From owner-freebsd-questions  Tue Mar 23 10:32:12 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from sonic.digital-web.net (sonic.digital-web.net [216.65.27.2])
	by hub.freebsd.org (Postfix) with ESMTP id B736314D85
	for <freebsd-questions@FreeBSD.ORG>; Tue, 23 Mar 1999 10:32:03 -0800 (PST)
	(envelope-from joseph@randomnetworks.com)
Received: from localhost (jmscott@localhost)
	by sonic.digital-web.net (8.9.3/8.9.3) with ESMTP id NAA15375;
	Tue, 23 Mar 1999 13:27:47 -0500 (EST)
Date: Tue, 23 Mar 1999 13:27:47 -0500 (EST)
From: Joseph Scott <joseph@randomnetworks.com>
X-Sender: jmscott@sonic.digital-web.net
Reply-To: Joseph Scott <joseph@randomnetworks.com>
To: "Olivas, Stacy Q" <Olivassq@nafm.misawa.af.mil>
Cc: "'FreeBSD Questions'" <freebsd-questions@FreeBSD.ORG>
Subject: Re: TCPDUMP output
In-Reply-To: <55E8DFF7F828D211A46500104B226B0B0F1F30@nafm.misawa.AF.MIL>
Message-ID: <Pine.BSF.4.10.9903231322240.8832-100000@sonic.digital-web.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Tue, 23 Mar 1999, Olivas, Stacy Q wrote:

> Hello,
> I'm working on a little DNS monitoring project..
> 
> I have a small caching nameserver setup that feeds machines in a subnet.
> 
> To monitor where they have been, I've setup tcpdump to watch port 53 on the
> machine for all traffic (it's only used for this pupose).. Everyday it
> automatically rolls the logfiles over and sends a copy to me via e-mail (the
> machine is an a secure area that I don't access on a regular basis).
> 
> My question is:
> 
> 1.  Is there a program (preferably unix, but can be a windows based program)
> that would allow me to have the logs formatted something easier to analyze
> or

	I'm not exactly sure what you are looking for as far as "easier".
Do you want easier on the human ?  You may want to check out tcpshow, it's
in the ports collection.


	As for something that understands dns traffic, I think ethereal
does, it's and Xwindows app.
> 2.  Is there a program that would allow me (short of setting up a proxy)
> monitor this sort of thing in an easier way??
> 
> I was thinking about writing a custom utility to analyze this stuff, but I
> figured I might want to ask before doing so (just to save myself some
> time)..
> 
> Thanks in advance.
> Stacy Olivas
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 


Joseph Scott
joseph@randomnetworks.com




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message