Created
December 2, 2020 16:21
-
-
Save johnbumgarner/166b6371f975c8e0a0aeae2516771039 to your computer and use it in GitHub Desktop.
This function is designed to extract DNS elements from a PCAP packet.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# use with pyshark | |
def extract_dns_information(packet): | |
""" | |
This function is designed to extract DNS elements from a PCAP packet. | |
:param packet: PCAP packet | |
:return: | |
""" | |
if hasattr(packet, 'udp') and packet[packet.transport_layer].dstport == '53': | |
try: | |
if packet.dns.qry_name: | |
source_address = packet.ip.src | |
dns_location = packet.dns.qry_name | |
return f'DNS Request from IP: {source_address} to DNS Name: {dns_location}' | |
elif packet.dns.resp_name: | |
source_address = packet.ip.src | |
dns_location = packet.dns.resp_name | |
return f'DNS Response from IP: {source_address} to DNS Name: {dns_location}' | |
except AttributeError as e: | |
# ignore packets that do not contain a DNS layer | |
pass |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment