码迷,mamicode.com
首页 > 其他好文 > 详细

scapy - dns sniffer

时间:2015-05-23 13:00:37      阅读:330      评论:0      收藏:0      [点我收藏+]

标签:

How to parse dns request and response ? Scapy is a powerful tool, and it can help us for dns detail.

#!/usr/bin/env python
# -*- coding: utf8 -*-

"""
execute demo py with root privilege, and finish double dns query as follow.

    $ nslookup search.yahoo.com
    $ nslookup github.com

dns sniffer will parse dns requests and responses automatically.

    root:scapy/ #  python scapy-dns_sniff.py
    WARNING: No route found for IPv6 destination :: (no default route?)

    [*] request: 192.168.1.108:49771 -> 192.168.1.1:53 : search.yahoo.com.
    [*] response: 192.168.1.108:49771 <- 192.168.1.1:53 : search.yahoo.com. - ds-global.l7.search.ystg1.b.yahoo.com.
    [*] response: 192.168.1.108:49771 <- 192.168.1.1:53 : ds-global.l7.search.ystg1.b.yahoo.com. - ds-any-global.l7.search.ysta1.b.yahoo.com.
    [*] response: 192.168.1.108:49771 <- 192.168.1.1:53 : ds-any-global.l7.search.ysta1.b.yahoo.com. - 188.125.66.104

    [*] request: 192.168.1.108:40813 -> 192.168.1.1:53 : github.com.
    [*] response: 192.168.1.108:40813 <- 192.168.1.1:53 : github.com. - 192.30.252.128

"""

from scapy.all import *


# disable verbose mode
conf.verb = 0


def parse_dnspkt(pkt):
    """ parse dns request / response packet """
    if pkt and pkt.haslayer(‘UDP‘) and pkt.haslayer(‘DNS‘):
        ip = pkt[‘IP‘]
        udp = pkt[‘UDP‘]
        dns = pkt[‘DNS‘]

        # dns query packet
        if int(udp.dport) == 53:
            qname = dns.qd.qname

            print "\n[*] request: %s:%d -> %s:%d : %s" % (
                ip.src, udp.sport,
                ip.dst, udp.dport,
                qname)

        # dns reply packet
        elif int(udp.sport) == 53:
            # dns DNSRR count (answer count)
            for i in range(dns.ancount):
                dnsrr = dns.an[i]
                print "[*] response: %s:%s <- %s:%d : %s - %s" % (
                    ip.dst, udp.dport,
                    ip.src, udp.sport,
                    dnsrr.rrname, dnsrr.rdata)


def sniffer():
    sniff(filter="udp port 53", prn=parse_dnspkt)


if __name__ == "__main__":
    sniffer()

You can get more details, when you open blog.csdn.net. So many noisy dns requests have been sent.

root:scapy/ #  python scapy-dns_sniff.py 
WARNING: No route found for IPv6 destination :: (no default route?)

[*] request: 192.168.1.108:46387 -> 192.168.1.1:53 : c.csdnimg.cn.

[*] request: 192.168.1.108:48780 -> 192.168.1.1:53 : static.blog.csdn.net.

[*] request: 192.168.1.108:48780 -> 192.168.1.1:53 : static.blog.csdn.net.

[*] request: 192.168.1.108:58082 -> 192.168.1.1:53 : creatim.allyes.com.cn.
[*] response: 192.168.1.108:58082 <- 192.168.1.1:53 : creatim.allyes.com.cn. - creatim.allyes.com.cn.wscdns.com.
[*] response: 192.168.1.108:58082 <- 192.168.1.1:53 : creatim.allyes.com.cn.wscdns.com. - opt.xdwscache.glb0.lxdns.com.
[*] response: 192.168.1.108:58082 <- 192.168.1.1:53 : opt.xdwscache.glb0.lxdns.com. - 220.168.132.115
[*] response: 192.168.1.108:58082 <- 192.168.1.1:53 : opt.xdwscache.glb0.lxdns.com. - 220.169.243.176

[*] request: 192.168.1.108:58082 -> 192.168.1.1:53 : creatim.allyes.com.cn.

[*] request: 192.168.1.108:46387 -> 192.168.1.1:53 : c.csdnimg.cn.
[*] response: 192.168.1.108:48780 <- 192.168.1.1:53 : static.blog.csdn.net. - static.blog.csdn.net.w.kunlungem.com.

[*] request: 192.168.1.108:47620 -> 192.168.1.1:53 : blog.csdn.net.

[*] request: 192.168.1.108:47620 -> 192.168.1.1:53 : blog.csdn.net.
[*] response: 192.168.1.108:58082 <- 192.168.1.1:53 : creatim.allyes.com.cn. - creatim.allyes.com.cn.wscdns.com.
[*] response: 192.168.1.108:58082 <- 192.168.1.1:53 : creatim.allyes.com.cn.wscdns.com. - opt.xdwscache.glb0.lxdns.com.

[*] request: 192.168.1.108:38075 -> 192.168.1.1:53 : blog.csdn.net.

