Skip to content

Instantly share code, notes, and snippets.

@dangra

dangra/mindns.lua

Last active June 9, 2016 00:45
Show Gist options
  • Save dangra/67c44f44c1990661607ba9efc3d2a4f3 to your computer and use it in GitHub Desktop.
Save dangra/67c44f44c1990661607ba9efc3d2a4f3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
mindns.lua
description = "DNS parser"
short_description = "dns packet parser"
category = "misc"
args = {}
function on_init()
io.stdout:setvbuf 'line'
sysdig.set_snaplen(512)
chisel.set_filter("fd.port=53 and evt.dir=< and evt.type=sendmsg")
chisel.set_event_formatter("")
f_res = chisel.request_field("evt.rawarg.res")
f_data = chisel.request_field("evt.arg.data")
f_buffer = chisel.request_field("evt.buffer")
return true
end
function on_event()
local res = evt.field(f_res)
local data = evt.field(f_buffer)
if not data then return false; end
local bytes = {string.byte(data, 0, -1)}
print("Length data=%d res=%d", #data, res)
print(("First 8 bytes: %02x %02x %02x %02x %02x %02x %02x %02x"):format(unpack(bytes)))
return true
end
Raw
output.txt
$ # In another terminal run `dig google.com`
$ sysdig -c mindns
Length data=%d res=%d 39 39
First 8 bytes: 2e 2e 2e 20 2e 2e 2e 2e
42911 00:34:59.886872526 2 dig (31652) < sendmsg res=39 data=... .........google.com.......)........
$ sysdig -c mindns -x
Length data=%d res=%d 126 39
First 8 bytes: 0a 09 30 78 30 30 30 30
36118 00:35:45.168994969 7 dig (31724) < sendmsg res=39 data=
0x0000: 09aa 0120 0001 0000 0000 0001 0667 6f6f
0x0010: 676c 6503 636f 6d00 0001 0001 0000 2910
0x0020: 0000 0000 0000 00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment