On Aug 17, 2010, at 4:12 AM, Greg Hauptmann wrote:
> Q1 - Is it possible to capture DNS request/responses with the library?
libpcap and the kernel mechanisms atop which it runs, and WinPcap, including
both the library and the driver, and the kernel mechanism (NDIS) into which it
plugs, are capable of handling any type of packets, including UDP packets to
and from port 53, such as DNS traffic.
(I.e., there's nothing special required to capture DNS packets; it's just
network traffic, and libpcap/WinPcap and the mechanisms they use don't care
about details up at the UDP layer and above, and care little if anything about
details below.)
The filtering mechanism used by libpcap/WinPcap is capable of, for example,
checking for UDP packets to and from port 53, so if you want to set a capture
filter to capture particular packets, including packets to and from UDP port
53, you can do that.
> Q2 - If yes, once I have the packet does anyone have any sample code
> that shows how I could extract the fields from the DNS response?
Some code that parses DNS packets is
1) print-domain.c in the tcpdump/WinDump source
and
2) epan/dissectors/packet-dns.c in the Wireshark source.
_______________________________________________
Winpcap-users mailing list
Winpcap-users@winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