[*] request: 192.168.1.108:34865 -> 192.168.1.1:53 : static.csdn.net.
[*] response: 192.168.1.108:46387 <- 192.168.1.1:53 : c.csdnimg.cn. - c.csdnimg.cn.w.kunlungem.com.
[*] response: 192.168.1.108:46387 <- 192.168.1.1:53 : c.csdnimg.cn.w.kunlungem.com. - 124.232.157.110
[*] response: 192.168.1.108:46387 <- 192.168.1.1:53 : c.csdnimg.cn.w.kunlungem.com. - 124.232.157.120
[*] response: 192.168.1.108:48780 <- 192.168.1.1:53 : static.blog.csdn.net. - static.blog.csdn.net.w.kunlungem.com.
[*] response: 192.168.1.108:48780 <- 192.168.1.1:53 : static.blog.csdn.net.w.kunlungem.com. - 124.232.157.120
[*] response: 192.168.1.108:48780 <- 192.168.1.1:53 : static.blog.csdn.net.w.kunlungem.com. - 124.232.157.110

[*] request: 192.168.1.108:58992 -> 192.168.1.1:53 : csdnimg.cn.

[*] request: 192.168.1.108:58992 -> 192.168.1.1:53 : csdnimg.cn.
[*] response: 192.168.1.108:46387 <- 192.168.1.1:53 : c.csdnimg.cn. - c.csdnimg.cn.w.kunlungem.com.
[*] response: 192.168.1.108:58992 <- 192.168.1.1:53 : csdnimg.cn. - 117.79.93.221

[*] request: 192.168.1.108:58804 -> 192.168.1.1:53 : csdnim.allyes.com.

[*] request: 192.168.1.108:58804 -> 192.168.1.1:53 : csdnim.allyes.com.
[*] response: 192.168.1.108:47620 <- 192.168.1.1:53 : blog.csdn.net. - 114.112.73.198
[*] response: 192.168.1.108:38075 <- 192.168.1.1:53 : blog.csdn.net. - 114.112.73.198
[*] response: 192.168.1.108:34865 <- 192.168.1.1:53 : static.csdn.net. - static.csdn.net.w.kunlungem.com.
[*] response: 192.168.1.108:34865 <- 192.168.1.1:53 : static.csdn.net.w.kunlungem.com. - 124.232.157.120
[*] response: 192.168.1.108:34865 <- 192.168.1.1:53 : static.csdn.net.w.kunlungem.com. - 124.232.157.110

[*] request: 192.168.1.108:34865 -> 192.168.1.1:53 : static.csdn.net.
[*] response: 192.168.1.108:58804 <- 192.168.1.1:53 : csdnim.allyes.com. - imediacast.cdn.allyes.com.
[*] response: 192.168.1.108:58804 <- 192.168.1.1:53 : imediacast.cdn.allyes.com. - 115.236.16.222
[*] response: 192.168.1.108:58804 <- 192.168.1.1:53 : imediacast.cdn.allyes.com. - 118.26.144.201
[*] response: 192.168.1.108:58804 <- 192.168.1.1:53 : csdnim.allyes.com. - imediacast.cdn.allyes.com.

[*] request: 192.168.1.108:42427 -> 192.168.1.1:53 : www.google-analytics.com.

[*] request: 192.168.1.108:42427 -> 192.168.1.1:53 : www.google-analytics.com.
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www.google-analytics.com. - www-google-analytics.l.google.com.
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 2404:6800:4005:80b::200e
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www.google-analytics.com. - www-google-analytics.l.google.com.
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.162
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.165
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.160
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.163
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.161
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.174
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.168
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.167
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.166
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.169
[*] response: 192.168.1.108:42427 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.49.164

[*] request: 192.168.1.108:37409 -> 192.168.1.1:53 : bdimg.share.baidu.com.

[*] request: 192.168.1.108:37409 -> 192.168.1.1:53 : bdimg.share.baidu.com.
[*] response: 192.168.1.108:37409 <- 192.168.1.1:53 : bdimg.share.baidu.com. - baecdn.baidu.com.
[*] response: 192.168.1.108:37409 <- 192.168.1.1:53 : baecdn.baidu.com. - bae.jomodns.com.
[*] response: 192.168.1.108:37409 <- 192.168.1.1:53 : bae.jomodns.com. - 124.232.162.48
[*] response: 192.168.1.108:37409 <- 192.168.1.1:53 : bdimg.share.baidu.com. - baecdn.baidu.com.
[*] response: 192.168.1.108:37409 <- 192.168.1.1:53 : baecdn.baidu.com. - bae.jomodns.com.

[*] request: 192.168.1.108:33151 -> 192.168.1.1:53 : message.csdn.net.

[*] request: 192.168.1.108:33151 -> 192.168.1.1:53 : message.csdn.net.
[*] response: 192.168.1.108:33151 <- 192.168.1.1:53 : message.csdn.net. - 117.79.93.203
[*] response: 192.168.1.108:34865 <- 192.168.1.1:53 : static.csdn.net. - static.csdn.net.w.kunlungem.com.

