-8--*-- from scapy.all import * def pktPrint(pkt): if pkt.haslayer(Dot11Beacon): print '[+] Detected 802.11 Beacon Frame' elif pkt.haslayer(Dot11ProbeReq): print '[+] Detected 802.11 Beacon Probe Request Fra

第1章 Sniffer软件简介

第1章  Sniffer软件简介 概述 Sniffer软件是NAI公司推出的功能强大的协议分析软件.本文针对用Sniffer Pro网络分析器进行故障解决.利用Sniffer Pro 网络分析器的强大功能和特征,解决网络问题,将介绍一套合理的故障解决方法. 与Netxray比较,Sniffer支持的协议更丰富,例如PPPOE协议等在Netxray并不支持,在Sniffer上能够进行快速解码分析.Netxray不能在Windows 2000和Windows XP上正常运行,Sniffer Pro

Scapy基础学习之一

关于Scapy Scapy的是一个强大的交互式数据包处理程序(使用python编写).它能够伪造或者解码大量的网络协议数据包,能够发送.捕捉.匹配请求和回复包等等.它可以很容易地处理一些典型操作,比如端口扫描,tracerouting,探测,单元测试,攻击或网络发现(可替代hping,NMAP,arpspoof,ARP-SK,arping,tcpdump,tethereal,P0F等).最重要的他还有很多更优秀的特性--发送无效数据帧.注入修改的802.11数据帧.在WEP上解码加密通道(VOI