spy on the DNS queries your computer is making

Overview

dnspeep

dnspeep lets you spy on the DNS queries your computer is making.

Here's some example output:

$ sudo dnspeep
query name                           server IP       response
A     incoming.telemetry.mozilla.org 192.168.1.1     CNAME: telemetry-incoming.r53-2.services.mozilla.com, CNAME: pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com, A: 52.39.144.189, A: 54.191.136.131, A: 34.215.151.143, A: 54.149.208.57, A: 44.226.235.191, A: 52.10.174.113, A: 35.160.138.173, A: 44.238.190.78
AAAA  incoming.telemetry.mozilla.org 192.168.1.1     CNAME: telemetry-incoming.r53-2.services.mozilla.com, CNAME: pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com
A     www.google.com                 192.168.1.1     A: 172.217.13.132
AAAA  www.google.com                 192.168.1.1     AAAA: 2607:f8b0:4020:807::2004
A     www.neopets.com                192.168.1.1     CNAME: r9c3n8d2.stackpathcdn.com, A: 151.139.128.11
AAAA  www.neopets.com                192.168.1.1     CNAME: r9c3n8d2.stackpathcdn.com

Installing

  1. Download recent release of dnspeep from the GitHub releases page
  2. Unpack it
  3. Put the dnspeep binary in your PATH (for example in /usr/local/bin)

How it works

It uses libpcap to capture packets on port 53, and then matches up DNS request and response packets so that it can show the request and response together on the same line.

It also tracks DNS queries which didn't get a response within 1 second and prints them out with the response <no response>.

Limitations

  • Only supports the DNS query types supported by the dns_parser crate (here's a list)
  • Doesn't support TCP DNS queries, only UDP
  • It can't show DNS-over-HTTPS queries (because it would need to MITM the HTTPS connection)
Issues
  • RFE: source process and response time

    RFE: source process and response time

    Thanks for this project! It sure makes life a lot easier, so I don't need to remember the BPF syntax.

    I would like to ask for two enhancements, if possible: a) The source name or PID of the process which generated the query. b) The time that it took to receive the response.

    Thank you!

    opened by badnetmask 7
  • Index out of bounds panic in main.rs:153:21

    Index out of bounds panic in main.rs:153:21

    Running dnspeep on a Fedora 33 machine with both IPv4 and IPv6 connectivity I can sometimes see queries but then sooner or later I get:

    thread 'main' panicked at 'index out of bounds: the len is 0 but the index is 0', src/main.rs:153:21
    note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
    

    The backtrace doesn't seem to be very useful; it appears to be failing where it says it's failing, in the line:

        let question = &dns_packet.questions[0];
    

    This seems to be the result of the authoritative DNS server I'm running on this machine answering a query by telling the sender to go away (I think):

    In  IP [RANDOM-IP].30279 > [MYIP].domain: 5140+ [1au] ANY? . (33)
    Out IP [MYIP].domain > [RANDOM-IP].30279: 5140-| [0q] 0/0/1 (23)
    

    Wireshark confirms that the relevant DNS reply packet has no questions, no answer RRs, no authority RRs, and one additional RR of type OPT.

    (This has already been useful, I had no idea people were spraying my authoritative nameserver with these queries.)

    opened by siebenmann 5
  • URL wrong for releases in README

    URL wrong for releases in README

    opened by njr0 3
  • Doesn't work in WSL2 Ubuntu 20.04

    Doesn't work in WSL2 Ubuntu 20.04

    dnspeep: 0.1.1 Windows 10 with WSL2 Ubuntu 20.04 x64

    Currently loads but doesn't seem to find anything.

    opened by Midnex 3
  • [wip]: support Windows

    [wip]: support Windows

    Hi, I made some efforts to make it run on Windows successfully and to dome refactoring.

    But I have trouble with setting up the GitHub actions for Windows currently.

    opened by Nomyfan 3
  • Project license?

    Project license?