[*] request: 192.168.1.108:40500 -> 192.168.1.1:53 : dc.csdn.net.
[*] response: 192.168.1.108:40500 <- 192.168.1.1:53 : dc.csdn.net. - 117.79.93.210

[*] request: 192.168.1.108:40500 -> 192.168.1.1:53 : dc.csdn.net.

[*] request: 192.168.1.108:54553 -> 192.168.1.1:53 : apps.bdimg.com.

[*] request: 192.168.1.108:54553 -> 192.168.1.1:53 : apps.bdimg.com.
[*] response: 192.168.1.108:54553 <- 192.168.1.1:53 : apps.bdimg.com. - apps.bdimg.jomodns.com.
[*] response: 192.168.1.108:54553 <- 192.168.1.1:53 : apps.bdimg.jomodns.com. - 124.232.162.49
[*] response: 192.168.1.108:54553 <- 192.168.1.1:53 : apps.bdimg.com. - apps.bdimg.jomodns.com.

[*] request: 192.168.1.108:33118 -> 192.168.1.1:53 : avatar.csdn.net.

[*] request: 192.168.1.108:33118 -> 192.168.1.1:53 : avatar.csdn.net.
[*] response: 192.168.1.108:33118 <- 192.168.1.1:53 : avatar.csdn.net. - 117.79.93.221

[*] request: 192.168.1.108:49441 -> 192.168.1.1:53 : pagead2.googlesyndication.com.
[*] response: 192.168.1.108:49441 <- 192.168.1.1:53 : pagead2.googlesyndication.com. - pagead46.l.doubleclick.net.
[*] response: 192.168.1.108:49441 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.154
[*] response: 192.168.1.108:49441 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.153
[*] response: 192.168.1.108:49441 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.141

[*] request: 192.168.1.108:49441 -> 192.168.1.1:53 : pagead2.googlesyndication.com.
[*] response: 192.168.1.108:49441 <- 192.168.1.1:53 : pagead2.googlesyndication.com. - pagead46.l.doubleclick.net.
[*] response: 192.168.1.108:49441 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 2404:6800:4005:80a::2002

[*] request: 192.168.1.108:40008 -> 192.168.1.1:53 : a.yunshipei.com.

[*] request: 192.168.1.108:40008 -> 192.168.1.1:53 : a.yunshipei.com.

[*] request: 192.168.1.108:33907 -> 192.168.1.1:53 : passport.csdn.net.

[*] request: 192.168.1.108:33907 -> 192.168.1.1:53 : passport.csdn.net.
[*] response: 192.168.1.108:40008 <- 192.168.1.1:53 : a.yunshipei.com. - yspstore.blob.core.chinacloudapi.cn.
[*] response: 192.168.1.108:40008 <- 192.168.1.1:53 : yspstore.blob.core.chinacloudapi.cn. - blob.bjbprdstr01a.store.core.chinacloudapi.cn.
[*] response: 192.168.1.108:33907 <- 192.168.1.1:53 : passport.csdn.net. - 114.112.73.194
[*] response: 192.168.1.108:40008 <- 192.168.1.1:53 : a.yunshipei.com. - yspstore.blob.core.chinacloudapi.cn.
[*] response: 192.168.1.108:40008 <- 192.168.1.1:53 : yspstore.blob.core.chinacloudapi.cn. - blob.bjbprdstr01a.store.core.chinacloudapi.cn.
[*] response: 192.168.1.108:40008 <- 192.168.1.1:53 : blob.bjbprdstr01a.store.core.chinacloudapi.cn. - 42.159.16.14

[*] request: 192.168.1.108:39252 -> 192.168.1.1:53 : img.my.csdn.net.
[*] response: 192.168.1.108:39252 <- 192.168.1.1:53 : img.my.csdn.net. - old-my.qiniudn.com.
[*] response: 192.168.1.108:39252 <- 192.168.1.1:53 : old-my.qiniudn.com. - wsall.qiniudn.com.wscdns.com.
[*] response: 192.168.1.108:39252 <- 192.168.1.1:53 : wsall.qiniudn.com.wscdns.com. - qiniunor.xdwscache.glb0.lxdns.com.
[*] response: 192.168.1.108:39252 <- 192.168.1.1:53 : qiniunor.xdwscache.glb0.lxdns.com. - 218.76.105.75
[*] response: 192.168.1.108:39252 <- 192.168.1.1:53 : qiniunor.xdwscache.glb0.lxdns.com. - 124.228.90.88

[*] request: 192.168.1.108:39252 -> 192.168.1.1:53 : img.my.csdn.net.
[*] response: 192.168.1.108:39252 <- 192.168.1.1:53 : img.my.csdn.net. - old-my.qiniudn.com.
[*] response: 192.168.1.108:39252 <- 192.168.1.1:53 : old-my.qiniudn.com. - wsall.qiniudn.com.wscdns.com.
[*] response: 192.168.1.108:39252 <- 192.168.1.1:53 : wsall.qiniudn.com.wscdns.com. - qiniunor.xdwscache.glb0.lxdns.com.

