reassemble_dns

reassemble_dns reads 1 to n .pcap files, extracts DNS messages and writes them to a binary .dns file. The reassembler supports IPv4, IPv6, UDP and TCP. IPv4/IPv6 fragments and TCP streams are reassembled, thus giving you DNS queries and responses without having to worry about TCP/IP troubles. This is also useful to reduce the size of your .pcap files. reassemble_dns uses Python 2.7 and depends on dpkt.

Usage:

python reassemble_write.py input.pcap output.dns

.dns file format

The file format of the resulting .dns file is documented in dns_file_format.txt.

dns_parser

If you do not want to implement your own parser, you can use dns_parser to read the .dns file. dns_parser uses Python 2.7 and depends on dnspython.

Usage:

python dns_parser.py output.dns