pom-ng:analyzer:dns
Table of Contents
Analyzer dns
This analyzer listens to DNS packets and generates events out of them. Its main goal is to create an event each time a new DNS record is found.
Events
| Name | Payload associated | Description |
|---|---|---|
| dns_record | no | Contains all the information about a DNS record from the reply of a server. |
dns_record
This event is generated for each record seen in a DNS reply.
| Field | Type | Description |
|---|---|---|
| name | string | Name of the record. |
| ttl | uint32 | Time to live. |
| type | uint16 | Record type. |
| class | uint16 | Record class. |
| values | see below | Values of the RR. |
Depending on the RR type, multiple values are available :
| RR type name | RR type value | Values | Type | Description |
|---|---|---|---|---|
| A | 1 | a | ipv4 | IPv4 address of the A record. |
| AAAA | 28 | aaaa | ipv6 | IPv6 address of the AAAA record. |
| CNAME | 5 | cname | string | Canonical name. |
| PTR | 12 | ptr | string | Pointer name. |
| MX | 15 | mx_pref | uint16 | MX preference. |
| mx | string | Mail exchange server. |
Parameters
| Name | Type | Default value | Description |
|---|---|---|---|
| anti_spoof | bool | false | Prevent spoofing by accepting only replies that match a query. |
| q_timeout | uint32 | 10 | Query timeout for anti-spoofing protection. |
pom-ng/analyzer/dns.txt · Last modified: by 127.0.0.1