DNS Insight

This App visualizes DNS traffic and helps to pinpoint errors and anomalies (like DNS-Tunneling). DNS Insight takes an output of tcpdump as input, parses it and displays results as following charts and tables: Overview -Total Events -Parsing Errors -Query Type Distribution -Return Code Distribution -Protocol (UDP/TCP) Distribution Top Queries -Top Queries -Top Level Domains -Top Domains -Top Reverse Resolution Entries (PTR) IPv4 -Top Reverse Resolution Entries (PTR) IPv6 -Top Destinations -Top Sources Anomalies -Top DNS Errors -DNS Packet Length -Number of Labels in the query Performance -Slowest Transactions -Duration DNS Tunneling -Possible DNS Tunnelling Search Help The DNS Traffic can be collected simultaneously from many different sources: -windows (using TA-tshark or by capturing with dumpcap/tshark/Wireshark) -linux (tcpdump script or using TA-tcpdump) -switch mirror port (SPAN) -TAP device -manual import from a saved network dump (pcap file) -Splunk Stream (https://splunkbase.splunk.com/app/1809/) -Technology Add-On for Unbound DNS (https://splunkbase.splunk.com/app/4888/) -Splunk Add-on for ISC BIND (https://splunkbase.splunk.com/app/2876/) - query log only

Built by Pavel Prostin

Latest Version 0.0.10

March 14, 2024

Release notes

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3

CIM Version: 5.x, 4.x

Rating

0

(0)

Log in to rate this app

Support

Developer Supported app

Learn more

This App visualizes DNS traffic and helps to pinpoint errors and anomalies (like DNS-Tunneling). DNS Insight takes an output of tcpdump as input, parses it and displays results as following charts and tables: Overview -Total Events -Parsing Errors -Query Type Distribution -Return Code Distribution -Protocol (UDP/TCP) Distribution Top Queries -Top Queries -Top Level Domains -Top Domains -Top Reverse Resolution Entries (PTR) IPv4 -Top Reverse Resolution Entries (PTR) IPv6 -Top Destinations -Top Sources Anomalies -Top DNS Errors -DNS Packet Length -Number of Labels in the query Performance -Slowest Transactions -Duration DNS Tunneling -Possible DNS Tunnelling Search Help The DNS Traffic can be collected simultaneously from many different sources: -windows (using TA-tshark or by capturing with dumpcap/tshark/Wireshark) -linux (tcpdump script or using TA-tcpdump) -switch mirror port (SPAN) -TAP device -manual import from a saved network dump (pcap file) -Splunk Stream (https://splunkbase.splunk.com/app/1809/) -Technology Add-On for Unbound DNS (https://splunkbase.splunk.com/app/4888/) -Splunk Add-on for ISC BIND (https://splunkbase.splunk.com/app/2876/) - query log only