Skip to content

Instantly share code, notes, and snippets.

@dustyfresh

dustyfresh/dns_logger.py

Last active April 26, 2019 19:46
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save dustyfresh/d643802b8db9f204ce621c23723e5196 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save dustyfresh/d643802b8db9f204ce621c23723e5196 to your computer and use it in GitHub Desktop.
Download ZIP
log DNS requests with scapy
Raw
dns_logger.py
#!/usr/bin/env python3
from scapy.all import *
import logging
import datetime
interface = 'enp3s0' # changeme!
logging.basicConfig(
level=logging.DEBUG,
format='%(asctime)s %(message)s',
datefmt='%m-%d-%y %I:%M:%S %p|',
filename='DNS.log',
filemode='w'
)
def dnslogger(pkt):
if IP in pkt:
ip_src = pkt[IP].src
ip_dst = pkt[IP].dst
if pkt.haslayer(DNS) and pkt.getlayer(DNS).qr == 0:
print('{}|{}|{}'.format(
datetime.datetime.today().strftime('%m-%d-%y %I:%M:%S %p'),
ip_src,
pkt.getlayer(DNS).qd.qname
))
logging.debug('{}|{}'.format(
ip_src,
pkt.getlayer(DNS).qd.qname
))
sniff(
iface = interface,
filter = "port 53",
prn = dnslogger,
store = 0
)
Raw
stdout
root@firewall:~# python dns_logger.py
02-17-18 01:39:32 PM|192.168.0.25|daisy.ubuntu.com.
02-17-18 01:39:32 PM|192.168.0.25|daisy.ubuntu.com.
02-17-18 01:39:37 PM|192.168.0.17|api-global.netflix.com.
02-17-18 01:39:37 PM|192.168.0.17|api-global.netflix.com.
02-17-18 01:39:52 PM|192.168.0.17|www.google.com.
02-17-18 01:39:52 PM|192.168.0.17|www.google.com.
02-17-18 01:39:53 PM|192.168.0.17|www.google.com.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment