User Tools

Site Tools


This is an old revision of the document!

Table of Contents

Analyzer dns

This analyzer listens to DNS packets and generates events out of them. Its main goal is to create an event each time a new DNS record is found.


Name Payload associated Description
dns_recordnoContains all the information about a DNS record from the reply of a server.


This event is generated for each record seen in a DNS reply.

Field Type Description
namestringName of the record.
ttluint32Time to live.
typeuint16Record type.
classuint16Record class.
valuessee belowValues of the RR.

Depending on the RR type, multiple values are available :

RR type name RR type value Values Type Description
A1aipv4IPv4 address of the A record.
AAAA28aaaaipv6IPv6 address of the AAAA record.
CNAME5cnamestringCanonical name.
PTR12ptrstringPointer name.
MX15mx_prefuint16MX preference.
mxstringMail exchange server.
pom-ng/analyzer/dns.1353065872.txt.gz · Last modified: 2020/05/26 21:59 (external edit)