    I am packaging this project, and I would like to know the license for the code. I've looked around in all the usual places but I can't find any indication of any particular license. Various dependencies have the licenses "Apache-2.0 BSD-3-Clause ISC MIT Unlicense", but I can't find anything for this project.

    opened by EmRowlands 2
  • sudo and libpcap error

    sudo and libpcap error

    I tried to run this on WSL on an x86 machine and got this error:

    $ sudo ./dnspeep
    Error: Failed to start. You need to run this as root.
    
    Caused by:
        libpcap error: socket: Address family not supported by protocol
    
    Location:
        src/main.rs:91:10
    

    I am not sure why it says You need to run this as root. when I am running it as sudo. And there is also the libpcap error, which I am hoping is because of the sudo error.

    opened by ashwin 2
  • Update README.md

    Update README.md

    Found a bad link for releases

    opened by chris-short 1
  • Releases:

    Releases: ".tar.gz" are not gzipped, but only "POSIX tar archive"

    Please gzip newer release files or name them according to file as "POSIX tar archive" to .tar only. Many thanks 😃

    opened by thomasmerz 1
  • How to package it into a deb package?

    How to package it into a deb package?

    Binary files are not easy to install and update. I prefer deb packages.

    opened by hmsjy2017 0
  • Add parameter for

    Add parameter for "version"

    It would be really nice to have a parameter like -v that shows us the version of dnspeep.

    opened by thomasmerz 0
  • Added option to specify the network interface (now it works on FreeBSD)

    Added option to specify the network interface (now it works on FreeBSD)

    Hi, this is a pull request to fix my issue #20. It adds a new command line parameter to specify a network interface to listen on. Now it works on FreeBSD (because it doesn't support the "any" inferface). Bye, Riccardo

    opened by rm1984 0
  • "libpcap error: BIOCSETIF failed: Device not configured" on FreeBSD

    Hi, I get this error when running dnspeep on FreeBSD:

    query name                           server IP            response
    Error: Failed to start. This may be because you need to run this as root.
    
    Caused by:
        libpcap error: BIOCSETIF failed: Device not configured
    
    Location:
        src/main.rs:176:10
    

    This is because FreeBSD doesn't support sniffing on the "any" interface. Please add an command line option to indicate a specific network interface to listen on.

    Cheers, Riccardo

    opened by rm1984 0
  • Error parsing DNS packet: Failed to parse DNS packet: Decode of type … is not yet implemented

    Error parsing DNS packet: Failed to parse DNS packet: Decode of type … is not yet implemented

    Today I found this by accident:

    Error parsing DNS packet: Failed to parse DNS packet: Decode of type NSEC3 is not yet implemented
    Error parsing DNS packet: Failed to parse DNS packet: Decode of type RRSIG is not yet implemented
    

    This could be implemented if time flies by… 💨

    opened by thomasmerz 1
  • feat: support Windows

    feat: support Windows

    • capture packets from an interface
    • conditional compilation
    • fix overflow in get_time function

    There's one thing needs to pay attention to(in Cargo.toml). Since we only enable pcap's capture-stream feature on unix, we need to update the publish.yml file to pass down the --features arguments for cargo build.

    I have not set up the CI for Windows build yet !!!

    opened by Nomyfan 4
  • Windows support?

    Windows support?

    Build failed in Windows

    opened by Nomyfan 1
  • Print out PID of process that made the DNS query

    Print out PID of process that made the DNS query

    Possibly using a similar approach to dnssnoop on Linux. I'm not sure how to do this on Mac though.

    opened by jvns 3
  • MacOS:

    MacOS: "no response" for all queries with VPN

    On MacOS in home office I'm getting no response for all queries. For example:

    🍎 ✘ [58%] ⚡ 🌱🍃🐣🌸 [email protected]:~/Downloads [ttys003/2865]
    10:19 $ s dnspeep | grep outlook.office365.com
    Error parsing DNS packet: Failed to parse DNS packet: query type 65 is invalid
    Error parsing DNS packet: Failed to parse DNS packet: query type 65 is invalid
    Error parsing DNS packet: Failed to parse DNS packet: query type 65 is invalid
    Error parsing DNS packet: Failed to parse DNS packet: query type 65 is invalid
    AAAA  outlook.office365.com          172.23.104.73        <no response>
    A     outlook.office365.com          172.23.104.73        <no response>
    Error parsing DNS packet: Failed to parse DNS packet: query type 65 is invalid
    Error parsing DNS packet: Failed to parse DNS packet: query type 65 is invalid
    ^C
    

