yum install dnstop<\/p>\n
dnstop eth0<\/p>\n
1 e bas 2 ye bas 3 e basmak icin<\/p>\n
dnstop -l 3 etho<\/p>\n
detayli aciklama:::<\/p>\n
You can monitor various dns data and queries using command line options.<\/p>\n
Simply, type the following command at a shell prompt to monitor traffic for eth0 interface: You can force dnstop to keep counts on names up to level domain name levels by using the -l {level} option. For example, with -l 2 (the default), dnstop will keep two tables: one with top-level domain names (such as .com, .org, .biz etc), and another with second level domain names (such as co.in, col.uk). Please note that increasing the level provides more details, but also requires more memory and CPU to keep track of DNS traffic.<\/p>\n To exit the dnstop, hit ^X (hold [CTRL] key and press X). Press ^R to reset the counters.<\/p>\n While running dnstop, hit 1<\/strong> key to view first level query names (TLDs):<\/p>\n Look like this DNS server is serving more .net TLDs. You can also find out more about actual domain name by hinting 2<\/strong> key while running dnstop:<\/p>\n To find out 3 level domain, hit 3<\/strong> key:<\/p>\n You can easily find out most requested, query type (A, AAAA, PTR etc) by hinting t<\/strong><\/strong> key<\/p>\n Hit d to view dns client IP address:<\/p>\n There many more option to provide detailed view of current, traffic, just type ?<\/strong> to view help for all run time options:<\/p>\n yum install dnstop dnstop eth0 1 e bas 2 ye bas 3 e basmak icin dnstop -l 3 etho detayli aciklama::: Monitor Dns Server You can monitor various dns data and queries using command line options. How do I view dns traffic with dnstop? Simply, type the following command at a shell prompt to monitor […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-533","post","type-post","status-publish","format-standard","hentry","category-kategerisiz"],"_links":{"self":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/533","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/comments?post=533"}],"version-history":[{"count":1,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/533\/revisions"}],"predecessor-version":[{"id":534,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/533\/revisions\/534"}],"wp:attachment":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/media?parent=533"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/categories?post=533"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/tags?post=533"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n# dnstop {interface-name}
\n# dnstop eth0
\n# dnstop em0<\/code>
\nSample output:<\/p>\n2 new queries, 220 total queries Mon Aug 4 05:56:50 2008\r\n\r\nSources count %\r\n---------------- --------- ------\r\n180.248.xxx.26 72 32.7\r\n77.89.xx.108 7 3.2\r\n186.xxx.13.108 5 2.3\r\n90.xxx.94.39 4 1.8\r\n178.xx.77.83 4 1.8\r\n187.xxx.149.23 4 1.8\r\nxxx.13.249.70 4 1.8\r\n1.xxx.169.102 4 1.8\r\n189.xx.191.126 4 1.8\r\nxxx.239.194.97 3 1.4\r\n<\/pre>\n
\n# dnstop -l 3 eth0<\/code>
\nUnder Debian \/ Ubuntu Linux, enter:
\n# dnstop -t -s eth0<\/code>
\nWhere,<\/p>\n\n
How do I exit or reset counters?<\/h3>\n
How do find out TLD generating maximum traffic?<\/h3>\n
5 new queries, 1525 total queries Mon Aug 4 06:11:09 2008\r\n\r\nTLD count %\r\n------------------------------ --------- ------\r\nnet 520 34.1\r\nbiz 502 32.9\r\nin-addr.arpa 454 29.8\r\nin 23 1.5\r\norg 15 1.0\r\ncom 11 0.7<\/pre>\n
3 new queries, 1640 total queries Mon Aug 4 06:13:20 2008\r\n\r\nSLD count %\r\n------------------------------ --------- ------\r\ncyberciti.biz 557 34.0\r\nnixcraft.net 556 33.9\r\n74.in-addr.arpa 34 2.1\r\n208.in-addr.arpa 29 1.8\r\n195.in-addr.arpa 28 1.7\r\n192.in-addr.arpa 27 1.6\r\n64.in-addr.arpa 27 1.6\r\ntheos.in 23 1.4\r\n203.in-addr.arpa 20 1.2\r\n202.in-addr.arpa 18 1.1\r\n212.in-addr.arpa 15 0.9\r\nnixcraft.com 13 0.8\r\n217.in-addr.arpa 13 0.8\r\n213.in-addr.arpa 12 0.7\r\n128.in-addr.arpa 12 0.7\r\n193.in-addr.arpa 12 0.7\r\nsimplyguide.org 12 0.7\r\ncricketnow.in 3 0.2<\/pre>\n
www.cyberciti.biz 60 39.0\r\nfigs.cyberciti.biz 33 21.4\r\nns1.nixcraft.net 18 11.7\r\nns3.nixcraft.net 13 8.4\r\nns2.nixcraft.net 13 8.4\r\ntheos.in 5 3.2\r\nnixcraft.com 5 3.2\r\ncyberciti.biz 2 1.3\r\njobs.cyberciti.biz 1 0.6\r\nbash.cyberciti.biz 1 0.6<\/pre>\n
How do I display the breakdown of query types seen?<\/h3>\n
Query Type Count %\r\n---------- --------- ------\r\nA? 224 56.7\r\nAAAA? 142 35.9\r\nA6? 29 7.3<\/pre>\n
How do I find out who is connecting to my DNS server?<\/h3>\n
Source Query Name Count %\r\n-------------- ------------- --------- ------\r\nxx.75.164.90 nixcraft.net 20 9.1\r\nxx.75.164.90 cyberciti.biz 18 9.1\r\nx.68.25.4 nixcraft.net 9 9.1\r\nxxx.131.0.10 cyberciti.biz 5 4.5\r\nxx.104.200.202 cyberciti.biz 4 4.5\r\n202.xxx.0.2 cyberciti.biz 1 4.5<\/pre>\n
Option help<\/h3>\n
s - Sources list\r\n d - Destinations list\r\n t - Query types\r\n o - Opcodes\r\n r - Rcodes\r\n 1 - 1st level Query Names ! - with Sources\r\n 2 - 2nd level Query Names @ - with Sources\r\n 3 - 3rd level Query Names # - with Sources\r\n 4 - 4th level Query Names $ - with Sources\r\n 5 - 5th level Query Names % - with Sources\r\n 6 - 6th level Query Names ^ - with Sources\r\n 7 - 7th level Query Names & - with Sources\r\n 8 - 8th level Query Names * - with Sources\r\n 9 - 9th level Query Names ( - with Sources\r\n^R - Reset counters\r\n^X - Exit\r\n\r\n ? - this<\/pre>\n","protected":false},"excerpt":{"rendered":"