{"id":3178,"date":"2021-04-02T23:49:16","date_gmt":"2021-04-02T14:49:16","guid":{"rendered":"http:\/\/matoken.org\/blog\/?p=3178"},"modified":"2021-04-03T00:01:03","modified_gmt":"2021-04-02T15:01:03","slug":"a-tool-to-spy-on-your-dns-queries-dnspeep","status":"publish","type":"post","link":"https:\/\/matoken.org\/blog\/2021\/04\/02\/a-tool-to-spy-on-your-dns-queries-dnspeep\/","title":{"rendered":"dns\u30af\u30a8\u30ea\u3092\u30b9\u30d1\u30a4\u3059\u308b dnspeep"},"content":{"rendered":"<div class=\"paragraph\">\n<p><code>dnspeep<\/code> \u3068\u3044\u3046Rust\u88fd\u306edns\u306e\u30af\u30a8\u30ea\u5185\u5bb9\u3092\u8868\u793a\u3059\u308b\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u77e5\u3063\u305f\u306e\u3067\u5c11\u3057\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\uff0e<\/p>\n<\/div>\n<div class=\"ulist\">\n<ul>\n<li><a href=\"https:\/\/jvns.ca\/blog\/2021\/03\/31\/dnspeep-tool\/\">A tool to spy on your DNS queries: dnspeep<\/a>\n<div class=\"ulist\">\n<ul>\n<li><a href=\"https:\/\/www.reddit.com\/r\/commandline\/comments\/mhqb6h\/a_tool_to_spy_on_your_dns_queries_dnspeep\/\">A tool to spy on your DNS queries: dnspeep : commandline<\/a><\/li>\n<\/ul>\n<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<div class=\"paragraph\">\n<p><a href=\"https:\/\/github.com\/jvns\/dnspeep\/releases\">GitHub\u306eRelease\u30da\u30fc\u30b8<\/a>\u306bLinux x86_64\u3068macOS x86_64\u306e\u30d0\u30a4\u30ca\u30ea\u304c\u7f6e\u3044\u3066\u3042\u308b\u306e\u3067\u305d\u306e\u74b0\u5883\u3060\u3068\u305d\u308c\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3066\u4f1a\u4f0a\u85e4\u3059\u308b\u3060\u3051\u3067\u4f7f\u3048\u307e\u3059\uff0e\u4ed6\u306e\u74b0\u5883\u3067\u306f <code>cargo build<\/code> \u3059\u308c\u3070\u3044\u3044\u306e\u304b\u306a?<\/p>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"content\">\n<pre class=\"highlight\"><code class=\"language-shell\" data-lang=\"shell\">$ wget https:\/\/github.com\/jvns\/dnspeep\/releases\/download\/v0.1.1\/dnspeep-linux.tar.gz\n$ tar tvf .\/dnspeep-linux.tar.gz\n-rwxr-xr-x runner\/docker 5570536 2021-04-02 06:20 dnspeep\n$ file dnspeep\ndnspeep: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter \/lib64\/ld-linux-x86-64.so.2, BuildID[sha1]=a917041c223b18db709ff3c563ee1a6a3c82ba6e, for GNU\/Linux 3.2.0, with debug_info, not stripped\n$ .\/dnspeep -h|xsel\nUsage: .\/dnspeep [options]\n\nOptions:\n    -p, --port PORT     port number to listen on\n    -f, --file FILENAME read packets from pcap file\n    -h, --help          print this help menu\n\nWhat the output columns mean:\n   query:     DNS query type (A, CNAME, etc)\n   name:      Hostname the DNS query is requesting\n   server IP: IP address of the DNS server the query was made to\n   response:  Responses from the Answer section of the DNS response (or \"&lt;no response&gt;\" if none was found).\n              Multiple responses are separated by commas.\n\n$ sudo .\/dnspeep\nquery name                           server IP            response\nA     tweetdeck.twitter.com.         192.168.1.102        CNAME: td.twitter.com., A: 104.244.42.132, A: 104.244.42.4, A: 104.244.42.68, A: 104.244.42.196\n  :<\/code><\/pre>\n<\/div>\n<\/div>\n<div class=\"paragraph\">\n<p>libpcap\u304b\u3089\u30d1\u30b1\u30c3\u30c8\u3092\u5f15\u3063\u5f35\u3063\u3066dns\u306e\u30af\u30a8\u30ea\u3092\u6574\u5f62\u3057\u3066\u51fa\u529b\u3057\u3066\u3044\u308b\u3088\u3046\u3067\u3059\uff0e\u3053\u3093\u306a\u611f\u3058\u3067tcpdump\u3067\u3082\u3044\u3044\u306e\u3067\u3059\u304c\uff0cdns\u306b\u7279\u5316\u3057\u3066\u3044\u308b\u306e\u3067\u30aa\u30d7\u30b7\u30e7\u30f3\u3068\u304b\u899a\u3048\u306a\u304f\u3066\u3044\u3044\u306e\u306f\u3044\u3044\u3067\u3059\u306d\uff0e<\/p>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"content\">\n<pre class=\"highlight\"><code class=\"language-shell\" data-lang=\"shell\">$ sudo tcpdump -i eth0 udp port 53 or tcp port 53<\/code><\/pre>\n<\/div>\n<\/div>\n<div><a href=\"https:\/\/youtu.be\/3fEvpzDUDmw\">https:\/\/youtu.be\/3fEvpzDUDmw<\/a><\/div>\n<div class=\"paragraph\">\n<div class=\"title\">\u74b0\u5883<\/div>\n<p><code>dnspeep v0.1.1<\/code><\/p>\n<\/div>\n<div class=\"listingblock\">\n<div class=\"content\">\n<pre>$ dpkg-query -W libpcap0.8 tcpdump\nlibpcap0.8:amd64        1.10.0-2\nlibpcap0.8:i386 1.10.0-2\ntcpdump 4.99.0-2\n$ lsb_release -dr\nDescription:    Debian GNU\/Linux bullseye\/sid\nRelease:        unstable\n$ arch\nx86_64<\/pre>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>dnspeep \u3068\u3044\u3046Rust\u88fd\u306edns\u306e\u30af\u30a8\u30ea\u5185\u5bb9\u3092\u8868\u793a\u3059\u308b\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u77e5\u3063\u305f\u306e\u3067\u5c11\u3057\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\uff0e A tool to spy on your DNS queries: dnspeep A tool to spy  [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"webmentions_disabled_pings":false,"webmentions_disabled":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":4,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[7,6,199],"tags":[386],"class_list":["post-3178","post","type-post","status-publish","format-standard","hentry","category-debian-linux","category-linux","category-sid","tag-dns"],"_links":{"self":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts\/3178","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/comments?post=3178"}],"version-history":[{"count":0,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/posts\/3178\/revisions"}],"wp:attachment":[{"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/media?parent=3178"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/categories?post=3178"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/matoken.org\/blog\/wp-json\/wp\/v2\/tags?post=3178"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}