[*] request: 192.168.1.108:60243 -> 192.168.1.1:53 : csdnimg.cn.
[*] response: 192.168.1.108:60243 <- 192.168.1.1:53 : csdnimg.cn. - 117.79.93.221

[*] request: 192.168.1.108:58021 -> 192.168.1.1:53 : dc2.csdn.net.

[*] request: 192.168.1.108:49515 -> 192.168.1.1:53 : dc2.csdn.net.
[*] response: 192.168.1.108:58021 <- 192.168.1.1:53 : dc2.csdn.net. - 117.79.93.210
[*] response: 192.168.1.108:49515 <- 192.168.1.1:53 : dc2.csdn.net. - 117.79.93.210

[*] request: 192.168.1.108:58021 -> 192.168.1.1:53 : dc2.csdn.net.

[*] request: 192.168.1.108:52646 -> 192.168.1.1:53 : www.google-analytics.com.
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www.google-analytics.com. - www-google-analytics.l.google.com.
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.130
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.134
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.142
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.128
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.131
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.129
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.137
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.135
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.136
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.132
[*] response: 192.168.1.108:52646 <- 192.168.1.1:53 : www-google-analytics.l.google.com. - 203.208.48.133

[*] request: 192.168.1.108:37743 -> 192.168.1.1:53 : cpro.baidustatic.com.

[*] request: 192.168.1.108:50101 -> 192.168.1.1:53 : cpro.baidustatic.com.
[*] response: 192.168.1.108:37743 <- 192.168.1.1:53 : cpro.baidustatic.com. - wmjs.jomodns.com.
[*] response: 192.168.1.108:37743 <- 192.168.1.1:53 : wmjs.jomodns.com. - 124.232.162.34

[*] request: 192.168.1.108:37743 -> 192.168.1.1:53 : cpro.baidustatic.com.
[*] response: 192.168.1.108:50101 <- 192.168.1.1:53 : cpro.baidustatic.com. - wmjs.jomodns.com.
[*] response: 192.168.1.108:50101 <- 192.168.1.1:53 : wmjs.jomodns.com. - 124.232.162.34
[*] response: 192.168.1.108:37743 <- 192.168.1.1:53 : cpro.baidustatic.com. - wmjs.jomodns.com.

[*] request: 192.168.1.108:56226 -> 192.168.1.1:53 : pos.baidu.com.

[*] request: 192.168.1.108:56226 -> 192.168.1.1:53 : pos.baidu.com.

[*] request: 192.168.1.108:47155 -> 192.168.1.1:53 : pos.baidu.com.
[*] response: 192.168.1.108:56226 <- 192.168.1.1:53 : pos.baidu.com. - cb.e.shifen.com.
[*] response: 192.168.1.108:56226 <- 192.168.1.1:53 : pos.baidu.com. - cb.e.shifen.com.
[*] response: 192.168.1.108:56226 <- 192.168.1.1:53 : cb.e.shifen.com. - 115.239.210.141
[*] response: 192.168.1.108:47155 <- 192.168.1.1:53 : pos.baidu.com. - cb.e.shifen.com.
[*] response: 192.168.1.108:47155 <- 192.168.1.1:53 : cb.e.shifen.com. - 115.239.210.141

[*] request: 192.168.1.108:50784 -> 192.168.1.1:53 : googleads.g.doubleclick.net.

[*] request: 192.168.1.108:50784 -> 192.168.1.1:53 : googleads.g.doubleclick.net.

[*] request: 192.168.1.108:50611 -> 192.168.1.1:53 : googleads.g.doubleclick.net.
[*] response: 192.168.1.108:50784 <- 192.168.1.1:53 : googleads.g.doubleclick.net. - pagead46.l.doubleclick.net.
[*] response: 192.168.1.108:50784 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.153
[*] response: 192.168.1.108:50784 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.141
[*] response: 192.168.1.108:50784 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.154
[*] response: 192.168.1.108:50611 <- 192.168.1.1:53 : googleads.g.doubleclick.net. - pagead46.l.doubleclick.net.
[*] response: 192.168.1.108:50611 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.154
[*] response: 192.168.1.108:50611 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.153
[*] response: 192.168.1.108:50611 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.141
[*] response: 192.168.1.108:50784 <- 192.168.1.1:53 : googleads.g.doubleclick.net. - pagead46.l.doubleclick.net.
[*] response: 192.168.1.108:50784 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 2404:6800:4005:80a::2002

[*] request: 192.168.1.108:56254 -> 192.168.1.1:53 : cpro.baidu.com.

[*] request: 192.168.1.108:56254 -> 192.168.1.1:53 : cpro.baidu.com.

[*] request: 192.168.1.108:36829 -> 192.168.1.1:53 : cpro.baidu.com.

[*] request: 192.168.1.108:44883 -> 192.168.1.1:53 : wn.pos.baidu.com.

[*] request: 192.168.1.108:44883 -> 192.168.1.1:53 : wn.pos.baidu.com.

