How to use the dpkt.dns function in dpkt
To help you get started, we’ve selected a few dpkt examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
SuperCowPowers / chains / chains / links / dns_meta.py View on Github 
def dns_meta_data(self):
"""Pull out the dns metadata for packet/transport in the input_stream"""
# For each packet process the contents
for packet in self.input_stream:
# Skip packets without transport info (ARP/ICMP/IGMP/whatever)
if 'transport' not in packet:
continue
try:
dns_meta = dpkt.dns.DNS(packet['transport']['data'])
_raw_info = data_utils.make_dict(dns_meta)
packet['dns'] = self._dns_info_mapper(_raw_info)
packet['dns']['_raw'] = _raw_info
except (dpkt.dpkt.NeedData, dpkt.dpkt.UnpackError):
if 'dns' in packet:
del packet['dns']
# All done
yield packetdef decode_dns_response ( rr, response_type ) :
"""This subroutine decodes a DNS response packet. The packet may have more than one rr"""
r_type = rr.type
r_data = rr.rdata
if rr.cls != 1 :
print "Response is not class IN, might be Hesiod, chaos, or qclass (all of which are anachronisms)"
print "Response is component", response_type
if r_type == dpkt.dns.DNS_CNAME :
print "Response is a CNAME ", r_data," in hex: ", hexify(r_data)
elif r_type == dpkt.dns.DNS_A :
print "response is an IPv4 address", socket.inet_ntoa( r_data )
elif r_type == dpkt.dns.DNS_NS :
print "Response is a NS name", r_data," in hex: ", hexify(r_data)
elif r_type == dpkt.dns.DNS_AAAA :
print "response is an IPv6 address", socket.inet_ntop( socket.AF_INET6, r_data )
elif r_type == dpkt.dns.DNS_PTR :
print "response is a hostname from an IP address", r_data, "in hex: ", hexify(r_data)
else :
print "Response type is something other than a CNAME, PTR, IPv4 address, or IPv6 address", r_type,
if r_type in type_table :
print type_table[r_type]
print "r-data is ", r_data," in hex: ", hexify(r_data)
else :
print "Unknown"def decode_q(self, dns):
queried = ""
if dns.qd[0].type == dpkt.dns.DNS_A:
queried = queried + "A? %s" % (dns.qd[0].name)
if dns.qd[0].type == dpkt.dns.DNS_AAAA:
queried = queried + "AAAA? %s" % (dns.qd[0].name)
return querieddef test_upstreams(self):
LOGGER.error('!!! test upstreams: %s' % self.upstreams)
greenlets = []
queue = gevent.queue.Queue()
good_upstreams = []
try:
for server in self.upstreams:
server_type, server_ip, server_port = server
greenlets.append(gevent.spawn(
resolve_one, dpkt.dns.DNS_A, 'onetwothreefour.fqrouter.com', server_type,
server_ip, server_port, 3, 'pick-right', queue))
while True:
try:
server, answers = queue.get(timeout=2)
if isinstance(answers, NoSuchDomain):
LOGGER.error('%s test failed: no such domain' % str(server))
continue
if len(answers) == 0:
LOGGER.error('%s test failed: 0 answer' % str(server))
continue
if len(answers) > 1:
LOGGER.error('%s test failed: more than 1 answer' % str(server))
continue
if '1.2.3.4' != answers[0]:
LOGGER.error('%s test failed: wrong answer' % str(server))
continuecontinue
if len(dns.ns) != 0:
continue
if dns.qd[0].cls != dpkt.dns.DNS_IN:
continue
if dns.qd[0].type != dpkt.dns.DNS_A:
continue
# spoof for our target name
if dns.qd[0].name != host:
continue
# send spoofed answer
send(IP(src=inet_ntoa(ip_packet.dst), dst=inet_ntoa(ip_packet.src))/
UDP(sport=udp.dport, dport=udp.sport)/
DNS(opcode=dpkt.dns.DNS_RA, rcode=dpkt.dns.DNS_RCODE_NOERR,
qr=dpkt.dns.DNS_R, an=DNSRR(rrname=host, type=dpkt.dns.DNS_A,
rclass=dpkt.dns.DNS_IN,
rdata=redirection)))
# dns query->response
# dns.op = dpkt.dns.DNS_RA
# dns.rcode = dpkt.dns.DNS_RCODE_NOERR
# dns.qr = dpkt.dns.DNS_R
#
# # construct fake answer
# arr = dpkt.dns.DNS.RR()
# arr.cls, arr.type, arr.name = dpkt.dns.DNS_IN, dpkt.dns.DNS_A, host
# # arr.ip = dnet.addr(redirection).ip
# arr.ip = socket.inet_aton(redirection)
#
# dns.an.append(arr)
#
# udp.sport, udp.dport = udp.dport, udp.sport
# ip_packet.src, ip_packet.dst = ip_packet.dst, ip_packet.srcdef inject_dns_requests_to_find_right_ttl(dst_ip, probe_src):
for ttl in RANGE_OF_TTL_TO_GFW:
dns_packet = dpkt.dns.DNS(id=ttl, qd=[dpkt.dns.DNS.Q(name='plus.google.com', type=dpkt.dns.DNS_A)])
udp_packet = dpkt.udp.UDP(sport=DNS_REQUEST_SPORT, dport=DNS_REQUEST_DPORT)
udp_packet.data = dns_packet
udp_packet.ulen = len(udp_packet)
ip_packet = dpkt.ip.IP(
src=socket.inet_aton(probe_src),
dst=socket.inet_aton(dst_ip),
p=dpkt.ip.IP_PROTO_UDP)
ip_packet.ttl = ttl
ip_packet.data = udp_packet
ip_packet.len = len(ip_packet)
raw_socket.sendto(str(ip_packet), (dst_ip, 0))def _check_dns(self, udpdata):
"""Checks for DNS traffic.
