Writing a DNS sniffer
Information Security, Internet, Linux, Programming, ideas | (0)
Programming project: construct a program that can listen to perimeter traffic and construct http proxy-like logs. The weapon of choice? libpcap! The app will need to listen for both DNS (udp port 53) and HTTP (tcp port 80) traffic to accomplish this.
First up is determining where all the interesting bits in each layer of the OSI stack are located within each packet. In logical order:
Ethernet Headers & Packet Structure
IP Headers & Packet Structure
UDP Headers & Packet Structure
DNS Records and DNS Headers (about half way down)
With all that reference material, you might think this is a lot of reading! Okay, fine ...