diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2021-03-04 19:22:03 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2021-03-04 20:43:22 +0000 |
commit | 22c74419e2c258319bc723351876604b3304604b (patch) | |
tree | 8c799a78d53f67388fdf42900657eda617c1306a /plugins | |
parent | Initial commit. (diff) | |
download | dnscap-22c74419e2c258319bc723351876604b3304604b.tar.xz dnscap-22c74419e2c258319bc723351876604b3304604b.zip |
Adding upstream version 2.0.0+debian.upstream/2.0.0+debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
78 files changed, 20326 insertions, 0 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am new file mode 100644 index 0000000..7a6880c --- /dev/null +++ b/plugins/Makefile.am @@ -0,0 +1,6 @@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in + +SUBDIRS = pcapdump rssm txtout rzkeychange royparse anonmask ipcrypt \ + anonaes128 cryptopan cryptopant eventlog + +EXTRA_DIST = template diff --git a/plugins/anonaes128/Makefile.am b/plugins/anonaes128/Makefile.am new file mode 100644 index 0000000..2e9df57 --- /dev/null +++ b/plugins/anonaes128/Makefile.am @@ -0,0 +1,24 @@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in +CLEANFILES = *.gcda *.gcno *.gcov + +AM_CFLAGS = -I$(srcdir) \ + -I$(top_srcdir)/src \ + -I$(top_srcdir)/isc \ + $(SECCOMPFLAGS) $(libcrypto_CFLAGS) + +pkglib_LTLIBRARIES = anonaes128.la +anonaes128_la_SOURCES = anonaes128.c +anonaes128_la_LDFLAGS = -module -avoid-version $(libcrypto_LIBS) + +TESTS = test1.sh test2.sh test3.sh test4.sh + +EXTRA_DIST = $(TESTS) test1.gold test2.gold test3.gold +CLEANFILES += test1.out test2.out test3.out test3.pcap.20181127.155200.414188 \ + test4.tmp + +if ENABLE_GCOV +gcov-local: + for src in $(anonaes128_la_SOURCES); do \ + gcov -o .libs -l -r -s "$(srcdir)" "$$src"; \ + done +endif diff --git a/plugins/anonaes128/anonaes128.c b/plugins/anonaes128/anonaes128.c new file mode 100644 index 0000000..340bb71 --- /dev/null +++ b/plugins/anonaes128/anonaes128.c @@ -0,0 +1,344 @@ +/* + * Copyright (c) 2018-2021, OARC, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. Neither the name of the copyright holder nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> +#include <sys/socket.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> + +#include "dnscap_common.h" + +#if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_CONF_H) && defined(HAVE_OPENSSL_ERR_H) && defined(HAVE_OPENSSL_EVP_H) +#include <openssl/conf.h> +#include <openssl/evp.h> +#include <openssl/err.h> +#define USE_OPENSSL 1 +#endif + +static set_iaddr_t anonaes128_set_iaddr = 0; + +static logerr_t* logerr; +static int only_clients = 0, only_servers = 0, dns_port = 53, encrypt_v4 = 0, decrypt = 0; +static unsigned char key[16]; +static unsigned char iv[16]; +#ifdef USE_OPENSSL +static EVP_CIPHER_CTX* ctx = 0; +#endif + +enum plugin_type anonaes128_type() +{ + return plugin_filter; +} + +void usage(const char* msg) +{ + fprintf(stderr, "anonaes128.so usage error: %s\n", msg); + exit(1); +} + +void anonaes128_usage() +{ + fprintf(stderr, + "\nanonaes128.so options:\n" + "\t-? print these instructions and exit\n" + "\t-k <key> A 16 character long key\n" + "\t-K <file> Read the 16 first bytes from file and use as key\n" + "\t-i <key> A 16 character long Initialisation Vector (IV)\n" + "\t-I <file> Read the 16 first bytes from file and use as IV\n" + "\t-D Decrypt IPv6 addresses\n" + "\t-c Only en/de-crypt clients (port != 53)\n" + "\t-s Only en/de-crypt servers (port == 53)\n" + "\t-p <port> Set port for -c/-s, default 53\n" + "\t-4 Encrypt IPv4 addresses, not default or recommended\n"); +} + +void anonaes128_extension(int ext, void* arg) +{ + switch (ext) { + case DNSCAP_EXT_SET_IADDR: + anonaes128_set_iaddr = (set_iaddr_t)arg; + break; + } +} + +void anonaes128_getopt(int* argc, char** argv[]) +{ + int c, got_key = 0, got_iv = 0; + unsigned long ul; + char* p; + + while ((c = getopt(*argc, *argv, "?k:K:i:I:Dcsp:4")) != EOF) { + switch (c) { + case 'k': + if (strlen(optarg) != 16) { + usage("key must be 16 characters long"); + } + memcpy(key, optarg, 16); + got_key = 1; + break; + case 'K': { + int fd; + ssize_t r; + if ((fd = open(optarg, O_RDONLY)) < 0) { + perror("open()"); + usage("unable to open key file"); + } + if ((r = read(fd, key, 16)) < 0) { + perror("read()"); + usage("unable to read from key file"); + } + if (r != 16) { + usage("unable to read 16 bytes from key file"); + } + close(fd); + got_key = 1; + break; + } + case 'i': + if (strlen(optarg) != 16) { + usage("IV must be 16 characters long"); + } + memcpy(iv, optarg, 16); + got_iv = 1; + break; + case 'I': { + int fd; + ssize_t r; + if ((fd = open(optarg, O_RDONLY)) < 0) { + perror("open()"); + usage("unable to open IV file"); + } + if ((r = read(fd, iv, 16)) < 0) { + perror("read()"); + usage("unable to read from IV file"); + } + if (r != 16) { + usage("unable to read 16 bytes from IV file"); + } + close(fd); + got_iv = 1; + break; + } + case 'D': + decrypt = 1; + break; + case 'c': + only_clients = 1; + break; + case 's': + only_servers = 1; + break; + case 'p': + ul = strtoul(optarg, &p, 0); + if (*p != '\0' || ul < 1U || ul > 65535U) + usage("port must be an integer 1..65535"); + dns_port = (unsigned)ul; + break; + case '4': + encrypt_v4 = 1; + break; + case '?': + anonaes128_usage(); + if (!optopt || optopt == '?') { + exit(0); + } + // fallthrough + default: + exit(1); + } + } + + if (!got_key || !got_iv) { + usage("must have key (-k/-K) and IV (-i/-I)"); + } + if (decrypt && encrypt_v4) { + usage("decryption (-D) can not be done for IPv4 addresses (-4)"); + } + +#ifdef USE_OPENSSL + if (!(ctx = EVP_CIPHER_CTX_new())) { + usage("unable to create openssl cipher context"); + } + if (!EVP_CipherInit_ex(ctx, EVP_aes_128_ecb(), NULL, key, iv, decrypt ? 0 : 1)) { + unsigned long e = ERR_get_error(); + fprintf(stderr, "%s:%s:%s", ERR_lib_error_string(e), ERR_func_error_string(e), ERR_reason_error_string(e)); + usage("unable to initialize AES128 cipher"); + } + EVP_CIPHER_CTX_set_padding(ctx, 0); +#else + usage("no openssl support built in, can't encrypt IP addresses"); +#endif + + if (only_clients && only_servers) { + usage("-c and -s options are mutually exclusive"); + } +} + +int anonaes128_start(logerr_t* a_logerr) +{ + logerr = a_logerr; + return 0; +} + +void anonaes128_stop() +{ +#ifdef USE_OPENSSL + EVP_CIPHER_CTX_free(ctx); + ctx = 0; +#endif +} + +int anonaes128_open(my_bpftimeval ts) +{ + return 0; +} + +int anonaes128_close(my_bpftimeval ts) +{ + return 0; +} + +int anonaes128_filter(const char* descr, iaddr* from, iaddr* to, uint8_t proto, unsigned flags, + unsigned sport, unsigned dport, my_bpftimeval ts, + const u_char* pkt_copy, const unsigned olen, + const u_char* payload, const unsigned payloadlen) +{ +#ifdef USE_OPENSSL + unsigned char outbuf[16 + EVP_MAX_BLOCK_LENGTH]; + int outlen = 0; + + for (;;) { + if (only_clients && sport == dns_port) { + from = 0; + break; + } + if (only_servers && sport != dns_port) { + from = 0; + break; + } + + switch (from->af) { + case AF_INET6: + if (!EVP_CipherUpdate(ctx, outbuf, &outlen, (unsigned char*)&from->u.a6, 16)) { + logerr("anonaes128.so: error en/de-crypting IP address: %s", ERR_reason_error_string(ERR_get_error())); + exit(1); + } + if (outlen != 16) { + logerr("anonaes128.so: error en/de-crypted output is not 16 bytes"); + exit(1); + } + memcpy(&from->u.a6, outbuf, 16); + break; + case AF_INET: + if (encrypt_v4) { + memcpy(((uint8_t*)&from->u.a6) + 4, &from->u.a4, 4); + memcpy(((uint8_t*)&from->u.a6) + 8, &from->u.a4, 4); + memcpy(((uint8_t*)&from->u.a6) + 12, &from->u.a4, 4); + + if (!EVP_CipherUpdate(ctx, outbuf, &outlen, (unsigned char*)&from->u.a6, 16)) { + logerr("anonaes128.so: error en/de-crypting IP address: %s", ERR_reason_error_string(ERR_get_error())); + exit(1); + } + if (outlen != 16) { + logerr("anonaes128.so: error en/de-crypted output is not 16 bytes"); + exit(1); + } + memcpy(&from->u.a4, outbuf, 4); + break; + } + default: + from = 0; + break; + } + break; + } + + for (;;) { + if (only_clients && dport == dns_port) { + to = 0; + break; + } + if (only_servers && dport != dns_port) { + to = 0; + break; + } + + switch (to->af) { + case AF_INET6: + if (!EVP_CipherUpdate(ctx, outbuf, &outlen, (unsigned char*)&to->u.a6, 16)) { + logerr("anonaes128.so: error en/de-crypting IP address: %s", ERR_reason_error_string(ERR_get_error())); + exit(1); + } + if (outlen != 16) { + logerr("anonaes128.so: error en/de-crypted output is not 16 bytes"); + exit(1); + } + memcpy(&to->u.a6, outbuf, 16); + break; + case AF_INET: + if (encrypt_v4) { + memcpy(((uint8_t*)&to->u.a6) + 4, &to->u.a4, 4); + memcpy(((uint8_t*)&to->u.a6) + 8, &to->u.a4, 4); + memcpy(((uint8_t*)&to->u.a6) + 12, &to->u.a4, 4); + + if (!EVP_CipherUpdate(ctx, outbuf, &outlen, (unsigned char*)&to->u.a6, 16)) { + logerr("anonaes128.so: error en/de-crypting IP address: %s", ERR_reason_error_string(ERR_get_error())); + exit(1); + } + if (outlen != 16) { + logerr("anonaes128.so: error en/de-crypted output is not 16 bytes"); + exit(1); + } + memcpy(&to->u.a4, outbuf, 4); + break; + } + default: + to = 0; + break; + } + break; + } + + if (anonaes128_set_iaddr && (from || to)) { + anonaes128_set_iaddr(from, to); + } +#endif + return 0; +} diff --git a/plugins/anonaes128/test1.gold b/plugins/anonaes128/test1.gold new file mode 100644 index 0000000..8bd4844 --- /dev/null +++ b/plugins/anonaes128/test1.gold @@ -0,0 +1,2146 @@ +anonaes128.so usage error: must have key (-k/-K) and IV (-i/-I) +anonaes128.so usage error: must have key (-k/-K) and IV (-i/-I) +anonaes128.so usage error: must have key (-k/-K) and IV (-i/-I) +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ + [207.109.225.214].53199 [38.134.79.111].53 \ + dns QUERY,NOERROR,59311,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].53199 \ + dns QUERY,NOERROR,59311,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns4.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[73] 2016-10-20 15:23:01.082865 [#2 dns.pcap-dist 4095] \ + [207.109.225.214].57822 [38.134.79.111].53 \ + dns QUERY,NOERROR,35665,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:01.084107 [#3 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].57822 \ + dns QUERY,NOERROR,35665,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 \ + ns2.google.com.,IN,A,157880,216.239.34.10 +[56] 2016-10-20 15:23:01.087291 [#4 dns.pcap-dist 4095] \ + [207.109.225.214].40043 [38.134.79.111].53 \ + dns QUERY,NOERROR,5337,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.088733 [#5 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].40043 \ + dns QUERY,NOERROR,5337,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[56] 2016-10-20 15:23:10.322117 [#6 dns.pcap-dist 4095] \ + [207.109.225.214].37953 [38.134.79.111].53 \ + dns QUERY,NOERROR,22982,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:10.323399 [#7 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].37953 \ + dns QUERY,NOERROR,22982,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,34,216.58.218.206 \ + 4 google.com.,IN,NS,157870,ns4.google.com. \ + google.com.,IN,NS,157870,ns1.google.com. \ + google.com.,IN,NS,157870,ns2.google.com. \ + google.com.,IN,NS,157870,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157870,216.239.34.10 \ + ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 +[73] 2016-10-20 15:23:10.328324 [#8 dns.pcap-dist 4095] \ + [207.109.225.214].48658 [38.134.79.111].53 \ + dns QUERY,NOERROR,18718,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:10.329572 [#9 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].48658 \ + dns QUERY,NOERROR,18718,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 \ + ns2.google.com.,IN,A,157870,216.239.34.10 +[56] 2016-10-20 15:23:52.860937 [#10 dns.pcap-dist 4095] \ + [207.109.225.214].40953 [38.134.79.111].53 \ + dns QUERY,NOERROR,22531,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:52.863771 [#11 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].40953 \ + dns QUERY,NOERROR,22531,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,297,216.58.218.206 \ + 4 google.com.,IN,NS,157828,ns2.google.com. \ + google.com.,IN,NS,157828,ns4.google.com. \ + google.com.,IN,NS,157828,ns1.google.com. \ + google.com.,IN,NS,157828,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157828,216.239.34.10 \ + ns1.google.com.,IN,A,331830,216.239.32.10 \ + ns3.google.com.,IN,A,157828,216.239.36.10 \ + ns4.google.com.,IN,A,157828,216.239.38.10 +[56] 2016-10-20 15:23:59.083869 [#12 dns.pcap-dist 4095] \ + [207.109.225.214].45174 [38.134.79.111].53 \ + dns QUERY,NOERROR,58510,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:59.086104 [#13 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].45174 \ + dns QUERY,NOERROR,58510,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,291,216.58.218.206 \ + 4 google.com.,IN,NS,157822,ns2.google.com. \ + google.com.,IN,NS,157822,ns3.google.com. \ + google.com.,IN,NS,157822,ns1.google.com. \ + google.com.,IN,NS,157822,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157822,216.239.34.10 \ + ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 +[73] 2016-10-20 15:23:59.090911 [#14 dns.pcap-dist 4095] \ + [207.109.225.214].33916 [38.134.79.111].53 \ + dns QUERY,NOERROR,45248,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:59.092204 [#15 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].33916 \ + dns QUERY,NOERROR,45248,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 \ + ns2.google.com.,IN,A,157822,216.239.34.10 +[56] 2016-10-20 15:24:04.323868 [#16 dns.pcap-dist 4095] \ + [207.109.225.214].43559 [38.134.79.111].53 \ + dns QUERY,NOERROR,49483,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:04.325597 [#17 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].43559 \ + dns QUERY,NOERROR,49483,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,285,216.58.218.206 \ + 4 google.com.,IN,NS,157816,ns4.google.com. \ + google.com.,IN,NS,157816,ns3.google.com. \ + google.com.,IN,NS,157816,ns1.google.com. \ + google.com.,IN,NS,157816,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157816,216.239.34.10 \ + ns1.google.com.,IN,A,331818,216.239.32.10 \ + ns3.google.com.,IN,A,157816,216.239.36.10 \ + ns4.google.com.,IN,A,157816,216.239.38.10 +[56] 2016-10-20 15:24:06.332239 [#18 dns.pcap-dist 4095] \ + [207.109.225.214].54859 [38.134.79.111].53 \ + dns QUERY,NOERROR,31669,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:06.333743 [#19 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].54859 \ + dns QUERY,NOERROR,31669,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,283,216.58.218.206 \ + 4 google.com.,IN,NS,157814,ns2.google.com. \ + google.com.,IN,NS,157814,ns1.google.com. \ + google.com.,IN,NS,157814,ns4.google.com. \ + google.com.,IN,NS,157814,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157814,216.239.34.10 \ + ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 +[73] 2016-10-20 15:24:06.339145 [#20 dns.pcap-dist 4095] \ + [207.109.225.214].58176 [38.134.79.111].53 \ + dns QUERY,NOERROR,25433,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:06.340820 [#21 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].58176 \ + dns QUERY,NOERROR,25433,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 \ + ns2.google.com.,IN,A,157814,216.239.34.10 +[56] 2016-10-20 15:24:07.346429 [#22 dns.pcap-dist 4095] \ + [207.109.225.214].41266 [38.134.79.111].53 \ + dns QUERY,NOERROR,63798,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:07.348160 [#23 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].41266 \ + dns QUERY,NOERROR,63798,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,282,216.58.218.206 \ + 4 google.com.,IN,NS,157813,ns4.google.com. \ + google.com.,IN,NS,157813,ns1.google.com. \ + google.com.,IN,NS,157813,ns3.google.com. \ + google.com.,IN,NS,157813,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157813,216.239.34.10 \ + ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 +[73] 2016-10-20 15:24:07.353123 [#24 dns.pcap-dist 4095] \ + [207.109.225.214].34607 [38.134.79.111].53 \ + dns QUERY,NOERROR,8470,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:07.354682 [#25 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].34607 \ + dns QUERY,NOERROR,8470,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 \ + ns2.google.com.,IN,A,157813,216.239.34.10 +[56] 2016-10-20 15:24:08.360528 [#26 dns.pcap-dist 4095] \ + [207.109.225.214].60437 [38.134.79.111].53 \ + dns QUERY,NOERROR,60258,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:08.362206 [#27 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].60437 \ + dns QUERY,NOERROR,60258,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,281,216.58.218.206 \ + 4 google.com.,IN,NS,157812,ns3.google.com. \ + google.com.,IN,NS,157812,ns2.google.com. \ + google.com.,IN,NS,157812,ns4.google.com. \ + google.com.,IN,NS,157812,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157812,216.239.34.10 \ + ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 +[73] 2016-10-20 15:24:08.368516 [#28 dns.pcap-dist 4095] \ + [207.109.225.214].37149 [38.134.79.111].53 \ + dns QUERY,NOERROR,44985,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:08.370119 [#29 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].37149 \ + dns QUERY,NOERROR,44985,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 \ + ns2.google.com.,IN,A,157812,216.239.34.10 +[56] 2016-10-20 15:24:09.375942 [#30 dns.pcap-dist 4095] \ + [207.109.225.214].53820 [38.134.79.111].53 \ + dns QUERY,NOERROR,45512,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:09.378425 [#31 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].53820 \ + dns QUERY,NOERROR,45512,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,280,216.58.218.206 \ + 4 google.com.,IN,NS,157811,ns3.google.com. \ + google.com.,IN,NS,157811,ns4.google.com. \ + google.com.,IN,NS,157811,ns1.google.com. \ + google.com.,IN,NS,157811,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157811,216.239.34.10 \ + ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 +[73] 2016-10-20 15:24:09.384057 [#32 dns.pcap-dist 4095] \ + [207.109.225.214].52368 [38.134.79.111].53 \ + dns QUERY,NOERROR,22980,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:09.385463 [#33 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].52368 \ + dns QUERY,NOERROR,22980,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 \ + ns2.google.com.,IN,A,157811,216.239.34.10 +[56] 2016-10-20 15:24:10.391358 [#34 dns.pcap-dist 4095] \ + [207.109.225.214].47637 [38.134.79.111].53 \ + dns QUERY,NOERROR,1834,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:10.392886 [#35 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].47637 \ + dns QUERY,NOERROR,1834,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,279,216.58.218.206 \ + 4 google.com.,IN,NS,157810,ns1.google.com. \ + google.com.,IN,NS,157810,ns2.google.com. \ + google.com.,IN,NS,157810,ns4.google.com. \ + google.com.,IN,NS,157810,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157810,216.239.34.10 \ + ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 +[73] 2016-10-20 15:24:10.398099 [#36 dns.pcap-dist 4095] \ + [207.109.225.214].34426 [38.134.79.111].53 \ + dns QUERY,NOERROR,25431,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:10.400317 [#37 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].34426 \ + dns QUERY,NOERROR,25431,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 \ + ns2.google.com.,IN,A,157810,216.239.34.10 +[56] 2016-10-20 15:24:11.406297 [#38 dns.pcap-dist 4095] \ + [207.109.225.214].41059 [38.134.79.111].53 \ + dns QUERY,NOERROR,48432,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:11.407460 [#39 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].41059 \ + dns QUERY,NOERROR,48432,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,278,216.58.218.206 \ + 4 google.com.,IN,NS,157809,ns3.google.com. \ + google.com.,IN,NS,157809,ns4.google.com. \ + google.com.,IN,NS,157809,ns2.google.com. \ + google.com.,IN,NS,157809,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157809,216.239.34.10 \ + ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 +[73] 2016-10-20 15:24:11.412133 [#40 dns.pcap-dist 4095] \ + [207.109.225.214].51181 [38.134.79.111].53 \ + dns QUERY,NOERROR,47411,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:11.413370 [#41 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].51181 \ + dns QUERY,NOERROR,47411,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 \ + ns2.google.com.,IN,A,157809,216.239.34.10 +[56] 2016-10-20 15:24:12.419936 [#42 dns.pcap-dist 4095] \ + [207.109.225.214].32976 [38.134.79.111].53 \ + dns QUERY,NOERROR,12038,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:12.421228 [#43 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].32976 \ + dns QUERY,NOERROR,12038,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,277,216.58.218.206 \ + 4 google.com.,IN,NS,157808,ns2.google.com. \ + google.com.,IN,NS,157808,ns3.google.com. \ + google.com.,IN,NS,157808,ns1.google.com. \ + google.com.,IN,NS,157808,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157808,216.239.34.10 \ + ns1.google.com.,IN,A,331810,216.239.32.10 \ + ns3.google.com.,IN,A,157808,216.239.36.10 \ + ns4.google.com.,IN,A,157808,216.239.38.10 +[56] 2016-10-20 15:24:14.428524 [#44 dns.pcap-dist 4095] \ + [207.109.225.214].53467 [38.134.79.111].53 \ + dns QUERY,NOERROR,11614,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:14.429863 [#45 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].53467 \ + dns QUERY,NOERROR,11614,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,275,216.58.218.206 \ + 4 google.com.,IN,NS,157806,ns3.google.com. \ + google.com.,IN,NS,157806,ns1.google.com. \ + google.com.,IN,NS,157806,ns4.google.com. \ + google.com.,IN,NS,157806,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157806,216.239.34.10 \ + ns1.google.com.,IN,A,331808,216.239.32.10 \ + ns3.google.com.,IN,A,157806,216.239.36.10 \ + ns4.google.com.,IN,A,157806,216.239.38.10 +[56] 2016-10-20 15:24:16.435733 [#46 dns.pcap-dist 4095] \ + [207.109.225.214].41532 [38.134.79.111].53 \ + dns QUERY,NOERROR,59173,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:16.437471 [#47 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].41532 \ + dns QUERY,NOERROR,59173,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,273,216.58.218.206 \ + 4 google.com.,IN,NS,157804,ns1.google.com. \ + google.com.,IN,NS,157804,ns3.google.com. \ + google.com.,IN,NS,157804,ns2.google.com. \ + google.com.,IN,NS,157804,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157804,216.239.34.10 \ + ns1.google.com.,IN,A,331806,216.239.32.10 \ + ns3.google.com.,IN,A,157804,216.239.36.10 \ + ns4.google.com.,IN,A,157804,216.239.38.10 +[56] 2016-10-20 15:24:18.445519 [#48 dns.pcap-dist 4095] \ + [207.109.225.214].44982 [38.134.79.111].53 \ + dns QUERY,NOERROR,45535,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:18.446775 [#49 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].44982 \ + dns QUERY,NOERROR,45535,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,271,216.58.218.206 \ + 4 google.com.,IN,NS,157802,ns4.google.com. \ + google.com.,IN,NS,157802,ns2.google.com. \ + google.com.,IN,NS,157802,ns1.google.com. \ + google.com.,IN,NS,157802,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157802,216.239.34.10 \ + ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 +[73] 2016-10-20 15:24:18.452451 [#50 dns.pcap-dist 4095] \ + [207.109.225.214].40224 [38.134.79.111].53 \ + dns QUERY,NOERROR,60808,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:18.454030 [#51 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].40224 \ + dns QUERY,NOERROR,60808,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 \ + ns2.google.com.,IN,A,157802,216.239.34.10 +[56] 2016-10-20 15:24:19.460087 [#52 dns.pcap-dist 4095] \ + [207.109.225.214].45658 [38.134.79.111].53 \ + dns QUERY,NOERROR,64325,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:19.462224 [#53 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].45658 \ + dns QUERY,NOERROR,64325,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,270,216.58.218.206 \ + 4 google.com.,IN,NS,157801,ns1.google.com. \ + google.com.,IN,NS,157801,ns3.google.com. \ + google.com.,IN,NS,157801,ns4.google.com. \ + google.com.,IN,NS,157801,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157801,216.239.34.10 \ + ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 +[73] 2016-10-20 15:24:19.467324 [#54 dns.pcap-dist 4095] \ + [207.109.225.214].60457 [38.134.79.111].53 \ + dns QUERY,NOERROR,25543,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:19.468895 [#55 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].60457 \ + dns QUERY,NOERROR,25543,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 \ + ns2.google.com.,IN,A,157801,216.239.34.10 +[56] 2016-10-20 15:24:20.475086 [#56 dns.pcap-dist 4095] \ + [207.109.225.214].59762 [38.134.79.111].53 \ + dns QUERY,NOERROR,20736,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:20.476841 [#57 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].59762 \ + dns QUERY,NOERROR,20736,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,269,216.58.218.206 \ + 4 google.com.,IN,NS,157800,ns3.google.com. \ + google.com.,IN,NS,157800,ns1.google.com. \ + google.com.,IN,NS,157800,ns4.google.com. \ + google.com.,IN,NS,157800,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157800,216.239.34.10 \ + ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 +[73] 2016-10-20 15:24:20.482188 [#58 dns.pcap-dist 4095] \ + [207.109.225.214].56022 [38.134.79.111].53 \ + dns QUERY,NOERROR,25911,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:20.483927 [#59 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].56022 \ + dns QUERY,NOERROR,25911,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 \ + ns2.google.com.,IN,A,157800,216.239.34.10 +[56] 2016-10-20 15:24:21.489468 [#60 dns.pcap-dist 4095] \ + [207.109.225.214].37669 [38.134.79.111].53 \ + dns QUERY,NOERROR,64358,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:21.490573 [#61 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].37669 \ + dns QUERY,NOERROR,64358,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,268,216.58.218.206 \ + 4 google.com.,IN,NS,157799,ns2.google.com. \ + google.com.,IN,NS,157799,ns1.google.com. \ + google.com.,IN,NS,157799,ns4.google.com. \ + google.com.,IN,NS,157799,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157799,216.239.34.10 \ + ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 +[73] 2016-10-20 15:24:21.495324 [#62 dns.pcap-dist 4095] \ + [207.109.225.214].42978 [38.134.79.111].53 \ + dns QUERY,NOERROR,37698,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:21.496815 [#63 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].42978 \ + dns QUERY,NOERROR,37698,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 \ + ns2.google.com.,IN,A,157799,216.239.34.10 +[56] 2016-10-20 15:24:22.502667 [#64 dns.pcap-dist 4095] \ + [207.109.225.214].49829 [38.134.79.111].53 \ + dns QUERY,NOERROR,54706,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:22.504738 [#65 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].49829 \ + dns QUERY,NOERROR,54706,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,267,216.58.218.206 \ + 4 google.com.,IN,NS,157798,ns2.google.com. \ + google.com.,IN,NS,157798,ns4.google.com. \ + google.com.,IN,NS,157798,ns3.google.com. \ + google.com.,IN,NS,157798,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157798,216.239.34.10 \ + ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 +[73] 2016-10-20 15:24:22.510176 [#66 dns.pcap-dist 4095] \ + [207.109.225.214].50599 [38.134.79.111].53 \ + dns QUERY,NOERROR,32142,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:22.511746 [#67 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].50599 \ + dns QUERY,NOERROR,32142,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 \ + ns2.google.com.,IN,A,157798,216.239.34.10 +[56] 2016-10-20 15:24:23.520203 [#68 dns.pcap-dist 4095] \ + [207.109.225.214].44980 [38.134.79.111].53 \ + dns QUERY,NOERROR,41808,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:23.521976 [#69 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].44980 \ + dns QUERY,NOERROR,41808,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,266,216.58.218.206 \ + 4 google.com.,IN,NS,157797,ns2.google.com. \ + google.com.,IN,NS,157797,ns4.google.com. \ + google.com.,IN,NS,157797,ns1.google.com. \ + google.com.,IN,NS,157797,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157797,216.239.34.10 \ + ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 +[73] 2016-10-20 15:24:23.527449 [#70 dns.pcap-dist 4095] \ + [207.109.225.214].60063 [38.134.79.111].53 \ + dns QUERY,NOERROR,18886,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:23.529385 [#71 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].60063 \ + dns QUERY,NOERROR,18886,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 \ + ns2.google.com.,IN,A,157797,216.239.34.10 +[56] 2016-10-20 15:24:24.537264 [#72 dns.pcap-dist 4095] \ + [207.109.225.214].42042 [38.134.79.111].53 \ + dns QUERY,NOERROR,10624,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:24.539398 [#73 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].42042 \ + dns QUERY,NOERROR,10624,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,265,216.58.218.206 \ + 4 google.com.,IN,NS,157796,ns3.google.com. \ + google.com.,IN,NS,157796,ns4.google.com. \ + google.com.,IN,NS,157796,ns1.google.com. \ + google.com.,IN,NS,157796,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157796,216.239.34.10 \ + ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 +[73] 2016-10-20 15:24:24.544538 [#74 dns.pcap-dist 4095] \ + [207.109.225.214].60469 [38.134.79.111].53 \ + dns QUERY,NOERROR,33139,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:24.546172 [#75 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].60469 \ + dns QUERY,NOERROR,33139,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 \ + ns2.google.com.,IN,A,157796,216.239.34.10 +[56] 2016-10-20 15:24:25.554744 [#76 dns.pcap-dist 4095] \ + [207.109.225.214].45703 [38.134.79.111].53 \ + dns QUERY,NOERROR,61415,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:25.556513 [#77 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].45703 \ + dns QUERY,NOERROR,61415,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,264,216.58.218.206 \ + 4 google.com.,IN,NS,157795,ns3.google.com. \ + google.com.,IN,NS,157795,ns4.google.com. \ + google.com.,IN,NS,157795,ns2.google.com. \ + google.com.,IN,NS,157795,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157795,216.239.34.10 \ + ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 +[73] 2016-10-20 15:24:25.562608 [#78 dns.pcap-dist 4095] \ + [207.109.225.214].33507 [38.134.79.111].53 \ + dns QUERY,NOERROR,59258,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:25.564509 [#79 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].33507 \ + dns QUERY,NOERROR,59258,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 \ + ns2.google.com.,IN,A,157795,216.239.34.10 +[56] 2016-10-20 15:24:26.572784 [#80 dns.pcap-dist 4095] \ + [207.109.225.214].46798 [38.134.79.111].53 \ + dns QUERY,NOERROR,17700,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:26.574350 [#81 dns.pcap-dist 4095] \ + [38.134.79.111].53 [207.109.225.214].46798 \ + dns QUERY,NOERROR,17700,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,263,216.58.218.206 \ + 4 google.com.,IN,NS,157794,ns1.google.com. \ + google.com.,IN,NS,157794,ns4.google.com. \ + google.com.,IN,NS,157794,ns3.google.com. \ + google.com.,IN,NS,157794,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157794,216.239.34.10 \ + ns1.google.com.,IN,A,331796,216.239.32.10 \ + ns3.google.com.,IN,A,157794,216.239.36.10 \ + ns4.google.com.,IN,A,157794,216.239.38.10 +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ + [207.109.225.214].53199 [8.8.8.8].53 \ + dns QUERY,NOERROR,59311,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].53199 \ + dns QUERY,NOERROR,59311,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns4.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[73] 2016-10-20 15:23:01.082865 [#2 dns.pcap-dist 4095] \ + [207.109.225.214].57822 [8.8.8.8].53 \ + dns QUERY,NOERROR,35665,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:01.084107 [#3 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].57822 \ + dns QUERY,NOERROR,35665,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 \ + ns2.google.com.,IN,A,157880,216.239.34.10 +[56] 2016-10-20 15:23:01.087291 [#4 dns.pcap-dist 4095] \ + [207.109.225.214].40043 [8.8.8.8].53 \ + dns QUERY,NOERROR,5337,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.088733 [#5 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].40043 \ + dns QUERY,NOERROR,5337,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[56] 2016-10-20 15:23:10.322117 [#6 dns.pcap-dist 4095] \ + [207.109.225.214].37953 [8.8.8.8].53 \ + dns QUERY,NOERROR,22982,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:10.323399 [#7 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].37953 \ + dns QUERY,NOERROR,22982,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,34,216.58.218.206 \ + 4 google.com.,IN,NS,157870,ns4.google.com. \ + google.com.,IN,NS,157870,ns1.google.com. \ + google.com.,IN,NS,157870,ns2.google.com. \ + google.com.,IN,NS,157870,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157870,216.239.34.10 \ + ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 +[73] 2016-10-20 15:23:10.328324 [#8 dns.pcap-dist 4095] \ + [207.109.225.214].48658 [8.8.8.8].53 \ + dns QUERY,NOERROR,18718,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:10.329572 [#9 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].48658 \ + dns QUERY,NOERROR,18718,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 \ + ns2.google.com.,IN,A,157870,216.239.34.10 +[56] 2016-10-20 15:23:52.860937 [#10 dns.pcap-dist 4095] \ + [207.109.225.214].40953 [8.8.8.8].53 \ + dns QUERY,NOERROR,22531,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:52.863771 [#11 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].40953 \ + dns QUERY,NOERROR,22531,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,297,216.58.218.206 \ + 4 google.com.,IN,NS,157828,ns2.google.com. \ + google.com.,IN,NS,157828,ns4.google.com. \ + google.com.,IN,NS,157828,ns1.google.com. \ + google.com.,IN,NS,157828,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157828,216.239.34.10 \ + ns1.google.com.,IN,A,331830,216.239.32.10 \ + ns3.google.com.,IN,A,157828,216.239.36.10 \ + ns4.google.com.,IN,A,157828,216.239.38.10 +[56] 2016-10-20 15:23:59.083869 [#12 dns.pcap-dist 4095] \ + [207.109.225.214].45174 [8.8.8.8].53 \ + dns QUERY,NOERROR,58510,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:59.086104 [#13 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].45174 \ + dns QUERY,NOERROR,58510,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,291,216.58.218.206 \ + 4 google.com.,IN,NS,157822,ns2.google.com. \ + google.com.,IN,NS,157822,ns3.google.com. \ + google.com.,IN,NS,157822,ns1.google.com. \ + google.com.,IN,NS,157822,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157822,216.239.34.10 \ + ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 +[73] 2016-10-20 15:23:59.090911 [#14 dns.pcap-dist 4095] \ + [207.109.225.214].33916 [8.8.8.8].53 \ + dns QUERY,NOERROR,45248,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:59.092204 [#15 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].33916 \ + dns QUERY,NOERROR,45248,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 \ + ns2.google.com.,IN,A,157822,216.239.34.10 +[56] 2016-10-20 15:24:04.323868 [#16 dns.pcap-dist 4095] \ + [207.109.225.214].43559 [8.8.8.8].53 \ + dns QUERY,NOERROR,49483,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:04.325597 [#17 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].43559 \ + dns QUERY,NOERROR,49483,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,285,216.58.218.206 \ + 4 google.com.,IN,NS,157816,ns4.google.com. \ + google.com.,IN,NS,157816,ns3.google.com. \ + google.com.,IN,NS,157816,ns1.google.com. \ + google.com.,IN,NS,157816,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157816,216.239.34.10 \ + ns1.google.com.,IN,A,331818,216.239.32.10 \ + ns3.google.com.,IN,A,157816,216.239.36.10 \ + ns4.google.com.,IN,A,157816,216.239.38.10 +[56] 2016-10-20 15:24:06.332239 [#18 dns.pcap-dist 4095] \ + [207.109.225.214].54859 [8.8.8.8].53 \ + dns QUERY,NOERROR,31669,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:06.333743 [#19 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].54859 \ + dns QUERY,NOERROR,31669,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,283,216.58.218.206 \ + 4 google.com.,IN,NS,157814,ns2.google.com. \ + google.com.,IN,NS,157814,ns1.google.com. \ + google.com.,IN,NS,157814,ns4.google.com. \ + google.com.,IN,NS,157814,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157814,216.239.34.10 \ + ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 +[73] 2016-10-20 15:24:06.339145 [#20 dns.pcap-dist 4095] \ + [207.109.225.214].58176 [8.8.8.8].53 \ + dns QUERY,NOERROR,25433,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:06.340820 [#21 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].58176 \ + dns QUERY,NOERROR,25433,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 \ + ns2.google.com.,IN,A,157814,216.239.34.10 +[56] 2016-10-20 15:24:07.346429 [#22 dns.pcap-dist 4095] \ + [207.109.225.214].41266 [8.8.8.8].53 \ + dns QUERY,NOERROR,63798,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:07.348160 [#23 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].41266 \ + dns QUERY,NOERROR,63798,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,282,216.58.218.206 \ + 4 google.com.,IN,NS,157813,ns4.google.com. \ + google.com.,IN,NS,157813,ns1.google.com. \ + google.com.,IN,NS,157813,ns3.google.com. \ + google.com.,IN,NS,157813,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157813,216.239.34.10 \ + ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 +[73] 2016-10-20 15:24:07.353123 [#24 dns.pcap-dist 4095] \ + [207.109.225.214].34607 [8.8.8.8].53 \ + dns QUERY,NOERROR,8470,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:07.354682 [#25 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].34607 \ + dns QUERY,NOERROR,8470,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 \ + ns2.google.com.,IN,A,157813,216.239.34.10 +[56] 2016-10-20 15:24:08.360528 [#26 dns.pcap-dist 4095] \ + [207.109.225.214].60437 [8.8.8.8].53 \ + dns QUERY,NOERROR,60258,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:08.362206 [#27 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].60437 \ + dns QUERY,NOERROR,60258,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,281,216.58.218.206 \ + 4 google.com.,IN,NS,157812,ns3.google.com. \ + google.com.,IN,NS,157812,ns2.google.com. \ + google.com.,IN,NS,157812,ns4.google.com. \ + google.com.,IN,NS,157812,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157812,216.239.34.10 \ + ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 +[73] 2016-10-20 15:24:08.368516 [#28 dns.pcap-dist 4095] \ + [207.109.225.214].37149 [8.8.8.8].53 \ + dns QUERY,NOERROR,44985,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:08.370119 [#29 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].37149 \ + dns QUERY,NOERROR,44985,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 \ + ns2.google.com.,IN,A,157812,216.239.34.10 +[56] 2016-10-20 15:24:09.375942 [#30 dns.pcap-dist 4095] \ + [207.109.225.214].53820 [8.8.8.8].53 \ + dns QUERY,NOERROR,45512,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:09.378425 [#31 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].53820 \ + dns QUERY,NOERROR,45512,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,280,216.58.218.206 \ + 4 google.com.,IN,NS,157811,ns3.google.com. \ + google.com.,IN,NS,157811,ns4.google.com. \ + google.com.,IN,NS,157811,ns1.google.com. \ + google.com.,IN,NS,157811,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157811,216.239.34.10 \ + ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 +[73] 2016-10-20 15:24:09.384057 [#32 dns.pcap-dist 4095] \ + [207.109.225.214].52368 [8.8.8.8].53 \ + dns QUERY,NOERROR,22980,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:09.385463 [#33 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].52368 \ + dns QUERY,NOERROR,22980,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 \ + ns2.google.com.,IN,A,157811,216.239.34.10 +[56] 2016-10-20 15:24:10.391358 [#34 dns.pcap-dist 4095] \ + [207.109.225.214].47637 [8.8.8.8].53 \ + dns QUERY,NOERROR,1834,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:10.392886 [#35 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].47637 \ + dns QUERY,NOERROR,1834,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,279,216.58.218.206 \ + 4 google.com.,IN,NS,157810,ns1.google.com. \ + google.com.,IN,NS,157810,ns2.google.com. \ + google.com.,IN,NS,157810,ns4.google.com. \ + google.com.,IN,NS,157810,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157810,216.239.34.10 \ + ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 +[73] 2016-10-20 15:24:10.398099 [#36 dns.pcap-dist 4095] \ + [207.109.225.214].34426 [8.8.8.8].53 \ + dns QUERY,NOERROR,25431,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:10.400317 [#37 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].34426 \ + dns QUERY,NOERROR,25431,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 \ + ns2.google.com.,IN,A,157810,216.239.34.10 +[56] 2016-10-20 15:24:11.406297 [#38 dns.pcap-dist 4095] \ + [207.109.225.214].41059 [8.8.8.8].53 \ + dns QUERY,NOERROR,48432,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:11.407460 [#39 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].41059 \ + dns QUERY,NOERROR,48432,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,278,216.58.218.206 \ + 4 google.com.,IN,NS,157809,ns3.google.com. \ + google.com.,IN,NS,157809,ns4.google.com. \ + google.com.,IN,NS,157809,ns2.google.com. \ + google.com.,IN,NS,157809,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157809,216.239.34.10 \ + ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 +[73] 2016-10-20 15:24:11.412133 [#40 dns.pcap-dist 4095] \ + [207.109.225.214].51181 [8.8.8.8].53 \ + dns QUERY,NOERROR,47411,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:11.413370 [#41 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].51181 \ + dns QUERY,NOERROR,47411,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 \ + ns2.google.com.,IN,A,157809,216.239.34.10 +[56] 2016-10-20 15:24:12.419936 [#42 dns.pcap-dist 4095] \ + [207.109.225.214].32976 [8.8.8.8].53 \ + dns QUERY,NOERROR,12038,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:12.421228 [#43 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].32976 \ + dns QUERY,NOERROR,12038,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,277,216.58.218.206 \ + 4 google.com.,IN,NS,157808,ns2.google.com. \ + google.com.,IN,NS,157808,ns3.google.com. \ + google.com.,IN,NS,157808,ns1.google.com. \ + google.com.,IN,NS,157808,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157808,216.239.34.10 \ + ns1.google.com.,IN,A,331810,216.239.32.10 \ + ns3.google.com.,IN,A,157808,216.239.36.10 \ + ns4.google.com.,IN,A,157808,216.239.38.10 +[56] 2016-10-20 15:24:14.428524 [#44 dns.pcap-dist 4095] \ + [207.109.225.214].53467 [8.8.8.8].53 \ + dns QUERY,NOERROR,11614,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:14.429863 [#45 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].53467 \ + dns QUERY,NOERROR,11614,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,275,216.58.218.206 \ + 4 google.com.,IN,NS,157806,ns3.google.com. \ + google.com.,IN,NS,157806,ns1.google.com. \ + google.com.,IN,NS,157806,ns4.google.com. \ + google.com.,IN,NS,157806,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157806,216.239.34.10 \ + ns1.google.com.,IN,A,331808,216.239.32.10 \ + ns3.google.com.,IN,A,157806,216.239.36.10 \ + ns4.google.com.,IN,A,157806,216.239.38.10 +[56] 2016-10-20 15:24:16.435733 [#46 dns.pcap-dist 4095] \ + [207.109.225.214].41532 [8.8.8.8].53 \ + dns QUERY,NOERROR,59173,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:16.437471 [#47 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].41532 \ + dns QUERY,NOERROR,59173,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,273,216.58.218.206 \ + 4 google.com.,IN,NS,157804,ns1.google.com. \ + google.com.,IN,NS,157804,ns3.google.com. \ + google.com.,IN,NS,157804,ns2.google.com. \ + google.com.,IN,NS,157804,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157804,216.239.34.10 \ + ns1.google.com.,IN,A,331806,216.239.32.10 \ + ns3.google.com.,IN,A,157804,216.239.36.10 \ + ns4.google.com.,IN,A,157804,216.239.38.10 +[56] 2016-10-20 15:24:18.445519 [#48 dns.pcap-dist 4095] \ + [207.109.225.214].44982 [8.8.8.8].53 \ + dns QUERY,NOERROR,45535,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:18.446775 [#49 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].44982 \ + dns QUERY,NOERROR,45535,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,271,216.58.218.206 \ + 4 google.com.,IN,NS,157802,ns4.google.com. \ + google.com.,IN,NS,157802,ns2.google.com. \ + google.com.,IN,NS,157802,ns1.google.com. \ + google.com.,IN,NS,157802,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157802,216.239.34.10 \ + ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 +[73] 2016-10-20 15:24:18.452451 [#50 dns.pcap-dist 4095] \ + [207.109.225.214].40224 [8.8.8.8].53 \ + dns QUERY,NOERROR,60808,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:18.454030 [#51 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].40224 \ + dns QUERY,NOERROR,60808,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 \ + ns2.google.com.,IN,A,157802,216.239.34.10 +[56] 2016-10-20 15:24:19.460087 [#52 dns.pcap-dist 4095] \ + [207.109.225.214].45658 [8.8.8.8].53 \ + dns QUERY,NOERROR,64325,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:19.462224 [#53 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].45658 \ + dns QUERY,NOERROR,64325,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,270,216.58.218.206 \ + 4 google.com.,IN,NS,157801,ns1.google.com. \ + google.com.,IN,NS,157801,ns3.google.com. \ + google.com.,IN,NS,157801,ns4.google.com. \ + google.com.,IN,NS,157801,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157801,216.239.34.10 \ + ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 +[73] 2016-10-20 15:24:19.467324 [#54 dns.pcap-dist 4095] \ + [207.109.225.214].60457 [8.8.8.8].53 \ + dns QUERY,NOERROR,25543,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:19.468895 [#55 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].60457 \ + dns QUERY,NOERROR,25543,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 \ + ns2.google.com.,IN,A,157801,216.239.34.10 +[56] 2016-10-20 15:24:20.475086 [#56 dns.pcap-dist 4095] \ + [207.109.225.214].59762 [8.8.8.8].53 \ + dns QUERY,NOERROR,20736,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:20.476841 [#57 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].59762 \ + dns QUERY,NOERROR,20736,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,269,216.58.218.206 \ + 4 google.com.,IN,NS,157800,ns3.google.com. \ + google.com.,IN,NS,157800,ns1.google.com. \ + google.com.,IN,NS,157800,ns4.google.com. \ + google.com.,IN,NS,157800,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157800,216.239.34.10 \ + ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 +[73] 2016-10-20 15:24:20.482188 [#58 dns.pcap-dist 4095] \ + [207.109.225.214].56022 [8.8.8.8].53 \ + dns QUERY,NOERROR,25911,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:20.483927 [#59 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].56022 \ + dns QUERY,NOERROR,25911,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 \ + ns2.google.com.,IN,A,157800,216.239.34.10 +[56] 2016-10-20 15:24:21.489468 [#60 dns.pcap-dist 4095] \ + [207.109.225.214].37669 [8.8.8.8].53 \ + dns QUERY,NOERROR,64358,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:21.490573 [#61 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].37669 \ + dns QUERY,NOERROR,64358,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,268,216.58.218.206 \ + 4 google.com.,IN,NS,157799,ns2.google.com. \ + google.com.,IN,NS,157799,ns1.google.com. \ + google.com.,IN,NS,157799,ns4.google.com. \ + google.com.,IN,NS,157799,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157799,216.239.34.10 \ + ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 +[73] 2016-10-20 15:24:21.495324 [#62 dns.pcap-dist 4095] \ + [207.109.225.214].42978 [8.8.8.8].53 \ + dns QUERY,NOERROR,37698,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:21.496815 [#63 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].42978 \ + dns QUERY,NOERROR,37698,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 \ + ns2.google.com.,IN,A,157799,216.239.34.10 +[56] 2016-10-20 15:24:22.502667 [#64 dns.pcap-dist 4095] \ + [207.109.225.214].49829 [8.8.8.8].53 \ + dns QUERY,NOERROR,54706,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:22.504738 [#65 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].49829 \ + dns QUERY,NOERROR,54706,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,267,216.58.218.206 \ + 4 google.com.,IN,NS,157798,ns2.google.com. \ + google.com.,IN,NS,157798,ns4.google.com. \ + google.com.,IN,NS,157798,ns3.google.com. \ + google.com.,IN,NS,157798,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157798,216.239.34.10 \ + ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 +[73] 2016-10-20 15:24:22.510176 [#66 dns.pcap-dist 4095] \ + [207.109.225.214].50599 [8.8.8.8].53 \ + dns QUERY,NOERROR,32142,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:22.511746 [#67 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].50599 \ + dns QUERY,NOERROR,32142,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 \ + ns2.google.com.,IN,A,157798,216.239.34.10 +[56] 2016-10-20 15:24:23.520203 [#68 dns.pcap-dist 4095] \ + [207.109.225.214].44980 [8.8.8.8].53 \ + dns QUERY,NOERROR,41808,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:23.521976 [#69 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].44980 \ + dns QUERY,NOERROR,41808,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,266,216.58.218.206 \ + 4 google.com.,IN,NS,157797,ns2.google.com. \ + google.com.,IN,NS,157797,ns4.google.com. \ + google.com.,IN,NS,157797,ns1.google.com. \ + google.com.,IN,NS,157797,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157797,216.239.34.10 \ + ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 +[73] 2016-10-20 15:24:23.527449 [#70 dns.pcap-dist 4095] \ + [207.109.225.214].60063 [8.8.8.8].53 \ + dns QUERY,NOERROR,18886,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:23.529385 [#71 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].60063 \ + dns QUERY,NOERROR,18886,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 \ + ns2.google.com.,IN,A,157797,216.239.34.10 +[56] 2016-10-20 15:24:24.537264 [#72 dns.pcap-dist 4095] \ + [207.109.225.214].42042 [8.8.8.8].53 \ + dns QUERY,NOERROR,10624,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:24.539398 [#73 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].42042 \ + dns QUERY,NOERROR,10624,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,265,216.58.218.206 \ + 4 google.com.,IN,NS,157796,ns3.google.com. \ + google.com.,IN,NS,157796,ns4.google.com. \ + google.com.,IN,NS,157796,ns1.google.com. \ + google.com.,IN,NS,157796,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157796,216.239.34.10 \ + ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 +[73] 2016-10-20 15:24:24.544538 [#74 dns.pcap-dist 4095] \ + [207.109.225.214].60469 [8.8.8.8].53 \ + dns QUERY,NOERROR,33139,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:24.546172 [#75 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].60469 \ + dns QUERY,NOERROR,33139,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 \ + ns2.google.com.,IN,A,157796,216.239.34.10 +[56] 2016-10-20 15:24:25.554744 [#76 dns.pcap-dist 4095] \ + [207.109.225.214].45703 [8.8.8.8].53 \ + dns QUERY,NOERROR,61415,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:25.556513 [#77 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].45703 \ + dns QUERY,NOERROR,61415,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,264,216.58.218.206 \ + 4 google.com.,IN,NS,157795,ns3.google.com. \ + google.com.,IN,NS,157795,ns4.google.com. \ + google.com.,IN,NS,157795,ns2.google.com. \ + google.com.,IN,NS,157795,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157795,216.239.34.10 \ + ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 +[73] 2016-10-20 15:24:25.562608 [#78 dns.pcap-dist 4095] \ + [207.109.225.214].33507 [8.8.8.8].53 \ + dns QUERY,NOERROR,59258,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:25.564509 [#79 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].33507 \ + dns QUERY,NOERROR,59258,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 \ + ns2.google.com.,IN,A,157795,216.239.34.10 +[56] 2016-10-20 15:24:26.572784 [#80 dns.pcap-dist 4095] \ + [207.109.225.214].46798 [8.8.8.8].53 \ + dns QUERY,NOERROR,17700,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:26.574350 [#81 dns.pcap-dist 4095] \ + [8.8.8.8].53 [207.109.225.214].46798 \ + dns QUERY,NOERROR,17700,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,263,216.58.218.206 \ + 4 google.com.,IN,NS,157794,ns1.google.com. \ + google.com.,IN,NS,157794,ns4.google.com. \ + google.com.,IN,NS,157794,ns3.google.com. \ + google.com.,IN,NS,157794,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157794,216.239.34.10 \ + ns1.google.com.,IN,A,331796,216.239.32.10 \ + ns3.google.com.,IN,A,157794,216.239.36.10 \ + ns4.google.com.,IN,A,157794,216.239.38.10 +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ + [172.17.0.10].53199 [38.134.79.111].53 \ + dns QUERY,NOERROR,59311,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].53199 \ + dns QUERY,NOERROR,59311,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns4.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[73] 2016-10-20 15:23:01.082865 [#2 dns.pcap-dist 4095] \ + [172.17.0.10].57822 [38.134.79.111].53 \ + dns QUERY,NOERROR,35665,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:01.084107 [#3 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].57822 \ + dns QUERY,NOERROR,35665,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 \ + ns2.google.com.,IN,A,157880,216.239.34.10 +[56] 2016-10-20 15:23:01.087291 [#4 dns.pcap-dist 4095] \ + [172.17.0.10].40043 [38.134.79.111].53 \ + dns QUERY,NOERROR,5337,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.088733 [#5 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].40043 \ + dns QUERY,NOERROR,5337,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[56] 2016-10-20 15:23:10.322117 [#6 dns.pcap-dist 4095] \ + [172.17.0.10].37953 [38.134.79.111].53 \ + dns QUERY,NOERROR,22982,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:10.323399 [#7 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].37953 \ + dns QUERY,NOERROR,22982,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,34,216.58.218.206 \ + 4 google.com.,IN,NS,157870,ns4.google.com. \ + google.com.,IN,NS,157870,ns1.google.com. \ + google.com.,IN,NS,157870,ns2.google.com. \ + google.com.,IN,NS,157870,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157870,216.239.34.10 \ + ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 +[73] 2016-10-20 15:23:10.328324 [#8 dns.pcap-dist 4095] \ + [172.17.0.10].48658 [38.134.79.111].53 \ + dns QUERY,NOERROR,18718,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:10.329572 [#9 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].48658 \ + dns QUERY,NOERROR,18718,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 \ + ns2.google.com.,IN,A,157870,216.239.34.10 +[56] 2016-10-20 15:23:52.860937 [#10 dns.pcap-dist 4095] \ + [172.17.0.10].40953 [38.134.79.111].53 \ + dns QUERY,NOERROR,22531,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:52.863771 [#11 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].40953 \ + dns QUERY,NOERROR,22531,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,297,216.58.218.206 \ + 4 google.com.,IN,NS,157828,ns2.google.com. \ + google.com.,IN,NS,157828,ns4.google.com. \ + google.com.,IN,NS,157828,ns1.google.com. \ + google.com.,IN,NS,157828,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157828,216.239.34.10 \ + ns1.google.com.,IN,A,331830,216.239.32.10 \ + ns3.google.com.,IN,A,157828,216.239.36.10 \ + ns4.google.com.,IN,A,157828,216.239.38.10 +[56] 2016-10-20 15:23:59.083869 [#12 dns.pcap-dist 4095] \ + [172.17.0.10].45174 [38.134.79.111].53 \ + dns QUERY,NOERROR,58510,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:59.086104 [#13 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].45174 \ + dns QUERY,NOERROR,58510,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,291,216.58.218.206 \ + 4 google.com.,IN,NS,157822,ns2.google.com. \ + google.com.,IN,NS,157822,ns3.google.com. \ + google.com.,IN,NS,157822,ns1.google.com. \ + google.com.,IN,NS,157822,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157822,216.239.34.10 \ + ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 +[73] 2016-10-20 15:23:59.090911 [#14 dns.pcap-dist 4095] \ + [172.17.0.10].33916 [38.134.79.111].53 \ + dns QUERY,NOERROR,45248,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:59.092204 [#15 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].33916 \ + dns QUERY,NOERROR,45248,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 \ + ns2.google.com.,IN,A,157822,216.239.34.10 +[56] 2016-10-20 15:24:04.323868 [#16 dns.pcap-dist 4095] \ + [172.17.0.10].43559 [38.134.79.111].53 \ + dns QUERY,NOERROR,49483,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:04.325597 [#17 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].43559 \ + dns QUERY,NOERROR,49483,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,285,216.58.218.206 \ + 4 google.com.,IN,NS,157816,ns4.google.com. \ + google.com.,IN,NS,157816,ns3.google.com. \ + google.com.,IN,NS,157816,ns1.google.com. \ + google.com.,IN,NS,157816,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157816,216.239.34.10 \ + ns1.google.com.,IN,A,331818,216.239.32.10 \ + ns3.google.com.,IN,A,157816,216.239.36.10 \ + ns4.google.com.,IN,A,157816,216.239.38.10 +[56] 2016-10-20 15:24:06.332239 [#18 dns.pcap-dist 4095] \ + [172.17.0.10].54859 [38.134.79.111].53 \ + dns QUERY,NOERROR,31669,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:06.333743 [#19 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].54859 \ + dns QUERY,NOERROR,31669,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,283,216.58.218.206 \ + 4 google.com.,IN,NS,157814,ns2.google.com. \ + google.com.,IN,NS,157814,ns1.google.com. \ + google.com.,IN,NS,157814,ns4.google.com. \ + google.com.,IN,NS,157814,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157814,216.239.34.10 \ + ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 +[73] 2016-10-20 15:24:06.339145 [#20 dns.pcap-dist 4095] \ + [172.17.0.10].58176 [38.134.79.111].53 \ + dns QUERY,NOERROR,25433,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:06.340820 [#21 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].58176 \ + dns QUERY,NOERROR,25433,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 \ + ns2.google.com.,IN,A,157814,216.239.34.10 +[56] 2016-10-20 15:24:07.346429 [#22 dns.pcap-dist 4095] \ + [172.17.0.10].41266 [38.134.79.111].53 \ + dns QUERY,NOERROR,63798,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:07.348160 [#23 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].41266 \ + dns QUERY,NOERROR,63798,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,282,216.58.218.206 \ + 4 google.com.,IN,NS,157813,ns4.google.com. \ + google.com.,IN,NS,157813,ns1.google.com. \ + google.com.,IN,NS,157813,ns3.google.com. \ + google.com.,IN,NS,157813,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157813,216.239.34.10 \ + ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 +[73] 2016-10-20 15:24:07.353123 [#24 dns.pcap-dist 4095] \ + [172.17.0.10].34607 [38.134.79.111].53 \ + dns QUERY,NOERROR,8470,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:07.354682 [#25 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].34607 \ + dns QUERY,NOERROR,8470,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 \ + ns2.google.com.,IN,A,157813,216.239.34.10 +[56] 2016-10-20 15:24:08.360528 [#26 dns.pcap-dist 4095] \ + [172.17.0.10].60437 [38.134.79.111].53 \ + dns QUERY,NOERROR,60258,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:08.362206 [#27 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].60437 \ + dns QUERY,NOERROR,60258,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,281,216.58.218.206 \ + 4 google.com.,IN,NS,157812,ns3.google.com. \ + google.com.,IN,NS,157812,ns2.google.com. \ + google.com.,IN,NS,157812,ns4.google.com. \ + google.com.,IN,NS,157812,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157812,216.239.34.10 \ + ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 +[73] 2016-10-20 15:24:08.368516 [#28 dns.pcap-dist 4095] \ + [172.17.0.10].37149 [38.134.79.111].53 \ + dns