    But both host and nslookup are responding with an IP adress:

    🍎 ✘ [58%] ⚡ 🌱🍃🐣🌸 [email protected]:~/Downloads [ttys003/2866]
    10:20 $ host outlook.office365.com
    outlook.office365.com is an alias for outlook.ha.office365.com.
    outlook.ha.office365.com is an alias for outlook.ms-acdc.office.com.
    outlook.ms-acdc.office.com is an alias for FRA-efz.ms-acdc.office.com.
    FRA-efz.ms-acdc.office.com has address 52.97.201.114
    FRA-efz.ms-acdc.office.com has address 52.97.179.194
    FRA-efz.ms-acdc.office.com has address 40.101.121.2
    FRA-efz.ms-acdc.office.com has IPv6 address 2603:1026:204::2
    FRA-efz.ms-acdc.office.com has IPv6 address 2603:1026:207:14::2
    FRA-efz.ms-acdc.office.com has IPv6 address 2603:1026:207:cd::2
    🍏 ✔ [58%] ⚡ 🌱🍃🐣🌸 [email protected]:~/Downloads [ttys003/2867]
    10:20 $ nslookup outlook.office365.com
    Server:         172.23.104.73
    Address:        172.23.104.73#53
    
    Non-authoritative answer:
    outlook.office365.com   canonical name = outlook.ha.office365.com.
    outlook.ha.office365.com        canonical name = outlook.ms-acdc.office.com.
    outlook.ms-acdc.office.com      canonical name = FRA-efz.ms-acdc.office.com.
    Name:   FRA-efz.ms-acdc.office.com
    Address: 52.97.179.194
    Name:   FRA-efz.ms-acdc.office.com
    Address: 40.101.121.2
    Name:   FRA-efz.ms-acdc.office.com
    Address: 52.97.201.114
    
    🍏 ✔ [58%] ⚡ 🌱🍃🐣🌸 [email protected]:~/Downloads [ttys003/2868]
    10:20 $
    

    On my linux client (192.168.42.241) at home I see a good response:

    A     outlook.office365.com          192.168.42.241       CNAME: outlook.ha.office365.com, A: 52.98.41.162, A: 52.98.66.210, A: 40.101.146.178, A: 52.98.37.98, A: 40.101.147.114, A: 52.98.89.34, A: 40.101.146.194, A: 52.98.82.210
    Error parsing DNS packet: Failed to parse DNS packet: query type 65 is invalid
    Error parsing DNS packet: Failed to parse DNS packet: query type 65 is invalid
    Error parsing DNS packet: Failed to parse DNS packet: query type 65 is invalid
    AAAA  outlook.office365.com          192.168.42.241       CNAME: outlook.ha.office365.com, AAAA: 2603:1046:404:15::2, AAAA: 2603:1046:c09:1003::2, AAAA: 2603:1046:c09:1802::2, AAAA: 2603:1046:404:a::2, AAAA: 2603:1046:403::2, AAAA: 2603:1046:c09:1120::2, AAAA: 2603:1046:402:1::2, AAAA: 2603:1046:c09:1804::2
    

    172.23.104.73 is DNS resolver in my home office VPN (Cisco AnyConnect) for my MacOS.

