Submitted by admin on Sat, 02/15/2014 - 16:10

DNSCAP

dnscap is a network capture utility designed specifically for DNS traffic. It produces binary data in pcap(3) format. This utility is similar to tcpdump(1), but has a number of features tailored to DNS transactions and protocol options. OARC uses dnscap for DITL data collections. Some of its features include:

  • Understands both IPv4 and IPv6
  • Captures UDP, TCP, and IP fragments.
  • Collect only queries, responses, or both (-s option)
  • Collect for only certain source/destination addresses (-a -z -A -Z options)
  • Periodically creates new pcap files (-t option)
  • Spawns an upload script after closing a pcap file (-k option)
  • Will start and stop collecting at specific times (-B -E options)

Distribution Packages

Packages for Debian, Ubuntu and CentOS can be found here: https://dev.dns-oarc.net/packages/

You can also find it in the FreeBSD ports system (dns/dnscap).

Releases

The following releases of the DNSCAP software are available for download along with the changelog.

File Date Size
dnscap-1.2.0.tar.gz October 27, 2016 386K
dnscap-1.1.0.tar.gz October 11, 2016 375K
dnscap-20160205.tar.gz February 5, 2016 103K

See sha256.txt or sha512.txt for checksums.

The DNSCAP software is licensed under the BSD license.

Documentation

See README.md for instructions how to install the software and the included manual pages on how to run the software.

Code Repositories

You can clone the code repositories from GitHub:

$ git clone https://github.com/DNS-OARC/dnscap.git

Users Mailing List

Users interested in staying on top of dnscap development can subscribe to the dnscap-users mailing list.