Feature #3663: DNS: Parse and extract DNS NULL records - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #3663

closed

DNS: Parse and extract DNS NULL records

Added by Konstantin Klinger over 4 years ago. Updated over 3 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Community Ticket

Target version:

TBD

Effort:

Difficulty:

Label:

Protocol

Description

At the moment the DNS parser gives you "NULL" as rrtype, but the related metadata of those NULL records/DNS packets is missing. In the attached eve.json you can find the current output.

I would expect something like this (equivalent to the content from packet 18 in Wireshark output):
Null (data): 42617365313238

This is related to Feature #2970

Files

Download all files

dns-tunnel-iodine.pcap (75.7 KB) dns-tunnel-iodine.pcap		Konstantin Klinger, 04/23/2020 07:13 AM
eve.json (388 KB) eve.json		Konstantin Klinger, 04/23/2020 07:13 AM

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #3663

DNS: Parse and extract DNS NULL records

Updated by Victor Julien over 4 years ago

Updated by Simon Dugas over 4 years ago

Updated by Sascha Steinbiss about 4 years ago

Updated by Sascha Steinbiss about 4 years ago

Updated by Philippe Antoine over 3 years ago