2025-02-09 08:30:48 +01:00
|
|
|
#!/usr/bin/env dnsjit
|
2025-02-09 08:35:15 +01:00
|
|
|
|
|
|
|
|
-- Disclaimer, to keep this example short it only works on pre-prepared
|
|
|
|
|
-- PCAPs with only UDP DNS traffic in them.
|
|
|
|
|
|
2025-02-09 08:30:48 +01:00
|
|
|
require("dnsjit.core.objects")
|
|
|
|
|
local input = require("dnsjit.input.pcap").new()
|
|
|
|
|
local layer = require("dnsjit.filter.layer").new()
|
|
|
|
|
local dns = require("dnsjit.core.object.dns").new()
|
|
|
|
|
|
|
|
|
|
input:open_offline(arg[2])
|
|
|
|
|
layer:producer(input)
|
|
|
|
|
local producer, ctx = layer:produce()
|
|
|
|
|
|
|
|
|
|
while true do
|
|
|
|
|
local object = producer(ctx)
|
|
|
|
|
if object == nil then break end
|
|
|
|
|
if object:type() == "payload" then
|
2025-02-09 08:35:15 +01:00
|
|
|
dns:reset()
|
2025-02-09 08:30:48 +01:00
|
|
|
dns.obj_prev = object
|
|
|
|
|
if dns:parse_header() == 0 then
|
|
|
|
|
print(dns.id)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
