-
Notifications
You must be signed in to change notification settings - Fork 0
DNS Plugin
Jacob van Walraven edited this page Nov 6, 2019
·
13 revisions
The DNS plugin captures the DNS request/response packets and exports the following fields from the DNS response packet:
- src_ip - source IP from the original request packet
- dst_ip - destination IP from the original request packet
- protocol - Protocol for the packet, i.e. TCP/UDP
- question_count - number of questions asked
- answer_count - Number of answer records returned
- nameserver_count - Number of nameserver/authority records returned
- additional_count - Number of additional records returned
- rtt - time between the DNS request and response packet
- authoritive_result - Is the result authoritive
- truncated_result - Is the result truncated
- recursion_desired - Is recursion desired
- recursion_available - Is recursive available
- response_code
- opcode
- questions (# replaced with the question/answer/nameserver/additional number).
- question#
- question#_type
- answers
- answer#
- answer#_type
- nameservers
- nameserver#
- nameserver#_type
- additional
- additional#
- additional#_type