[*] request: 192.168.1.108:43746 -> 192.168.1.1:53 : wn.pos.baidu.com.
[*] response: 192.168.1.108:56254 <- 192.168.1.1:53 : cpro.baidu.com. - cpro.e.shifen.com.
[*] response: 192.168.1.108:56254 <- 192.168.1.1:53 : cpro.e.shifen.com. - 115.239.211.17
[*] response: 192.168.1.108:56254 <- 192.168.1.1:53 : cpro.baidu.com. - cpro.e.shifen.com.
[*] response: 192.168.1.108:43746 <- 192.168.1.1:53 : wn.pos.baidu.com. - wn.pos.e.shifen.com.
[*] response: 192.168.1.108:43746 <- 192.168.1.1:53 : wn.pos.e.shifen.com. - 115.239.211.206
[*] response: 192.168.1.108:36829 <- 192.168.1.1:53 : cpro.baidu.com. - cpro.e.shifen.com.
[*] response: 192.168.1.108:36829 <- 192.168.1.1:53 : cpro.e.shifen.com. - 115.239.211.17
[*] response: 192.168.1.108:44883 <- 192.168.1.1:53 : wn.pos.baidu.com. - wn.pos.e.shifen.com.
[*] response: 192.168.1.108:44883 <- 192.168.1.1:53 : wn.pos.baidu.com. - wn.pos.e.shifen.com.
[*] response: 192.168.1.108:44883 <- 192.168.1.1:53 : wn.pos.e.shifen.com. - 115.239.211.206

[*] request: 192.168.1.108:54813 -> 192.168.1.1:53 : ubmcmm.baidustatic.com.

[*] request: 192.168.1.108:43240 -> 192.168.1.1:53 : ubmcmm.baidustatic.com.

[*] request: 192.168.1.108:54813 -> 192.168.1.1:53 : ubmcmm.baidustatic.com.
[*] response: 192.168.1.108:43240 <- 192.168.1.1:53 : ubmcmm.baidustatic.com. - wmpic.jomodns.com.
[*] response: 192.168.1.108:43240 <- 192.168.1.1:53 : wmpic.jomodns.com. - 124.232.162.45
[*] response: 192.168.1.108:54813 <- 192.168.1.1:53 : ubmcmm.baidustatic.com. - wmpic.jomodns.com.
[*] response: 192.168.1.108:54813 <- 192.168.1.1:53 : wmpic.jomodns.com. - 124.232.162.45
[*] response: 192.168.1.108:54813 <- 192.168.1.1:53 : ubmcmm.baidustatic.com. - wmpic.jomodns.com.

[*] request: 192.168.1.108:50122 -> 192.168.1.1:53 : cpro2.baidustatic.com.

[*] request: 192.168.1.108:50122 -> 192.168.1.1:53 : cpro2.baidustatic.com.
[*] response: 192.168.1.108:50122 <- 192.168.1.1:53 : cpro2.baidustatic.com. - wmjs.jomodns.com.
[*] response: 192.168.1.108:50122 <- 192.168.1.1:53 : wmjs.jomodns.com. - 124.232.162.34
[*] response: 192.168.1.108:50122 <- 192.168.1.1:53 : cpro2.baidustatic.com. - wmjs.jomodns.com.

[*] request: 192.168.1.108:33779 -> 192.168.1.1:53 : static.googleadsserving.cn.

[*] request: 192.168.1.108:33779 -> 192.168.1.1:53 : static.googleadsserving.cn.

[*] request: 192.168.1.108:45978 -> 192.168.1.1:53 : static.googleadsserving.cn.
[*] response: 192.168.1.108:33779 <- 192.168.1.1:53 : static.googleadsserving.cn. - pagead46.l.doubleclick.net.
[*] response: 192.168.1.108:33779 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.154
[*] response: 192.168.1.108:33779 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.153
[*] response: 192.168.1.108:33779 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.141
[*] response: 192.168.1.108:45978 <- 192.168.1.1:53 : static.googleadsserving.cn. - pagead46.l.doubleclick.net.
[*] response: 192.168.1.108:45978 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.141
[*] response: 192.168.1.108:45978 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.154
[*] response: 192.168.1.108:45978 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 203.208.48.153
[*] response: 192.168.1.108:33779 <- 192.168.1.1:53 : static.googleadsserving.cn. - pagead46.l.doubleclick.net.
[*] response: 192.168.1.108:33779 <- 192.168.1.1:53 : pagead46.l.doubleclick.net. - 2404:6800:4005:808::2002

[*] request: 192.168.1.108:56201 -> 192.168.1.1:53 : cm.g.doubleclick.net.

[*] request: 192.168.1.108:46410 -> 192.168.1.1:53 : cm.g.doubleclick.net.

[*] request: 192.168.1.108:56201 -> 192.168.1.1:53 : cm.g.doubleclick.net.
[*] response: 192.168.1.108:56201 <- 192.168.1.1:53 : cm.g.doubleclick.net. - pagead.l.doubleclick.net.
[*] response: 192.168.1.108:56201 <- 192.168.1.1:53 : cm.g.doubleclick.net. - pagead.l.doubleclick.net.
[*] response: 192.168.1.108:56201 <- 192.168.1.1:53 : pagead.l.doubleclick.net. - 203.208.48.154
[*] response: 192.168.1.108:56201 <- 192.168.1.1:53 : pagead.l.doubleclick.net. - 203.208.48.153
[*] response: 192.168.1.108:56201 <- 192.168.1.1:53 : pagead.l.doubleclick.net. - 203.208.48.141
[*] response: 192.168.1.108:46410 <- 192.168.1.1:53 : cm.g.doubleclick.net. - pagead.l.doubleclick.net.
[*] response: 192.168.1.108:46410 <- 192.168.1.1:53 : pagead.l.doubleclick.net. - 203.208.48.153
[*] response: 192.168.1.108:46410 <- 192.168.1.1:53 : pagead.l.doubleclick.net. - 203.208.48.141
[*] response: 192.168.1.108:46410 <- 192.168.1.1:53 : pagead.l.doubleclick.net. - 203.208.48.154

[*] request: 192.168.1.108:54065 -> 192.168.1.1:53 : counter.csdn.net.

[*] request: 192.168.1.108:38979 -> 192.168.1.1:53 : counter.csdn.net.

[*] request: 192.168.1.108:54065 -> 192.168.1.1:53 : counter.csdn.net.
[*] response: 192.168.1.108:54065 <- 192.168.1.1:53 : counter.csdn.net. - 117.79.93.222
[*] response: 192.168.1.108:38979 <- 192.168.1.1:53 : counter.csdn.net. - 117.79.93.222

[*] request: 192.168.1.108:34785 -> 192.168.1.1:53 : s10-im-notify.csdn.net.

[*] request: 192.168.1.108:34785 -> 192.168.1.1:53 : s10-im-notify.csdn.net.
[*] response: 192.168.1.108:34785 <- 192.168.1.1:53 : s10-im-notify.csdn.net. - 117.79.93.218

[*] request: 192.168.1.108:54145 -> 192.168.1.1:53 : ask.csdn.net.

[*] request: 192.168.1.108:54145 -> 192.168.1.1:53 : ask.csdn.net.

[*] request: 192.168.1.108:43052 -> 192.168.1.1:53 : ask.csdn.net.
[*] response: 192.168.1.108:54145 <- 192.168.1.1:53 : ask.csdn.net. - 114.112.73.210
[*] response: 192.168.1.108:43052 <- 192.168.1.1:53 : ask.csdn.net. - 114.112.73.210

[*] request: 192.168.1.108:60517 -> 192.168.1.1:53 : m.baidu.com.

[*] request: 192.168.1.108:60517 -> 192.168.1.1:53 : m.baidu.com.
[*] response: 192.168.1.108:60517 <- 192.168.1.1:53 : m.baidu.com. - wap.n.shifen.com.
[*] response: 192.168.1.108:60517 <- 192.168.1.1:53 : m.baidu.com. - wap.n.shifen.com.
[*] response: 192.168.1.108:60517 <- 192.168.1.1:53 : wap.n.shifen.com. - 115.239.210.14

[*] request: 192.168.1.108:33958 -> 192.168.1.1:53 : openapi.baidu.com.
[*] response: 192.168.1.108:33958 <- 192.168.1.1:53 : openapi.baidu.com. - developer.n.shifen.com.
[*] response: 192.168.1.108:33958 <- 192.168.1.1:53 : developer.n.shifen.com. - 180.149.132.248

[*] request: 192.168.1.108:33958 -> 192.168.1.1:53 : openapi.baidu.com.
[*] response: 192.168.1.108:33958 <- 192.168.1.1:53 : openapi.baidu.com. - developer.n.shifen.com.

[*] request: 192.168.1.108:43541 -> 192.168.1.1:53 : dup.baidustatic.com.

[*] request: 192.168.1.108:43541 -> 192.168.1.1:53 : dup.baidustatic.com.
[*] response: 192.168.1.108:43541 <- 192.168.1.1:53 : dup.baidustatic.com. - ecomcbjs.jomodns.com.
[*] response: 192.168.1.108:43541 <- 192.168.1.1:53 : ecomcbjs.jomodns.com. - 124.232.162.49
[*] response: 192.168.1.108:43541 <- 192.168.1.1:53 : dup.baidustatic.com. - ecomcbjs.jomodns.com.

[*] request: 192.168.1.108:59842 -> 192.168.1.1:53 : ec.pos.baidu.com.

[*] request: 192.168.1.108:59842 -> 192.168.1.1:53 : ec.pos.baidu.com.
[*] response: 192.168.1.108:59842 <- 192.168.1.1:53 : ec.pos.baidu.com. - e.pos.e.shifen.com.
[*] response: 192.168.1.108:59842 <- 192.168.1.1:53 : ec.pos.baidu.com. - e.pos.e.shifen.com.
[*] response: 192.168.1.108:59842 <- 192.168.1.1:53 : e.pos.e.shifen.com. - 123.125.115.85

[*] request: 192.168.1.108:59656 -> 192.168.1.1:53 : www.csdn.net.

[*] request: 192.168.1.108:58114 -> 192.168.1.1:53 : geek.csdn.net.

[*] request: 192.168.1.108:48773 -> 192.168.1.1:53 : u.download.csdn.net.

[*] request: 192.168.1.108:48773 -> 192.168.1.1:53 : u.download.csdn.net.
[*] response: 192.168.1.108:48773 <- 192.168.1.1:53 : u.download.csdn.net. - 117.79.93.204
[*] response: 192.168.1.108:58114 <- 192.168.1.1:53 : geek.csdn.net. - 117.79.93.222

[*] request: 192.168.1.108:58114 -> 192.168.1.1:53 : geek.csdn.net.
[*] response: 192.168.1.108:59656 <- 192.168.1.1:53 : www.csdn.net. - 114.112.73.194

[*] request: 192.168.1.108:59656 -> 192.168.1.1:53 : www.csdn.net.

[*] request: 192.168.1.108:54656 -> 192.168.1.1:53 : bbs.csdn.net.

[*] request: 192.168.1.108:54656 -> 192.168.1.1:53 : bbs.csdn.net.
[*] response: 192.168.1.108:54656 <- 192.168.1.1:53 : bbs.csdn.net. - 114.112.73.200

[*] request: 192.168.1.108:45781 -> 192.168.1.1:53 : write.blog.csdn.net.

[*] request: 192.168.1.108:45781 -> 192.168.1.1:53 : write.blog.csdn.net.
[*] response: 192.168.1.108:45781 <- 192.168.1.1:53 : write.blog.csdn.net. - 114.112.73.198

[*] request: 192.168.1.108:47999 -> 192.168.1.1:53 : code.csdn.net.

[*] request: 192.168.1.108:58157 -> 192.168.1.1:53 : my.csdn.net.

[*] request: 192.168.1.108:58157 -> 192.168.1.1:53 : my.csdn.net.
[*] response: 192.168.1.108:47999 <- 192.168.1.1:53 : code.csdn.net. - 223.6.248.58

[*] request: 192.168.1.108:47999 -> 192.168.1.1:53 : code.csdn.net.
[*] response: 192.168.1.108:58157 <- 192.168.1.1:53 : my.csdn.net. - 114.112.73.194

[*] request: 192.168.1.108:57511 -> 192.168.1.1:53 : download.csdn.net.

[*] request: 192.168.1.108:57511 -> 192.168.1.1:53 : download.csdn.net.
[*] response: 192.168.1.108:57511 <- 192.168.1.1:53 : download.csdn.net. - 114.112.73.197

[*] request: 192.168.1.108:42849 -> 192.168.1.1:53 : hero.csdn.net.

[*] request: 192.168.1.108:42849 -> 192.168.1.1:53 : hero.csdn.net.

[*] request: 192.168.1.108:38651 -> 192.168.1.1:53 : job.csdn.net.
[*] response: 192.168.1.108:42849 <- 192.168.1.1:53 : hero.csdn.net. - 114.112.73.232
[*] response: 192.168.1.108:38651 <- 192.168.1.1:53 : job.csdn.net. - 114.112.73.231

[*] request: 192.168.1.108:38651 -> 192.168.1.1:53 : job.csdn.net.

[*] request: 192.168.1.108:56730 -> 192.168.1.1:53 : edu.csdn.net.

[*] request: 192.168.1.108:56730 -> 192.168.1.1:53 : edu.csdn.net.
[*] response: 192.168.1.108:56730 <- 192.168.1.1:53 : edu.csdn.net. - 114.112.73.210

[*] request: 192.168.1.108:40769 -> 192.168.1.1:53 : huiyi.csdn.net.
[*] response: 192.168.1.108:40769 <- 192.168.1.1:53 : huiyi.csdn.net. - 117.79.92.153

[*] request: 192.168.1.108:40769 -> 192.168.1.1:53 : huiyi.csdn.net.

[*] request: 192.168.1.108:54976 -> 192.168.1.1:53 : www.csto.com.

[*] request: 192.168.1.108:54976 -> 192.168.1.1:53 : www.csto.com.

[*] request: 192.168.1.108:49404 -> 192.168.1.1:53 : mall.csdn.net.

[*] request: 192.168.1.108:49404 -> 192.168.1.1:53 : mall.csdn.net.
[*] response: 192.168.1.108:49404 <- 192.168.1.1:53 : mall.csdn.net. - 114.112.73.210
[*] response: 192.168.1.108:54976 <- 192.168.1.1:53 : www.csto.com. - 117.79.93.200

[*] request: 192.168.1.108:47159 -> 192.168.1.1:53 : cto.csdn.net.

[*] request: 192.168.1.108:47159 -> 192.168.1.1:53 : cto.csdn.net.
[*] response: 192.168.1.108:47159 <- 192.168.1.1:53 : cto.csdn.net. - 117.79.92.153

[*] request: 192.168.1.108:51543 -> 192.168.1.1:53 : student.csdn.net.
[*] response: 192.168.1.108:51543 <- 192.168.1.1:53 : student.csdn.net. - 117.79.92.153

[*] request: 192.168.1.108:51543 -> 192.168.1.1:53 : student.csdn.net.

