[Snort-devel] snort dns Preprocessor

Seshaiah Erugu (serugu) serugu at ...3461...
Fri May 6 01:46:45 EDT 2016


Hi Rohan,

As you said, currently DNS preprocessor inspecting/tracking responses from DNS server.
If you want to track DNS queries from client to server, you can add code in spp_dns.c (PrcoessDNS function).


Thanks,
Seshaiah Erugu.

From: rohan dora [mailto:dora.rohan at ...2499...]
Sent: Friday, May 06, 2016 10:15 AM
To: snort-devel at lists.sourceforge.net; snort-users at lists.sourceforge.net
Subject: [Snort-devel] snort dns Preprocessor

Hell0 all,


I was browsing through the code of DNS Dynamic preprocessor(spp_dns.c) of Snort 2.9.1.

Objective

To count the number of DNS Queries that are made by my machine to DNS server(may be local/Remote doesn't matter).

Problem

Right now, DNS Dynamic preprocessor is able to track responses that are coming from DNS server to my machine,however it is not able to track/see the DNS queries that my machine makes.

I know that DNS Preprocessor is meant for analysing the responses of Remote server,But i added some code(Some if conditions,print statements) to track DNS queries.

Anyone ,having ideas what could be the problem or is this the right approach(modifying code in spp_dns.c) ?

Thanks


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20160506/09632cdd/attachment.html>


More information about the Snort-devel mailing list