Yes, NetworkMiner is good for that. Free version can only ingest 1GB pcaps, so keep that in mind.
NetWitness Investigator also has a free/community version, same 1GB ingestion limit. The tools have different views, so depending on what/how you want to see results, one could work better for you than the other. Regards, Frank Frank McClain Sent from Vic20 over 4G On May 27, 2013 8:17 PM, "Ryan B" <[email protected]> wrote: > If you have used some of the already described methods to capture the > traffic, Network Miner is a good tool for eating through it and pulling out > interesting information. I believe it shows DNS requests and responses in > one of the tabs. > > Hope this helps. > > Cheers > > > On Tue, May 28, 2013 at 4:39 AM, John Bond <[email protected]> wrote: > >> >> >> >> On 27 May 2013 03:53, Tim Parker <[email protected]> wrote: >> >>> What's the best way to capture and analyze DNS queries and responses on >>> my LAN? Are there any good tools out there for this? I can run a full >>> capture on the WAN interface, but then what's good for automating the >>> extraction of the DNS traffic? >>> >> >> try some of the following options >> >> dsc[1] for general overview stuff >> dns-anomaly[2] For anomaly detection >> dnstop[3] for general live overview stuff >> packetQ[4] SQL interface to pcap data with builtin dns support (very cool) >> >> some of the other tools at http://dns.measurement-factory.com/tools/ may >> also be usefull >> >> >> [1]https://www.dns-oarc.net/tools/dsc >> [2]https://gitweb.labs.nic.cz/?p=dns-anomaly.git;a=summary >> [3]http://dns.measurement-factory.com/tools/dnstop/ >> [4]https://github.com/dotse/PacketQ >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
