dnstop是非常方便的工具,可以觀察即時的dns查詢。
安裝
# yum install dnstop
這過程會安裝libpcap
執行
# dnstop 介面名稱
查看介面ens192
# dnstop ens192
查看5層的資料
# dnstop -l 5 eth0
進入後可使用的指令
s- 來源清單 Sources list
d - 目標清單 Destinations list
c - 來源和查詢網域(只顯示2,3層)
t - 依類型 Query types
o - 操作 Opcodes
r - 錯誤 Rcodes
1 - 1st level Query Names ! - with Sources
2 - 2nd level Query Names @ - with Sources
3 - 3rd level Query Names # - with Sources
4 - 4th level Query Names $ - with Sources
5 - 5th level Query Names % - with Sources
6 - 6th level Query Names ^ - with Sources
7 - 7th level Query Names & - with Sources
8 - 8th level Query Names * - with Sources
9 - 9th level Query Names ( - with Sources
^R - Reset counters
^X - Exit
? - 指令說明 this
限制
執行的結果目前無法輸出,指令有savefile並不是輸出到檔案,而是讀取tcpdump的檔案。
操作畫面
s
Queries: 144 new, 65233 total Tue Jan 15 10:24:48 2019
Sources Count % cum%
----------------------------------- --------- ------ ------
163.17.40.3 11637 17.8 17.8
140.128.187.252 2901 4.4 22.3
163.17.198.130 2329 3.6 25.9
163.17.50.110 2012 3.1 28.9
2001:288:5400:0:5d7a:8157:1ddb:b0d9 1856 2.8 31.8
163.17.209.242 1663 2.5 34.3
140.128.60.4 1152 1.8 36.1
140.128.161.221 1050 1.6 37.7
140.128.241.21 861 1.3 39.0
163.17.43.1 647 1.0 40.0
163.17.217.89 621 1.0 41.0
163.17.198.245 588 0.9 41.9
d
Queries: 186 new, 84717 total Tue Jan 15 10:26:40 2019
Destinations Count % cum%
------------------------------- --------- ------ ------
163.17.40.3 60596 71.5 71.5
2001:288:5400::3 6017 7.1 78.6
216.239.34.10 401 0.5 79.1
216.239.36.10 384 0.5 79.6
52.74.159.86 339 0.4 80.0
52.74.115.27 300 0.4 80.3
52.220.62.68 242 0.3 80.6
2.22.230.130 229 0.3 80.9
2001:4998:130::1001 204 0.2 81.1
203.211.2.214 201 0.2 81.3
84.53.139.129 181 0.2 81.6
119.160.253.83 157 0.2 81.7
c
Queries: 148 new, 9357 total Tue Jan 15 10:29:14 2019
Source Query Name Count % cum%
----------------------- ---------------- --------- ------ ------
163.17.40.3 akamaiedge.net 166 1.8 1.8
163.17.40.3 sophosxl.net 124 1.3 3.1
140.128.187.252 sophosxl.net 99 1.1 4.2
163.17.40.3 akadns.net 87 0.9 5.1
163.17.40.3 amazonaws.com 83 0.9 6.0
140.128.218.51 yahoo.com 76 0.8 6.8
140.128.222.5 googleapis.com 76 0.8 7.6
163.17.40.3 com.tw 64 0.7 8.3
128.177.136.155 163.in-addr.arpa 54 0.6 8.9
163.17.40.3 akamai.net 47 0.5 9.4
163.17.40.3 gov.tw 43 0.5 9.8
140.128.230.94 edu.tw 40 0.4 10.2
163.17.40.3 cloudfront.net 40 0.4 10.7
t
Queries: 174 new, 44631 total Tue Jan 15 10:32:48 2019
Query Type Count % cum%
---------- --------- ------ ------
A? 25742 57.7 57.7
AAAA? 11832 26.5 84.2
PTR? 4681 10.5 94.7
TXT? 1288 2.9 97.6
DS? 563 1.3 98.8
MX? 225 0.5 99.3
NS? 117 0.3 99.6
SOA? 77 0.2 99.8
SRV? 54 0.1 99.9
DNSKEY? 22 0.0 99.9
CNAME? 16 0.0 100.0
DLV? 5 0.0 100.0
ANY? 5 0.0 100.0
SPF? 4 0.0 100.0
數字 1-9 shift-1~shift-9
1
Query Name Count % cum%
------------ --------- ------ ------
com 28929 49.3 49.3
net 10054 17.1 66.4
tw 9021 15.4 81.8
in-addr.arpa 6434 11.0 92.7
