DNSQuerySniffer v1.35

Malwarebytes Anti-Malware
DNSQuerySniffer v1.35 - DNS queries sniffer for Windows by Nir Sofer is a network sniffer utility that shows the DNS queries sent by the system on which you install it. For every DNS query, the following information is displayed: Host Name, Port Number, Query ID, Request Type (A, AAAA, NS, MX, and so on), Request Time, Response Time, Duration, Response Code, Number of records, and the content of the returned DNS records. DNSQuerySniffer allows you to easily export the DNS query information to a CSV, tab-delimited, XML, or HTML file, or you can copy the DNS queries to the Windows clipboard and then paste them into Excel or another spreadsheet application.

On some systems, you will need to install a packet capture driver first, such as WinPcap. I installed it on the system on which I wished to use DNSQuerySniffer, since the developer mentioned "Even if the 'Raw Sockets' method works properly on your system, it's recommended to install the WinPcap capture driver or Microsoft Network Monitor driver (version 3.4 or later) in order to get more accurate date/time information ('Request Time', 'Response Time', and 'Duration' columns)". The developer also mentions "In order to use the Network Monitor driver on 64-bit systems, you have to download the x64 version of DNSQuerySniffer." Since I wished to run it on a 64-bit Microsoft Windows Professional system, I installed the 64-bit version of DNSQuerySniffer. There is no installation process needed for the software, you just extract the files within the zip file you downloaded to whatever directory you wish to hold the DNSQuerySniffer program.

The program is fairly small using only about 10 MB of disk drive space even when you use the IP to Country database, which you don't have to download and use with DNSQuerySniffer. The program without that database uses only a little over 200 KB of disk space.

C:\Program Files\NirSoft\dnsquerysniffer-x64>dir
 Volume in drive C is OS
 Volume Serial Number is 4445-F6ED

 Directory of C:\Program Files\NirSoft\dnsquerysniffer-x64

12/12/2014  10:46 PM    <DIR>          .
12/12/2014  10:46 PM    <DIR>          ..
12/12/2014  10:50 PM             1,092 DNSQuerySniffer.cfg
11/25/2014  10:06 PM            18,162 DNSQuerySniffer.chm
11/25/2014  10:06 PM           196,192 DNSQuerySniffer.exe
12/12/2014  06:40 AM         9,984,190 IpToCountry.csv
11/25/2014  10:06 PM            10,163 readme.txt
	       5 File(s)     10,209,799 bytes

The zip file you download contains DNSQuerySniffer.chm (the help file), DNSQuerySniffer.exe, and readme.txt. The DNSQuerySniffer.cfg file gets created the first time you run the program and configure it.

IP Address Country/City Information

DNSQuerySniffer allows you to view country/city information for every IP address found in the A records of the DNS response ('IP Country' column). In order to activate this feature, you have to download one of the following external files, and put the file in the same folder of DNSQuerySniffer.exe:

You can download the IP to Country Database (IPV4 and IPV6) by going to the linked URL. On the right-side of the page is a download link where you can specify the format for the file you wish to download, e.g. "IPV4 CSV (gz)"; I chose "IPV4 CSV (zip)" and then clicked on the "Download" button which gave me a IpToCountry.csv.zip file. I unzipped the file and placed the .csv file in the directory where I placed the DNSQuerySniffer.exe file.

The first time you start the software, you will be presented with a window where you can select Capture Options. Since I had installed the WinPcap Packet Capture Driver as recommended by the developer to to get more accurate date/time information, I selected that as the capture method rather than "Raw Sockets (Windows 2000/XP)", I also chose the system's Realtek PCIe BBE Family Controller network interface card (NIC) as the network adapter. Note: the IP address of 0.0.0.0 indicates the program will monitor all IP addresses for the system.

DNSQuerySniffer Capture Options

When you open the program, it will start capturing the DNS queries issued by the system to a DNS server automatically and display them. The Host Name, local Port Number, Query ID, Request Type, Request Time, Response Time, and Duration are displayed for each query.

DNSQuerySniffer

If you double-click on an entry, you will see further information on the entry.

DNSQuerySniffer Query Properties

The "IP Country" information won't be shown unless you put one of the IP to country databases in the same directory where you placed the DNSQuerySnifer program. If you place a database there while the program is running, you will have to close the program and reopen it for it to be able to associate an IP address with a country.

DNSQuerySniffer Query Properties
with Country

If you want to stop the capture of DNS queries, click on File and select Stop Capture.

You can click on File and Save Selected Items to save highligted items to a file. If you want to highlight all entries, hit Ctrl-A. You can use the standard methods for highlighting rows of data in Windows. E.g., you can highlight one item by clicking on it then moving the mouse to the lowest item in the list you wish to highlight and then clicking the mouse again while holding down the shift key. Or, if you don't want to highlight a continuous block of items, you can click on the first and then select others by holding down the Ctrl key to highlight them.

The formats from which you can choose for the output file are as follows:

  1. Text (*.txt)
  2. Tab Delimited Text File (*.txt)
  3. Tabular Text File (*.txt)
  4. Comma Delimited Text File (*.csv)
  5. HTML File - Horizonal (*.htm; *.html)
  6. HTML File - Vertical (*.htm; *.html)

An example text file for just one entry can be seen here. The destination address in the file is the IP address of the DNS server that was queried.

You can also get an HTML report by clicking on View and selecting "HTML Report - All Items" or "HTML Report - Selected Items". An HTML file will then be generated and placed in the folder in which you placed the DNSQuerySniffer program (example HTML report).

 

TechRabbit ad 300x250 newegg.com

Justdeals Daily Electronics Deals1x1 px

Valid HTML 4.01 Transitional

Created: Friday December 12, 2014