QUERY,NOERROR,44985,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:08.370119 [#29 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].37149 \ + dns QUERY,NOERROR,44985,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 \ + ns2.google.com.,IN,A,157812,216.239.34.10 +[56] 2016-10-20 15:24:09.375942 [#30 dns.pcap-dist 4095] \ + [172.17.0.10].53820 [38.134.79.111].53 \ + dns QUERY,NOERROR,45512,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:09.378425 [#31 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].53820 \ + dns QUERY,NOERROR,45512,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,280,216.58.218.206 \ + 4 google.com.,IN,NS,157811,ns3.google.com. \ + google.com.,IN,NS,157811,ns4.google.com. \ + google.com.,IN,NS,157811,ns1.google.com. \ + google.com.,IN,NS,157811,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157811,216.239.34.10 \ + ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 +[73] 2016-10-20 15:24:09.384057 [#32 dns.pcap-dist 4095] \ + [172.17.0.10].52368 [38.134.79.111].53 \ + dns QUERY,NOERROR,22980,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:09.385463 [#33 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].52368 \ + dns QUERY,NOERROR,22980,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 \ + ns2.google.com.,IN,A,157811,216.239.34.10 +[56] 2016-10-20 15:24:10.391358 [#34 dns.pcap-dist 4095] \ + [172.17.0.10].47637 [38.134.79.111].53 \ + dns QUERY,NOERROR,1834,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:10.392886 [#35 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].47637 \ + dns QUERY,NOERROR,1834,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,279,216.58.218.206 \ + 4 google.com.,IN,NS,157810,ns1.google.com. \ + google.com.,IN,NS,157810,ns2.google.com. \ + google.com.,IN,NS,157810,ns4.google.com. \ + google.com.,IN,NS,157810,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157810,216.239.34.10 \ + ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 +[73] 2016-10-20 15:24:10.398099 [#36 dns.pcap-dist 4095] \ + [172.17.0.10].34426 [38.134.79.111].53 \ + dns QUERY,NOERROR,25431,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:10.400317 [#37 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].34426 \ + dns QUERY,NOERROR,25431,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 \ + ns2.google.com.,IN,A,157810,216.239.34.10 +[56] 2016-10-20 15:24:11.406297 [#38 dns.pcap-dist 4095] \ + [172.17.0.10].41059 [38.134.79.111].53 \ + dns QUERY,NOERROR,48432,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:11.407460 [#39 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].41059 \ + dns QUERY,NOERROR,48432,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,278,216.58.218.206 \ + 4 google.com.,IN,NS,157809,ns3.google.com. \ + google.com.,IN,NS,157809,ns4.google.com. \ + google.com.,IN,NS,157809,ns2.google.com. \ + google.com.,IN,NS,157809,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157809,216.239.34.10 \ + ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 +[73] 2016-10-20 15:24:11.412133 [#40 dns.pcap-dist 4095] \ + [172.17.0.10].51181 [38.134.79.111].53 \ + dns QUERY,NOERROR,47411,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:11.413370 [#41 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].51181 \ + dns QUERY,NOERROR,47411,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 \ + ns2.google.com.,IN,A,157809,216.239.34.10 +[56] 2016-10-20 15:24:12.419936 [#42 dns.pcap-dist 4095] \ + [172.17.0.10].32976 [38.134.79.111].53 \ + dns QUERY,NOERROR,12038,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:12.421228 [#43 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].32976 \ + dns QUERY,NOERROR,12038,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,277,216.58.218.206 \ + 4 google.com.,IN,NS,157808,ns2.google.com. \ + google.com.,IN,NS,157808,ns3.google.com. \ + google.com.,IN,NS,157808,ns1.google.com. \ + google.com.,IN,NS,157808,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157808,216.239.34.10 \ + ns1.google.com.,IN,A,331810,216.239.32.10 \ + ns3.google.com.,IN,A,157808,216.239.36.10 \ + ns4.google.com.,IN,A,157808,216.239.38.10 +[56] 2016-10-20 15:24:14.428524 [#44 dns.pcap-dist 4095] \ + [172.17.0.10].53467 [38.134.79.111].53 \ + dns QUERY,NOERROR,11614,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:14.429863 [#45 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].53467 \ + dns QUERY,NOERROR,11614,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,275,216.58.218.206 \ + 4 google.com.,IN,NS,157806,ns3.google.com. \ + google.com.,IN,NS,157806,ns1.google.com. \ + google.com.,IN,NS,157806,ns4.google.com. \ + google.com.,IN,NS,157806,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157806,216.239.34.10 \ + ns1.google.com.,IN,A,331808,216.239.32.10 \ + ns3.google.com.,IN,A,157806,216.239.36.10 \ + ns4.google.com.,IN,A,157806,216.239.38.10 +[56] 2016-10-20 15:24:16.435733 [#46 dns.pcap-dist 4095] \ + [172.17.0.10].41532 [38.134.79.111].53 \ + dns QUERY,NOERROR,59173,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:16.437471 [#47 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].41532 \ + dns QUERY,NOERROR,59173,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,273,216.58.218.206 \ + 4 google.com.,IN,NS,157804,ns1.google.com. \ + google.com.,IN,NS,157804,ns3.google.com. \ + google.com.,IN,NS,157804,ns2.google.com. \ + google.com.,IN,NS,157804,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157804,216.239.34.10 \ + ns1.google.com.,IN,A,331806,216.239.32.10 \ + ns3.google.com.,IN,A,157804,216.239.36.10 \ + ns4.google.com.,IN,A,157804,216.239.38.10 +[56] 2016-10-20 15:24:18.445519 [#48 dns.pcap-dist 4095] \ + [172.17.0.10].44982 [38.134.79.111].53 \ + dns QUERY,NOERROR,45535,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:18.446775 [#49 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].44982 \ + dns QUERY,NOERROR,45535,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,271,216.58.218.206 \ + 4 google.com.,IN,NS,157802,ns4.google.com. \ + google.com.,IN,NS,157802,ns2.google.com. \ + google.com.,IN,NS,157802,ns1.google.com. \ + google.com.,IN,NS,157802,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157802,216.239.34.10 \ + ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 +[73] 2016-10-20 15:24:18.452451 [#50 dns.pcap-dist 4095] \ + [172.17.0.10].40224 [38.134.79.111].53 \ + dns QUERY,NOERROR,60808,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:18.454030 [#51 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].40224 \ + dns QUERY,NOERROR,60808,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 \ + ns2.google.com.,IN,A,157802,216.239.34.10 +[56] 2016-10-20 15:24:19.460087 [#52 dns.pcap-dist 4095] \ + [172.17.0.10].45658 [38.134.79.111].53 \ + dns QUERY,NOERROR,64325,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:19.462224 [#53 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].45658 \ + dns QUERY,NOERROR,64325,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,270,216.58.218.206 \ + 4 google.com.,IN,NS,157801,ns1.google.com. \ + google.com.,IN,NS,157801,ns3.google.com. \ + google.com.,IN,NS,157801,ns4.google.com. \ + google.com.,IN,NS,157801,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157801,216.239.34.10 \ + ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 +[73] 2016-10-20 15:24:19.467324 [#54 dns.pcap-dist 4095] \ + [172.17.0.10].60457 [38.134.79.111].53 \ + dns QUERY,NOERROR,25543,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:19.468895 [#55 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].60457 \ + dns QUERY,NOERROR,25543,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 \ + ns2.google.com.,IN,A,157801,216.239.34.10 +[56] 2016-10-20 15:24:20.475086 [#56 dns.pcap-dist 4095] \ + [172.17.0.10].59762 [38.134.79.111].53 \ + dns QUERY,NOERROR,20736,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:20.476841 [#57 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].59762 \ + dns QUERY,NOERROR,20736,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,269,216.58.218.206 \ + 4 google.com.,IN,NS,157800,ns3.google.com. \ + google.com.,IN,NS,157800,ns1.google.com. \ + google.com.,IN,NS,157800,ns4.google.com. \ + google.com.,IN,NS,157800,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157800,216.239.34.10 \ + ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 +[73] 2016-10-20 15:24:20.482188 [#58 dns.pcap-dist 4095] \ + [172.17.0.10].56022 [38.134.79.111].53 \ + dns QUERY,NOERROR,25911,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:20.483927 [#59 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].56022 \ + dns QUERY,NOERROR,25911,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 \ + ns2.google.com.,IN,A,157800,216.239.34.10 +[56] 2016-10-20 15:24:21.489468 [#60 dns.pcap-dist 4095] \ + [172.17.0.10].37669 [38.134.79.111].53 \ + dns QUERY,NOERROR,64358,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:21.490573 [#61 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].37669 \ + dns QUERY,NOERROR,64358,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,268,216.58.218.206 \ + 4 google.com.,IN,NS,157799,ns2.google.com. \ + google.com.,IN,NS,157799,ns1.google.com. \ + google.com.,IN,NS,157799,ns4.google.com. \ + google.com.,IN,NS,157799,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157799,216.239.34.10 \ + ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 +[73] 2016-10-20 15:24:21.495324 [#62 dns.pcap-dist 4095] \ + [172.17.0.10].42978 [38.134.79.111].53 \ + dns QUERY,NOERROR,37698,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:21.496815 [#63 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].42978 \ + dns QUERY,NOERROR,37698,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 \ + ns2.google.com.,IN,A,157799,216.239.34.10 +[56] 2016-10-20 15:24:22.502667 [#64 dns.pcap-dist 4095] \ + [172.17.0.10].49829 [38.134.79.111].53 \ + dns QUERY,NOERROR,54706,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:22.504738 [#65 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].49829 \ + dns QUERY,NOERROR,54706,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,267,216.58.218.206 \ + 4 google.com.,IN,NS,157798,ns2.google.com. \ + google.com.,IN,NS,157798,ns4.google.com. \ + google.com.,IN,NS,157798,ns3.google.com. \ + google.com.,IN,NS,157798,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157798,216.239.34.10 \ + ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 +[73] 2016-10-20 15:24:22.510176 [#66 dns.pcap-dist 4095] \ + [172.17.0.10].50599 [38.134.79.111].53 \ + dns QUERY,NOERROR,32142,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:22.511746 [#67 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].50599 \ + dns QUERY,NOERROR,32142,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 \ + ns2.google.com.,IN,A,157798,216.239.34.10 +[56] 2016-10-20 15:24:23.520203 [#68 dns.pcap-dist 4095] \ + [172.17.0.10].44980 [38.134.79.111].53 \ + dns QUERY,NOERROR,41808,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:23.521976 [#69 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].44980 \ + dns QUERY,NOERROR,41808,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,266,216.58.218.206 \ + 4 google.com.,IN,NS,157797,ns2.google.com. \ + google.com.,IN,NS,157797,ns4.google.com. \ + google.com.,IN,NS,157797,ns1.google.com. \ + google.com.,IN,NS,157797,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157797,216.239.34.10 \ + ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 +[73] 2016-10-20 15:24:23.527449 [#70 dns.pcap-dist 4095] \ + [172.17.0.10].60063 [38.134.79.111].53 \ + dns QUERY,NOERROR,18886,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:23.529385 [#71 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].60063 \ + dns QUERY,NOERROR,18886,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 \ + ns2.google.com.,IN,A,157797,216.239.34.10 +[56] 2016-10-20 15:24:24.537264 [#72 dns.pcap-dist 4095] \ + [172.17.0.10].42042 [38.134.79.111].53 \ + dns QUERY,NOERROR,10624,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:24.539398 [#73 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].42042 \ + dns QUERY,NOERROR,10624,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,265,216.58.218.206 \ + 4 google.com.,IN,NS,157796,ns3.google.com. \ + google.com.,IN,NS,157796,ns4.google.com. \ + google.com.,IN,NS,157796,ns1.google.com. \ + google.com.,IN,NS,157796,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157796,216.239.34.10 \ + ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 +[73] 2016-10-20 15:24:24.544538 [#74 dns.pcap-dist 4095] \ + [172.17.0.10].60469 [38.134.79.111].53 \ + dns QUERY,NOERROR,33139,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:24.546172 [#75 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].60469 \ + dns QUERY,NOERROR,33139,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 \ + ns2.google.com.,IN,A,157796,216.239.34.10 +[56] 2016-10-20 15:24:25.554744 [#76 dns.pcap-dist 4095] \ + [172.17.0.10].45703 [38.134.79.111].53 \ + dns QUERY,NOERROR,61415,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:25.556513 [#77 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].45703 \ + dns QUERY,NOERROR,61415,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,264,216.58.218.206 \ + 4 google.com.,IN,NS,157795,ns3.google.com. \ + google.com.,IN,NS,157795,ns4.google.com. \ + google.com.,IN,NS,157795,ns2.google.com. \ + google.com.,IN,NS,157795,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157795,216.239.34.10 \ + ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 +[73] 2016-10-20 15:24:25.562608 [#78 dns.pcap-dist 4095] \ + [172.17.0.10].33507 [38.134.79.111].53 \ + dns QUERY,NOERROR,59258,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:25.564509 [#79 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].33507 \ + dns QUERY,NOERROR,59258,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 \ + ns2.google.com.,IN,A,157795,216.239.34.10 +[56] 2016-10-20 15:24:26.572784 [#80 dns.pcap-dist 4095] \ + [172.17.0.10].46798 [38.134.79.111].53 \ + dns QUERY,NOERROR,17700,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:26.574350 [#81 dns.pcap-dist 4095] \ + [38.134.79.111].53 [172.17.0.10].46798 \ + dns QUERY,NOERROR,17700,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,263,216.58.218.206 \ + 4 google.com.,IN,NS,157794,ns1.google.com. \ + google.com.,IN,NS,157794,ns4.google.com. \ + google.com.,IN,NS,157794,ns3.google.com. \ + google.com.,IN,NS,157794,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157794,216.239.34.10 \ + ns1.google.com.,IN,A,331796,216.239.32.10 \ + ns3.google.com.,IN,A,157794,216.239.36.10 \ + ns4.google.com.,IN,A,157794,216.239.38.10 +anonaes128.so usage error: -c and -s options are mutually exclusive diff --git a/plugins/anonaes128/test1.sh b/plugins/anonaes128/test1.sh new file mode 100755 index 0000000..296bcd5 --- /dev/null +++ b/plugins/anonaes128/test1.sh @@ -0,0 +1,26 @@ +#!/bin/sh -xe + +plugin=`find . -name 'anonaes128.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the anonaes128 plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist + +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" 2>test1.out +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "some 16-byte key" 2>>test1.out +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -i "some 16-byte key" 2>>test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -4 -k "some 16-byte key" -i "some 16-byte key" 2>>test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -4 -k "some 16-byte key" -i "some 16-byte key" -c 2>>test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -4 -k "some 16-byte key" -i "some 16-byte key" -s 2>>test1.out +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -4 -k "some 16-byte key" -i "some 16-byte key" -c -s 2>>test1.out + +osrel=`uname -s` +if [ "$osrel" = "OpenBSD" ]; then + mv test1.out test1.out.old + grep -v "^dnscap.*WARNING.*symbol.*relink" test1.out.old > test1.out + rm test1.out.old +fi + +diff test1.out "$srcdir/test1.gold" diff --git a/plugins/anonaes128/test2.gold b/plugins/anonaes128/test2.gold new file mode 100644 index 0000000..29b4a52 --- /dev/null +++ b/plugins/anonaes128/test2.gold @@ -0,0 +1,33 @@ +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ + [4a92:a508:d567:5c16:d07:5236:4b51:417e].51972 [6733:3377:d5f:662b:299f:6a97:c7fe:d424].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ + [6733:3377:d5f:662b:299f:6a97:c7fe:d424].53 [4a92:a508:d567:5c16:d07:5236:4b51:417e].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ + [4a92:a508:d567:5c16:d07:5236:4b51:417e].51972 [2001:4860:4860::8888].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ + [2001:4860:4860::8888].53 [4a92:a508:d567:5c16:d07:5236:4b51:417e].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ + [2a01:3f0:0:57::245].51972 [6733:3377:d5f:662b:299f:6a97:c7fe:d424].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ + [6733:3377:d5f:662b:299f:6a97:c7fe:d424].53 [2a01:3f0:0:57::245].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] diff --git a/plugins/anonaes128/test2.sh b/plugins/anonaes128/test2.sh new file mode 100755 index 0000000..ff21327 --- /dev/null +++ b/plugins/anonaes128/test2.sh @@ -0,0 +1,30 @@ +#!/bin/sh -xe + +plugin=`find . -name 'anonaes128.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the anonaes128 plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns6.pcap" dns6.pcap-dist + +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -k "some 16-byte key" -i "some 16-byte key" 2>test2.out +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -k "some 16-byte key" -i "some 16-byte key" -c 2>>test2.out +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -k "some 16-byte key" -i "some 16-byte key" -s 2>>test2.out + +osrel=`uname -s` +if [ "$osrel" = "OpenBSD" ]; then + mv test2.out test2.out.old + grep -v "^dnscap.*WARNING.*symbol.*relink" test2.out.old > test2.out + rm test2.out.old +fi + +# TODO: Remove when #133 is fixed +cat test2.out | \ + sed 's%,CLASS4096,OPT,%,4096,4096,%' | \ + sed 's%,CLASS512,OPT,%,512,512,%' | \ + sed 's%,41,41,0,edns0\[len=0,UDP=4096,%,4096,4096,0,edns0[len=0,UDP=4096,%' | \ + sed 's%,41,41,0,edns0\[len=0,UDP=512,%,512,512,0,edns0[len=0,UDP=512,%' >test2.new +mv test2.new test2.out + +diff test2.out "$srcdir/test2.gold" diff --git a/plugins/anonaes128/test3.gold b/plugins/anonaes128/test3.gold new file mode 100644 index 0000000..a3d589d --- /dev/null +++ b/plugins/anonaes128/test3.gold @@ -0,0 +1,11 @@ +[87] 2018-11-27 15:52:00.414188 [#0 test3.pcap.20181127.155200.414188 4095] \ + [2a01:3f0:0:57::245].51972 [2001:4860:4860::8888].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 test3.pcap.20181127.155200.414188 4095] \ + [2001:4860:4860::8888].53 [2a01:3f0:0:57::245].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] diff --git a/plugins/anonaes128/test3.sh b/plugins/anonaes128/test3.sh new file mode 100755 index 0000000..09fb116 --- /dev/null +++ b/plugins/anonaes128/test3.sh @@ -0,0 +1,29 @@ +#!/bin/sh -xe + +plugin=`find . -name 'anonaes128.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the anonaes128 plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns6.pcap" dns6.pcap-dist + +../../src/dnscap -r dns6.pcap-dist -w test3.pcap -P "$plugin" -k "some 16-byte key" -i "some 16-byte key" 2>test3.out +../../src/dnscap -r test3.pcap.20181127.155200.414188 -g -P "$plugin" -D -k "some 16-byte key" -i "some 16-byte key" 2>>test3.out + +osrel=`uname -s` +if [ "$osrel" = "OpenBSD" ]; then + mv test3.out test3.out.old + grep -v "^dnscap.*WARNING.*symbol.*relink" test3.out.old > test3.out + rm test3.out.old +fi + +# TODO: Remove when #133 is fixed +cat test3.out | \ + sed 's%,CLASS4096,OPT,%,4096,4096,%' | \ + sed 's%,CLASS512,OPT,%,512,512,%' | \ + sed 's%,41,41,0,edns0\[len=0,UDP=4096,%,4096,4096,0,edns0[len=0,UDP=4096,%' | \ + sed 's%,41,41,0,edns0\[len=0,UDP=512,%,512,512,0,edns0[len=0,UDP=512,%' >test3.new +mv test3.new test3.out + +diff test3.out "$srcdir/test3.gold" diff --git a/plugins/anonaes128/test4.sh b/plugins/anonaes128/test4.sh new file mode 100755 index 0000000..3d51818 --- /dev/null +++ b/plugins/anonaes128/test4.sh @@ -0,0 +1,24 @@ +#!/bin/sh -xe + +plugin=`find . -name 'anonaes128.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the anonaes128 plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist + +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -? +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -X +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k tooshort +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -i tooshort +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -4 -K "$srcdir/test4.sh" -I "$srcdir/test4.sh" +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -K does_not_exist +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -I does_not_exist +rm -f test4.tmp +touch test4.tmp +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -K test4.tmp +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -I test4.tmp +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -p 0 +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -p 1 +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -D -4 -k "some 16-byte key" -i "some 16-byte key" diff --git a/plugins/anonmask/Makefile.am b/plugins/anonmask/Makefile.am new file mode 100644 index 0000000..48f5a10 --- /dev/null +++ b/plugins/anonmask/Makefile.am @@ -0,0 +1,23 @@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in +CLEANFILES = *.gcda *.gcno *.gcov + +AM_CFLAGS = -I$(srcdir) \ + -I$(top_srcdir)/src \ + -I$(top_srcdir)/isc \ + $(SECCOMPFLAGS) + +pkglib_LTLIBRARIES = anonmask.la +anonmask_la_SOURCES = anonmask.c +anonmask_la_LDFLAGS = -module -avoid-version + +TESTS = test1.sh test2.sh test3.sh + +EXTRA_DIST = $(TESTS) test1.gold test2.gold +CLEANFILES += test1.out test2.out + +if ENABLE_GCOV +gcov-local: + for src in $(anonmask_la_SOURCES); do \ + gcov -o .libs -l -r -s "$(srcdir)" "$$src"; \ + done +endif diff --git a/plugins/anonmask/anonmask.c b/plugins/anonmask/anonmask.c new file mode 100644 index 0000000..ca3dc0d --- /dev/null +++ b/plugins/anonmask/anonmask.c @@ -0,0 +1,244 @@ +/* + * Copyright (c) 2018-2021, OARC, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. Neither the name of the copyright holder nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> +#include <netinet/in.h> +#include <sys/socket.h> + +#include "dnscap_common.h" + +static set_iaddr_t anonmask_set_iaddr = 0; + +static logerr_t* logerr; +static int only_clients = 0, only_servers = 0, mask_port = 53, mask_v4 = 24, mask_v6 = 48; +static struct in_addr in4 = { INADDR_ANY }; +static struct in6_addr in6 = IN6ADDR_ANY_INIT; +static uint32_t* in6p = (uint32_t*)&in6; + +enum plugin_type anonmask_type() +{ + return plugin_filter; +} + +void usage(const char* msg) +{ + fprintf(stderr, "anonmask.so usage error: %s\n", msg); + exit(1); +} + +void anonmask_usage() +{ + fprintf(stderr, + "\nanonmask.so options:\n" + "\t-? print these instructions and exit\n" + "\t-c Only mask clients (port != 53)\n" + "\t-s Only mask servers (port == 53)\n" + "\t-p <port> Set port for -c/-s masking, default 53\n" + "\t-4 <netmask> The /mask for IPv4 addresses, default /24\n" + "\t-6 <netmask> The /mask for IPv6 addresses, default /48\n"); +} + +void anonmask_extension(int ext, void* arg) +{ + switch (ext) { + case DNSCAP_EXT_SET_IADDR: + anonmask_set_iaddr = (set_iaddr_t)arg; + break; + } +} + +void anonmask_getopt(int* argc, char** argv[]) +{ + int c; + unsigned long ul; + char* p; + + while ((c = getopt(*argc, *argv, "?csp:4:6:")) != EOF) { + switch (c) { + case 'c': + only_clients = 1; + break; + case 's': + only_servers = 1; + break; + case 'p': + ul = strtoul(optarg, &p, 0); + if (*p != '\0' || ul < 1U || ul > 65535U) + usage("port must be an integer 1..65535"); + mask_port = (unsigned)ul; + break; + case '4': + ul = strtoul(optarg, &p, 0); + if (*p != '\0' || ul > 31U) + usage("IPv4 mask must be an integer 0..31"); + mask_v4 = (unsigned)ul; + break; + case '6': + ul = strtoul(optarg, &p, 0); + if (*p != '\0' || ul > 127U) + usage("IPv6 mask must be an integer 0..127"); + mask_v6 = (unsigned)ul; + break; + case '?': + anonmask_usage(); + if (!optopt || optopt == '?') { + exit(0); + } + // fallthrough + default: + exit(1); + } + } + + if (only_clients && only_servers) { + usage("-c and -s options are mutually exclusive"); + } + + if (mask_v4) { + in4.s_addr = htonl(0xffffffff << (32 - mask_v4)); + } + + if (mask_v6) { + if (mask_v6 <= 32) { + in6p[0] = htonl(0xffffffff << (32 - mask_v6)); + } else if (mask_v6 <= 64) { + in6p[0] = 0xffffffff; + in6p[1] = htonl(0xffffffff << (64 - mask_v6)); + } else if (mask_v6 <= 96) { + in6p[0] = 0xffffffff; + in6p[1] = 0xffffffff; + in6p[2] = htonl(0xffffffff << (96 - mask_v6)); + } else { + in6p[0] = 0xffffffff; + in6p[1] = 0xffffffff; + in6p[2] = 0xffffffff; + in6p[3] = htonl(0xffffffff << (128 - mask_v6)); + } + } +} + +int anonmask_start(logerr_t* a_logerr) +{ + logerr = a_logerr; + return 0; +} + +void anonmask_stop() +{ +} + +int anonmask_open(my_bpftimeval ts) +{ + return 0; +} + +int anonmask_close(my_bpftimeval ts) +{ + return 0; +} + +int anonmask_filter(const char* descr, iaddr* from, iaddr* to, uint8_t proto, unsigned flags, + unsigned sport, unsigned dport, my_bpftimeval ts, + const u_char* pkt_copy, const unsigned olen, + const u_char* payload, const unsigned payloadlen) +{ + uint32_t* p6; + + for (;;) { + if (only_clients && sport == mask_port) { + from = 0; + break; + } + if (only_servers && sport != mask_port) { + from = 0; + break; + } + + switch (from->af) { + case AF_INET: + from->u.a4.s_addr &= in4.s_addr; + break; + case AF_INET6: + p6 = (uint32_t*)&from->u.a6; + p6[0] &= in6p[0]; + p6[1] &= in6p[1]; + p6[2] &= in6p[2]; + p6[3] &= in6p[3]; + break; + default: + from = 0; + break; + } + break; + } + + for (;;) { + if (only_clients && dport == mask_port) { + to = 0; + break; + } + if (only_servers && dport != mask_port) { + to = 0; + break; + } + + switch (to->af) { + case AF_INET: + to->u.a4.s_addr &= in4.s_addr; + break; + case AF_INET6: + p6 = (uint32_t*)&to->u.a6; + p6[0] &= in6p[0]; + p6[1] &= in6p[1]; + p6[2] &= in6p[2]; + p6[3] &= in6p[3]; + break; + default: + to = 0; + break; + } + break; + } + + if (anonmask_set_iaddr && (from || to)) { + anonmask_set_iaddr(from, to); + } + + return 0; +} diff --git a/plugins/anonmask/test1.gold b/plugins/anonmask/test1.gold new file mode 100644 index 0000000..d6dde5a --- /dev/null +++ b/plugins/anonmask/test1.gold @@ -0,0 +1,2857 @@ +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ + [172.17.0.0].53199 [8.8.8.0].53 \ + dns QUERY,NOERROR,59311,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].53199 \ + dns QUERY,NOERROR,59311,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns4.