    On a linux server at my work I also see a good response with 172.23.104.73 as DNS resolver:

    🐧  [email protected]:~$ s ./dnspeep
    query name                           server IP            response
    A     lxos-monitoring-probe.dm-drogeriemarkt.com 127.0.0.1            A: 172.23.75.243
    A     web.de                         172.23.104.73        A: 82.165.230.17, A: 82.165.229.138
    AAAA  web.de                         172.23.104.73        NOERROR
    

    Without VPN my local DNS resolvers 192.168.0.1 or 192.168.42.241 (in different home-Wifis) are used on MacOS and responses are good:

    CNAME: outlook.office365.com, CNAME: outlook.ha.office365.com, CNAME: outlook.ms-acdc.office.com, CNAME: FRA-efz.ms-acdc.office.com, A: 52.97.135.114, A: 40.101.121.2, A: 40.101.12.34
    

    ❓ Is this a general problem related to VPNs?

    opened by thomasmerz 9
  • query type 65 is invalid

    query type 65 is invalid

    Ran it for a while on Mac OS X, get a bunch of:

    Error parsing DNS packet: Failed to parse DNS packet: query type 65 is invalid

    opened by james-antill 8
Releases(v0.1.2)
Owner
Julia Evans
Julia Evans
Checks your files for existence of Unicode BIDI characters which can be misused for supply chain attacks. See CVE-2021-42574

BIDI Character Detector This tool checks your files for existence of Unicode BIDI characters which can be misused for supply chain attacks to mitigate

null 4 Nov 27, 2021
nats-spy is a terminal tool to help you to monitor NATS messages.

nats-spy nats-spy is a terminal tool to help you to monitor NATS messages. Install Homebrew (macOS) brew install alihanyalcin/nats-spy/nats-spy Usage

Alihan Doğuş Yalçın 12 Nov 12, 2021
Cross-platform tool to update DNS such as Gandi.net with your dynamic IP address

GDU | Generic DNS Update A cross-platform tool to update DNS zonefiles (such as Gandi.net) when you have a dynamic public IP address. It's a DynDNS or

Damien Lecan 10 Apr 9, 2021
Improve and strengthen your strings by making them strongly-typed with less boilerplate

aliri_braid Improve and strengthen your strings Strongly-typed APIs reduce errors and confusion over passing around un-typed strings.

Marcus Griep 8 Jul 30, 2021
🦸‍♂️ Recast migrates your old extensions to AndroidX, making them compatible with the latest version of Kodular.

Recast Recast helps make your old extensions compatible with Kodular Creator version 1.5.0 or above. Prerequisites To use Recast, you need to have Jav

Shreyash Saitwal 13 Nov 16, 2021
Polaris is a music streaming application, designed to let you enjoy your music collection from any computer or mobile device.

Polaris is a music streaming application, designed to let you enjoy your music collection from any computer or mobile device. Polaris works by streami

Antoine Gersant 791 Nov 29, 2021
Czkawka is a simple, fast and easy to use app to remove unnecessary files from your computer.

Multi functional app to find duplicates, empty folders, similar images etc.

Rafał Mikrut 5.2k Nov 24, 2021
A tool to aid in self-hosting. Expose local services on your computer, via a public IPv4 address.

innisfree A tool to aid in self-hosting. Expose local services on your computer, via a public IPv4 address. Why? Most of the data I maintain is local,

Conor Schaefer 7 Nov 13, 2021
secret folders generator to hide hentais in your computer

hentai dream 95 secret folders generator to hide hentais in your computer, but its really old way as **** used techniquee one injection technique from

jumango pussu 7 Jul 8, 2021
DNS proxy tool

updns updns is a simple DNS proxy server developed using Rust. You can intercept any domain name and return the ip you need Install Download the binar

null 48 Nov 9, 2021
🧰 The Rust SQL Toolkit. An async, pure Rust SQL crate featuring compile-time checked queries without a DSL. Supports PostgreSQL, MySQL, SQLite, and MSSQL.

SQLx ?? The Rust SQL Toolkit Install | Usage | Docs Built with ❤️ by The LaunchBadge team SQLx is an async, pure Rust† SQL crate featuring compile-tim

launchbadge 4.9k Nov 22, 2021
Simple profiler scopes for wgpu using timer queries

wgpu-profiler Simple profiler scopes for wgpu using timer queries Features Easy to use profiler scopes Allows nesting! Can be disabled by runtime flag

null 28 Oct 24, 2021
Find files with SQL-like queries

Find files with SQL-like queries

null 3.1k Nov 28, 2021
Library + CLI-Tool to measure the TTFB (time to first byte) of HTTP requests. Additionally, this crate measures the times of DNS lookup, TCP connect and TLS handshake.

