dnscap is a network capture utility designed specifically for DNS traffic. It produces binary data in pcap(3) format. This utility is similar to tcpdump(1), but has a number of features tailored to DNS transactions and protocol options. OARC uses dnscap for DITL data collections. Some of its features include:
- Understands both IPv4 and IPv6
- Captures UDP, TCP, and IP fragments.
- Collect only queries, responses, or both (-s option)
- Collect for only certain source/destination addresses (-a -z -A -Z options)
- Periodically creates new pcap files (-t option)
- Spawns an upload script after closing a pcap file (-k option)
- Will start and stop collecting at specific times (-B -E options)
Packages for Debian, Ubuntu and RPM (CentOS, Fedora, RHEL, SLE and openSUSE) can be found here: https://dev.dns-oarc.net/packages/
You can also find it in the FreeBSD ports system (dns/dnscap).
The following releases of the DNSCAP software are available for download along with the changelog.
|dnscap-2.1.1.tar.gz||February 3, 2023||718K|
|dnscap-2.1.0.tar.gz||September 9, 2022||718K|
|dnscap-2.0.3.tar.gz||June 13, 2022||717K|
|dnscap-2.0.2.tar.gz||March 8, 2022||717K|
|dnscap-2.0.1.tar.gz||March 11, 2021||716K|
|dnscap-2.0.0.tar.gz||February 12, 2021||716K|
|dnscap-1.12.0.tar.gz||October 22, 2020||691K|
|dnscap-1.11.1.tar.gz||August 20, 2020||656K|
|dnscap-1.11.0.tar.gz||June 1, 2020||652K|
|dnscap-1.10.4.tar.gz||March 2, 2020||641K|
|dnscap-1.10.3.tar.gz||October 2, 2019||641K|
|dnscap-1.10.2.tar.gz||August 5, 2019||641K|
|dnscap-1.10.1.tar.gz||July 8, 2019||641K|
|dnscap-1.10.0.tar.gz||December 3, 2018||647K|
|dnscap-1.9.0.tar.gz||February 28, 2018||522K|
|dnscap-1.8.0.tar.gz||February 7, 2018||522K|
|dnscap-1.7.1.tar.gz||December 27, 2017||483K|
|dnscap-1.7.0.tar.gz||December 19, 2017||476K|
|dnscap-1.6.0.tar.gz||December 1, 2017||458K|
|dnscap-1.5.1.tar.gz||August 21, 2017||458K|
|dnscap-1.5.0.tar.gz||June 06, 2017||434K|
|dnscap-1.4.1.tar.gz||March 29, 2017||422K|
|dnscap-1.4.0.tar.gz||February 27, 2017||417K|
|dnscap-1.3.0.tar.gz||December 23, 2016||397K|
|dnscap-1.2.0.tar.gz||October 27, 2016||386K|
|dnscap-1.1.0.tar.gz||October 11, 2016||375K|
|dnscap-20160205.tar.gz||February 5, 2016||103K|
See sha256.txt or sha512.txt for checksums.
The DNSCAP software is licensed under the BSD license.
See README.md for instructions how to install the software and the included manual pages on how to run the software.
You can clone the code repositories from GitHub:
$ git clone https://github.com/DNS-OARC/dnscap.git
Users Mailing List
Users interested in staying on top of dnscap development can subscribe to the dnscap-users mailing list.