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[73] 2016-10-20 15:23:01.082865 [#2 dns.pcap-dist 4095] \ + [172.17.0.0].57822 [8.8.8.0].53 \ + dns QUERY,NOERROR,35665,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:01.084107 [#3 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].57822 \ + dns QUERY,NOERROR,35665,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 \ + ns2.google.com.,IN,A,157880,216.239.34.10 +[56] 2016-10-20 15:23:01.087291 [#4 dns.pcap-dist 4095] \ + [172.17.0.0].40043 [8.8.8.0].53 \ + dns QUERY,NOERROR,5337,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.088733 [#5 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].40043 \ + dns QUERY,NOERROR,5337,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[56] 2016-10-20 15:23:10.322117 [#6 dns.pcap-dist 4095] \ + [172.17.0.0].37953 [8.8.8.0].53 \ + dns QUERY,NOERROR,22982,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:10.323399 [#7 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].37953 \ + dns QUERY,NOERROR,22982,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,34,216.58.218.206 \ + 4 google.com.,IN,NS,157870,ns4.google.com. \ + google.com.,IN,NS,157870,ns1.google.com. \ + google.com.,IN,NS,157870,ns2.google.com. \ + google.com.,IN,NS,157870,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157870,216.239.34.10 \ + ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 +[73] 2016-10-20 15:23:10.328324 [#8 dns.pcap-dist 4095] \ + [172.17.0.0].48658 [8.8.8.0].53 \ + dns QUERY,NOERROR,18718,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:10.329572 [#9 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].48658 \ + dns QUERY,NOERROR,18718,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 \ + ns2.google.com.,IN,A,157870,216.239.34.10 +[56] 2016-10-20 15:23:52.860937 [#10 dns.pcap-dist 4095] \ + [172.17.0.0].40953 [8.8.8.0].53 \ + dns QUERY,NOERROR,22531,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:52.863771 [#11 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].40953 \ + dns QUERY,NOERROR,22531,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,297,216.58.218.206 \ + 4 google.com.,IN,NS,157828,ns2.google.com. \ + google.com.,IN,NS,157828,ns4.google.com. \ + google.com.,IN,NS,157828,ns1.google.com. \ + google.com.,IN,NS,157828,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157828,216.239.34.10 \ + ns1.google.com.,IN,A,331830,216.239.32.10 \ + ns3.google.com.,IN,A,157828,216.239.36.10 \ + ns4.google.com.,IN,A,157828,216.239.38.10 +[56] 2016-10-20 15:23:59.083869 [#12 dns.pcap-dist 4095] \ + [172.17.0.0].45174 [8.8.8.0].53 \ + dns QUERY,NOERROR,58510,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:59.086104 [#13 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].45174 \ + dns QUERY,NOERROR,58510,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,291,216.58.218.206 \ + 4 google.com.,IN,NS,157822,ns2.google.com. \ + google.com.,IN,NS,157822,ns3.google.com. \ + google.com.,IN,NS,157822,ns1.google.com. \ + google.com.,IN,NS,157822,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157822,216.239.34.10 \ + ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 +[73] 2016-10-20 15:23:59.090911 [#14 dns.pcap-dist 4095] \ + [172.17.0.0].33916 [8.8.8.0].53 \ + dns QUERY,NOERROR,45248,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:59.092204 [#15 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].33916 \ + dns QUERY,NOERROR,45248,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 \ + ns2.google.com.,IN,A,157822,216.239.34.10 +[56] 2016-10-20 15:24:04.323868 [#16 dns.pcap-dist 4095] \ + [172.17.0.0].43559 [8.8.8.0].53 \ + dns QUERY,NOERROR,49483,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:04.325597 [#17 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].43559 \ + dns QUERY,NOERROR,49483,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,285,216.58.218.206 \ + 4 google.com.,IN,NS,157816,ns4.google.com. \ + google.com.,IN,NS,157816,ns3.google.com. \ + google.com.,IN,NS,157816,ns1.google.com. \ + google.com.,IN,NS,157816,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157816,216.239.34.10 \ + ns1.google.com.,IN,A,331818,216.239.32.10 \ + ns3.google.com.,IN,A,157816,216.239.36.10 \ + ns4.google.com.,IN,A,157816,216.239.38.10 +[56] 2016-10-20 15:24:06.332239 [#18 dns.pcap-dist 4095] \ + [172.17.0.0].54859 [8.8.8.0].53 \ + dns QUERY,NOERROR,31669,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:06.333743 [#19 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].54859 \ + dns QUERY,NOERROR,31669,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,283,216.58.218.206 \ + 4 google.com.,IN,NS,157814,ns2.google.com. \ + google.com.,IN,NS,157814,ns1.google.com. \ + google.com.,IN,NS,157814,ns4.google.com. \ + google.com.,IN,NS,157814,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157814,216.239.34.10 \ + ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 +[73] 2016-10-20 15:24:06.339145 [#20 dns.pcap-dist 4095] \ + [172.17.0.0].58176 [8.8.8.0].53 \ + dns QUERY,NOERROR,25433,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:06.340820 [#21 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].58176 \ + dns QUERY,NOERROR,25433,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 \ + ns2.google.com.,IN,A,157814,216.239.34.10 +[56] 2016-10-20 15:24:07.346429 [#22 dns.pcap-dist 4095] \ + [172.17.0.0].41266 [8.8.8.0].53 \ + dns QUERY,NOERROR,63798,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:07.348160 [#23 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].41266 \ + dns QUERY,NOERROR,63798,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,282,216.58.218.206 \ + 4 google.com.,IN,NS,157813,ns4.google.com. \ + google.com.,IN,NS,157813,ns1.google.com. \ + google.com.,IN,NS,157813,ns3.google.com. \ + google.com.,IN,NS,157813,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157813,216.239.34.10 \ + ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 +[73] 2016-10-20 15:24:07.353123 [#24 dns.pcap-dist 4095] \ + [172.17.0.0].34607 [8.8.8.0].53 \ + dns QUERY,NOERROR,8470,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:07.354682 [#25 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].34607 \ + dns QUERY,NOERROR,8470,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 \ + ns2.google.com.,IN,A,157813,216.239.34.10 +[56] 2016-10-20 15:24:08.360528 [#26 dns.pcap-dist 4095] \ + [172.17.0.0].60437 [8.8.8.0].53 \ + dns QUERY,NOERROR,60258,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:08.362206 [#27 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].60437 \ + dns QUERY,NOERROR,60258,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,281,216.58.218.206 \ + 4 google.com.,IN,NS,157812,ns3.google.com. \ + google.com.,IN,NS,157812,ns2.google.com. \ + google.com.,IN,NS,157812,ns4.google.com. \ + google.com.,IN,NS,157812,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157812,216.239.34.10 \ + ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 +[73] 2016-10-20 15:24:08.368516 [#28 dns.pcap-dist 4095] \ + [172.17.0.0].37149 [8.8.8.0].53 \ + dns QUERY,NOERROR,44985,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:08.370119 [#29 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].37149 \ + dns QUERY,NOERROR,44985,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 \ + ns2.google.com.,IN,A,157812,216.239.34.10 +[56] 2016-10-20 15:24:09.375942 [#30 dns.pcap-dist 4095] \ + [172.17.0.0].53820 [8.8.8.0].53 \ + dns QUERY,NOERROR,45512,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:09.378425 [#31 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].53820 \ + dns QUERY,NOERROR,45512,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,280,216.58.218.206 \ + 4 google.com.,IN,NS,157811,ns3.google.com. \ + google.com.,IN,NS,157811,ns4.google.com. \ + google.com.,IN,NS,157811,ns1.google.com. \ + google.com.,IN,NS,157811,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157811,216.239.34.10 \ + ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 +[73] 2016-10-20 15:24:09.384057 [#32 dns.pcap-dist 4095] \ + [172.17.0.0].52368 [8.8.8.0].53 \ + dns QUERY,NOERROR,22980,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:09.385463 [#33 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].52368 \ + dns QUERY,NOERROR,22980,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 \ + ns2.google.com.,IN,A,157811,216.239.34.10 +[56] 2016-10-20 15:24:10.391358 [#34 dns.pcap-dist 4095] \ + [172.17.0.0].47637 [8.8.8.0].53 \ + dns QUERY,NOERROR,1834,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:10.392886 [#35 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].47637 \ + dns QUERY,NOERROR,1834,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,279,216.58.218.206 \ + 4 google.com.,IN,NS,157810,ns1.google.com. \ + google.com.,IN,NS,157810,ns2.google.com. \ + google.com.,IN,NS,157810,ns4.google.com. \ + google.com.,IN,NS,157810,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157810,216.239.34.10 \ + ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 +[73] 2016-10-20 15:24:10.398099 [#36 dns.pcap-dist 4095] \ + [172.17.0.0].34426 [8.8.8.0].53 \ + dns QUERY,NOERROR,25431,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:10.400317 [#37 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].34426 \ + dns QUERY,NOERROR,25431,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 \ + ns2.google.com.,IN,A,157810,216.239.34.10 +[56] 2016-10-20 15:24:11.406297 [#38 dns.pcap-dist 4095] \ + [172.17.0.0].41059 [8.8.8.0].53 \ + dns QUERY,NOERROR,48432,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:11.407460 [#39 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].41059 \ + dns QUERY,NOERROR,48432,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,278,216.58.218.206 \ + 4 google.com.,IN,NS,157809,ns3.google.com. \ + google.com.,IN,NS,157809,ns4.google.com. \ + google.com.,IN,NS,157809,ns2.google.com. \ + google.com.,IN,NS,157809,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157809,216.239.34.10 \ + ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 +[73] 2016-10-20 15:24:11.412133 [#40 dns.pcap-dist 4095] \ + [172.17.0.0].51181 [8.8.8.0].53 \ + dns QUERY,NOERROR,47411,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:11.413370 [#41 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].51181 \ + dns QUERY,NOERROR,47411,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 \ + ns2.google.com.,IN,A,157809,216.239.34.10 +[56] 2016-10-20 15:24:12.419936 [#42 dns.pcap-dist 4095] \ + [172.17.0.0].32976 [8.8.8.0].53 \ + dns QUERY,NOERROR,12038,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:12.421228 [#43 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].32976 \ + dns QUERY,NOERROR,12038,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,277,216.58.218.206 \ + 4 google.com.,IN,NS,157808,ns2.google.com. \ + google.com.,IN,NS,157808,ns3.google.com. \ + google.com.,IN,NS,157808,ns1.google.com. \ + google.com.,IN,NS,157808,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157808,216.239.34.10 \ + ns1.google.com.,IN,A,331810,216.239.32.10 \ + ns3.google.com.,IN,A,157808,216.239.36.10 \ + ns4.google.com.,IN,A,157808,216.239.38.10 +[56] 2016-10-20 15:24:14.428524 [#44 dns.pcap-dist 4095] \ + [172.17.0.0].53467 [8.8.8.0].53 \ + dns QUERY,NOERROR,11614,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:14.429863 [#45 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].53467 \ + dns QUERY,NOERROR,11614,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,275,216.58.218.206 \ + 4 google.com.,IN,NS,157806,ns3.google.com. \ + google.com.,IN,NS,157806,ns1.google.com. \ + google.com.,IN,NS,157806,ns4.google.com. \ + google.com.,IN,NS,157806,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157806,216.239.34.10 \ + ns1.google.com.,IN,A,331808,216.239.32.10 \ + ns3.google.com.,IN,A,157806,216.239.36.10 \ + ns4.google.com.,IN,A,157806,216.239.38.10 +[56] 2016-10-20 15:24:16.435733 [#46 dns.pcap-dist 4095] \ + [172.17.0.0].41532 [8.8.8.0].53 \ + dns QUERY,NOERROR,59173,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:16.437471 [#47 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].41532 \ + dns QUERY,NOERROR,59173,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,273,216.58.218.206 \ + 4 google.com.,IN,NS,157804,ns1.google.com. \ + google.com.,IN,NS,157804,ns3.google.com. \ + google.com.,IN,NS,157804,ns2.google.com. \ + google.com.,IN,NS,157804,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157804,216.239.34.10 \ + ns1.google.com.,IN,A,331806,216.239.32.10 \ + ns3.google.com.,IN,A,157804,216.239.36.10 \ + ns4.google.com.,IN,A,157804,216.239.38.10 +[56] 2016-10-20 15:24:18.445519 [#48 dns.pcap-dist 4095] \ + [172.17.0.0].44982 [8.8.8.0].53 \ + dns QUERY,NOERROR,45535,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:18.446775 [#49 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].44982 \ + dns QUERY,NOERROR,45535,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,271,216.58.218.206 \ + 4 google.com.,IN,NS,157802,ns4.google.com. \ + google.com.,IN,NS,157802,ns2.google.com. \ + google.com.,IN,NS,157802,ns1.google.com. \ + google.com.,IN,NS,157802,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157802,216.239.34.10 \ + ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 +[73] 2016-10-20 15:24:18.452451 [#50 dns.pcap-dist 4095] \ + [172.17.0.0].40224 [8.8.8.0].53 \ + dns QUERY,NOERROR,60808,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:18.454030 [#51 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].40224 \ + dns QUERY,NOERROR,60808,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 \ + ns2.google.com.,IN,A,157802,216.239.34.10 +[56] 2016-10-20 15:24:19.460087 [#52 dns.pcap-dist 4095] \ + [172.17.0.0].45658 [8.8.8.0].53 \ + dns QUERY,NOERROR,64325,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:19.462224 [#53 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].45658 \ + dns QUERY,NOERROR,64325,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,270,216.58.218.206 \ + 4 google.com.,IN,NS,157801,ns1.google.com. \ + google.com.,IN,NS,157801,ns3.google.com. \ + google.com.,IN,NS,157801,ns4.google.com. \ + google.com.,IN,NS,157801,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157801,216.239.34.10 \ + ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 +[73] 2016-10-20 15:24:19.467324 [#54 dns.pcap-dist 4095] \ + [172.17.0.0].60457 [8.8.8.0].53 \ + dns QUERY,NOERROR,25543,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:19.468895 [#55 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].60457 \ + dns QUERY,NOERROR,25543,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 \ + ns2.google.com.,IN,A,157801,216.239.34.10 +[56] 2016-10-20 15:24:20.475086 [#56 dns.pcap-dist 4095] \ + [172.17.0.0].59762 [8.8.8.0].53 \ + dns QUERY,NOERROR,20736,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:20.476841 [#57 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].59762 \ + dns QUERY,NOERROR,20736,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,269,216.58.218.206 \ + 4 google.com.,IN,NS,157800,ns3.google.com. \ + google.com.,IN,NS,157800,ns1.google.com. \ + google.com.,IN,NS,157800,ns4.google.com. \ + google.com.,IN,NS,157800,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157800,216.239.34.10 \ + ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 +[73] 2016-10-20 15:24:20.482188 [#58 dns.pcap-dist 4095] \ + [172.17.0.0].56022 [8.8.8.0].53 \ + dns QUERY,NOERROR,25911,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:20.483927 [#59 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].56022 \ + dns QUERY,NOERROR,25911,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 \ + ns2.google.com.,IN,A,157800,216.239.34.10 +[56] 2016-10-20 15:24:21.489468 [#60 dns.pcap-dist 4095] \ + [172.17.0.0].37669 [8.8.8.0].53 \ + dns QUERY,NOERROR,64358,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:21.490573 [#61 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].37669 \ + dns QUERY,NOERROR,64358,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,268,216.58.218.206 \ + 4 google.com.,IN,NS,157799,ns2.google.com. \ + google.com.,IN,NS,157799,ns1.google.com. \ + google.com.,IN,NS,157799,ns4.google.com. \ + google.com.,IN,NS,157799,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157799,216.239.34.10 \ + ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 +[73] 2016-10-20 15:24:21.495324 [#62 dns.pcap-dist 4095] \ + [172.17.0.0].42978 [8.8.8.0].53 \ + dns QUERY,NOERROR,37698,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:21.496815 [#63 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].42978 \ + dns QUERY,NOERROR,37698,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 \ + ns2.google.com.,IN,A,157799,216.239.34.10 +[56] 2016-10-20 15:24:22.502667 [#64 dns.pcap-dist 4095] \ + [172.17.0.0].49829 [8.8.8.0].53 \ + dns QUERY,NOERROR,54706,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:22.504738 [#65 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].49829 \ + dns QUERY,NOERROR,54706,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,267,216.58.218.206 \ + 4 google.com.,IN,NS,157798,ns2.google.com. \ + google.com.,IN,NS,157798,ns4.google.com. \ + google.com.,IN,NS,157798,ns3.google.com. \ + google.com.,IN,NS,157798,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157798,216.239.34.10 \ + ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 +[73] 2016-10-20 15:24:22.510176 [#66 dns.pcap-dist 4095] \ + [172.17.0.0].50599 [8.8.8.0].53 \ + dns QUERY,NOERROR,32142,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:22.511746 [#67 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].50599 \ + dns QUERY,NOERROR,32142,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 \ + ns2.google.com.,IN,A,157798,216.239.34.10 +[56] 2016-10-20 15:24:23.520203 [#68 dns.pcap-dist 4095] \ + [172.17.0.0].44980 [8.8.8.0].53 \ + dns QUERY,NOERROR,41808,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:23.521976 [#69 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].44980 \ + dns QUERY,NOERROR,41808,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,266,216.58.218.206 \ + 4 google.com.,IN,NS,157797,ns2.google.com. \ + google.com.,IN,NS,157797,ns4.google.com. \ + google.com.,IN,NS,157797,ns1.google.com. \ + google.com.,IN,NS,157797,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157797,216.239.34.10 \ + ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 +[73] 2016-10-20 15:24:23.527449 [#70 dns.pcap-dist 4095] \ + [172.17.0.0].60063 [8.8.8.0].53 \ + dns QUERY,NOERROR,18886,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:23.529385 [#71 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].60063 \ + dns QUERY,NOERROR,18886,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 \ + ns2.google.com.,IN,A,157797,216.239.34.10 +[56] 2016-10-20 15:24:24.537264 [#72 dns.pcap-dist 4095] \ + [172.17.0.0].42042 [8.8.8.0].53 \ + dns QUERY,NOERROR,10624,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:24.539398 [#73 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].42042 \ + dns QUERY,NOERROR,10624,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,265,216.58.218.206 \ + 4 google.com.,IN,NS,157796,ns3.google.com. \ + google.com.,IN,NS,157796,ns4.google.com. \ + google.com.,IN,NS,157796,ns1.google.com. \ + google.com.,IN,NS,157796,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157796,216.239.34.10 \ + ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 +[73] 2016-10-20 15:24:24.544538 [#74 dns.pcap-dist 4095] \ + [172.17.0.0].60469 [8.8.8.0].53 \ + dns QUERY,NOERROR,33139,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:24.546172 [#75 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].60469 \ + dns QUERY,NOERROR,33139,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 \ + ns2.google.com.,IN,A,157796,216.239.34.10 +[56] 2016-10-20 15:24:25.554744 [#76 dns.pcap-dist 4095] \ + [172.17.0.0].45703 [8.8.8.0].53 \ + dns QUERY,NOERROR,61415,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:25.556513 [#77 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].45703 \ + dns QUERY,NOERROR,61415,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,264,216.58.218.206 \ + 4 google.com.,IN,NS,157795,ns3.google.com. \ + google.com.,IN,NS,157795,ns4.google.com. \ + google.com.,IN,NS,157795,ns2.google.com. \ + google.com.,IN,NS,157795,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157795,216.239.34.10 \ + ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 +[73] 2016-10-20 15:24:25.562608 [#78 dns.pcap-dist 4095] \ + [172.17.0.0].33507 [8.8.8.0].53 \ + dns QUERY,NOERROR,59258,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:25.564509 [#79 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].33507 \ + dns QUERY,NOERROR,59258,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 \ + ns2.google.com.,IN,A,157795,216.239.34.10 +[56] 2016-10-20 15:24:26.572784 [#80 dns.pcap-dist 4095] \ + [172.17.0.0].46798 [8.8.8.0].53 \ + dns QUERY,NOERROR,17700,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:26.574350 [#81 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.0].46798 \ + dns QUERY,NOERROR,17700,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,263,216.58.218.206 \ + 4 google.com.,IN,NS,157794,ns1.google.com. \ + google.com.,IN,NS,157794,ns4.google.com. \ + google.com.,IN,NS,157794,ns3.google.com. \ + google.com.,IN,NS,157794,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157794,216.239.34.10 \ + ns1.google.com.,IN,A,331796,216.239.32.10 \ + ns3.google.com.,IN,A,157794,216.239.36.10 \ + ns4.google.com.,IN,A,157794,216.239.38.10 +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ + [172.17.0.0].53199 [8.8.0.0].53 \ + dns QUERY,NOERROR,59311,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].53199 \ + dns QUERY,NOERROR,59311,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns4.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[73] 2016-10-20 15:23:01.082865 [#2 dns.pcap-dist 4095] \ + [172.17.0.0].57822 [8.8.0.0].53 \ + dns QUERY,NOERROR,35665,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:01.084107 [#3 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].57822 \ + dns QUERY,NOERROR,35665,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 \ + ns2.google.com.,IN,A,157880,216.239.34.10 +[56] 2016-10-20 15:23:01.087291 [#4 dns.pcap-dist 4095] \ + [172.17.0.0].40043 [8.8.0.0].53 \ + dns QUERY,NOERROR,5337,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.088733 [#5 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].40043 \ + dns QUERY,NOERROR,5337,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[56] 2016-10-20 15:23:10.322117 [#6 dns.pcap-dist 4095] \ + [172.17.0.0].37953 [8.8.0.0].53 \ + dns QUERY,NOERROR,22982,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:10.323399 [#7 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].37953 \ + dns QUERY,NOERROR,22982,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,34,216.58.218.206 \ + 4 google.com.,IN,NS,157870,ns4.google.com. \ + google.com.,IN,NS,157870,ns1.google.com. \ + google.com.,IN,NS,157870,ns2.google.com. \ + google.com.,IN,NS,157870,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157870,216.239.34.10 \ + ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 +[73] 2016-10-20 15:23:10.328324 [#8 dns.pcap-dist 4095] \ + [172.17.0.0].48658 [8.8.0.0].53 \ + dns QUERY,NOERROR,18718,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:10.329572 [#9 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].48658 \ + dns QUERY,NOERROR,18718,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 \ + ns2.google.com.,IN,A,157870,216.239.34.10 +[56] 2016-10-20 15:23:52.860937 [#10 dns.pcap-dist 4095] \ + [172.17.0.0].40953 [8.8.0.0].53 \ + dns QUERY,NOERROR,22531,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:52.863771 [#11 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].40953 \ + dns QUERY,NOERROR,22531,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,297,216.58.218.206 \ + 4 google.com.,IN,NS,157828,ns2.google.com. \ + google.com.,IN,NS,157828,ns4.google.com. \ + google.com.,IN,NS,157828,ns1.google.com. \ + google.com.,IN,NS,157828,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157828,216.239.34.10 \ + ns1.google.com.,IN,A,331830,216.239.32.10 \ + ns3.google.com.,IN,A,157828,216.239.36.10 \ + ns4.google.com.,IN,A,157828,216.239.38.10 +[56] 2016-10-20 15:23:59.083869 [#12 dns.pcap-dist 4095] \ + [172.17.0.0].45174 [8.8.0.0].53 \ + dns QUERY,NOERROR,58510,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:59.086104 [#13 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].45174 \ + dns QUERY,NOERROR,58510,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,291,216.58.218.206 \ + 4 google.com.,IN,NS,157822,ns2.google.com. \ + google.com.,IN,NS,157822,ns3.google.com. \ + google.com.,IN,NS,157822,ns1.google.com. \ + google.com.,IN,NS,157822,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157822,216.239.34.10 \ + ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 +[73] 2016-10-20 15:23:59.090911 [#14 dns.pcap-dist 4095] \ + [172.17.0.0].33916 [8.8.0.0].53 \ + dns QUERY,NOERROR,45248,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:59.092204 [#15 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].33916 \ + dns QUERY,NOERROR,45248,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 \ + ns2.google.com.,IN,A,157822,216.239.34.10 +[56] 2016-10-20 15:24:04.323868 [#16 dns.pcap-dist 4095] \ + [172.17.0.0].43559 [8.8.0.0].53 \ + dns QUERY,NOERROR,49483,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:04.325597 [#17 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].43559 \ + dns QUERY,NOERROR,49483,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,285,216.58.218.206 \ + 4 google.com.,IN,NS,157816,ns4.google.com. \ + google.com.,IN,NS,157816,ns3.google.com. \ + google.com.,IN,NS,157816,ns1.google.com. \ + google.com.,IN,NS,157816,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157816,216.239.34.10 \ + ns1.google.com.,IN,A,331818,216.239.32.10 \ + ns3.google.com.,IN,A,157816,216.239.36.10 \ + ns4.google.com.,IN,A,157816,216.239.38.10 +[56] 2016-10-20 15:24:06.332239 [#18 dns.pcap-dist 4095] \ + [172.17.0.0].54859 [8.8.0.0].53 \ + dns QUERY,NOERROR,31669,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:06.333743 [#19 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].54859 \ + dns QUERY,NOERROR,31669,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,283,216.58.218.206 \ + 4 google.com.,IN,NS,157814,ns2.google.com. \ + google.com.,IN,NS,157814,ns1.google.com. \ + google.com.,IN,NS,157814,ns4.google.com. \ + google.com.,IN,NS,157814,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157814,216.239.34.10 \ + ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 +[73] 2016-10-20 15:24:06.339145 [#20 dns.pcap-dist 4095] \ + [172.17.0.0].58176 [8.8.0.0].53 \ + dns QUERY,NOERROR,25433,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:06.340820 [#21 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].58176 \ + dns QUERY,NOERROR,25433,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 \ + ns2.google.com.,IN,A,157814,216.239.34.10 +[56] 2016-10-20 15:24:07.346429 [#22 dns.pcap-dist 4095] \ + [172.17.0.0].41266 [8.8.0.0].53 \ + dns QUERY,NOERROR,63798,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:07.348160 [#23 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].41266 \ + dns QUERY,NOERROR,63798,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,282,216.58.218.206 \ + 4 google.com.,IN,NS,157813,ns4.google.com. \ + google.com.,IN,NS,157813,ns1.google.com. \ + google.com.,IN,NS,157813,ns3.google.com. \ + google.com.,IN,NS,157813,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157813,216.239.34.10 \ + ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 +[73] 2016-10-20 15:24:07.353123 [#24 dns.pcap-dist 4095] \ + [172.17.0.0].34607 [8.8.0.0].53 \ + dns QUERY,NOERROR,8470,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:07.354682 [#25 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].34607 \ + dns QUERY,NOERROR,8470,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 \ + ns2.google.com.,IN,A,157813,216.239.34.10 +[56] 2016-10-20 15:24:08.360528 [#26 dns.pcap-dist 4095] \ + [172.17.0.0].60437 [8.8.0.0].53 \ + dns QUERY,NOERROR,60258,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:08.362206 [#27 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].60437 \ + dns QUERY,NOERROR,60258,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,281,216.58.218.206 \ + 4 google.com.,IN,NS,157812,ns3.google.com. \ + google.com.,IN,NS,157812,ns2.google.com. \ + google.com.,IN,NS,157812,ns4.google.com. \ + google.com.,IN,NS,157812,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157812,216.239.34.10 \ + ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 +[73] 2016-10-20 15:24:08.368516 [#28 dns.pcap-dist 4095] \ + [172.17.0.0].37149 [8.8.0.0].53 \ + dns QUERY,NOERROR,44985,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:08.370119 [#29 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].37149 \ + dns QUERY,NOERROR,44985,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 \ + ns2.google.com.,IN,A,157812,216.239.34.10 +[56] 2016-10-20 15:24:09.375942 [#30 dns.pcap-dist 4095] \ + [172.17.0.0].53820 [8.8.0.0].53 \ + dns QUERY,NOERROR,45512,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:09.378425 [#31 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].53820 \ + dns QUERY,NOERROR,45512,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,280,216.58.218.206 \ + 4 google.com.,IN,NS,157811,ns3.google.com. \ + google.com.,IN,NS,157811,ns4.google.com. \ + google.com.,IN,NS,157811,ns1.google.com. \ + google.com.,IN,NS,157811,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157811,216.239.34.10 \ + ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 +[73] 2016-10-20 15:24:09.384057 [#32 dns.pcap-dist 4095] \ + [172.17.0.0].52368 [8.8.0.0].53 \ + dns QUERY,NOERROR,22980,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:09.385463 [#33 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].52368 \ + dns QUERY,NOERROR,22980,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 \ + ns2.google.com.,IN,A,157811,216.239.34.10 +[56] 2016-10-20 15:24:10.391358 [#34 dns.pcap-dist 4095] \ + [172.17.0.0].47637 [8.8.0.0].53 \ + dns QUERY,NOERROR,1834,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:10.392886 [#35 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].47637 \ + dns QUERY,NOERROR,1834,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,279,216.58.218.206 \ + 4 google.com.,IN,NS,157810,ns1.google.com. \ + google.com.,IN,NS,157810,ns2.google.com. \ + google.com.,IN,NS,157810,ns4.google.com. \ + google.com.,IN,NS,157810,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157810,216.239.34.10 \ + ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 +[73] 2016-10-20 15:24:10.398099 [#36 dns.pcap-dist 4095] \ + [172.17.0.0].34426 [8.8.0.0].53 \ + dns QUERY,NOERROR,25431,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:10.400317 [#37 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].34426 \ + dns QUERY,NOERROR,25431,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 \ + ns2.google.com.,IN,A,157810,216.239.34.10 +[56] 2016-10-20 15:24:11.406297 [#38 dns.pcap-dist 4095] \ + [172.17.0.0].41059 [8.8.0.0].53 \ + dns QUERY,NOERROR,48432,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:11.407460 [#39 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].41059 \ + dns QUERY,NOERROR,48432,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,278,216.58.218.206 \ + 4 google.com.,IN,NS,157809,ns3.google.com. \ + google.com.,IN,NS,157809,ns4.google.com. \ + google.com.,IN,NS,157809,ns2.google.com. \ + google.com.,IN,NS,157809,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157809,216.239.34.10 \ + ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 +[73] 2016-10-20 15:24:11.412133 [#40 dns.pcap-dist 4095] \ + [172.17.0.0].51181 [8.8.0.0].53 \ + dns QUERY,NOERROR,47411,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:11.413370 [#41 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].51181 \ + dns QUERY,NOERROR,47411,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 \ + ns2.google.com.,IN,A,157809,216.239.34.10 +[56] 2016-10-20 15:24:12.419936 [#42 dns.pcap-dist 4095] \ + [172.17.0.0].32976 [8.8.0.0].53 \ + dns QUERY,NOERROR,12038,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:12.421228 [#43 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].32976 \ + dns QUERY,NOERROR,12038,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,277,216.58.218.206 \ + 4 google.com.,IN,NS,157808,ns2.google.com. \ + google.com.,IN,NS,157808,ns3.google.com. \ + google.com.,IN,NS,157808,ns1.google.com. \ + google.com.,IN,NS,157808,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157808,216.239.34.10 \ + ns1.google.com.,IN,A,331810,216.239.32.10 \ + ns3.google.com.,IN,A,157808,216.239.36.10 \ + ns4.google.com.,IN,A,157808,216.239.38.10 +[56] 2016-10-20 15:24:14.428524 [#44 dns.pcap-dist 4095] \ + [172.17.0.0].53467 [8.8.0.0].53 \ + dns QUERY,NOERROR,11614,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:14.429863 [#45 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].53467 \ + dns QUERY,NOERROR,11614,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,275,216.58.218.206 \ + 4 google.com.,IN,NS,157806,ns3.google.com. \ + google.com.,IN,NS,157806,ns1.google.com. \ + google.com.,IN,NS,157806,ns4.google.com. \ + google.com.,IN,NS,157806,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157806,216.239.34.10 \ + ns1.google.com.,IN,A,331808,216.239.32.10 \ + ns3.google.com.,IN,A,157806,216.239.36.10 \ + ns4.google.com.,IN,A,157806,216.239.38.10 +[56] 2016-10-20 15:24:16.435733 [#46 dns.pcap-dist 4095] \ + [172.17.0.0].41532 [8.8.0.0].53 \ + dns QUERY,NOERROR,59173,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:16.437471 [#47 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].41532 \ + dns QUERY,NOERROR,59173,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,273,216.58.218.206 \ + 4 google.com.,IN,NS,157804,ns1.google.com. \ + google.com.,IN,NS,157804,ns3.google.com. \ + google.com.,IN,NS,157804,ns2.google.com. \ + google.com.,IN,NS,157804,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157804,216.239.34.10 \ + ns1.google.com.,IN,A,331806,216.239.32.10 \ + ns3.google.com.,IN,A,157804,216.239.36.10 \ + ns4.google.com.,IN,A,157804,216.239.38.10 +[56] 2016-10-20 15:24:18.445519 [#48 dns.pcap-dist 4095] \ + [172.17.0.0].44982 [8.8.0.0].53 \ + dns QUERY,NOERROR,45535,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:18.446775 [#49 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].44982 \ + dns QUERY,NOERROR,45535,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,271,216.58.218.206 \ + 4 google.com.,IN,NS,157802,ns4.google.com. \ + google.com.,IN,NS,157802,ns2.google.com. \ + google.com.,IN,NS,157802,ns1.google.com. \ + google.com.,IN,NS,157802,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157802,216.239.34.10 \ + ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 +[73] 2016-10-20 15:24:18.452451 [#50 dns.pcap-dist 4095] \ + [172.17.0.0].40224 [8.8.0.0].53 \ + dns QUERY,NOERROR,60808,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:18.454030 [#51 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].40224 \ + dns QUERY,NOERROR,60808,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 \ + ns2.google.com.,IN,A,157802,216.239.34.10 +[56] 2016-10-20 15:24:19.460087 [#52 dns.pcap-dist 4095] \ + [172.17.0.0].45658 [8.8.0.0].53 \ + dns QUERY,NOERROR,64325,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:19.462224 [#53 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].45658 \ + dns QUERY,NOERROR,64325,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,270,216.58.218.206 \ + 4 google.com.,IN,NS,157801,ns1.google.com. \ + google.com.,IN,NS,157801,ns3.google.com. \ + google.com.,IN,NS,157801,ns4.google.com. \ + google.com.,IN,NS,157801,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157801,216.239.34.10 \ + ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 +[73] 2016-10-20 15:24:19.467324 [#54 dns.pcap-dist 4095] \ + [172.17.0.0].60457 [8.8.0.0].53 \ + dns QUERY,NOERROR,25543,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:19.468895 [#55 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].60457 \ + dns QUERY,NOERROR,25543,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 \ + ns2.google.com.,IN,A,157801,216.239.34.10 +[56] 2016-10-20 15:24:20.475086 [#56 dns.pcap-dist 4095] \ + [172.17.0.0].59762 [8.8.0.0].53 \ + dns QUERY,NOERROR,20736,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:20.476841 [#57 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].59762 \ + dns QUERY,NOERROR,20736,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,269,216.58.218.206 \ + 4 google.com.,IN,NS,157800,ns3.google.com. \ + google.com.,IN,NS,157800,ns1.google.com. \ + google.com.,IN,NS,157800,ns4.google.com. \ + google.com.,IN,NS,157800,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157800,216.239.34.10 \ + ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 +[73] 2016-10-20 15:24:20.482188 [#58 dns.pcap-dist 4095] \ + [172.17.0.0].56022 [8.8.0.0].53 \ + dns QUERY,NOERROR,25911,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:20.483927 [#59 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].56022 \ + dns QUERY,NOERROR,25911,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 \ + ns2.google.com.,IN,A,157800,216.239.34.10 +[56] 2016-10-20 15:24:21.489468 [#60 dns.pcap-dist 4095] \ + [172.17.0.0].37669 [8.8.0.0].53 \ + dns QUERY,NOERROR,64358,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:21.490573 [#61 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].37669 \ + dns QUERY,NOERROR,64358,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,268,216.58.218.206 \ + 4 google.com.,IN,NS,157799,ns2.google.com. \ + google.com.,IN,NS,157799,ns1.google.com. \ + google.com.,IN,NS,157799,ns4.google.com. \ + google.com.,IN,NS,157799,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157799,216.239.34.10 \ + ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 +[73] 2016-10-20 15:24:21.495324 [#62 dns.pcap-dist 4095] \ + [172.17.0.0].42978 [8.8.0.0].53 \ + dns QUERY,NOERROR,37698,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:21.496815 [#63 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].42978 \ + dns QUERY,NOERROR,37698,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 \ + ns2.google.com.,IN,A,157799,216.239.34.10 +[56] 2016-10-20 15:24:22.502667 [#64 dns.pcap-dist 4095] \ + [172.17.0.0].49829 [8.8.0.0].53 \ + dns QUERY,NOERROR,54706,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:22.504738 [#65 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].49829 \ + dns QUERY,NOERROR,54706,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,267,216.58.218.206 \ + 4 google.com.,IN,NS,157798,ns2.google.com. \ + google.com.,IN,NS,157798,ns4.google.com. \ + google.com.,IN,NS,157798,ns3.google.com. \ + google.com.,IN,NS,157798,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157798,216.239.34.10 \ + ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 +[73] 2016-10-20 15:24:22.510176 [#66 dns.pcap-dist 4095] \ + [172.17.0.0].50599 [8.8.0.0].53 \ + dns QUERY,NOERROR,32142,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:22.511746 [#67 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].50599 \ + dns QUERY,NOERROR,32142,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 \ + ns2.google.com.,IN,A,157798,216.239.34.10 +[56] 2016-10-20 15:24:23.520203 [#68 dns.pcap-dist 4095] \ + [172.17.0.0].44980 [8.8.0.0].53 \ + dns QUERY,NOERROR,41808,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:23.521976 [#69 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].44980 \ + dns QUERY,NOERROR,41808,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,266,216.58.218.206 \ + 4 google.com.,IN,NS,157797,ns2.google.com. \ + google.com.,IN,NS,157797,ns4.google.com. \ + google.com.,IN,NS,157797,ns1.google.com. \ + google.com.,IN,NS,157797,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157797,216.239.34.10 \ + ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 +[73] 2016-10-20 15:24:23.527449 [#70 dns.pcap-dist 4095] \ + [172.17.0.0].60063 [8.8.0.0].53 \ + dns QUERY,NOERROR,18886,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:23.529385 [#71 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].60063 \ + dns QUERY,NOERROR,18886,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 \ + ns2.google.com.,IN,A,157797,216.239.34.10 +[56] 2016-10-20 15:24:24.537264 [#72 dns.pcap-dist 4095] \ + [172.17.0.0].42042 [8.8.0.0].53 \ + dns QUERY,NOERROR,10624,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:24.539398 [#73 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].42042 \ + dns QUERY,NOERROR,10624,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,265,216.58.218.206 \ + 4 google.com.,IN,NS,157796,ns3.google.com. \ + google.com.,IN,NS,157796,ns4.google.com. \ + google.com.,IN,NS,157796,ns1.google.com. \ + google.com.,IN,NS,157796,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157796,216.239.34.10 \ + ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 +[73] 2016-10-20 15:24:24.544538 [#74 dns.pcap-dist 4095] \ + [172.17.0.0].60469 [8.8.0.0].53 \ + dns QUERY,NOERROR,33139,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:24.546172 [#75 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].60469 \ + dns QUERY,NOERROR,33139,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 \ + ns2.google.com.,IN,A,157796,216.239.34.10 +[56] 2016-10-20 15:24:25.554744 [#76 dns.pcap-dist 4095] \ + [172.17.0.0].45703 [8.8.0.0].53 \ + dns QUERY,NOERROR,61415,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:25.556513 [#77 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].45703 \ + dns QUERY,NOERROR,61415,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,264,216.58.218.206 \ + 4 google.com.,IN,NS,157795,ns3.google.com. \ + google.com.,IN,NS,157795,ns4.google.com. \ + google.com.,IN,NS,157795,ns2.google.com. \ + google.com.,IN,NS,157795,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157795,216.239.34.10 \ + ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 +[73] 2016-10-20 15:24:25.562608 [#78 dns.pcap-dist 4095] \ + [172.17.0.0].33507 [8.8.0.0].53 \ + dns QUERY,NOERROR,59258,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:25.564509 [#79 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].33507 \ + dns QUERY,NOERROR,59258,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 \ + ns2.google.com.,IN,A,157795,216.239.34.10 +[56] 2016-10-20 15:24:26.572784 [#80 dns.pcap-dist 4095] \ + [172.17.0.0].46798 [8.8.0.0].53 \ + dns QUERY,NOERROR,17700,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:26.574350 [#81 dns.pcap-dist 4095] \ + [8.8.0.0].53 [172.17.0.0].46798 \ + dns QUERY,NOERROR,17700,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,263,216.58.218.206 \ + 4 google.com.,IN,NS,157794,ns1.google.com. \ + google.com.,IN,NS,157794,ns4.google.com. \ + google.com.,IN,NS,157794,ns3.google.com. \ + google.com.,IN,NS,157794,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157794,216.239.34.10 \ + ns1.google.com.,IN,A,331796,216.239.32.10 \ + ns3.google.com.,IN,A,157794,216.239.36.10 \ + ns4.google.com.,IN,A,157794,216.239.38.10 +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ + [172.17.0.0].53199 [8.8.8.8].53 \ + dns QUERY,NOERROR,59311,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].53199 \ + dns QUERY,NOERROR,59311,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns4.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[73] 2016-10-20 15:23:01.082865 [#2 dns.pcap-dist 4095] \ + [172.17.0.0].57822 [8.8.8.8].53 \ + dns QUERY,NOERROR,35665,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:01.084107 [#3 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].57822 \ + dns QUERY,NOERROR,35665,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 \ + ns2.google.com.,IN,A,157880,216.239.34.10 +[56] 2016-10-20 15:23:01.087291 [#4 dns.pcap-dist 4095] \ + [172.17.0.0].40043 [8.8.8.8].53 \ + dns QUERY,NOERROR,5337,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.088733 [#5 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].40043 \ + dns QUERY,NOERROR,5337,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[56] 2016-10-20 15:23:10.322117 [#6 dns.pcap-dist 4095] \ + [172.17.0.0].37953 [8.8.8.8].53 \ + dns QUERY,NOERROR,22982,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:10.323399 [#7 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].37953 \ + dns QUERY,NOERROR,22982,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,34,216.58.218.206 \ + 4 google.com.,IN,NS,157870,ns4.google.com. \ + google.com.,IN,NS,157870,ns1.google.com. \ + google.com.,IN,NS,157870,ns2.google.com. \ + google.com.,IN,NS,157870,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157870,216.239.34.10 \ + ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 +[73] 2016-10-20 15:23:10.328324 [#8 dns.pcap-dist 4095] \ + [172.17.0.0].48658 [8.8.8.8].53 \ + dns QUERY,NOERROR,18718,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:10.329572 [#9 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].48658 \ + dns QUERY,NOERROR,18718,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 \ + ns2.google.com.,IN,A,157870,216.239.34.10 +[56] 2016-10-20 15:23:52.860937 [#10 dns.pcap-dist 4095] \ + [172.17.0.0].40953 [8.8.8.8].53 \ + dns QUERY,NOERROR,22531,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:52.863771 [#11 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].40953 \ + dns QUERY,NOERROR,22531,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,297,216.58.218.206 \ + 4 google.com.,IN,NS,157828,ns2.google.com. \ + google.com.,IN,NS,157828,ns4.google.com. \ + google.com.,IN,NS,157828,ns1.google.com. \ + google.com.,IN,NS,157828,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157828,216.239.34.10 \ + ns1.google.com.,IN,A,331830,216.239.32.10 \ + ns3.google.com.,IN,A,157828,216.239.36.10 \ + ns4.google.com.,IN,A,157828,216.239.38.10 +[56] 2016-10-20 15:23:59.083869 [#12 dns.pcap-dist 4095] \ + [172.17.0.0].45174 [8.8.8.8].53 \ + dns QUERY,NOERROR,58510,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:59.086104 [#13 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].45174 \ + dns QUERY,NOERROR,58510,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,291,216.58.218.206 \ + 4 google.com.,IN,NS,157822,ns2.google.com. \ + google.com.,IN,NS,157822,ns3.google.com. \ + google.com.,IN,NS,157822,ns1.google.com. \ + google.com.,IN,NS,157822,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157822,216.239.34.10 \ + ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 +[73] 2016-10-20 15:23:59.090911 [#14 dns.pcap-dist 4095] \ + [172.17.0.0].33916 [8.8.8.8].53 \ + dns QUERY,NOERROR,45248,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:59.092204 [#15 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].33916 \ + dns QUERY,NOERROR,45248,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 \ + ns2.google.com.,IN,A,157822,216.239.34.10 +[56] 2016-10-20 15:24:04.323868 [#16 dns.pcap-dist 4095] \ + [172.17.0.0].43559 [8.8.8.8].53 \ + dns QUERY,NOERROR,49483,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:04.325597 [#17 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].43559 \ + dns QUERY,NOERROR,49483,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,285,216.58.218.206 \ + 4 google.com.,IN,NS,157816,ns4.google.com. \ + google.com.,IN,NS,157816,ns3.google.com. \ + google.com.,IN,NS,157816,ns1.google.com. \ + google.com.,IN,NS,157816,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157816,216.239.34.10 \ + ns1.google.com.,IN,A,331818,216.239.32.10 \ + ns3.google.com.,IN,A,157816,216.239.36.10 \ + ns4.google.com.,IN,A,157816,216.239.38.10 +[56] 2016-10-20 15:24:06.332239 [#18 dns.pcap-dist 4095] \ + [172.17.0.0].54859 [8.8.8.8].53 \ + dns QUERY,NOERROR,31669,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:06.333743 [#19 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].54859 \ + dns QUERY,NOERROR,31669,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,283,216.58.218.206 \ + 4 google.com.,IN,NS,157814,ns2.google.com. \ + google.com.,IN,NS,157814,ns1.google.com. \ + google.com.,IN,NS,157814,ns4.google.com. \ + google.com.,IN,NS,157814,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157814,216.239.34.10 \ + ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 +[73] 2016-10-20 15:24:06.339145 [#20 dns.pcap-dist 4095] \ + [172.17.0.0].58176 [8.8.8.8].53 \ + dns QUERY,NOERROR,25433,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:06.340820 [#21 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].58176 \ + dns QUERY,NOERROR,25433,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 \ + ns2.google.com.,IN,A,157814,216.239.34.10 +[56] 2016-10-20 15:24:07.346429 [#22 dns.pcap-dist 4095] \ + [172.17.0.0].41266 [8.8.8.8].53 \ + dns QUERY,NOERROR,63798,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:07.348160 [#23 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].41266 \ + dns QUERY,NOERROR,63798,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,282,216.58.218.206 \ + 4 google.com.,IN,NS,157813,ns4.google.com. \ + google.com.,IN,NS,157813,ns1.google.com. \ + google.com.,IN,NS,157813,ns3.google.com. \ + google.com.,IN,NS,157813,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157813,216.239.34.10 \ + ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 +[73] 2016-10-20 15:24:07.353123 [#24 dns.pcap-dist 4095] \ + [172.17.0.0].34607 [8.8.8.8].53 \ + dns QUERY,NOERROR,8470,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:07.354682 [#25 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].34607 \ + dns QUERY,NOERROR,8470,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 \ + ns2.google.com.,IN,A,157813,216.239.34.10 +[56] 2016-10-20 15:24:08.360528 [#26 dns.pcap-dist 4095] \ + [172.17.0.0].60437 [8.8.8.8].53 \ + dns QUERY,NOERROR,60258,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:08.362206 [#27 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].60437 \ + dns QUERY,NOERROR,60258,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,281,216.58.218.206 \ + 4 google.com.,IN,NS,157812,ns3.google.com. \ + google.com.,IN,NS,157812,ns2.google.com. \ + google.com.,IN,NS,157812,ns4.google.com. \ + google.com.,IN,NS,157812,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157812,216.239.34.10 \ + ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 +[73] 2016-10-20 15:24:08.368516 [#28 dns.pcap-dist 4095] \ + [172.17.0.0].37149 [8.8.8.8].53 \ + dns QUERY,NOERROR,44985,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:08.370119 [#29 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].37149 \ + dns QUERY,NOERROR,44985,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 \ + ns2.google.com.,IN,A,157812,216.239.34.10 +[56] 2016-10-20 15:24:09.375942 [#30 dns.pcap-dist 4095] \ + [172.17.0.0].53820 [8.8.8.8].53 \ + dns QUERY,NOERROR,45512,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:09.378425 [#31 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].53820 \ + dns QUERY,NOERROR,45512,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,280,216.58.218.206 \ + 4 google.com.,IN,NS,157811,ns3.google.com. \ + google.com.,IN,NS,157811,ns4.google.com. \ + google.com.,IN,NS,157811,ns1.google.com. \ + google.com.,IN,NS,157811,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157811,216.239.34.10 \ + ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 +[73] 2016-10-20 15:24:09.384057 [#32 dns.pcap-dist 4095] \ + [172.17.0.0].52368 [8.8.8.8].53 \ + dns QUERY,NOERROR,22980,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:09.385463 [#33 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].52368 \ + dns QUERY,NOERROR,22980,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 \ + ns2.google.com.,IN,A,157811,216.239.34.10 +[56] 2016-10-20 15:24:10.391358 [#34 dns.pcap-dist 4095] \ + [172.17.0.0].47637 [8.8.8.8].53 \ + dns QUERY,NOERROR,1834,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:10.392886 [#35 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].47637 \ + dns QUERY,NOERROR,1834,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,279,216.58.218.206 \ + 4 google.com.,IN,NS,157810,ns1.google.com. \ + google.com.,IN,NS,157810,ns2.google.com. \ + google.com.,IN,NS,157810,ns4.google.com. \ + google.com.,IN,NS,157810,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157810,216.239.34.10 \ + ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 +[73] 2016-10-20 15:24:10.398099 [#36 dns.pcap-dist 4095] \ + [172.17.0.0].34426 [8.8.8.8].53 \ + dns QUERY,NOERROR,25431,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:10.400317 [#37 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].34426 \ + dns QUERY,NOERROR,25431,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 \ + ns2.google.com.,IN,A,157810,216.239.34.10 +[56] 2016-10-20 15:24:11.406297 [#38 dns.pcap-dist 4095] \ + [172.17.0.0].41059 [8.8.8.8].53 \ + dns QUERY,NOERROR,48432,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:11.407460 [#39 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].41059 \ + dns QUERY,NOERROR,48432,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,278,216.58.218.206 \ + 4 google.com.,IN,NS,157809,ns3.google.com. \ + google.com.,IN,NS,157809,ns4.google.com. \ + google.com.,IN,NS,157809,ns2.google.com. \ + google.com.,IN,NS,157809,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157809,216.239.34.10 \ + ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 +[73] 2016-10-20 15:24:11.412133 [#40 dns.pcap-dist 4095] \ + [172.17.0.0].51181 [8.8.8.8].53 \ + dns QUERY,NOERROR,47411,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:11.413370 [#41 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].51181 \ + dns QUERY,NOERROR,47411,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 \ + ns2.google.com.,IN,A,157809,216.239.34.10 +[56] 2016-10-20 15:24:12.419936 [#42 dns.pcap-dist 4095] \ + [172.17.0.0].32976 [8.8.8.8].53 \ + dns QUERY,NOERROR,12038,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:12.421228 [#43 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].32976 \ + dns QUERY,NOERROR,12038,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,277,216.58.218.206 \ + 4 google.com.,IN,NS,157808,ns2.google.com. \ + google.com.,IN,NS,157808,ns3.google.com. \ + google.com.,IN,NS,157808,ns1.google.com. \ + google.com.,IN,NS,157808,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157808,216.239.34.10 \ + ns1.google.com.,IN,A,331810,216.239.32.10 \ + ns3.google.com.,IN,A,157808,216.239.36.10 \ + ns4.google.com.,IN,A,157808,216.239.38.10 +[56] 2016-10-20 15:24:14.428524 [#44 dns.pcap-dist 4095] \ + [172.17.0.0].53467 [8.8.8.8].53 \ + dns QUERY,NOERROR,11614,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:14.429863 [#45 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].53467 \ + dns QUERY,NOERROR,11614,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,275,216.58.218.206 \ + 4 google.com.,IN,NS,157806,ns3.google.com. \ + google.com.,IN,NS,157806,ns1.google.com. \ + google.com.,IN,NS,157806,ns4.google.com. \ + google.com.,IN,NS,157806,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157806,216.239.34.10 \ + ns1.google.com.,IN,A,331808,216.239.32.10 \ + ns3.google.com.,IN,A,157806,216.239.36.10 \ + ns4.google.com.,IN,A,157806,216.239.38.10 +[56] 2016-10-20 15:24:16.435733 [#46 dns.pcap-dist 4095] \ + [172.17.0.0].41532 [8.8.8.8].53 \ + dns QUERY,NOERROR,59173,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:16.437471 [#47 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].41532 \ + dns QUERY,NOERROR,59173,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,273,216.58.218.206 \ + 4 google.com.,IN,NS,157804,ns1.google.com. \ + google.com.,IN,NS,157804,ns3.google.com. \ + google.com.,IN,NS,157804,ns2.google.com. \ + google.com.,IN,NS,157804,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157804,216.239.34.10 \ + ns1.google.com.,IN,A,331806,216.239.32.10 \ + ns3.google.com.,IN,A,157804,216.239.36.10 \ + ns4.google.com.,IN,A,157804,216.239.38.10 +[56] 2016-10-20 15:24:18.445519 [#48 dns.pcap-dist 4095] \ + [172.17.0.0].44982 [8.8.8.8].53 \ + dns QUERY,NOERROR,45535,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:18.446775 [#49 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].44982 \ + dns QUERY,NOERROR,45535,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,271,216.58.218.206 \ + 4 google.com.,IN,NS,157802,ns4.google.com. \ + google.com.,IN,NS,157802,ns2.google.com. \ + google.com.,IN,NS,157802,ns1.google.com. \ + google.com.,IN,NS,157802,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157802,216.239.34.10 \ + ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 +[73] 2016-10-20 15:24:18.452451 [#50 dns.pcap-dist 4095] \ + [172.17.0.0].40224 [8.8.8.8].53 \ + dns QUERY,NOERROR,60808,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:18.454030 [#51 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].40224 \ + dns QUERY,NOERROR,60808,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 \ + ns2.google.com.,IN,A,157802,216.239.34.10 +[56] 2016-10-20 15:24:19.460087 [#52 dns.pcap-dist 4095] \ + [172.17.0.0].45658 [8.8.8.8].53 \ + dns QUERY,NOERROR,64325,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:19.462224 [#53 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].45658 \ + dns QUERY,NOERROR,64325,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,270,216.58.218.206 \ + 4 google.com.,IN,NS,157801,ns1.google.com. \ + google.com.,IN,NS,157801,ns3.google.com. \ + google.com.,IN,NS,157801,ns4.google.com. \ + google.com.,IN,NS,157801,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157801,216.239.34.10 \ + ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 +[73] 2016-10-20 15:24:19.467324 [#54 dns.pcap-dist 4095] \ + [172.17.0.0].60457 [8.8.8.8].53 \ + dns QUERY,NOERROR,25543,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:19.468895 [#55 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].60457 \ + dns QUERY,NOERROR,25543,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 \ + ns2.google.com.,IN,A,157801,216.239.34.10 +[56] 2016-10-20 15:24:20.475086 [#56 dns.pcap-dist 4095] \ + [172.17.0.0].59762 [8.8.8.8].53 \ + dns QUERY,NOERROR,20736,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:20.476841 [#57 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].59762 \ + dns QUERY,NOERROR,20736,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,269,216.58.218.206 \ + 4 google.com.,IN,NS,157800,ns3.google.com. \ + google.com.,IN,NS,157800,ns1.google.com. \ + google.com.,IN,NS,157800,ns4.google.com. \ + google.com.,IN,NS,157800,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157800,216.239.34.10 \ + ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 +[73] 2016-10-20 15:24:20.482188 [#58 dns.pcap-dist 4095] \ + [172.17.0.0].56022 [8.8.8.8].53 \ + dns QUERY,NOERROR,25911,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:20.483927 [#59 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].56022 \ + dns QUERY,NOERROR,25911,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 \ + ns2.google.com.,IN,A,157800,216.239.34.10 +[56] 2016-10-20 15:24:21.489468 [#60 dns.pcap-dist 4095] \ + [172.17.0.0].37669 [8.8.8.8].53 \ + dns QUERY,NOERROR,64358,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:21.490573 [#61 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].37669 \ + dns QUERY,NOERROR,64358,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,268,216.58.218.206 \ + 4 google.com.,IN,NS,157799,ns2.google.com. \ + google.com.,IN,NS,157799,ns1.google.com. \ + google.com.,IN,NS,157799,ns4.google.com. \ + google.com.,IN,NS,157799,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157799,216.239.34.10 \ + ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 +[73] 2016-10-20 15:24:21.495324 [#62 dns.pcap-dist 4095] \ + [172.17.0.0].42978 [8.8.8.8].53 \ + dns QUERY,NOERROR,37698,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:21.496815 [#63 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].42978 \ + dns QUERY,NOERROR,37698,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 \ + ns2.google.com.,IN,A,157799,216.239.34.10 +[56] 2016-10-20 15:24:22.502667 [#64 dns.pcap-dist 4095] \ + [172.17.0.0].49829 [8.8.8.8].53 \ + dns QUERY,NOERROR,54706,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:22.504738 [#65 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].49829 \ + dns QUERY,NOERROR,54706,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,267,216.58.218.206 \ + 4 google.com.,IN,NS,157798,ns2.google.com. \ + google.com.,IN,NS,157798,ns4.google.com. \ + google.com.,IN,NS,157798,ns3.google.com. \ + google.com.,IN,NS,157798,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157798,216.239.34.10 \ + ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 +[73] 2016-10-20 15:24:22.510176 [#66 dns.pcap-dist 4095] \ + [172.17.0.0].50599 [8.8.8.8].53 \ + dns QUERY,NOERROR,32142,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:22.511746 [#67 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].50599 \ + dns QUERY,NOERROR,32142,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 \ + ns2.google.com.,IN,A,157798,216.239.34.10 +[56] 2016-10-20 15:24:23.520203 [#68 dns.pcap-dist 4095] \ + [172.17.0.0].44980 [8.8.8.8].53 \ + dns QUERY,NOERROR,41808,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:23.521976 [#69 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].44980 \ + dns QUERY,NOERROR,41808,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,266,216.58.218.206 \ + 4 google.com.,IN,NS,157797,ns2.google.com. \ + google.com.,IN,NS,157797,ns4.google.com. \ + google.com.,IN,NS,157797,ns1.google.com. \ + google.com.,IN,NS,157797,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157797,216.239.34.10 \ + ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 +[73] 2016-10-20 15:24:23.527449 [#70 dns.pcap-dist 4095] \ + [172.17.0.0].60063 [8.8.8.8].53 \ + dns QUERY,NOERROR,18886,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:23.529385 [#71 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].60063 \ + dns QUERY,NOERROR,18886,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 \ + ns2.google.com.,IN,A,157797,216.239.34.10 +[56] 2016-10-20 15:24:24.537264 [#72 dns.pcap-dist 4095] \ + [172.17.0.0].42042 [8.8.8.8].53 \ + dns QUERY,NOERROR,10624,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:24.539398 [#73 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].42042 \ + dns QUERY,NOERROR,10624,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,265,216.58.218.206 \ + 4 google.com.,IN,NS,157796,ns3.google.com. \ + google.com.,IN,NS,157796,ns4.google.com. \ + google.com.,IN,NS,157796,ns1.google.com. \ + google.com.,IN,NS,157796,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157796,216.239.34.10 \ + ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 +[73] 2016-10-20 15:24:24.544538 [#74 dns.pcap-dist 4095] \ + [172.17.0.0].60469 [8.8.8.8].53 \ + dns QUERY,NOERROR,33139,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:24.546172 [#75 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].60469 \ + dns QUERY,NOERROR,33139,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 \ + ns2.google.com.,IN,A,157796,216.239.34.10 +[56] 2016-10-20 15:24:25.554744 [#76 dns.pcap-dist 4095] \ + [172.17.0.0].45703 [8.8.8.8].53 \ + dns QUERY,NOERROR,61415,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:25.556513 [#77 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].45703 \ + dns QUERY,NOERROR,61415,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,264,216.58.218.206 \ + 4 google.com.,IN,NS,157795,ns3.google.com. \ + google.com.,IN,NS,157795,ns4.google.com. \ + google.com.,IN,NS,157795,ns2.google.com. \ + google.com.,IN,NS,157795,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157795,216.239.34.10 \ + ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 +[73] 2016-10-20 15:24:25.562608 [#78 dns.pcap-dist 4095] \ + [172.17.0.0].33507 [8.8.8.8].53 \ + dns QUERY,NOERROR,59258,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:25.564509 [#79 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].33507 \ + dns QUERY,NOERROR,59258,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 \ + ns2.google.com.,IN,A,157795,216.239.34.10 +[56] 2016-10-20 15:24:26.572784 [#80 dns.pcap-dist 4095] \ + [172.17.0.0].46798 [8.8.8.8].53 \ + dns QUERY,NOERROR,17700,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:26.574350 [#81 dns.pcap-dist 4095] \ + [8.8.8.8].53 [172.17.0.0].46798 \ + dns QUERY,NOERROR,17700,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,263,216.58.218.206 \ + 4 google.com.,IN,NS,157794,ns1.google.com. \ + google.com.,IN,NS,157794,ns4.google.com. \ + google.com.,IN,NS,157794,ns3.google.com. \ + google.com.,IN,NS,157794,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157794,216.239.34.10 \ + ns1.google.com.,IN,A,331796,216.239.32.10 \ + ns3.google.com.,IN,A,157794,216.239.36.10 \ + ns4.google.com.,IN,A,157794,216.239.38.10 +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ + [172.17.0.10].53199 [8.8.8.0].53 \ + dns QUERY,NOERROR,59311,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].53199 \ + dns QUERY,NOERROR,59311,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns4.