johnbumgarner/extract_dns_information.py

## extract_dns_information.py
# use with pyshark

def extract_dns_information(packet):
    """
    This function is designed to extract DNS elements from a PCAP packet.
    :param packet: PCAP packet
    :return:
    """
    if hasattr(packet, 'udp') and packet[packet.transport_layer].dstport == '53':
        try:
            if packet.dns.qry_name:
                source_address = packet.ip.src
                dns_location = packet.dns.qry_name
                return f'DNS Request from IP: {source_address} to DNS Name: {dns_location}'
            elif packet.dns.resp_name:
                source_address = packet.ip.src
                dns_location = packet.dns.resp_name
                return f'DNS Response from IP: {source_address} to DNS Name: {dns_location}'
        except AttributeError as e:
            # ignore packets that do not contain a DNS layer
            pass
	# use with pyshark

	def extract_dns_information(packet):
	"""
	This function is designed to extract DNS elements from a PCAP packet.
	:param packet: PCAP packet
	:return:
	"""
	if hasattr(packet, 'udp') and packet[packet.transport_layer].dstport == '53':
	try:
	if packet.dns.qry_name:
	source_address = packet.ip.src
	dns_location = packet.dns.qry_name
	return f'DNS Request from IP: {source_address} to DNS Name: {dns_location}'
	elif packet.dns.resp_name:
	source_address = packet.ip.src
	dns_location = packet.dns.resp_name
	return f'DNS Response from IP: {source_address} to DNS Name: {dns_location}'
	except AttributeError as e:
	# ignore packets that do not contain a DNS layer
	pass