[*] request: 192.168.1.108:45813 -> 192.168.1.1:53 : vote.blog.csdn.net.

[*] request: 192.168.1.108:45813 -> 192.168.1.1:53 : vote.blog.csdn.net.
[*] response: 192.168.1.108:45813 <- 192.168.1.1:53 : vote.blog.csdn.net. - 114.112.73.198

[*] request: 192.168.1.108:33059 -> 192.168.1.1:53 : surveies.csdn.net.

[*] request: 192.168.1.108:53482 -> 192.168.1.1:53 : wangmeng.baidu.com.

[*] request: 192.168.1.108:53482 -> 192.168.1.1:53 : wangmeng.baidu.com.
[*] response: 192.168.1.108:53482 <- 192.168.1.1:53 : wangmeng.baidu.com. - wangmeng.e.shifen.com.
[*] response: 192.168.1.108:53482 <- 192.168.1.1:53 : wangmeng.e.shifen.com. - 220.181.57.71
[*] response: 192.168.1.108:53482 <- 192.168.1.1:53 : wangmeng.e.shifen.com. - 220.181.163.64
[*] response: 192.168.1.108:53482 <- 192.168.1.1:53 : wangmeng.baidu.com. - wangmeng.e.shifen.com.

[*] request: 192.168.1.108:50269 -> 192.168.1.1:53 : www.baidu.com.

[*] request: 192.168.1.108:50269 -> 192.168.1.1:53 : www.baidu.com.
[*] response: 192.168.1.108:50269 <- 192.168.1.1:53 : www.baidu.com. - www.a.shifen.com.
[*] response: 192.168.1.108:50269 <- 192.168.1.1:53 : www.baidu.com. - www.a.shifen.com.
[*] response: 192.168.1.108:50269 <- 192.168.1.1:53 : www.a.shifen.com. - 180.97.33.108
[*] response: 192.168.1.108:50269 <- 192.168.1.1:53 : www.a.shifen.com. - 180.97.33.107

[*] request: 192.168.1.108:32816 -> 192.168.1.1:53 : www.google.com.

[*] request: 192.168.1.108:32816 -> 192.168.1.1:53 : www.google.com.
[*] response: 192.168.1.108:32816 <- 192.168.1.1:53 : www.google.com. - 74.125.203.99
[*] response: 192.168.1.108:32816 <- 192.168.1.1:53 : www.google.com. - 74.125.203.147
[*] response: 192.168.1.108:32816 <- 192.168.1.1:53 : www.google.com. - 74.125.203.103
[*] response: 192.168.1.108:32816 <- 192.168.1.1:53 : www.google.com. - 74.125.203.106
[*] response: 192.168.1.108:32816 <- 192.168.1.1:53 : www.google.com. - 74.125.203.104
[*] response: 192.168.1.108:32816 <- 192.168.1.1:53 : www.google.com. - 74.125.203.105
[*] response: 192.168.1.108:32816 <- 192.168.1.1:53 : www.google.com. - 2404:6800:4008:c01::69
[*] response: 192.168.1.108:33059 <- 192.168.1.1:53 : surveies.csdn.net. - 117.79.93.206

[*] request: 192.168.1.108:33059 -> 192.168.1.1:53 : surveies.csdn.net.

[*] request: 192.168.1.108:35127 -> 192.168.1.1:53 : eclick.baidu.com.

[*] request: 192.168.1.108:34846 -> 192.168.1.1:53 : eclick.baidu.com.
[*] response: 192.168.1.108:35127 <- 192.168.1.1:53 : eclick.baidu.com. - eclick.e.shifen.com.
[*] response: 192.168.1.108:35127 <- 192.168.1.1:53 : eclick.e.shifen.com. - 180.149.131.35
[*] response: 192.168.1.108:34846 <- 192.168.1.1:53 : eclick.baidu.com. - eclick.e.shifen.com.
[*] response: 192.168.1.108:34846 <- 192.168.1.1:53 : eclick.e.shifen.com. - 180.149.131.35

[*] request: 192.168.1.108:35127 -> 192.168.1.1:53 : eclick.baidu.com.
[*] response: 192.168.1.108:35127 <- 192.168.1.1:53 : eclick.baidu.com. - eclick.e.shifen.com.

Please dig yourself.

scapy - dns sniffer

标签:

原文地址:http://blog.csdn.net/nixawk/article/details/45933299
(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
分享档案
更多>
2021年07月29日 (22)
2021年07月28日 (40)
2021年07月27日 (32)
2021年07月26日 (79)
2021年07月23日 (29)
2021年07月22日 (30)
2021年07月21日 (42)
2021年07月20日 (16)
2021年07月19日 (90)
2021年07月16日 (35)
周排行
mamicode.com排行更多图片
更多
友情链接
兰亭集智   国之画   百度统计   站长统计   阿里云   chrome插件   新版天听网
关于我们 - 联系我们 - 留言反馈
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!