https://github.com/furkanonder/DnsTrace
Monitor DNS queries by host processes using eBPF!
https://github.com/furkanonder/DnsTrace
bcc bpf dns ebpf ebpf-programs
Last synced: 6 months ago
JSON representation
Monitor DNS queries by host processes using eBPF!
- Host: GitHub
- URL: https://github.com/furkanonder/DnsTrace
- Owner: furkanonder
- License: mit
- Created: 2024-10-01T22:58:22.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-10-11T20:40:27.000Z (over 1 year ago)
- Last Synced: 2025-01-29T11:39:01.291Z (about 1 year ago)
- Topics: bcc, bpf, dns, ebpf, ebpf-programs
- Language: Python
- Homepage:
- Size: 515 KB
- Stars: 164
- Watchers: 3
- Forks: 9
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
DnsTrace
Monitor DNS queries by host processes using eBPF!
## Quick Start
### Prerequisites
DnsTrace requires BCC (BPF Compiler Collection) to be installed on your system. Follow the [BCC installation guide](https://github.com/iovisor/bcc/blob/master/INSTALL.md) for your Linux distribution.
### Installation
Install DnsTrace using pipx:
```bash
pipx install dnstrace
```
### Usage
Run DnsTrace with root privileges:
```bash
sudo dnstrace
```
#### Command Line Options
```bash
sudo dnstrace [OPTIONS]
Options:
-t, --tail Stream live DNS queries (tail mode)
-d, --domain Show DNS query domains
-h, --help Show help message
```
#### Examples
**Basic monitoring:**
```bash
sudo dnstrace
```
**Stream live queries:**
```bash
sudo dnstrace --tail
```
**Show domains with live-streaming:**
```bash
sudo dnstrace --tail --domain
```
## 📊 Display Modes
### Table Mode (Default)
- Real-time statistics dashboard
- Query type distribution charts
- Process attribution and interface details
- Responsive column layout
### Tail Mode (`--tail`)
- Live-streaming of DNS queries
- Optional domain display with `--domain` flag