DNS Insight

Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

DNS Insight

DNS Insight
This App visualizes DNS traffic and helps to pinpoint errors and anomalies (like DNS-Tunneling). DNS Insight takes an output of tcpdump as input, parses it and displays results as following charts and tables: Overview -Total Events -Parsing Errors -Query Type Distribution -Return Code Distribution -Protocol (UDP/TCP) Distribution Top Queries -Top Queries -Top Level Domains -Top Domains -Top Reverse Resolution Entries (PTR) IPv4 -Top Reverse Resolution Entries (PTR) IPv6 -Top Destinations -Top Sources Anomalies -Top DNS Errors -DNS Packet Length -Number of Labels in the query Performance -Slowest Transactions -Duration DNS Tunneling -Possible DNS Tunnelling Search Help The DNS Traffic can be collected simultaneously from many different sources: -windows (using TA-tshark or by capturing with dumpcap/tshark/Wireshark) -linux (tcpdump script or using TA-tcpdump) -switch mirror port (SPAN) -TAP device -manual import from a saved network dump (pcap file) -Splunk Stream (https://splunkbase.splunk.com/app/1809/) -Technology Add-On for Unbound DNS (https://splunkbase.splunk.com/app/4888/) -Splunk Add-on for ISC BIND (https://splunkbase.splunk.com/app/2876/) - query log only
Ask a Question View in Splunkbase
0 topics and 0 replies mentioned DNS Insight in View all 0
Latest Topics
No posts to display.
Latest Replies
No posts to display.
Top Topics
No posts to display.
My Topics
No posts to display.