Userspace libpcap-based tool to mirror your dns traffic

Overview

DNS traffic mirroring tool (dns-mirror)

Description

Userspace libpcap-based tool. dns-mirror sniffs dns packets on the given interface and proxies it to the given address on port 53.

Why?

It can be useful for monitoring purposes in your private network. The advantage of this tool is that you do not need to inject it in the middle of your network and cause probable fault. It works from the side just as a mirror.

How to run

You need superuser rights to run dns-mirror.

sudo dns-mirror -d br0 -i 10.30.1.100

Example

dns-mirror --help
DNS traffic mirroring daemon 0.1.0

USAGE:
    dns-mirror [FLAGS] [OPTIONS] --dev <dev> --ip <ip>

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information
        --verbose    Show debug messages

OPTIONS:
    -d, --dev <dev>      Device to sniff
    -i, --ip <ip>        DNS server IP
    -p, --port <port>    DNS server port. Default: 53
~ # dns-mirror -d br0 -i 10.30.1.100  --verbose
 2021-12-05T14:02:28.440Z DEBUG dns_mirror > Dns from 10.30.1.43 mirrored to 10.30.1.100:53
 2021-12-05T14:02:28.833Z DEBUG dns_mirror > Dns from 10.30.1.38 mirrored to 10.30.1.100:53
 2021-12-05T14:02:49.191Z DEBUG dns_mirror > Dns from 10.30.1.87 mirrored to 10.30.1.100:53
 2021-12-05T14:03:26.595Z DEBUG dns_mirror > Dns from 10.30.1.98 mirrored to 10.30.1.100:53
 ...

Limitations

  • If you want to monitor all users then you have to connect all interfaces to the bridge and sniff on it (on most routers it is default).
  • At the moment dns sniffs only udp packets sent to dst port 53. Thus, it does not monitor tricky users who use customized dns requests.
  • As well as it can not sniff DoH/DoT requests.
  • TCP DNS requests are not covered yet
  • It does not check that the received packet is actually DNS-packet.

Build

The project was successfully built and launched on MediaTek MT7621 SoC (MIPS 1004Kc V2.15)
Repository is supplied with custom Docker image and Cross.toml to build libpcap for mipsel-unknown-linux-gnu arch. Use powerful cross to build it.

How to build

( cd build docker build; -t crossbuild_mipsel:local . )

cat >> cat ~/.cargo/config
[target.mipsel-unknown-linux-gnu]
rustflags = ["-C", "target-feature=+crt-static", "-lpcap"]

cross build --target mipsel-unknown-linux-gnu --release
You might also like...
Hotwire allows you to study network traffic of a few popular protocols in a simple way
Hotwire allows you to study network traffic of a few popular protocols in a simple way

Hotwire Hotwire is a gtk GUI application that leverages the wireshark and tshark infrastructure to capture traffic and explore the contents of tcpdump

Lightweight proxy that allows redirect HTTP(S) traffic through a proxy.

Proxyswarm Proxyswarm is a lightweight proxy that allows redirect HTTP(S) traffic through a proxy. WARNING: This app isn't recomended for download lar

Utility for working with reverse DNS

RDNS RDNS is a small Rust CLI utility for performing single and bulk reverse DNS (PTR) lookups. Usage RDNS 0.1.0 Joe Banks [email protected] Utilities for

Implementation of algorithms for Domain Name System (DNS) Cookies construction

DNS Cookie RFC7873 left the construction of Server Cookies to the discretion of the DNS Server (implementer) which has resulted in a gallimaufry of di

Third party Google DNS client for rust.

google-dns-rs Documentation Install Add the following line to your Cargo.toml file: google-dns-rs = "0.3.0" Usage use google_dns_rs::api::{Dns, DoH, R

A wrapper for the Google Cloud DNS API

cloud-dns is a crate providing a client to interact with Google Cloud DNS v1

Resolved - a simple DNS server for home networks

resolved resolved (pronounced "resolved", not "resolved") is a simple DNS server for home networks. To that end, it supports: Recursive and non-recurs

DNS resolver for split-horizon scenarios

polyresolver is a resolver for split-horizon scenarios polyresolver is used to root domain names to different nameservers for the purposes of resolvin

Command-line DNS client using bitvec, nom and RFC 1035

Dingo Domain INformation Gatherer, Obviously. Installation Install cargo, see instructions on the Rust website Run ./install.sh (it just does cargo bu

Owner
Timofey
Timofey
DNS Server written in Rust for fun, see https://dev.to/xfbs/writing-a-dns-server-in-rust-1gpn

DNS Fun Ever wondered how you can write a DNS server in Rust? No? Well, too bad, I'm telling you anyways. But don't worry, this is going to be a fun o

Patrick Elsen 26 Jan 13, 2023
Dns subdomain finding tool, based off of the c application of the same name

dnsmap-rs Tool for brute-forcing/scanning for existing subdomains in a domain. Based on dnsmap c application that is packaged in kali linux. Can query

Tomás Alvarez 3 Oct 19, 2022
Automatically updates your Cloudflare DNS records for specific zones. Especially useful if you have dynamic IP address

Cloudflare DNS updater What does it do? Cloudflare DNS updater updates specified dns records for specified zones effortlessly and automatically. It wa

Niko Huuskonen 8 Aug 30, 2022
Dropping GFW DNS contaminated packets based on Rust + eBPF

Dropping GFW DNS contaminated packets based on Rust + eBPF

ihc童鞋@提不起劲 1k Jan 3, 2023
A Rust based DNS client, server, and resolver

Trust-DNS A Rust based DNS client, server, and Resolver, built to be safe and secure from the ground up. This repo consists of multiple crates: Librar

Benjamin Fry 2.7k Dec 30, 2022
Library + CLI-Tool to measure the TTFB (time to first byte) of HTTP requests. Additionally, this crate measures the times of DNS lookup, TCP connect and TLS handshake.

TTFB: CLI + Lib to Measure the TTFB of HTTP/1.1 Requests Similar to the network tab in Google Chrome or Mozilla Firefox, this crate helps you find the

Philipp Schuster 24 Dec 1, 2022
Flexible DNS hijacking and proxy tool.

kungfu Flexible DNS hijacking and proxy tool. Features Flexible rules e.g. glob pattern domain, static routes, response CIDR Host file include /etc/ho

yinheli 30 Dec 22, 2022
RDE1 (Rusty Data Exfiltrator) is client and server tool allowing auditor to extract files from DNS and HTTPS protocols written in Rust. 🦀

Information: RDE1 is an old personal project (end 2022) that I didn't continue development on. It's part of a list of projects that helped me to learn

Quentin Texier (g0h4n) 32 Oct 6, 2023
Tunnel TCP traffic through SOCKS5 or HTTP using a TUN interface.

tun2proxy Tunnel TCP traffic through SOCKS5 or HTTP on Linux. Authentication not yet supported. Error handling incomplete and too restrictive. Build C

B. Blechschmidt 34 Nov 29, 2022
Hybrid Traffic Mesh Proxy

Hybrid Traffic Mesh Proxy L7 proxy on kubernetes dependencies: routeagent: refresh proxy routes fetched with k8s sdk register routes curl -v --unix-s

Goku 1 Feb 11, 2022