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[73] 2016-10-20 15:23:01.082865 [#2 dns.pcap-dist 4095] \ + [172.17.0.10].57822 [8.8.8.0].53 \ + dns QUERY,NOERROR,35665,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:01.084107 [#3 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].57822 \ + dns QUERY,NOERROR,35665,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 \ + ns2.google.com.,IN,A,157880,216.239.34.10 +[56] 2016-10-20 15:23:01.087291 [#4 dns.pcap-dist 4095] \ + [172.17.0.10].40043 [8.8.8.0].53 \ + dns QUERY,NOERROR,5337,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.088733 [#5 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].40043 \ + dns QUERY,NOERROR,5337,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[56] 2016-10-20 15:23:10.322117 [#6 dns.pcap-dist 4095] \ + [172.17.0.10].37953 [8.8.8.0].53 \ + dns QUERY,NOERROR,22982,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:10.323399 [#7 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].37953 \ + dns QUERY,NOERROR,22982,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,34,216.58.218.206 \ + 4 google.com.,IN,NS,157870,ns4.google.com. \ + google.com.,IN,NS,157870,ns1.google.com. \ + google.com.,IN,NS,157870,ns2.google.com. \ + google.com.,IN,NS,157870,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157870,216.239.34.10 \ + ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 +[73] 2016-10-20 15:23:10.328324 [#8 dns.pcap-dist 4095] \ + [172.17.0.10].48658 [8.8.8.0].53 \ + dns QUERY,NOERROR,18718,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:10.329572 [#9 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].48658 \ + dns QUERY,NOERROR,18718,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 \ + ns2.google.com.,IN,A,157870,216.239.34.10 +[56] 2016-10-20 15:23:52.860937 [#10 dns.pcap-dist 4095] \ + [172.17.0.10].40953 [8.8.8.0].53 \ + dns QUERY,NOERROR,22531,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:52.863771 [#11 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].40953 \ + dns QUERY,NOERROR,22531,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,297,216.58.218.206 \ + 4 google.com.,IN,NS,157828,ns2.google.com. \ + google.com.,IN,NS,157828,ns4.google.com. \ + google.com.,IN,NS,157828,ns1.google.com. \ + google.com.,IN,NS,157828,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157828,216.239.34.10 \ + ns1.google.com.,IN,A,331830,216.239.32.10 \ + ns3.google.com.,IN,A,157828,216.239.36.10 \ + ns4.google.com.,IN,A,157828,216.239.38.10 +[56] 2016-10-20 15:23:59.083869 [#12 dns.pcap-dist 4095] \ + [172.17.0.10].45174 [8.8.8.0].53 \ + dns QUERY,NOERROR,58510,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:59.086104 [#13 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].45174 \ + dns QUERY,NOERROR,58510,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,291,216.58.218.206 \ + 4 google.com.,IN,NS,157822,ns2.google.com. \ + google.com.,IN,NS,157822,ns3.google.com. \ + google.com.,IN,NS,157822,ns1.google.com. \ + google.com.,IN,NS,157822,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157822,216.239.34.10 \ + ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 +[73] 2016-10-20 15:23:59.090911 [#14 dns.pcap-dist 4095] \ + [172.17.0.10].33916 [8.8.8.0].53 \ + dns QUERY,NOERROR,45248,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:59.092204 [#15 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].33916 \ + dns QUERY,NOERROR,45248,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 \ + ns2.google.com.,IN,A,157822,216.239.34.10 +[56] 2016-10-20 15:24:04.323868 [#16 dns.pcap-dist 4095] \ + [172.17.0.10].43559 [8.8.8.0].53 \ + dns QUERY,NOERROR,49483,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:04.325597 [#17 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].43559 \ + dns QUERY,NOERROR,49483,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,285,216.58.218.206 \ + 4 google.com.,IN,NS,157816,ns4.google.com. \ + google.com.,IN,NS,157816,ns3.google.com. \ + google.com.,IN,NS,157816,ns1.google.com. \ + google.com.,IN,NS,157816,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157816,216.239.34.10 \ + ns1.google.com.,IN,A,331818,216.239.32.10 \ + ns3.google.com.,IN,A,157816,216.239.36.10 \ + ns4.google.com.,IN,A,157816,216.239.38.10 +[56] 2016-10-20 15:24:06.332239 [#18 dns.pcap-dist 4095] \ + [172.17.0.10].54859 [8.8.8.0].53 \ + dns QUERY,NOERROR,31669,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:06.333743 [#19 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].54859 \ + dns QUERY,NOERROR,31669,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,283,216.58.218.206 \ + 4 google.com.,IN,NS,157814,ns2.google.com. \ + google.com.,IN,NS,157814,ns1.google.com. \ + google.com.,IN,NS,157814,ns4.google.com. \ + google.com.,IN,NS,157814,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157814,216.239.34.10 \ + ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 +[73] 2016-10-20 15:24:06.339145 [#20 dns.pcap-dist 4095] \ + [172.17.0.10].58176 [8.8.8.0].53 \ + dns QUERY,NOERROR,25433,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:06.340820 [#21 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].58176 \ + dns QUERY,NOERROR,25433,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 \ + ns2.google.com.,IN,A,157814,216.239.34.10 +[56] 2016-10-20 15:24:07.346429 [#22 dns.pcap-dist 4095] \ + [172.17.0.10].41266 [8.8.8.0].53 \ + dns QUERY,NOERROR,63798,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:07.348160 [#23 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].41266 \ + dns QUERY,NOERROR,63798,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,282,216.58.218.206 \ + 4 google.com.,IN,NS,157813,ns4.google.com. \ + google.com.,IN,NS,157813,ns1.google.com. \ + google.com.,IN,NS,157813,ns3.google.com. \ + google.com.,IN,NS,157813,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157813,216.239.34.10 \ + ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 +[73] 2016-10-20 15:24:07.353123 [#24 dns.pcap-dist 4095] \ + [172.17.0.10].34607 [8.8.8.0].53 \ + dns QUERY,NOERROR,8470,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:07.354682 [#25 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].34607 \ + dns QUERY,NOERROR,8470,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 \ + ns2.google.com.,IN,A,157813,216.239.34.10 +[56] 2016-10-20 15:24:08.360528 [#26 dns.pcap-dist 4095] \ + [172.17.0.10].60437 [8.8.8.0].53 \ + dns QUERY,NOERROR,60258,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:08.362206 [#27 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].60437 \ + dns QUERY,NOERROR,60258,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,281,216.58.218.206 \ + 4 google.com.,IN,NS,157812,ns3.google.com. \ + google.com.,IN,NS,157812,ns2.google.com. \ + google.com.,IN,NS,157812,ns4.google.com. \ + google.com.,IN,NS,157812,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157812,216.239.34.10 \ + ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 +[73] 2016-10-20 15:24:08.368516 [#28 dns.pcap-dist 4095] \ + [172.17.0.10].37149 [8.8.8.0].53 \ + dns QUERY,NOERROR,44985,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:08.370119 [#29 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].37149 \ + dns QUERY,NOERROR,44985,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 \ + ns2.google.com.,IN,A,157812,216.239.34.10 +[56] 2016-10-20 15:24:09.375942 [#30 dns.pcap-dist 4095] \ + [172.17.0.10].53820 [8.8.8.0].53 \ + dns QUERY,NOERROR,45512,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:09.378425 [#31 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].53820 \ + dns QUERY,NOERROR,45512,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,280,216.58.218.206 \ + 4 google.com.,IN,NS,157811,ns3.google.com. \ + google.com.,IN,NS,157811,ns4.google.com. \ + google.com.,IN,NS,157811,ns1.google.com. \ + google.com.,IN,NS,157811,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157811,216.239.34.10 \ + ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 +[73] 2016-10-20 15:24:09.384057 [#32 dns.pcap-dist 4095] \ + [172.17.0.10].52368 [8.8.8.0].53 \ + dns QUERY,NOERROR,22980,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:09.385463 [#33 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].52368 \ + dns QUERY,NOERROR,22980,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 \ + ns2.google.com.,IN,A,157811,216.239.34.10 +[56] 2016-10-20 15:24:10.391358 [#34 dns.pcap-dist 4095] \ + [172.17.0.10].47637 [8.8.8.0].53 \ + dns QUERY,NOERROR,1834,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:10.392886 [#35 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].47637 \ + dns QUERY,NOERROR,1834,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,279,216.58.218.206 \ + 4 google.com.,IN,NS,157810,ns1.google.com. \ + google.com.,IN,NS,157810,ns2.google.com. \ + google.com.,IN,NS,157810,ns4.google.com. \ + google.com.,IN,NS,157810,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157810,216.239.34.10 \ + ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 +[73] 2016-10-20 15:24:10.398099 [#36 dns.pcap-dist 4095] \ + [172.17.0.10].34426 [8.8.8.0].53 \ + dns QUERY,NOERROR,25431,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:10.400317 [#37 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].34426 \ + dns QUERY,NOERROR,25431,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 \ + ns2.google.com.,IN,A,157810,216.239.34.10 +[56] 2016-10-20 15:24:11.406297 [#38 dns.pcap-dist 4095] \ + [172.17.0.10].41059 [8.8.8.0].53 \ + dns QUERY,NOERROR,48432,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:11.407460 [#39 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].41059 \ + dns QUERY,NOERROR,48432,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,278,216.58.218.206 \ + 4 google.com.,IN,NS,157809,ns3.google.com. \ + google.com.,IN,NS,157809,ns4.google.com. \ + google.com.,IN,NS,157809,ns2.google.com. \ + google.com.,IN,NS,157809,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157809,216.239.34.10 \ + ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 +[73] 2016-10-20 15:24:11.412133 [#40 dns.pcap-dist 4095] \ + [172.17.0.10].51181 [8.8.8.0].53 \ + dns QUERY,NOERROR,47411,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:11.413370 [#41 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].51181 \ + dns QUERY,NOERROR,47411,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 \ + ns2.google.com.,IN,A,157809,216.239.34.10 +[56] 2016-10-20 15:24:12.419936 [#42 dns.pcap-dist 4095] \ + [172.17.0.10].32976 [8.8.8.0].53 \ + dns QUERY,NOERROR,12038,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:12.421228 [#43 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].32976 \ + dns QUERY,NOERROR,12038,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,277,216.58.218.206 \ + 4 google.com.,IN,NS,157808,ns2.google.com. \ + google.com.,IN,NS,157808,ns3.google.com. \ + google.com.,IN,NS,157808,ns1.google.com. \ + google.com.,IN,NS,157808,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157808,216.239.34.10 \ + ns1.google.com.,IN,A,331810,216.239.32.10 \ + ns3.google.com.,IN,A,157808,216.239.36.10 \ + ns4.google.com.,IN,A,157808,216.239.38.10 +[56] 2016-10-20 15:24:14.428524 [#44 dns.pcap-dist 4095] \ + [172.17.0.10].53467 [8.8.8.0].53 \ + dns QUERY,NOERROR,11614,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:14.429863 [#45 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].53467 \ + dns QUERY,NOERROR,11614,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,275,216.58.218.206 \ + 4 google.com.,IN,NS,157806,ns3.google.com. \ + google.com.,IN,NS,157806,ns1.google.com. \ + google.com.,IN,NS,157806,ns4.google.com. \ + google.com.,IN,NS,157806,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157806,216.239.34.10 \ + ns1.google.com.,IN,A,331808,216.239.32.10 \ + ns3.google.com.,IN,A,157806,216.239.36.10 \ + ns4.google.com.,IN,A,157806,216.239.38.10 +[56] 2016-10-20 15:24:16.435733 [#46 dns.pcap-dist 4095] \ + [172.17.0.10].41532 [8.8.8.0].53 \ + dns QUERY,NOERROR,59173,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:16.437471 [#47 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].41532 \ + dns QUERY,NOERROR,59173,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,273,216.58.218.206 \ + 4 google.com.,IN,NS,157804,ns1.google.com. \ + google.com.,IN,NS,157804,ns3.google.com. \ + google.com.,IN,NS,157804,ns2.google.com. \ + google.com.,IN,NS,157804,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157804,216.239.34.10 \ + ns1.google.com.,IN,A,331806,216.239.32.10 \ + ns3.google.com.,IN,A,157804,216.239.36.10 \ + ns4.google.com.,IN,A,157804,216.239.38.10 +[56] 2016-10-20 15:24:18.445519 [#48 dns.pcap-dist 4095] \ + [172.17.0.10].44982 [8.8.8.0].53 \ + dns QUERY,NOERROR,45535,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:18.446775 [#49 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].44982 \ + dns QUERY,NOERROR,45535,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,271,216.58.218.206 \ + 4 google.com.,IN,NS,157802,ns4.google.com. \ + google.com.,IN,NS,157802,ns2.google.com. \ + google.com.,IN,NS,157802,ns1.google.com. \ + google.com.,IN,NS,157802,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157802,216.239.34.10 \ + ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 +[73] 2016-10-20 15:24:18.452451 [#50 dns.pcap-dist 4095] \ + [172.17.0.10].40224 [8.8.8.0].53 \ + dns QUERY,NOERROR,60808,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:18.454030 [#51 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].40224 \ + dns QUERY,NOERROR,60808,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 \ + ns2.google.com.,IN,A,157802,216.239.34.10 +[56] 2016-10-20 15:24:19.460087 [#52 dns.pcap-dist 4095] \ + [172.17.0.10].45658 [8.8.8.0].53 \ + dns QUERY,NOERROR,64325,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:19.462224 [#53 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].45658 \ + dns QUERY,NOERROR,64325,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,270,216.58.218.206 \ + 4 google.com.,IN,NS,157801,ns1.google.com. \ + google.com.,IN,NS,157801,ns3.google.com. \ + google.com.,IN,NS,157801,ns4.google.com. \ + google.com.,IN,NS,157801,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157801,216.239.34.10 \ + ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 +[73] 2016-10-20 15:24:19.467324 [#54 dns.pcap-dist 4095] \ + [172.17.0.10].60457 [8.8.8.0].53 \ + dns QUERY,NOERROR,25543,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:19.468895 [#55 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].60457 \ + dns QUERY,NOERROR,25543,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 \ + ns2.google.com.,IN,A,157801,216.239.34.10 +[56] 2016-10-20 15:24:20.475086 [#56 dns.pcap-dist 4095] \ + [172.17.0.10].59762 [8.8.8.0].53 \ + dns QUERY,NOERROR,20736,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:20.476841 [#57 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].59762 \ + dns QUERY,NOERROR,20736,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,269,216.58.218.206 \ + 4 google.com.,IN,NS,157800,ns3.google.com. \ + google.com.,IN,NS,157800,ns1.google.com. \ + google.com.,IN,NS,157800,ns4.google.com. \ + google.com.,IN,NS,157800,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157800,216.239.34.10 \ + ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 +[73] 2016-10-20 15:24:20.482188 [#58 dns.pcap-dist 4095] \ + [172.17.0.10].56022 [8.8.8.0].53 \ + dns QUERY,NOERROR,25911,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:20.483927 [#59 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].56022 \ + dns QUERY,NOERROR,25911,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 \ + ns2.google.com.,IN,A,157800,216.239.34.10 +[56] 2016-10-20 15:24:21.489468 [#60 dns.pcap-dist 4095] \ + [172.17.0.10].37669 [8.8.8.0].53 \ + dns QUERY,NOERROR,64358,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:21.490573 [#61 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].37669 \ + dns QUERY,NOERROR,64358,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,268,216.58.218.206 \ + 4 google.com.,IN,NS,157799,ns2.google.com. \ + google.com.,IN,NS,157799,ns1.google.com. \ + google.com.,IN,NS,157799,ns4.google.com. \ + google.com.,IN,NS,157799,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157799,216.239.34.10 \ + ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 +[73] 2016-10-20 15:24:21.495324 [#62 dns.pcap-dist 4095] \ + [172.17.0.10].42978 [8.8.8.0].53 \ + dns QUERY,NOERROR,37698,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:21.496815 [#63 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].42978 \ + dns QUERY,NOERROR,37698,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 \ + ns2.google.com.,IN,A,157799,216.239.34.10 +[56] 2016-10-20 15:24:22.502667 [#64 dns.pcap-dist 4095] \ + [172.17.0.10].49829 [8.8.8.0].53 \ + dns QUERY,NOERROR,54706,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:22.504738 [#65 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].49829 \ + dns QUERY,NOERROR,54706,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,267,216.58.218.206 \ + 4 google.com.,IN,NS,157798,ns2.google.com. \ + google.com.,IN,NS,157798,ns4.google.com. \ + google.com.,IN,NS,157798,ns3.google.com. \ + google.com.,IN,NS,157798,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157798,216.239.34.10 \ + ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 +[73] 2016-10-20 15:24:22.510176 [#66 dns.pcap-dist 4095] \ + [172.17.0.10].50599 [8.8.8.0].53 \ + dns QUERY,NOERROR,32142,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:22.511746 [#67 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].50599 \ + dns QUERY,NOERROR,32142,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 \ + ns2.google.com.,IN,A,157798,216.239.34.10 +[56] 2016-10-20 15:24:23.520203 [#68 dns.pcap-dist 4095] \ + [172.17.0.10].44980 [8.8.8.0].53 \ + dns QUERY,NOERROR,41808,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:23.521976 [#69 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].44980 \ + dns QUERY,NOERROR,41808,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,266,216.58.218.206 \ + 4 google.com.,IN,NS,157797,ns2.google.com. \ + google.com.,IN,NS,157797,ns4.google.com. \ + google.com.,IN,NS,157797,ns1.google.com. \ + google.com.,IN,NS,157797,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157797,216.239.34.10 \ + ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 +[73] 2016-10-20 15:24:23.527449 [#70 dns.pcap-dist 4095] \ + [172.17.0.10].60063 [8.8.8.0].53 \ + dns QUERY,NOERROR,18886,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:23.529385 [#71 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].60063 \ + dns QUERY,NOERROR,18886,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 \ + ns2.google.com.,IN,A,157797,216.239.34.10 +[56] 2016-10-20 15:24:24.537264 [#72 dns.pcap-dist 4095] \ + [172.17.0.10].42042 [8.8.8.0].53 \ + dns QUERY,NOERROR,10624,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:24.539398 [#73 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].42042 \ + dns QUERY,NOERROR,10624,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,265,216.58.218.206 \ + 4 google.com.,IN,NS,157796,ns3.google.com. \ + google.com.,IN,NS,157796,ns4.google.com. \ + google.com.,IN,NS,157796,ns1.google.com. \ + google.com.,IN,NS,157796,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157796,216.239.34.10 \ + ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 +[73] 2016-10-20 15:24:24.544538 [#74 dns.pcap-dist 4095] \ + [172.17.0.10].60469 [8.8.8.0].53 \ + dns QUERY,NOERROR,33139,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:24.546172 [#75 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].60469 \ + dns QUERY,NOERROR,33139,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 \ + ns2.google.com.,IN,A,157796,216.239.34.10 +[56] 2016-10-20 15:24:25.554744 [#76 dns.pcap-dist 4095] \ + [172.17.0.10].45703 [8.8.8.0].53 \ + dns QUERY,NOERROR,61415,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:25.556513 [#77 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].45703 \ + dns QUERY,NOERROR,61415,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,264,216.58.218.206 \ + 4 google.com.,IN,NS,157795,ns3.google.com. \ + google.com.,IN,NS,157795,ns4.google.com. \ + google.com.,IN,NS,157795,ns2.google.com. \ + google.com.,IN,NS,157795,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157795,216.239.34.10 \ + ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 +[73] 2016-10-20 15:24:25.562608 [#78 dns.pcap-dist 4095] \ + [172.17.0.10].33507 [8.8.8.0].53 \ + dns QUERY,NOERROR,59258,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:25.564509 [#79 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].33507 \ + dns QUERY,NOERROR,59258,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 \ + ns2.google.com.,IN,A,157795,216.239.34.10 +[56] 2016-10-20 15:24:26.572784 [#80 dns.pcap-dist 4095] \ + [172.17.0.10].46798 [8.8.8.0].53 \ + dns QUERY,NOERROR,17700,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:26.574350 [#81 dns.pcap-dist 4095] \ + [8.8.8.0].53 [172.17.0.10].46798 \ + dns QUERY,NOERROR,17700,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,263,216.58.218.206 \ + 4 google.com.,IN,NS,157794,ns1.google.com. \ + google.com.,IN,NS,157794,ns4.google.com. \ + google.com.,IN,NS,157794,ns3.google.com. \ + google.com.,IN,NS,157794,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157794,216.239.34.10 \ + ns1.google.com.,IN,A,331796,216.239.32.10 \ + ns3.google.com.,IN,A,157794,216.239.36.10 \ + ns4.google.com.,IN,A,157794,216.239.38.10 +anonmask.so usage error: -c and -s options are mutually exclusive diff --git a/plugins/anonmask/test1.sh b/plugins/anonmask/test1.sh new file mode 100755 index 0000000..a15a9bb --- /dev/null +++ b/plugins/anonmask/test1.sh @@ -0,0 +1,24 @@ +#!/bin/sh -xe + +plugin=`find . -name 'anonmask.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the anonmask plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist + +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" 2>test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -4 16 2>>test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -c 2>>test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -s 2>>test1.out +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -c -s 2>>test1.out + +osrel=`uname -s` +if [ "$osrel" = "OpenBSD" ]; then + mv test1.out test1.out.old + grep -v "^dnscap.*WARNING.*symbol.*relink" test1.out.old > test1.out + rm test1.out.old +fi + +diff test1.out "$srcdir/test1.gold" diff --git a/plugins/anonmask/test2.gold b/plugins/anonmask/test2.gold new file mode 100644 index 0000000..ac84f76 --- /dev/null +++ b/plugins/anonmask/test2.gold @@ -0,0 +1,77 @@ +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ + [2a01:3f0::].51972 [2001:4860:4860::].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ + [2001:4860:4860::].53 [2a01:3f0::].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ + [2a01:300::].51972 [2001:4800::].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ + [2001:4800::].53 [2a01:300::].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ + [2a01:3f0::].51972 [2001:4860::].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ + [2001:4860::].53 [2a01:3f0::].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ + [2a01:3f0:0:57::].51972 [2001:4860:4860::].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ + [2001:4860:4860::].53 [2a01:3f0:0:57::].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ + [2a01:3f0:0:57::].51972 [2001:4860:4860::].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ + [2001:4860:4860::].53 [2a01:3f0:0:57::].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ + [2a01:3f0::].51972 [2001:4860:4860::8888].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ + [2001:4860:4860::8888].53 [2a01:3f0::].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ + [2a01:3f0:0:57::245].51972 [2001:4860:4860::].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ + [2001:4860:4860::].53 [2a01:3f0:0:57::245].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] diff --git a/plugins/anonmask/test2.sh b/plugins/anonmask/test2.sh new file mode 100755 index 0000000..7a155c5 --- /dev/null +++ b/plugins/anonmask/test2.sh @@ -0,0 +1,34 @@ +#!/bin/sh -xe + +plugin=`find . -name 'anonmask.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the anonmask plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns6.pcap" dns6.pcap-dist + +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" 2>test2.out +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -6 24 2>>test2.out +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -6 32 2>>test2.out +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -6 64 2>>test2.out +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -6 96 2>>test2.out +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -c 2>>test2.out +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -s 2>>test2.out + +osrel=`uname -s` +if [ "$osrel" = "OpenBSD" ]; then + mv test2.out test2.out.old + grep -v "^dnscap.*WARNING.*symbol.*relink" test2.out.old > test2.out + rm test2.out.old +fi + +# TODO: Remove when #133 is fixed +cat test2.out | \ + sed 's%,CLASS4096,OPT,%,4096,4096,%' | \ + sed 's%,CLASS512,OPT,%,512,512,%' | \ + sed 's%,41,41,0,edns0\[len=0,UDP=4096,%,4096,4096,0,edns0[len=0,UDP=4096,%' | \ + sed 's%,41,41,0,edns0\[len=0,UDP=512,%,512,512,0,edns0[len=0,UDP=512,%' >test2.new +mv test2.new test2.out + +diff test2.out "$srcdir/test2.gold" diff --git a/plugins/anonmask/test3.sh b/plugins/anonmask/test3.sh new file mode 100755 index 0000000..b5018d8 --- /dev/null +++ b/plugins/anonmask/test3.sh @@ -0,0 +1,16 @@ +#!/bin/sh -xe + +plugin=`find . -name 'anonmask.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the anonmask plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist + +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -? +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -X +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -4 99 +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -6 999 +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -p 0 +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -p 1 diff --git a/plugins/cryptopan/Makefile.am b/plugins/cryptopan/Makefile.am new file mode 100644 index 0000000..0215742 --- /dev/null +++ b/plugins/cryptopan/Makefile.am @@ -0,0 +1,24 @@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in +CLEANFILES = *.gcda *.gcno *.gcov + +AM_CFLAGS = -I$(srcdir) \ + -I$(top_srcdir)/src \ + -I$(top_srcdir)/isc \ + $(SECCOMPFLAGS) $(libcrypto_CFLAGS) + +pkglib_LTLIBRARIES = cryptopan.la +cryptopan_la_SOURCES = cryptopan.c +cryptopan_la_LDFLAGS = -module -avoid-version $(libcrypto_LIBS) + +TESTS = test1.sh test2.sh test3.sh test4.sh + +EXTRA_DIST = $(TESTS) test1.gold test2.gold test3.gold +CLEANFILES += test1.out test2.out test3.out test3.pcap.20161020.152301.075993 \ + test3.pcap.20181127.155200.414188 test4.tmp + +if ENABLE_GCOV +gcov-local: + for src in $(cryptopan_la_SOURCES); do \ + gcov -o .libs -l -r -s "$(srcdir)" "$$src"; \ + done +endif diff --git a/plugins/cryptopan/cryptopan.c b/plugins/cryptopan/cryptopan.c new file mode 100644 index 0000000..2e439af --- /dev/null +++ b/plugins/cryptopan/cryptopan.c @@ -0,0 +1,475 @@ +/* + * Copyright (c) 2018-2021, OARC, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. Neither the name of the copyright holder nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Crypto-PAn encryption based on submitted extension by David Stott (Lucent) + * https://www.cc.gatech.edu/computing/Networking/projects/cryptopan/lucent.shtml + */ + +#include "config.h" + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> +#include <sys/socket.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> + +#include "dnscap_common.h" + +#if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_CONF_H) && defined(HAVE_OPENSSL_ERR_H) && defined(HAVE_OPENSSL_EVP_H) +#include <openssl/conf.h> +#include <openssl/evp.h> +#include <openssl/err.h> +#define USE_OPENSSL 1 +#endif + +static set_iaddr_t cryptopan_set_iaddr = 0; + +static logerr_t* logerr; +static int only_clients = 0, only_servers = 0, dns_port = 53, encrypt_v6 = 0, decrypt = 0; +static unsigned char key[16]; +static unsigned char iv[16]; +static unsigned char pad[16]; +#ifdef USE_OPENSSL +static EVP_CIPHER_CTX* ctx = 0; +#endif + +enum plugin_type cryptopan_type() +{ + return plugin_filter; +} + +void usage(const char* msg) +{ + fprintf(stderr, "cryptopan.so usage error: %s\n", msg); + exit(1); +} + +void cryptopan_usage() +{ + fprintf(stderr, + "\ncryptopan.so options:\n" + "\t-? print these instructions and exit\n" + "\t-k <key> A 16 character long key\n" + "\t-K <file> Read the 16 first bytes from file and use as key\n" + "\t-i <key> A 16 character long Initialisation Vector (IV)\n" + "\t-I <file> Read the 16 first bytes from file and use as IV\n" + "\t-a <key> A 16 character long padding\n" + "\t-A <file> Read the 16 first bytes from file and use as padding\n" + "\t-D Decrypt IP addresses\n" + "\t-c Only en/de-crypt clients (port != 53)\n" + "\t-s Only en/de-crypt servers (port == 53)\n" + "\t-p <port> Set port for -c/-s, default 53\n" + "\t-6 En/de-crypt IPv6 addresses, not default or recommended\n"); +} + +void cryptopan_extension(int ext, void* arg) +{ + switch (ext) { + case DNSCAP_EXT_SET_IADDR: + cryptopan_set_iaddr = (set_iaddr_t)arg; + break; + } +} + +void cryptopan_getopt(int* argc, char** argv[]) +{ + int c, got_key = 0, got_iv = 0, got_pad = 0; + unsigned long ul; + char* p; + + while ((c = getopt(*argc, *argv, "?k:K:i:I:a:A:Dcsp:6")) != EOF) { + switch (c) { + case 'k': + if (strlen(optarg) != 16) { + usage("key must be 16 characters long"); + } + memcpy(key, optarg, 16); + got_key = 1; + break; + case 'K': { + int fd; + ssize_t r; + if ((fd = open(optarg, O_RDONLY)) < 0) { + perror("open()"); + usage("unable to open key file"); + } + if ((r = read(fd, key, 16)) < 0) { + perror("read()"); + usage("unable to read from key file"); + } + if (r != 16) { + usage("unable to read 16 bytes from key file"); + } + close(fd); + got_key = 1; + break; + } + case 'i': + if (strlen(optarg) != 16) { + usage("IV must be 16 characters long"); + } + memcpy(iv, optarg, 16); + got_iv = 1; + break; + case 'I': { + int fd; + ssize_t r; + if ((fd = open(optarg, O_RDONLY)) < 0) { + perror("open()"); + usage("unable to open IV file"); + } + if ((r = read(fd, iv, 16)) < 0) { + perror("read()"); + usage("unable to read from IV file"); + } + if (r != 16) { + usage("unable to read 16 bytes from IV file"); + } + close(fd); + got_iv = 1; + break; + } + case 'a': + if (strlen(optarg) != 16) { + usage("padding must be 16 characters long"); + } + memcpy(pad, optarg, 16); + got_pad = 1; + break; + case 'A': { + int fd; + ssize_t r; + if ((fd = open(optarg, O_RDONLY)) < 0) { + perror("open()"); + usage("unable to open padding file"); + } + if ((r = read(fd, pad, 16)) < 0) { + perror("read()"); + usage("unable to read from padding file"); + } + if (r != 16) { + usage("unable to read 16 bytes from padding file"); + } + close(fd); + got_pad = 1; + break; + } + case 'D': + decrypt = 1; + break; + case 'c': + only_clients = 1; + break; + case 's': + only_servers = 1; + break; + case 'p': + ul = strtoul(optarg, &p, 0); + if (*p != '\0' || ul < 1U || ul > 65535U) + usage("port must be an integer 1..65535"); + dns_port = (unsigned)ul; + break; + case '6': + encrypt_v6 = 1; + break; + case '?': + cryptopan_usage(); + if (!optopt || optopt == '?') { + exit(0); + } + // fallthrough + default: + exit(1); + } + } + + if (!got_key || !got_iv || !got_pad) { + usage("must have key (-k/-K), IV (-i/-I) and padding (-a/-A)"); + } + +#ifdef USE_OPENSSL + if (!