reassemble_dns reads 1 to n .pcap files, extracts DNS messages and writes them to a binary .dns file. The reassembler supports IPv4, IPv6, UDP and TCP. IPv4/IPv6 fragments and TCP streams are reassembled, thus giving you DNS queries and responses without having to worry about TCP/IP troubles. This is also useful to reduce the size of your .pcap files. reassemble_dns uses Python 2.7 and depends on dpkt.


python input.pcap output.dns

.dns file format

The file format of the resulting .dns file is documented in dns_file_format.txt.


If you do not want to implement your own parser, you can use dns_parser to read the .dns file. dns_parser uses Python 2.7 and depends on dnspython.


python output.dns