Home

Awesome

DNS_sniffer

Sniff all DNS on your local network.

Setup

sudo apt-get install python3-scapy

Help

python3 dns_sniffer.py -h

Examples of Use

sudo python3 dns_sniffer.py

For a specific interface :

sudo python3 dns_sniffer.py -i eth0

If you want to log in a database :

sudo python3 dns_sniffer.py -d db.sqlite
sudo python3 dns_sniffer.py -d db.sqlite -i eth0

or with quiet

sudo python3 dns_sniffer.py -d db.sqlite -q
sudo python3 dns_sniffer.py -d db.sqlite -i eth0 -q

Export the sqlite database to CSV :

sudo python3 dns_sniffer.py -d db.sqlite -e db.csv

Examples of ouput

When you open Firefox :

$ sudo python3 dns_sniffer.py
IP source       | DNS server      | Count DNS request | Query
192.168.13.37
                  192.168.13.254
                                    1                   www.mozilla.org.
                                    1                   snippets.cdn.mozilla.net.
                                    1                   location.services.mozilla.com.
                                    3                   ff.search.yahoo.com.
                                    1                   ocsp.digicert.com.
                                    1                   geo.mozilla.org.
                                    3                   search.yahoo.com.
                                    1                   self-repair.mozilla.org.
                                    1                   ciscobinary.openh264.org.
                                    1                   clients1.google.com.
                                    1                   search.services.mozilla.com.
                                    1                   safebrowsing.google.com.
                                    1                   aus4.mozilla.org.
                                    53                  safebrowsing-cache.google.com.
                  

When you use a local DNS cache :

$ sudo python3 dns_sniffer.py
IP source       | DNS server      | Count DNS request | Query
127.0.0.1
                  127.0.1.1
                                    26                  icons.duckduckgo.com.
                                    79                  secure.mywot.com.
                                    14                  code.activestate.com.
                                    200                 r.duckduckgo.com.
                                    234                 ocsp.comodoca.com.
                                    34                  ads.activestate.com.
                  127.0.0.1
                                    26                  icons.duckduckgo.com.
                                    82                  secure.mywot.com.
                                    6                   ecirtam.net.
                                    14                  code.activestate.com.
                                    198                 r.duckduckgo.com.
                                    2                   www.google.com.
                                    235                 ocsp.comodoca.com.
                                    37                  ads.activestate.com.
192.168.13.37
                  192.168.1.254
                                    1                   icons.duckduckgo.com.
                                    2                   secure.mywot.com.
                                    1                   code.activestate.com.
                                    3                   r.duckduckgo.com.
                                    3                   ocsp.comodoca.com.
                                    1                   ads.activestate.com.