(ctx = EVP_CIPHER_CTX_new())) { + usage("unable to create openssl cipher context"); + } + if (!EVP_CipherInit_ex(ctx, EVP_aes_128_ecb(), NULL, key, iv, 1)) { + unsigned long e = ERR_get_error(); + fprintf(stderr, "%s:%s:%s\n", ERR_lib_error_string(e), ERR_func_error_string(e), ERR_reason_error_string(e)); + usage("unable to initialize AES128 cipher"); + } + EVP_CIPHER_CTX_set_padding(ctx, 0); + { + unsigned char outbuf[16 + EVP_MAX_BLOCK_LENGTH]; + int outlen = 0; + + if (!EVP_CipherUpdate(ctx, outbuf, &outlen, pad, 16)) { + fprintf(stderr, "cryptopan.so: error encrypting padding: %s\n", ERR_reason_error_string(ERR_get_error())); + exit(1); + } + if (outlen != 16) { + fprintf(stderr, "cryptopan.so: error encrypted padding is not 16 bytes\n"); + exit(1); + } + memcpy(&pad, outbuf, 16); + } +#else + usage("no openssl support built in, can't encrypt IP addresses"); +#endif + + if (only_clients && only_servers) { + usage("-c and -s options are mutually exclusive"); + } +} + +int cryptopan_start(logerr_t* a_logerr) +{ + logerr = a_logerr; + return 0; +} + +void cryptopan_stop() +{ +#ifdef USE_OPENSSL + EVP_CIPHER_CTX_free(ctx); + ctx = 0; +#endif +} + +int cryptopan_open(my_bpftimeval ts) +{ + return 0; +} + +int cryptopan_close(my_bpftimeval ts) +{ + return 0; +} + +#ifdef USE_OPENSSL +struct input { + union { + unsigned char input[16]; + uint32_t ui32; + } u; +}; +struct output { + union { + unsigned char outbuf[16 + EVP_MAX_BLOCK_LENGTH]; + uint32_t ui32; + } u; +}; +static inline void _encrypt(uint32_t* in) +{ + struct input input; + struct output output; + int outlen = 0, pos; + uint32_t orig, result = 0, pad4b, mask = 0; + + memcpy(input.u.input, pad, 16); + orig = ntohl(*in); + memcpy(&pad4b, pad, 4); + + // First pass with padding only + + input.u.ui32 = htonl(pad4b); + + if (!EVP_CipherUpdate(ctx, output.u.outbuf, &outlen, input.u.input, 16)) { + fprintf(stderr, "cryptopan.so: error encrypting: %s\n", ERR_reason_error_string(ERR_get_error())); + exit(1); + } + if (outlen != 16) { + fprintf(stderr, "cryptopan.so: error encrypted result is not 16 bytes\n"); + exit(1); + } + + result |= ntohl(output.u.ui32) & 0x80000000; + mask >>= 1; + mask |= 0x80000000; + + for (pos = 1; pos < 32; pos++) { + input.u.ui32 = htonl(((pad4b << pos) | (pad4b >> (32 - pos))) ^ (orig & mask)); + + if (!EVP_CipherUpdate(ctx, output.u.outbuf, &outlen, input.u.input, 16)) { + fprintf(stderr, "cryptopan.so: error encrypting: %s\n", ERR_reason_error_string(ERR_get_error())); + exit(1); + } + if (outlen != 16) { + fprintf(stderr, "cryptopan.so: error encrypted result is not 16 bytes\n"); + exit(1); + } + + result |= (ntohl(output.u.ui32) & 0x80000000) >> pos; + mask >>= 1; + mask |= 0x80000000; + } + + *in = htonl(result ^ orig); +} + +static inline void _decrypt(uint32_t* in) +{ + struct input input; + struct output output; + int outlen = 0, pos; + uint32_t orig, pad4b, mask = 0; + + memcpy(input.u.input, pad, 16); + orig = ntohl(*in); + memcpy(&pad4b, pad, 4); + + // First pass with padding only + + input.u.ui32 = htonl(pad4b); + + if (!EVP_CipherUpdate(ctx, output.u.outbuf, &outlen, input.u.input, 16)) { + fprintf(stderr, "cryptopan.so: error encrypting: %s\n", ERR_reason_error_string(ERR_get_error())); + exit(1); + } + if (outlen != 16) { + fprintf(stderr, "cryptopan.so: error encrypted result is not 16 bytes\n"); + exit(1); + } + + orig ^= ntohl(output.u.ui32) & 0x80000000; + mask >>= 1; + mask |= 0x80000000; + + for (pos = 1; pos < 32; pos++) { + input.u.ui32 = htonl(((pad4b << pos) | (pad4b >> (32 - pos))) ^ (orig & mask)); + + if (!EVP_CipherUpdate(ctx, output.u.outbuf, &outlen, input.u.input, 16)) { + fprintf(stderr, "cryptopan.so: error encrypting: %s\n", ERR_reason_error_string(ERR_get_error())); + exit(1); + } + if (outlen != 16) { + fprintf(stderr, "cryptopan.so: error encrypted result is not 16 bytes\n"); + exit(1); + } + + orig ^= (ntohl(output.u.ui32) & 0x80000000) >> pos; + mask >>= 1; + mask |= 0x80000000; + } + + *in = htonl(orig); +} +#endif + +int cryptopan_filter(const char* descr, iaddr* from, iaddr* to, uint8_t proto, unsigned flags, + unsigned sport, unsigned dport, my_bpftimeval ts, + const u_char* pkt_copy, const unsigned olen, + const u_char* payload, const unsigned payloadlen) +{ +#ifdef USE_OPENSSL + for (;;) { + if (only_clients && sport == dns_port) { + from = 0; + break; + } + if (only_servers && sport != dns_port) { + from = 0; + break; + } + + switch (from->af) { + case AF_INET: + decrypt ? _decrypt((uint32_t*)&from->u.a4) : _encrypt((uint32_t*)&from->u.a4); + break; + case AF_INET6: + if (encrypt_v6) { + if (decrypt) { + _decrypt((uint32_t*)&from->u.a6); + _decrypt(((uint32_t*)&from->u.a6) + 1); // lgtm [cpp/suspicious-pointer-scaling] + _decrypt(((uint32_t*)&from->u.a6) + 2); // lgtm [cpp/suspicious-pointer-scaling] + _decrypt(((uint32_t*)&from->u.a6) + 3); // lgtm [cpp/suspicious-pointer-scaling] + } else { + _encrypt((uint32_t*)&from->u.a6); + _encrypt(((uint32_t*)&from->u.a6) + 1); // lgtm [cpp/suspicious-pointer-scaling] + _encrypt(((uint32_t*)&from->u.a6) + 2); // lgtm [cpp/suspicious-pointer-scaling] + _encrypt(((uint32_t*)&from->u.a6) + 3); // lgtm [cpp/suspicious-pointer-scaling] + } + break; + } + default: + from = 0; + break; + } + break; + } + + for (;;) { + if (only_clients && dport == dns_port) { + to = 0; + break; + } + if (only_servers && dport != dns_port) { + to = 0; + break; + } + + switch (to->af) { + case AF_INET: + decrypt ? _decrypt((uint32_t*)&to->u.a4) : _encrypt((uint32_t*)&to->u.a4); + break; + case AF_INET6: + if (encrypt_v6) { + if (decrypt) { + _decrypt((uint32_t*)&to->u.a6); + _decrypt(((uint32_t*)&to->u.a6) + 1); // lgtm [cpp/suspicious-pointer-scaling] + _decrypt(((uint32_t*)&to->u.a6) + 2); // lgtm [cpp/suspicious-pointer-scaling] + _decrypt(((uint32_t*)&to->u.a6) + 3); // lgtm [cpp/suspicious-pointer-scaling] + } else { + _encrypt((uint32_t*)&to->u.a6); + _encrypt(((uint32_t*)&to->u.a6) + 1); // lgtm [cpp/suspicious-pointer-scaling] + _encrypt(((uint32_t*)&to->u.a6) + 2); // lgtm [cpp/suspicious-pointer-scaling] + _encrypt(((uint32_t*)&to->u.a6) + 3); // lgtm [cpp/suspicious-pointer-scaling] + } + break; + } + default: + to = 0; + break; + } + break; + } + + if (cryptopan_set_iaddr && (from || to)) { + cryptopan_set_iaddr(from, to); + } +#endif + return 0; +} diff --git a/plugins/cryptopan/test1.gold b/plugins/cryptopan/test1.gold new file mode 100644 index 0000000..71bbba1 --- /dev/null +++ b/plugins/cryptopan/test1.gold @@ -0,0 +1,2147 @@ +cryptopan.so usage error: must have key (-k/-K), IV (-i/-I) and padding (-a/-A) +cryptopan.so usage error: must have key (-k/-K), IV (-i/-I) and padding (-a/-A) +cryptopan.so usage error: must have key (-k/-K), IV (-i/-I) and padding (-a/-A) +cryptopan.so usage error: must have key (-k/-K), IV (-i/-I) and padding (-a/-A) +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ + [137.205.188.255].53199 [44.76.218.44].53 \ + dns QUERY,NOERROR,59311,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].53199 \ + dns QUERY,NOERROR,59311,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns4.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[73] 2016-10-20 15:23:01.082865 [#2 dns.pcap-dist 4095] \ + [137.205.188.255].57822 [44.76.218.44].53 \ + dns QUERY,NOERROR,35665,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:01.084107 [#3 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].57822 \ + dns QUERY,NOERROR,35665,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 \ + ns2.google.com.,IN,A,157880,216.239.34.10 +[56] 2016-10-20 15:23:01.087291 [#4 dns.pcap-dist 4095] \ + [137.205.188.255].40043 [44.76.218.44].53 \ + dns QUERY,NOERROR,5337,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.088733 [#5 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].40043 \ + dns QUERY,NOERROR,5337,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[56] 2016-10-20 15:23:10.322117 [#6 dns.pcap-dist 4095] \ + [137.205.188.255].37953 [44.76.218.44].53 \ + dns QUERY,NOERROR,22982,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:10.323399 [#7 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].37953 \ + dns QUERY,NOERROR,22982,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,34,216.58.218.206 \ + 4 google.com.,IN,NS,157870,ns4.google.com. \ + google.com.,IN,NS,157870,ns1.google.com. \ + google.com.,IN,NS,157870,ns2.google.com. \ + google.com.,IN,NS,157870,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157870,216.239.34.10 \ + ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 +[73] 2016-10-20 15:23:10.328324 [#8 dns.pcap-dist 4095] \ + [137.205.188.255].48658 [44.76.218.44].53 \ + dns QUERY,NOERROR,18718,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:10.329572 [#9 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].48658 \ + dns QUERY,NOERROR,18718,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 \ + ns2.google.com.,IN,A,157870,216.239.34.10 +[56] 2016-10-20 15:23:52.860937 [#10 dns.pcap-dist 4095] \ + [137.205.188.255].40953 [44.76.218.44].53 \ + dns QUERY,NOERROR,22531,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:52.863771 [#11 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].40953 \ + dns QUERY,NOERROR,22531,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,297,216.58.218.206 \ + 4 google.com.,IN,NS,157828,ns2.google.com. \ + google.com.,IN,NS,157828,ns4.google.com. \ + google.com.,IN,NS,157828,ns1.google.com. \ + google.com.,IN,NS,157828,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157828,216.239.34.10 \ + ns1.google.com.,IN,A,331830,216.239.32.10 \ + ns3.google.com.,IN,A,157828,216.239.36.10 \ + ns4.google.com.,IN,A,157828,216.239.38.10 +[56] 2016-10-20 15:23:59.083869 [#12 dns.pcap-dist 4095] \ + [137.205.188.255].45174 [44.76.218.44].53 \ + dns QUERY,NOERROR,58510,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:59.086104 [#13 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].45174 \ + dns QUERY,NOERROR,58510,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,291,216.58.218.206 \ + 4 google.com.,IN,NS,157822,ns2.google.com. \ + google.com.,IN,NS,157822,ns3.google.com. \ + google.com.,IN,NS,157822,ns1.google.com. \ + google.com.,IN,NS,157822,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157822,216.239.34.10 \ + ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 +[73] 2016-10-20 15:23:59.090911 [#14 dns.pcap-dist 4095] \ + [137.205.188.255].33916 [44.76.218.44].53 \ + dns QUERY,NOERROR,45248,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:59.092204 [#15 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].33916 \ + dns QUERY,NOERROR,45248,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 \ + ns2.google.com.,IN,A,157822,216.239.34.10 +[56] 2016-10-20 15:24:04.323868 [#16 dns.pcap-dist 4095] \ + [137.205.188.255].43559 [44.76.218.44].53 \ + dns QUERY,NOERROR,49483,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:04.325597 [#17 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].43559 \ + dns QUERY,NOERROR,49483,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,285,216.58.218.206 \ + 4 google.com.,IN,NS,157816,ns4.google.com. \ + google.com.,IN,NS,157816,ns3.google.com. \ + google.com.,IN,NS,157816,ns1.google.com. \ + google.com.,IN,NS,157816,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157816,216.239.34.10 \ + ns1.google.com.,IN,A,331818,216.239.32.10 \ + ns3.google.com.,IN,A,157816,216.239.36.10 \ + ns4.google.com.,IN,A,157816,216.239.38.10 +[56] 2016-10-20 15:24:06.332239 [#18 dns.pcap-dist 4095] \ + [137.205.188.255].54859 [44.76.218.44].53 \ + dns QUERY,NOERROR,31669,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:06.333743 [#19 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].54859 \ + dns QUERY,NOERROR,31669,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,283,216.58.218.206 \ + 4 google.com.,IN,NS,157814,ns2.google.com. \ + google.com.,IN,NS,157814,ns1.google.com. \ + google.com.,IN,NS,157814,ns4.google.com. \ + google.com.,IN,NS,157814,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157814,216.239.34.10 \ + ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 +[73] 2016-10-20 15:24:06.339145 [#20 dns.pcap-dist 4095] \ + [137.205.188.255].58176 [44.76.218.44].53 \ + dns QUERY,NOERROR,25433,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:06.340820 [#21 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].58176 \ + dns QUERY,NOERROR,25433,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 \ + ns2.google.com.,IN,A,157814,216.239.34.10 +[56] 2016-10-20 15:24:07.346429 [#22 dns.pcap-dist 4095] \ + [137.205.188.255].41266 [44.76.218.44].53 \ + dns QUERY,NOERROR,63798,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:07.348160 [#23 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].41266 \ + dns QUERY,NOERROR,63798,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,282,216.58.218.206 \ + 4 google.com.,IN,NS,157813,ns4.google.com. \ + google.com.,IN,NS,157813,ns1.google.com. \ + google.com.,IN,NS,157813,ns3.google.com. \ + google.com.,IN,NS,157813,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157813,216.239.34.10 \ + ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 +[73] 2016-10-20 15:24:07.353123 [#24 dns.pcap-dist 4095] \ + [137.205.188.255].34607 [44.76.218.44].53 \ + dns QUERY,NOERROR,8470,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:07.354682 [#25 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].34607 \ + dns QUERY,NOERROR,8470,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 \ + ns2.google.com.,IN,A,157813,216.239.34.10 +[56] 2016-10-20 15:24:08.360528 [#26 dns.pcap-dist 4095] \ + [137.205.188.255].60437 [44.76.218.44].53 \ + dns QUERY,NOERROR,60258,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:08.362206 [#27 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].60437 \ + dns QUERY,NOERROR,60258,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,281,216.58.218.206 \ + 4 google.com.,IN,NS,157812,ns3.google.com. \ + google.com.,IN,NS,157812,ns2.google.com. \ + google.com.,IN,NS,157812,ns4.google.com. \ + google.com.,IN,NS,157812,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157812,216.239.34.10 \ + ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 +[73] 2016-10-20 15:24:08.368516 [#28 dns.pcap-dist 4095] \ + [137.205.188.255].37149 [44.76.218.44].53 \ + dns QUERY,NOERROR,44985,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:08.370119 [#29 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].37149 \ + dns QUERY,NOERROR,44985,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 \ + ns2.google.com.,IN,A,157812,216.239.34.10 +[56] 2016-10-20 15:24:09.375942 [#30 dns.pcap-dist 4095] \ + [137.205.188.255].53820 [44.76.218.44].53 \ + dns QUERY,NOERROR,45512,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:09.378425 [#31 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].53820 \ + dns QUERY,NOERROR,45512,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,280,216.58.218.206 \ + 4 google.com.,IN,NS,157811,ns3.google.com. \ + google.com.,IN,NS,157811,ns4.google.com. \ + google.com.,IN,NS,157811,ns1.google.com. \ + google.com.,IN,NS,157811,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157811,216.239.34.10 \ + ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 +[73] 2016-10-20 15:24:09.384057 [#32 dns.pcap-dist 4095] \ + [137.205.188.255].52368 [44.76.218.44].53 \ + dns QUERY,NOERROR,22980,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:09.385463 [#33 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].52368 \ + dns QUERY,NOERROR,22980,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 \ + ns2.google.com.,IN,A,157811,216.239.34.10 +[56] 2016-10-20 15:24:10.391358 [#34 dns.pcap-dist 4095] \ + [137.205.188.255].47637 [44.76.218.44].53 \ + dns QUERY,NOERROR,1834,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:10.392886 [#35 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].47637 \ + dns QUERY,NOERROR,1834,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,279,216.58.218.206 \ + 4 google.com.,IN,NS,157810,ns1.google.com. \ + google.com.,IN,NS,157810,ns2.google.com. \ + google.com.,IN,NS,157810,ns4.google.com. \ + google.com.,IN,NS,157810,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157810,216.239.34.10 \ + ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 +[73] 2016-10-20 15:24:10.398099 [#36 dns.pcap-dist 4095] \ + [137.205.188.255].34426 [44.76.218.44].53 \ + dns QUERY,NOERROR,25431,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:10.400317 [#37 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].34426 \ + dns QUERY,NOERROR,25431,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 \ + ns2.google.com.,IN,A,157810,216.239.34.10 +[56] 2016-10-20 15:24:11.406297 [#38 dns.pcap-dist 4095] \ + [137.205.188.255].41059 [44.76.218.44].53 \ + dns QUERY,NOERROR,48432,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:11.407460 [#39 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].41059 \ + dns QUERY,NOERROR,48432,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,278,216.58.218.206 \ + 4 google.com.,IN,NS,157809,ns3.google.com. \ + google.com.,IN,NS,157809,ns4.google.com. \ + google.com.,IN,NS,157809,ns2.google.com. \ + google.com.,IN,NS,157809,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157809,216.239.34.10 \ + ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 +[73] 2016-10-20 15:24:11.412133 [#40 dns.pcap-dist 4095] \ + [137.205.188.255].51181 [44.76.218.44].53 \ + dns QUERY,NOERROR,47411,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:11.413370 [#41 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].51181 \ + dns QUERY,NOERROR,47411,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 \ + ns2.google.com.,IN,A,157809,216.239.34.10 +[56] 2016-10-20 15:24:12.419936 [#42 dns.pcap-dist 4095] \ + [137.205.188.255].32976 [44.76.218.44].53 \ + dns QUERY,NOERROR,12038,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:12.421228 [#43 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].32976 \ + dns QUERY,NOERROR,12038,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,277,216.58.218.206 \ + 4 google.com.,IN,NS,157808,ns2.google.com. \ + google.com.,IN,NS,157808,ns3.google.com. \ + google.com.,IN,NS,157808,ns1.google.com. \ + google.com.,IN,NS,157808,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157808,216.239.34.10 \ + ns1.google.com.,IN,A,331810,216.239.32.10 \ + ns3.google.com.,IN,A,157808,216.239.36.10 \ + ns4.google.com.,IN,A,157808,216.239.38.10 +[56] 2016-10-20 15:24:14.428524 [#44 dns.pcap-dist 4095] \ + [137.205.188.255].53467 [44.76.218.44].53 \ + dns QUERY,NOERROR,11614,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:14.429863 [#45 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].53467 \ + dns QUERY,NOERROR,11614,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,275,216.58.218.206 \ + 4 google.com.,IN,NS,157806,ns3.google.com. \ + google.com.,IN,NS,157806,ns1.google.com. \ + google.com.,IN,NS,157806,ns4.google.com. \ + google.com.,IN,NS,157806,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157806,216.239.34.10 \ + ns1.google.com.,IN,A,331808,216.239.32.10 \ + ns3.google.com.,IN,A,157806,216.239.36.10 \ + ns4.google.com.,IN,A,157806,216.239.38.10 +[56] 2016-10-20 15:24:16.435733 [#46 dns.pcap-dist 4095] \ + [137.205.188.255].41532 [44.76.218.44].53 \ + dns QUERY,NOERROR,59173,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:16.437471 [#47 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].41532 \ + dns QUERY,NOERROR,59173,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,273,216.58.218.206 \ + 4 google.com.,IN,NS,157804,ns1.google.com. \ + google.com.,IN,NS,157804,ns3.google.com. \ + google.com.,IN,NS,157804,ns2.google.com. \ + google.com.,IN,NS,157804,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157804,216.239.34.10 \ + ns1.google.com.,IN,A,331806,216.239.32.10 \ + ns3.google.com.,IN,A,157804,216.239.36.10 \ + ns4.google.com.,IN,A,157804,216.239.38.10 +[56] 2016-10-20 15:24:18.445519 [#48 dns.pcap-dist 4095] \ + [137.205.188.255].44982 [44.76.218.44].53 \ + dns QUERY,NOERROR,45535,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:18.446775 [#49 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].44982 \ + dns QUERY,NOERROR,45535,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,271,216.58.218.206 \ + 4 google.com.,IN,NS,157802,ns4.google.com. \ + google.com.,IN,NS,157802,ns2.google.com. \ + google.com.,IN,NS,157802,ns1.google.com. \ + google.com.,IN,NS,157802,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157802,216.239.34.10 \ + ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 +[73] 2016-10-20 15:24:18.452451 [#50 dns.pcap-dist 4095] \ + [137.205.188.255].40224 [44.76.218.44].53 \ + dns QUERY,NOERROR,60808,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:18.454030 [#51 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].40224 \ + dns QUERY,NOERROR,60808,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 \ + ns2.google.com.,IN,A,157802,216.239.34.10 +[56] 2016-10-20 15:24:19.460087 [#52 dns.pcap-dist 4095] \ + [137.205.188.255].45658 [44.76.218.44].53 \ + dns QUERY,NOERROR,64325,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:19.462224 [#53 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].45658 \ + dns QUERY,NOERROR,64325,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,270,216.58.218.206 \ + 4 google.com.,IN,NS,157801,ns1.google.com. \ + google.com.,IN,NS,157801,ns3.google.com. \ + google.com.,IN,NS,157801,ns4.google.com. \ + google.com.,IN,NS,157801,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157801,216.239.34.10 \ + ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 +[73] 2016-10-20 15:24:19.467324 [#54 dns.pcap-dist 4095] \ + [137.205.188.255].60457 [44.76.218.44].53 \ + dns QUERY,NOERROR,25543,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:19.468895 [#55 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].60457 \ + dns QUERY,NOERROR,25543,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 \ + ns2.google.com.,IN,A,157801,216.239.34.10 +[56] 2016-10-20 15:24:20.475086 [#56 dns.pcap-dist 4095] \ + [137.205.188.255].59762 [44.76.218.44].53 \ + dns QUERY,NOERROR,20736,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:20.476841 [#57 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].59762 \ + dns QUERY,NOERROR,20736,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,269,216.58.218.206 \ + 4 google.com.,IN,NS,157800,ns3.google.com. \ + google.com.,IN,NS,157800,ns1.google.com. \ + google.com.,IN,NS,157800,ns4.google.com. \ + google.com.,IN,NS,157800,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157800,216.239.34.10 \ + ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 +[73] 2016-10-20 15:24:20.482188 [#58 dns.pcap-dist 4095] \ + [137.205.188.255].56022 [44.76.218.44].53 \ + dns QUERY,NOERROR,25911,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:20.483927 [#59 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].56022 \ + dns QUERY,NOERROR,25911,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 \ + ns2.google.com.,IN,A,157800,216.239.34.10 +[56] 2016-10-20 15:24:21.489468 [#60 dns.pcap-dist 4095] \ + [137.205.188.255].37669 [44.76.218.44].53 \ + dns QUERY,NOERROR,64358,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:21.490573 [#61 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].37669 \ + dns QUERY,NOERROR,64358,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,268,216.58.218.206 \ + 4 google.com.,IN,NS,157799,ns2.google.com. \ + google.com.,IN,NS,157799,ns1.google.com. \ + google.com.,IN,NS,157799,ns4.google.com. \ + google.com.,IN,NS,157799,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157799,216.239.34.10 \ + ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 +[73] 2016-10-20 15:24:21.495324 [#62 dns.pcap-dist 4095] \ + [137.205.188.255].42978 [44.76.218.44].53 \ + dns QUERY,NOERROR,37698,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:21.496815 [#63 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].42978 \ + dns QUERY,NOERROR,37698,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 \ + ns2.google.com.,IN,A,157799,216.239.34.10 +[56] 2016-10-20 15:24:22.502667 [#64 dns.pcap-dist 4095] \ + [137.205.188.255].49829 [44.76.218.44].53 \ + dns QUERY,NOERROR,54706,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:22.504738 [#65 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].49829 \ + dns QUERY,NOERROR,54706,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,267,216.58.218.206 \ + 4 google.com.,IN,NS,157798,ns2.google.com. \ + google.com.,IN,NS,157798,ns4.google.com. \ + google.com.,IN,NS,157798,ns3.google.com. \ + google.com.,IN,NS,157798,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157798,216.239.34.10 \ + ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 +[73] 2016-10-20 15:24:22.510176 [#66 dns.pcap-dist 4095] \ + [137.205.188.255].50599 [44.76.218.44].53 \ + dns QUERY,NOERROR,32142,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:22.511746 [#67 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].50599 \ + dns QUERY,NOERROR,32142,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 \ + ns2.google.com.,IN,A,157798,216.239.34.10 +[56] 2016-10-20 15:24:23.520203 [#68 dns.pcap-dist 4095] \ + [137.205.188.255].44980 [44.76.218.44].53 \ + dns QUERY,NOERROR,41808,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:23.521976 [#69 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].44980 \ + dns QUERY,NOERROR,41808,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,266,216.58.218.206 \ + 4 google.com.,IN,NS,157797,ns2.google.com. \ + google.com.,IN,NS,157797,ns4.google.com. \ + google.com.,IN,NS,157797,ns1.google.com. \ + google.com.,IN,NS,157797,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157797,216.239.34.10 \ + ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 +[73] 2016-10-20 15:24:23.527449 [#70 dns.pcap-dist 4095] \ + [137.205.188.255].60063 [44.76.218.44].53 \ + dns QUERY,NOERROR,18886,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:23.529385 [#71 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].60063 \ + dns QUERY,NOERROR,18886,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 \ + ns2.google.com.,IN,A,157797,216.239.34.10 +[56] 2016-10-20 15:24:24.537264 [#72 dns.pcap-dist 4095] \ + [137.205.188.255].42042 [44.76.218.44].53 \ + dns QUERY,NOERROR,10624,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:24.539398 [#73 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].42042 \ + dns QUERY,NOERROR,10624,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,265,216.58.218.206 \ + 4 google.com.,IN,NS,157796,ns3.google.com. \ + google.com.,IN,NS,157796,ns4.google.com. \ + google.com.,IN,NS,157796,ns1.google.com. \ + google.com.,IN,NS,157796,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157796,216.239.34.10 \ + ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 +[73] 2016-10-20 15:24:24.544538 [#74 dns.pcap-dist 4095] \ + [137.205.188.255].60469 [44.76.218.44].53 \ + dns QUERY,NOERROR,33139,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:24.546172 [#75 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].60469 \ + dns QUERY,NOERROR,33139,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 \ + ns2.google.com.,IN,A,157796,216.239.34.10 +[56] 2016-10-20 15:24:25.554744 [#76 dns.pcap-dist 4095] \ + [137.205.188.255].45703 [44.76.218.44].53 \ + dns QUERY,NOERROR,61415,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:25.556513 [#77 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].45703 \ + dns QUERY,NOERROR,61415,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,264,216.58.218.206 \ + 4 google.com.,IN,NS,157795,ns3.google.com. \ + google.com.,IN,NS,157795,ns4.google.com. \ + google.com.,IN,NS,157795,ns2.google.com. \ + google.com.,IN,NS,157795,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157795,216.239.34.10 \ + ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 +[73] 2016-10-20 15:24:25.562608 [#78 dns.pcap-dist 4095] \ + [137.205.188.255].33507 [44.76.218.44].53 \ + dns QUERY,NOERROR,59258,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:25.564509 [#79 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].33507 \ + dns QUERY,NOERROR,59258,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 \ + ns2.google.com.,IN,A,157795,216.239.34.10 +[56] 2016-10-20 15:24:26.572784 [#80 dns.pcap-dist 4095] \ + [137.205.188.255].46798 [44.76.218.44].53 \ + dns QUERY,NOERROR,17700,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:26.574350 [#81 dns.pcap-dist 4095] \ + [44.76.218.44].53 [137.205.188.255].46798 \ + dns QUERY,NOERROR,17700,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,263,216.58.218.206 \ + 4 google.com.,IN,NS,157794,ns1.google.com. \ + google.com.,IN,NS,157794,ns4.google.com. \ + google.com.,IN,NS,157794,ns3.google.com. \ + google.com.,IN,NS,157794,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157794,216.239.34.10 \ + ns1.google.com.,IN,A,331796,216.239.32.10 \ + ns3.google.com.,IN,A,157794,216.239.36.10 \ + ns4.google.com.,IN,A,157794,216.239.38.10 +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ + [137.205.188.255].53199 [8.8.8.8].53 \ + dns QUERY,NOERROR,59311,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].53199 \ + dns QUERY,NOERROR,59311,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns4.