TTFB: CLI + Lib to Measure the TTFB of HTTP/1.1 Requests Similar to the network tab in Google Chrome or Mozilla Firefox, this crate helps you find the

Philipp Schuster 16 Nov 13, 2021
Utility for working with reverse DNS

RDNS RDNS is a small Rust CLI utility for performing single and bulk reverse DNS (PTR) lookups. Usage RDNS 0.1.0 Joe Banks <[email protected]> Utilities for

Joe Banks 2 Sep 22, 2021
An object-relational in-memory cache, supports queries with an SQL-like query language.

qlcache An object-relational in-memory cache, supports queries with an SQL-like query language. Warning This is a rather low-level library, and only p

null 3 Nov 14, 2021
Run SQL queries on CSV files

zsql run SQL queries on csv files A terminal utility to easily run SQL queries on CSV files. zsql is shipped as a small single binary powered by rust

Zizaco 6 Oct 13, 2021
Safe, comp time generated queries in rust

query_builder For each struct field following methods will be generated. All fields where_FIELDNAME_eq Numeric fields where_FIELDNAME_le where_FIELDNA

Amirreza Askarpour 2 Oct 31, 2021
Dropping GFW DNS contaminated packets based on Rust + eBPF

Dropping GFW DNS contaminated packets based on Rust + eBPF

ihc童鞋@提不起劲 907 Nov 25, 2021
Implementation of algorithms for Domain Name System (DNS) Cookies construction

DNS Cookie RFC7873 left the construction of Server Cookies to the discretion of the DNS Server (implementer) which has resulted in a gallimaufry of di

Rushmore Mushambi 1 Nov 25, 2021
Running SQL-like queries on files.

filesql Running SQL-like queries on files. Features Supported: REPL Basic SQL expressions. INSERT clause. (which inserts data into another file) WHERE

Zhang Li 1 Nov 15, 2021
Third party Google DNS client for rust.

google-dns-rs Documentation Install Add the following line to your Cargo.toml file: google-dns-rs = "0.3.0" Usage use google_dns_rs::api::{Dns, DoH, R

Eduardo Stuart 2 Nov 13, 2021
A Discord bot to send updates on queries in tori.fi

torimies-rs How the bot works? The bot works by making requests to the undocumented (and very bad) tori.fi api endpoint. The users can add and remove

Luukas Pörtfors 2 Nov 29, 2021
A wrapper for the Google Cloud DNS API

cloud-dns is a crate providing a client to interact with Google Cloud DNS v1

Embark 4 Nov 23, 2021
A query builder that builds and typechecks queries at compile time

typed-qb: a compile-time typed "query builder" typed-qb is a compile-time, typed, query builder. The goal of this crate is to explore the gap between

ferrouille 3 Nov 28, 2021
TestSuite4 is a framework designed to simplify development and testing of TON Contracts. It includes light-weight emulator of blockchain making it easy to develop contracts.

TestSuite4 0.1.2 TestSuite4 is a framework designed to simplify development and testing of TON Contracts. It contains lightweight blockchain emulator

TON Labs 25 Nov 1, 2021
WebAssembly on Rust is a bright future in making application runs at the Edge or on the Serverless technologies.

WebAssembly Tour WebAssembly on Rust is a bright future in making application runs at the Edge or on the Serverless technologies. We spend a lot of ti

Thang Chung 102 Nov 18, 2021
A framework for making games using Macroquad.

Omegaquad A framework for making games using Macroquad. After writing maybe 5 games and finding myself always going to the previous project to copy-pa

null 10 Nov 10, 2021
A song analysis library for making playlists

bliss-rs is the Rust improvement of bliss, a library used to make playlists by analyzing songs, and computing distance between them.

null 23 Nov 20, 2021