@param udpdata: UDP data flow.
"""
try:
dpkt.dns.DNS(udpdata)
except:
return False
return Truetcp_dport))
rtn_list.append({'protocol':'TCP',
'ip_src': ip_src,
'ip_dst': ip_dst,
'port_src': tcp_sport,
'port_dst': tcp_dport})
# UDP
elif ip.p == 0x11:
udp = ip.data
udp_sport = udp['sport']
udp_dport = udp['dport']
dns_hosts = []
if udp_sport == '53' or udp_dport == 53:
dns = dpkt.dns.DNS(udp.data)
for q in dns['qd']:
dns_hosts.append(q['name'])
logger.debug("UDP: %s:%d -> %s:%d"%(ip_src,
udp_sport,
ip_dst,
udp_dport))
rtn_list.append({'protocol':'UDP',
'ip_src': ip_src,
'ip_dst': ip_dst,
'port_src': udp_sport,
'port_dst': udp_dport,
'dns':dns_hosts})
return rtn_list, other_listdns = dpkt.dns.DNS(data)
if dns.opcode != dpkt.dns.DNS_QUERY :
print "A DNS packet was sent to the nameserver, but the opcode was %d instead of DNS_QUERY (this is a software error)" % dns.opcode
if dns.qr != dpkt.dns.DNS_Q :
print "A DNS packet was sent to the name server, but dns.qr is not 0 and should be. It is %d" % dns.qr
print "query for ", dns.qd[0].name, "ID is ", dns.id, "dns.qr is ", dns.qr, "query type is ", dns.qd[0].type, type_table[dns.qd[0].type]
print "dns.qd is ", dns.qd
elif sport == 53 :
# UDP/53 is a DNS response
dns = dpkt.dns.DNS(data)
print "responding to ", dns.id, "dns.qr is ", dns.qr
if dns.qr != dpkt.dns.DNS_R :
print "A DNS packet was received from a name server, but dns.qr is not 1 and should be. It is %d" % dns.qr
if dns.get_rcode() == dpkt.dns.DNS_RCODE_NOERR :
print "Response has no error"
elif dns.get_rcode() == dpkt.dns.DNS_RCODE_NXDOMAIN :
print "There is no name in this domain"
else :
print "Response is something other than NOERR or NXDOMAIN %d - this software is incomplete" % dns.get_rcode()
print "The response packet has %d RRs" % len(dns.an)
# Decode the RR records in the NS section
for rr in dns.ns :
decode_dns_response ( rr, "NS")
# Decode the answers in the DNS answer
for rr in dns.an :
decode_dns_response ( rr, "AN" )
# Decode the additional responses
for rr in dns.ar :
decode_dns_response ( rr, "AR" )
print "dns.qd is ", dns.qdquery["type"] = "AAAA"
elif q_type == dpkt.dns.DNS_CNAME:
query["type"] = "CNAME"
elif q_type == dpkt.dns.DNS_MX:
query["type"] = "MX"
elif q_type == dpkt.dns.DNS_PTR:
query["type"] = "PTR"
elif q_type == dpkt.dns.DNS_NS:
query["type"] = "NS"
elif q_type == dpkt.dns.DNS_SOA:
query["type"] = "SOA"
elif q_type == dpkt.dns.DNS_HINFO:
query["type"] = "HINFO"
elif q_type == dpkt.dns.DNS_TXT:
query["type"] = "TXT"
elif q_type == dpkt.dns.DNS_SRV:
query["type"] = "SRV"
# DNS answer.
query["answers"] = []
for answer in dns.an:
ans = {}
if answer.type == dpkt.dns.DNS_A:
ans["type"] = "A"
try:
ans["data"] = socket.inet_ntoa(answer.rdata)
except socket.error:
continue
elif answer.type == dpkt.dns.DNS_AAAA:
ans["type"] = "AAAA"
try:
ans["data"] = socket.inet_ntop(socket.AF_INET6,dpkt
fast, simple packet creation / parsing, with definitions for the basic TCP/IP protocols