org 542 0.9 93.6
2
Query Name Count % cum%
--------------------- --------- ------ ------
163.in-addr.arpa 6054 9.5 9.5
edu.tw 6034 9.5 19.0
google.com 3712 5.8 24.8
microsoft.com 2712 4.3 29.1
yahoo.com 2022 3.2 32.2
3
Query Name Count % cum%
--------------------------- --------- ------ ------
17.163.in-addr.arpa 6141 9.4 9.4
tc.edu.tw 5242 8.0 17.4
s.sophosxl.net 1451 2.2 19.6
elb.amazonaws.com 810 1.2 20.8
128.140.in-addr.arpa 808 1.2 22.0
4
Query Name Count % cum%
------------------------------- --------- ------ ------
07.s.sophosxl.net 1329 1.9 1.9
200.17.163.in-addr.arpa 849 1.2 3.2
www.googleapis.com 660 1.0 4.2
ncdr.nat.gov.tw 659 1.0 5.1
softwareupdate.vmware.com 659 1.0 6.1
5
Query Name Count % cum%
------------------------------- --------- ------ ------
i.07.s.sophosxl.net 1326 1.9 1.9
128-25.200.17.163.in-addr.arpa 820 1.2 3.0
www.googleapis.com 692 1.0 4.0
softwareupdate.vmware.com 685 1.0 5.0
alerts.ncdr.nat.gov.tw 644 0.9 5.9
6..9略
! (按shift-1)
Queries: 234 new, 93508 total Tue Jan 15 10:37:33 2019
Source Query Name Count % cum%
----------------------------------- ---------- --------- ------ ------
163.17.40.3 com 7731 8.3 8.3
163.17.40.3 net 7266 7.8 16.0
163.17.198.130 com 2906 3.1 19.1
140.128.187.252 net 1765 1.9 21.0
140.128.187.252 com 1712 1.8 22.9
@ (按shift-2)
Source Query Name Count % cum%
----------------------------------- ---------------- --------- ------ ------
163.17.40.3 sophosxl.net 1789 1.8 1.8
140.128.187.252 sophosxl.net 1574 1.6 3.4
163.17.40.3 akamaiedge.net 1403 1.4 4.8
163.17.40.3 qq.com 946 1.0 5.8
163.17.40.3 amazonaws.com 824 0.8 6.6
@ (按shift-3)
Source Query Name Count % cum%
------------------- ------------------------- --------- ------ ------
163.17.40.3 s.sophosxl.net 1739 1.7 1.7
140.128.187.252 s.sophosxl.net 1608 1.6 3.3
140.128.222.5 www.googleapis.com 797 0.8 4.0
163.17.40.3 elb.amazonaws.com 769 0.8 4.8
163.17.40.3 com.akadns.net 509 0.5 5.3
$ (按shift-4)
Source Query Name Count % cum%
------------------- -------------------------------- --------- ------ ------
163.17.40.3 07.s.sophosxl.net 1817 1.6 1.6
140.128.187.252 07.s.sophosxl.net 1634 1.5 3.1
140.128.222.5 www.googleapis.com 854 0.8 3.9
128.177.136.155 200.17.163.in-addr.arpa 345 0.3 4.2
128.177.136.154 200.17.163.in-addr.arpa 311 0.3 4.5
% (按shift-5)
Source Query Name Count % cum%
------------------- ------------------------------ --------- ------ ------
163.17.40.3 i.07.s.sophosxl.net 1822 1.6 1.6
140.128.187.252 i.07.s.sophosxl.net 1648 1.4 3.0
140.128.222.5 www.googleapis.com 894 0.8 3.8
128.177.136.155 128-25.200.17.163.in-addr.arpa 340 0.3 4.1
128.177.136.154 128-25.200.17.163.in-addr.arpa 305 0.3 4.4
^..( shift-6~shift-9略
o
------ --------- ------ ------
Query 122450 100.0 100.0
Update 40 0.0 100.0
r
------- --------- ------ ------
Noerror 125540 100.0 100.0
參考資料
[1] 官網 http://dns.measurement-factory.com/tools/dnstop/