From whatisee1 at yahoo.com Mon Nov 2 22:57:30 2009 From: whatisee1 at yahoo.com (W S) Date: Mon, 2 Nov 2009 14:57:30 -0800 (PST) Subject: [dnstop] Output into some file Message-ID: <667258.2059.qm@web57610.mail.re1.yahoo.com> Folks, The interactive portion of dnstop is good, BUT seems like I'm having trouble saving output into some file [any format] Is there any simple option(examples?) for that 'savefile'? Thanks, WS -------------- next part -------------- An HTML attachment was scrubbed... URL: From Sam at ChangeIP.com Mon Nov 2 23:14:10 2009 From: Sam at ChangeIP.com (Sam Norris) Date: Mon, 2 Nov 2009 15:14:10 -0800 Subject: [dnstop] Output into some file References: <667258.2059.qm@web57610.mail.re1.yahoo.com> Message-ID: <100E693C9D264F01B8046C3333396E1B@changeip.com> Here is what I use on some systems: /usr/sbin/dnstop -l 4 dump.$hour.pcap > dnstop.report.$hour.txt Sam ----- Original Message ----- From: "W S" To: Sent: Monday, November 02, 2009 2:57 PM Subject: [dnstop] Output into some file > Folks, > The interactive portion of dnstop is good, BUT seems like > I'm having trouble saving output into some file [any format] > > Is there any simple option(examples?) for that 'savefile'? > > Thanks, > WS > > > > -------------------------------------------------------------------------------- > _______________________________________________ > dnstop mailing list > dnstop at measurement-factory.com > http://www.measurement-factory.com/mailman/listinfo/dnstop > From whatisee1 at yahoo.com Mon Nov 2 23:52:12 2009 From: whatisee1 at yahoo.com (W S) Date: Mon, 2 Nov 2009 15:52:12 -0800 (PST) Subject: [dnstop] Output into some file In-Reply-To: <100E693C9D264F01B8046C3333396E1B@changeip.com> Message-ID: <1841.23460.qm@web57607.mail.re1.yahoo.com> Thanks Sam, Seems like I'm still missing something... am I suppose to generate 'pcap' file first? [ tmp]% cat s #!/bin/sh hour=1 echo $hour #/usr/sbin/dnstop -l 4 /tmp/dump.$hour.pcap /usr/sbin/dnstop -l 4 /tmp/dump.$hour.pcap > /tmp/dnstop.report.$hour.txt [ tmp]% ./s 1 pcap_open_*: ioctl: No such device [ tmp]% --- On Mon, 11/2/09, Sam Norris wrote: From: Sam Norris Subject: Re: [dnstop] Output into some file To: "W S" , dnstop at measurement-factory.com Date: Monday, November 2, 2009, 3:14 PM Here is what I use on some systems: /usr/sbin/dnstop -l 4 dump.$hour.pcap > dnstop.report.$hour.txt Sam ----- Original Message ----- From: "W S" To: Sent: Monday, November 02, 2009 2:57 PM Subject: [dnstop] Output into some file > Folks, > The interactive portion of dnstop is good, BUT seems like > I'm having trouble saving output into some file [any format] > > Is there any simple option(examples?) for that 'savefile'? > > Thanks, > WS > > > > -------------------------------------------------------------------------------- > _______________________________________________ > dnstop mailing list > dnstop at measurement-factory.com > http://www.measurement-factory.com/mailman/listinfo/dnstop > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Sam at ChangeIP.com Mon Nov 2 23:57:38 2009 From: Sam at ChangeIP.com (Sam Norris) Date: Mon, 2 Nov 2009 15:57:38 -0800 Subject: [dnstop] Output into some file References: <1841.23460.qm@web57607.mail.re1.yahoo.com> Message-ID: Here is what I use: #!/bin/csh # # Process a dnstop session and email results to me... for now. # Created 01/22/05 # set workdir="/home/USERNAME/sniffs" set today = `date "+%m%d%y"` set stamp = `date "+%Y-%m-%d %H:%M:%S"` set hour = `date "+%H"` set myname = `hostname -f` cd $workdir tcpdump -p -n -c 10000 -w dump.$hour.pcap -s 512 'udp dst port 53 and udp[10:2] & 0x8000 = 0' > /dev/null /usr/sbin/dnstop -l 4 dump.$hour.pcap > dnstop.report.$hour.txt cat dnstop.report.$hour.txt | mailx -s "DNSTOP $stamp $myname" -c someemail at example.tld ----- Original Message ----- From: "W S" To: Sent: Monday, November 02, 2009 3:52 PM Subject: Re: [dnstop] Output into some file > Thanks Sam, > > Seems like I'm still missing something... > am I suppose to generate 'pcap' file first? > > [ tmp]% cat s > #!/bin/sh > hour=1 > echo $hour > #/usr/sbin/dnstop -l 4 /tmp/dump.$hour.pcap > /usr/sbin/dnstop -l 4 /tmp/dump.$hour.pcap > /tmp/dnstop.report.$hour.txt > [ tmp]% ./s > 1 > pcap_open_*: ioctl: No such device > [ tmp]% > > --- On Mon, 11/2/09, Sam Norris wrote: > > From: Sam Norris > Subject: Re: [dnstop] Output into some file > To: "W S" , dnstop at measurement-factory.com > Date: Monday, November 2, 2009, 3:14 PM > > Here is what I use on some systems: > > /usr/sbin/dnstop -l 4 dump.$hour.pcap > dnstop.report.$hour.txt > > Sam > > ----- Original Message ----- > From: "W S" > To: > Sent: Monday, November 02, 2009 2:57 PM > Subject: [dnstop] Output into some file > > >> Folks, >> The interactive portion of dnstop is good, BUT seems like >> I'm having trouble saving output into some file [any format] >> >> Is there any simple option(examples?) for that 'savefile'? >> >> Thanks, >> WS >> >> >> >> > > > -------------------------------------------------------------------------------- > > >> _______________________________________________ >> dnstop mailing list >> dnstop at measurement-factory.com >> http://www.measurement-factory.com/mailman/listinfo/dnstop >> > > > > > -------------------------------------------------------------------------------- > _______________________________________________ > dnstop mailing list > dnstop at measurement-factory.com > http://www.measurement-factory.com/mailman/listinfo/dnstop >