reassemble_dns reads 1 to n
.pcap files, extracts DNS messages and writes them to a binary
.dns file. The reassembler supports IPv4, IPv6, UDP and TCP. IPv4/IPv6 fragments and TCP streams are reassembled, thus giving you DNS queries and responses without having to worry about TCP/IP troubles. This is also useful to reduce the size of your
.pcap files. reassemble_dns uses Python 2.7 and depends on dpkt.
python reassemble_write.py input.pcap output.dns
.dns file format
The file format of the resulting
.dns file is documented in dns_file_format.txt.
If you do not want to implement your own parser, you can use dns_parser to read the
.dns file. dns_parser uses Python 2.7 and depends on dnspython.
python dns_parser.py output.dns