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[73] 2016-10-20 15:23:01.082865 [#2 dns.pcap-dist 4095] \ + [137.205.188.255].57822 [8.8.8.8].53 \ + dns QUERY,NOERROR,35665,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:01.084107 [#3 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].57822 \ + dns QUERY,NOERROR,35665,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 \ + ns2.google.com.,IN,A,157880,216.239.34.10 +[56] 2016-10-20 15:23:01.087291 [#4 dns.pcap-dist 4095] \ + [137.205.188.255].40043 [8.8.8.8].53 \ + dns QUERY,NOERROR,5337,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.088733 [#5 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].40043 \ + dns QUERY,NOERROR,5337,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[56] 2016-10-20 15:23:10.322117 [#6 dns.pcap-dist 4095] \ + [137.205.188.255].37953 [8.8.8.8].53 \ + dns QUERY,NOERROR,22982,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:10.323399 [#7 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].37953 \ + dns QUERY,NOERROR,22982,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,34,216.58.218.206 \ + 4 google.com.,IN,NS,157870,ns4.google.com. \ + google.com.,IN,NS,157870,ns1.google.com. \ + google.com.,IN,NS,157870,ns2.google.com. \ + google.com.,IN,NS,157870,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157870,216.239.34.10 \ + ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 +[73] 2016-10-20 15:23:10.328324 [#8 dns.pcap-dist 4095] \ + [137.205.188.255].48658 [8.8.8.8].53 \ + dns QUERY,NOERROR,18718,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:10.329572 [#9 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].48658 \ + dns QUERY,NOERROR,18718,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 \ + ns2.google.com.,IN,A,157870,216.239.34.10 +[56] 2016-10-20 15:23:52.860937 [#10 dns.pcap-dist 4095] \ + [137.205.188.255].40953 [8.8.8.8].53 \ + dns QUERY,NOERROR,22531,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:52.863771 [#11 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].40953 \ + dns QUERY,NOERROR,22531,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,297,216.58.218.206 \ + 4 google.com.,IN,NS,157828,ns2.google.com. \ + google.com.,IN,NS,157828,ns4.google.com. \ + google.com.,IN,NS,157828,ns1.google.com. \ + google.com.,IN,NS,157828,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157828,216.239.34.10 \ + ns1.google.com.,IN,A,331830,216.239.32.10 \ + ns3.google.com.,IN,A,157828,216.239.36.10 \ + ns4.google.com.,IN,A,157828,216.239.38.10 +[56] 2016-10-20 15:23:59.083869 [#12 dns.pcap-dist 4095] \ + [137.205.188.255].45174 [8.8.8.8].53 \ + dns QUERY,NOERROR,58510,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:59.086104 [#13 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].45174 \ + dns QUERY,NOERROR,58510,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,291,216.58.218.206 \ + 4 google.com.,IN,NS,157822,ns2.google.com. \ + google.com.,IN,NS,157822,ns3.google.com. \ + google.com.,IN,NS,157822,ns1.google.com. \ + google.com.,IN,NS,157822,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157822,216.239.34.10 \ + ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 +[73] 2016-10-20 15:23:59.090911 [#14 dns.pcap-dist 4095] \ + [137.205.188.255].33916 [8.8.8.8].53 \ + dns QUERY,NOERROR,45248,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:59.092204 [#15 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].33916 \ + dns QUERY,NOERROR,45248,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 \ + ns2.google.com.,IN,A,157822,216.239.34.10 +[56] 2016-10-20 15:24:04.323868 [#16 dns.pcap-dist 4095] \ + [137.205.188.255].43559 [8.8.8.8].53 \ + dns QUERY,NOERROR,49483,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:04.325597 [#17 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].43559 \ + dns QUERY,NOERROR,49483,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,285,216.58.218.206 \ + 4 google.com.,IN,NS,157816,ns4.google.com. \ + google.com.,IN,NS,157816,ns3.google.com. \ + google.com.,IN,NS,157816,ns1.google.com. \ + google.com.,IN,NS,157816,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157816,216.239.34.10 \ + ns1.google.com.,IN,A,331818,216.239.32.10 \ + ns3.google.com.,IN,A,157816,216.239.36.10 \ + ns4.google.com.,IN,A,157816,216.239.38.10 +[56] 2016-10-20 15:24:06.332239 [#18 dns.pcap-dist 4095] \ + [137.205.188.255].54859 [8.8.8.8].53 \ + dns QUERY,NOERROR,31669,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:06.333743 [#19 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].54859 \ + dns QUERY,NOERROR,31669,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,283,216.58.218.206 \ + 4 google.com.,IN,NS,157814,ns2.google.com. \ + google.com.,IN,NS,157814,ns1.google.com. \ + google.com.,IN,NS,157814,ns4.google.com. \ + google.com.,IN,NS,157814,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157814,216.239.34.10 \ + ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 +[73] 2016-10-20 15:24:06.339145 [#20 dns.pcap-dist 4095] \ + [137.205.188.255].58176 [8.8.8.8].53 \ + dns QUERY,NOERROR,25433,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:06.340820 [#21 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].58176 \ + dns QUERY,NOERROR,25433,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 \ + ns2.google.com.,IN,A,157814,216.239.34.10 +[56] 2016-10-20 15:24:07.346429 [#22 dns.pcap-dist 4095] \ + [137.205.188.255].41266 [8.8.8.8].53 \ + dns QUERY,NOERROR,63798,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:07.348160 [#23 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].41266 \ + dns QUERY,NOERROR,63798,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,282,216.58.218.206 \ + 4 google.com.,IN,NS,157813,ns4.google.com. \ + google.com.,IN,NS,157813,ns1.google.com. \ + google.com.,IN,NS,157813,ns3.google.com. \ + google.com.,IN,NS,157813,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157813,216.239.34.10 \ + ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 +[73] 2016-10-20 15:24:07.353123 [#24 dns.pcap-dist 4095] \ + [137.205.188.255].34607 [8.8.8.8].53 \ + dns QUERY,NOERROR,8470,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:07.354682 [#25 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].34607 \ + dns QUERY,NOERROR,8470,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 \ + ns2.google.com.,IN,A,157813,216.239.34.10 +[56] 2016-10-20 15:24:08.360528 [#26 dns.pcap-dist 4095] \ + [137.205.188.255].60437 [8.8.8.8].53 \ + dns QUERY,NOERROR,60258,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:08.362206 [#27 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].60437 \ + dns QUERY,NOERROR,60258,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,281,216.58.218.206 \ + 4 google.com.,IN,NS,157812,ns3.google.com. \ + google.com.,IN,NS,157812,ns2.google.com. \ + google.com.,IN,NS,157812,ns4.google.com. \ + google.com.,IN,NS,157812,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157812,216.239.34.10 \ + ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 +[73] 2016-10-20 15:24:08.368516 [#28 dns.pcap-dist 4095] \ + [137.205.188.255].37149 [8.8.8.8].53 \ + dns QUERY,NOERROR,44985,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:08.370119 [#29 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].37149 \ + dns QUERY,NOERROR,44985,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 \ + ns2.google.com.,IN,A,157812,216.239.34.10 +[56] 2016-10-20 15:24:09.375942 [#30 dns.pcap-dist 4095] \ + [137.205.188.255].53820 [8.8.8.8].53 \ + dns QUERY,NOERROR,45512,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:09.378425 [#31 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].53820 \ + dns QUERY,NOERROR,45512,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,280,216.58.218.206 \ + 4 google.com.,IN,NS,157811,ns3.google.com. \ + google.com.,IN,NS,157811,ns4.google.com. \ + google.com.,IN,NS,157811,ns1.google.com. \ + google.com.,IN,NS,157811,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157811,216.239.34.10 \ + ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 +[73] 2016-10-20 15:24:09.384057 [#32 dns.pcap-dist 4095] \ + [137.205.188.255].52368 [8.8.8.8].53 \ + dns QUERY,NOERROR,22980,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:09.385463 [#33 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].52368 \ + dns QUERY,NOERROR,22980,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 \ + ns2.google.com.,IN,A,157811,216.239.34.10 +[56] 2016-10-20 15:24:10.391358 [#34 dns.pcap-dist 4095] \ + [137.205.188.255].47637 [8.8.8.8].53 \ + dns QUERY,NOERROR,1834,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:10.392886 [#35 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].47637 \ + dns QUERY,NOERROR,1834,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,279,216.58.218.206 \ + 4 google.com.,IN,NS,157810,ns1.google.com. \ + google.com.,IN,NS,157810,ns2.google.com. \ + google.com.,IN,NS,157810,ns4.google.com. \ + google.com.,IN,NS,157810,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157810,216.239.34.10 \ + ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 +[73] 2016-10-20 15:24:10.398099 [#36 dns.pcap-dist 4095] \ + [137.205.188.255].34426 [8.8.8.8].53 \ + dns QUERY,NOERROR,25431,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:10.400317 [#37 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].34426 \ + dns QUERY,NOERROR,25431,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 \ + ns2.google.com.,IN,A,157810,216.239.34.10 +[56] 2016-10-20 15:24:11.406297 [#38 dns.pcap-dist 4095] \ + [137.205.188.255].41059 [8.8.8.8].53 \ + dns QUERY,NOERROR,48432,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:11.407460 [#39 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].41059 \ + dns QUERY,NOERROR,48432,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,278,216.58.218.206 \ + 4 google.com.,IN,NS,157809,ns3.google.com. \ + google.com.,IN,NS,157809,ns4.google.com. \ + google.com.,IN,NS,157809,ns2.google.com. \ + google.com.,IN,NS,157809,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157809,216.239.34.10 \ + ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 +[73] 2016-10-20 15:24:11.412133 [#40 dns.pcap-dist 4095] \ + [137.205.188.255].51181 [8.8.8.8].53 \ + dns QUERY,NOERROR,47411,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:11.413370 [#41 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].51181 \ + dns QUERY,NOERROR,47411,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 \ + ns2.google.com.,IN,A,157809,216.239.34.10 +[56] 2016-10-20 15:24:12.419936 [#42 dns.pcap-dist 4095] \ + [137.205.188.255].32976 [8.8.8.8].53 \ + dns QUERY,NOERROR,12038,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:12.421228 [#43 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].32976 \ + dns QUERY,NOERROR,12038,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,277,216.58.218.206 \ + 4 google.com.,IN,NS,157808,ns2.google.com. \ + google.com.,IN,NS,157808,ns3.google.com. \ + google.com.,IN,NS,157808,ns1.google.com. \ + google.com.,IN,NS,157808,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157808,216.239.34.10 \ + ns1.google.com.,IN,A,331810,216.239.32.10 \ + ns3.google.com.,IN,A,157808,216.239.36.10 \ + ns4.google.com.,IN,A,157808,216.239.38.10 +[56] 2016-10-20 15:24:14.428524 [#44 dns.pcap-dist 4095] \ + [137.205.188.255].53467 [8.8.8.8].53 \ + dns QUERY,NOERROR,11614,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:14.429863 [#45 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].53467 \ + dns QUERY,NOERROR,11614,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,275,216.58.218.206 \ + 4 google.com.,IN,NS,157806,ns3.google.com. \ + google.com.,IN,NS,157806,ns1.google.com. \ + google.com.,IN,NS,157806,ns4.google.com. \ + google.com.,IN,NS,157806,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157806,216.239.34.10 \ + ns1.google.com.,IN,A,331808,216.239.32.10 \ + ns3.google.com.,IN,A,157806,216.239.36.10 \ + ns4.google.com.,IN,A,157806,216.239.38.10 +[56] 2016-10-20 15:24:16.435733 [#46 dns.pcap-dist 4095] \ + [137.205.188.255].41532 [8.8.8.8].53 \ + dns QUERY,NOERROR,59173,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:16.437471 [#47 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].41532 \ + dns QUERY,NOERROR,59173,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,273,216.58.218.206 \ + 4 google.com.,IN,NS,157804,ns1.google.com. \ + google.com.,IN,NS,157804,ns3.google.com. \ + google.com.,IN,NS,157804,ns2.google.com. \ + google.com.,IN,NS,157804,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157804,216.239.34.10 \ + ns1.google.com.,IN,A,331806,216.239.32.10 \ + ns3.google.com.,IN,A,157804,216.239.36.10 \ + ns4.google.com.,IN,A,157804,216.239.38.10 +[56] 2016-10-20 15:24:18.445519 [#48 dns.pcap-dist 4095] \ + [137.205.188.255].44982 [8.8.8.8].53 \ + dns QUERY,NOERROR,45535,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:18.446775 [#49 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].44982 \ + dns QUERY,NOERROR,45535,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,271,216.58.218.206 \ + 4 google.com.,IN,NS,157802,ns4.google.com. \ + google.com.,IN,NS,157802,ns2.google.com. \ + google.com.,IN,NS,157802,ns1.google.com. \ + google.com.,IN,NS,157802,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157802,216.239.34.10 \ + ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 +[73] 2016-10-20 15:24:18.452451 [#50 dns.pcap-dist 4095] \ + [137.205.188.255].40224 [8.8.8.8].53 \ + dns QUERY,NOERROR,60808,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:18.454030 [#51 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].40224 \ + dns QUERY,NOERROR,60808,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 \ + ns2.google.com.,IN,A,157802,216.239.34.10 +[56] 2016-10-20 15:24:19.460087 [#52 dns.pcap-dist 4095] \ + [137.205.188.255].45658 [8.8.8.8].53 \ + dns QUERY,NOERROR,64325,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:19.462224 [#53 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].45658 \ + dns QUERY,NOERROR,64325,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,270,216.58.218.206 \ + 4 google.com.,IN,NS,157801,ns1.google.com. \ + google.com.,IN,NS,157801,ns3.google.com. \ + google.com.,IN,NS,157801,ns4.google.com. \ + google.com.,IN,NS,157801,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157801,216.239.34.10 \ + ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 +[73] 2016-10-20 15:24:19.467324 [#54 dns.pcap-dist 4095] \ + [137.205.188.255].60457 [8.8.8.8].53 \ + dns QUERY,NOERROR,25543,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:19.468895 [#55 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].60457 \ + dns QUERY,NOERROR,25543,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 \ + ns2.google.com.,IN,A,157801,216.239.34.10 +[56] 2016-10-20 15:24:20.475086 [#56 dns.pcap-dist 4095] \ + [137.205.188.255].59762 [8.8.8.8].53 \ + dns QUERY,NOERROR,20736,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:20.476841 [#57 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].59762 \ + dns QUERY,NOERROR,20736,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,269,216.58.218.206 \ + 4 google.com.,IN,NS,157800,ns3.google.com. \ + google.com.,IN,NS,157800,ns1.google.com. \ + google.com.,IN,NS,157800,ns4.google.com. \ + google.com.,IN,NS,157800,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157800,216.239.34.10 \ + ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 +[73] 2016-10-20 15:24:20.482188 [#58 dns.pcap-dist 4095] \ + [137.205.188.255].56022 [8.8.8.8].53 \ + dns QUERY,NOERROR,25911,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:20.483927 [#59 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].56022 \ + dns QUERY,NOERROR,25911,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 \ + ns2.google.com.,IN,A,157800,216.239.34.10 +[56] 2016-10-20 15:24:21.489468 [#60 dns.pcap-dist 4095] \ + [137.205.188.255].37669 [8.8.8.8].53 \ + dns QUERY,NOERROR,64358,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:21.490573 [#61 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].37669 \ + dns QUERY,NOERROR,64358,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,268,216.58.218.206 \ + 4 google.com.,IN,NS,157799,ns2.google.com. \ + google.com.,IN,NS,157799,ns1.google.com. \ + google.com.,IN,NS,157799,ns4.google.com. \ + google.com.,IN,NS,157799,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157799,216.239.34.10 \ + ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 +[73] 2016-10-20 15:24:21.495324 [#62 dns.pcap-dist 4095] \ + [137.205.188.255].42978 [8.8.8.8].53 \ + dns QUERY,NOERROR,37698,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:21.496815 [#63 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].42978 \ + dns QUERY,NOERROR,37698,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 \ + ns2.google.com.,IN,A,157799,216.239.34.10 +[56] 2016-10-20 15:24:22.502667 [#64 dns.pcap-dist 4095] \ + [137.205.188.255].49829 [8.8.8.8].53 \ + dns QUERY,NOERROR,54706,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:22.504738 [#65 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].49829 \ + dns QUERY,NOERROR,54706,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,267,216.58.218.206 \ + 4 google.com.,IN,NS,157798,ns2.google.com. \ + google.com.,IN,NS,157798,ns4.google.com. \ + google.com.,IN,NS,157798,ns3.google.com. \ + google.com.,IN,NS,157798,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157798,216.239.34.10 \ + ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 +[73] 2016-10-20 15:24:22.510176 [#66 dns.pcap-dist 4095] \ + [137.205.188.255].50599 [8.8.8.8].53 \ + dns QUERY,NOERROR,32142,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:22.511746 [#67 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].50599 \ + dns QUERY,NOERROR,32142,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 \ + ns2.google.com.,IN,A,157798,216.239.34.10 +[56] 2016-10-20 15:24:23.520203 [#68 dns.pcap-dist 4095] \ + [137.205.188.255].44980 [8.8.8.8].53 \ + dns QUERY,NOERROR,41808,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:23.521976 [#69 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].44980 \ + dns QUERY,NOERROR,41808,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,266,216.58.218.206 \ + 4 google.com.,IN,NS,157797,ns2.google.com. \ + google.com.,IN,NS,157797,ns4.google.com. \ + google.com.,IN,NS,157797,ns1.google.com. \ + google.com.,IN,NS,157797,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157797,216.239.34.10 \ + ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 +[73] 2016-10-20 15:24:23.527449 [#70 dns.pcap-dist 4095] \ + [137.205.188.255].60063 [8.8.8.8].53 \ + dns QUERY,NOERROR,18886,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:23.529385 [#71 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].60063 \ + dns QUERY,NOERROR,18886,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 \ + ns2.google.com.,IN,A,157797,216.239.34.10 +[56] 2016-10-20 15:24:24.537264 [#72 dns.pcap-dist 4095] \ + [137.205.188.255].42042 [8.8.8.8].53 \ + dns QUERY,NOERROR,10624,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:24.539398 [#73 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].42042 \ + dns QUERY,NOERROR,10624,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,265,216.58.218.206 \ + 4 google.com.,IN,NS,157796,ns3.google.com. \ + google.com.,IN,NS,157796,ns4.google.com. \ + google.com.,IN,NS,157796,ns1.google.com. \ + google.com.,IN,NS,157796,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157796,216.239.34.10 \ + ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 +[73] 2016-10-20 15:24:24.544538 [#74 dns.pcap-dist 4095] \ + [137.205.188.255].60469 [8.8.8.8].53 \ + dns QUERY,NOERROR,33139,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:24.546172 [#75 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].60469 \ + dns QUERY,NOERROR,33139,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 \ + ns2.google.com.,IN,A,157796,216.239.34.10 +[56] 2016-10-20 15:24:25.554744 [#76 dns.pcap-dist 4095] \ + [137.205.188.255].45703 [8.8.8.8].53 \ + dns QUERY,NOERROR,61415,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:25.556513 [#77 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].45703 \ + dns QUERY,NOERROR,61415,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,264,216.58.218.206 \ + 4 google.com.,IN,NS,157795,ns3.google.com. \ + google.com.,IN,NS,157795,ns4.google.com. \ + google.com.,IN,NS,157795,ns2.google.com. \ + google.com.,IN,NS,157795,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157795,216.239.34.10 \ + ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 +[73] 2016-10-20 15:24:25.562608 [#78 dns.pcap-dist 4095] \ + [137.205.188.255].33507 [8.8.8.8].53 \ + dns QUERY,NOERROR,59258,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:25.564509 [#79 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].33507 \ + dns QUERY,NOERROR,59258,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 \ + ns2.google.com.,IN,A,157795,216.239.34.10 +[56] 2016-10-20 15:24:26.572784 [#80 dns.pcap-dist 4095] \ + [137.205.188.255].46798 [8.8.8.8].53 \ + dns QUERY,NOERROR,17700,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:26.574350 [#81 dns.pcap-dist 4095] \ + [8.8.8.8].53 [137.205.188.255].46798 \ + dns QUERY,NOERROR,17700,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,263,216.58.218.206 \ + 4 google.com.,IN,NS,157794,ns1.google.com. \ + google.com.,IN,NS,157794,ns4.google.com. \ + google.com.,IN,NS,157794,ns3.google.com. \ + google.com.,IN,NS,157794,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157794,216.239.34.10 \ + ns1.google.com.,IN,A,331796,216.239.32.10 \ + ns3.google.com.,IN,A,157794,216.239.36.10 \ + ns4.google.com.,IN,A,157794,216.239.38.10 +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ + [172.17.0.10].53199 [44.76.218.44].53 \ + dns QUERY,NOERROR,59311,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].53199 \ + dns QUERY,NOERROR,59311,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns4.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[73] 2016-10-20 15:23:01.082865 [#2 dns.pcap-dist 4095] \ + [172.17.0.10].57822 [44.76.218.44].53 \ + dns QUERY,NOERROR,35665,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:01.084107 [#3 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].57822 \ + dns QUERY,NOERROR,35665,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 \ + ns2.google.com.,IN,A,157880,216.239.34.10 +[56] 2016-10-20 15:23:01.087291 [#4 dns.pcap-dist 4095] \ + [172.17.0.10].40043 [44.76.218.44].53 \ + dns QUERY,NOERROR,5337,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.088733 [#5 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].40043 \ + dns QUERY,NOERROR,5337,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[56] 2016-10-20 15:23:10.322117 [#6 dns.pcap-dist 4095] \ + [172.17.0.10].37953 [44.76.218.44].53 \ + dns QUERY,NOERROR,22982,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:10.323399 [#7 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].37953 \ + dns QUERY,NOERROR,22982,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,34,216.58.218.206 \ + 4 google.com.,IN,NS,157870,ns4.google.com. \ + google.com.,IN,NS,157870,ns1.google.com. \ + google.com.,IN,NS,157870,ns2.google.com. \ + google.com.,IN,NS,157870,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157870,216.239.34.10 \ + ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 +[73] 2016-10-20 15:23:10.328324 [#8 dns.pcap-dist 4095] \ + [172.17.0.10].48658 [44.76.218.44].53 \ + dns QUERY,NOERROR,18718,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:10.329572 [#9 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].48658 \ + dns QUERY,NOERROR,18718,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 \ + ns2.google.com.,IN,A,157870,216.239.34.10 +[56] 2016-10-20 15:23:52.860937 [#10 dns.pcap-dist 4095] \ + [172.17.0.10].40953 [44.76.218.44].53 \ + dns QUERY,NOERROR,22531,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:52.863771 [#11 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].40953 \ + dns QUERY,NOERROR,22531,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,297,216.58.218.206 \ + 4 google.com.,IN,NS,157828,ns2.google.com. \ + google.com.,IN,NS,157828,ns4.google.com. \ + google.com.,IN,NS,157828,ns1.google.com. \ + google.com.,IN,NS,157828,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157828,216.239.34.10 \ + ns1.google.com.,IN,A,331830,216.239.32.10 \ + ns3.google.com.,IN,A,157828,216.239.36.10 \ + ns4.google.com.,IN,A,157828,216.239.38.10 +[56] 2016-10-20 15:23:59.083869 [#12 dns.pcap-dist 4095] \ + [172.17.0.10].45174 [44.76.218.44].53 \ + dns QUERY,NOERROR,58510,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:59.086104 [#13 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].45174 \ + dns QUERY,NOERROR,58510,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,291,216.58.218.206 \ + 4 google.com.,IN,NS,157822,ns2.google.com. \ + google.com.,IN,NS,157822,ns3.google.com. \ + google.com.,IN,NS,157822,ns1.google.com. \ + google.com.,IN,NS,157822,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157822,216.239.34.10 \ + ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 +[73] 2016-10-20 15:23:59.090911 [#14 dns.pcap-dist 4095] \ + [172.17.0.10].33916 [44.76.218.44].53 \ + dns QUERY,NOERROR,45248,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:59.092204 [#15 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].33916 \ + dns QUERY,NOERROR,45248,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 \ + ns2.google.com.,IN,A,157822,216.239.34.10 +[56] 2016-10-20 15:24:04.323868 [#16 dns.pcap-dist 4095] \ + [172.17.0.10].43559 [44.76.218.44].53 \ + dns QUERY,NOERROR,49483,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:04.325597 [#17 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].43559 \ + dns QUERY,NOERROR,49483,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,285,216.58.218.206 \ + 4 google.com.,IN,NS,157816,ns4.google.com. \ + google.com.,IN,NS,157816,ns3.google.com. \ + google.com.,IN,NS,157816,ns1.google.com. \ + google.com.,IN,NS,157816,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157816,216.239.34.10 \ + ns1.google.com.,IN,A,331818,216.239.32.10 \ + ns3.google.com.,IN,A,157816,216.239.36.10 \ + ns4.google.com.,IN,A,157816,216.239.38.10 +[56] 2016-10-20 15:24:06.332239 [#18 dns.pcap-dist 4095] \ + [172.17.0.10].54859 [44.76.218.44].53 \ + dns QUERY,NOERROR,31669,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:06.333743 [#19 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].54859 \ + dns QUERY,NOERROR,31669,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,283,216.58.218.206 \ + 4 google.com.,IN,NS,157814,ns2.google.com. \ + google.com.,IN,NS,157814,ns1.google.com. \ + google.com.,IN,NS,157814,ns4.google.com. \ + google.com.,IN,NS,157814,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157814,216.239.34.10 \ + ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 +[73] 2016-10-20 15:24:06.339145 [#20 dns.pcap-dist 4095] \ + [172.17.0.10].58176 [44.76.218.44].53 \ + dns QUERY,NOERROR,25433,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:06.340820 [#21 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].58176 \ + dns QUERY,NOERROR,25433,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 \ + ns2.google.com.,IN,A,157814,216.239.34.10 +[56] 2016-10-20 15:24:07.346429 [#22 dns.pcap-dist 4095] \ + [172.17.0.10].41266 [44.76.218.44].53 \ + dns QUERY,NOERROR,63798,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:07.348160 [#23 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].41266 \ + dns QUERY,NOERROR,63798,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,282,216.58.218.206 \ + 4 google.com.,IN,NS,157813,ns4.google.com. \ + google.com.,IN,NS,157813,ns1.google.com. \ + google.com.,IN,NS,157813,ns3.google.com. \ + google.com.,IN,NS,157813,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157813,216.239.34.10 \ + ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 +[73] 2016-10-20 15:24:07.353123 [#24 dns.pcap-dist 4095] \ + [172.17.0.10].34607 [44.76.218.44].53 \ + dns QUERY,NOERROR,8470,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:07.354682 [#25 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].34607 \ + dns QUERY,NOERROR,8470,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 \ + ns2.google.com.,IN,A,157813,216.239.34.10 +[56] 2016-10-20 15:24:08.360528 [#26 dns.pcap-dist 4095] \ + [172.17.0.10].60437 [44.76.218.44].53 \ + dns QUERY,NOERROR,60258,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:08.362206 [#27 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].60437 \ + dns QUERY,NOERROR,60258,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,281,216.58.218.206 \ + 4 google.com.,IN,NS,157812,ns3.google.com. \ + google.com.,IN,NS,157812,ns2.google.com. \ + google.com.,IN,NS,157812,ns4.google.com. \ + google.com.,IN,NS,157812,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157812,216.239.34.10 \ + ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 +[73] 2016-10-20 15:24:08.368516 [#28 dns.pcap-dist 4095] \ + [172.17.0.10].37149 [44.76.218.44].53 \ + dns QUERY,NOERROR,44985,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:08.370119 [#29 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].37149 \ + dns QUERY,NOERROR,44985,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 \ + ns2.google.com.,IN,A,157812,216.239.34.10 +[56] 2016-10-20 15:24:09.375942 [#30 dns.pcap-dist 4095] \ + [172.17.0.10].53820 [44.76.218.44].53 \ + dns QUERY,NOERROR,45512,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:09.378425 [#31 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].53820 \ + dns QUERY,NOERROR,45512,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,280,216.58.218.206 \ + 4 google.com.,IN,NS,157811,ns3.google.com. \ + google.com.,IN,NS,157811,ns4.google.com. \ + google.com.,IN,NS,157811,ns1.google.com. \ + google.com.,IN,NS,157811,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157811,216.239.34.10 \ + ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 +[73] 2016-10-20 15:24:09.384057 [#32 dns.pcap-dist 4095] \ + [172.17.0.10].52368 [44.76.218.44].53 \ + dns QUERY,NOERROR,22980,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:09.385463 [#33 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].52368 \ + dns QUERY,NOERROR,22980,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 \ + ns2.google.com.,IN,A,157811,216.239.34.10 +[56] 2016-10-20 15:24:10.391358 [#34 dns.pcap-dist 4095] \ + [172.17.0.10].47637 [44.76.218.44].53 \ + dns QUERY,NOERROR,1834,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:10.392886 [#35 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].47637 \ + dns QUERY,NOERROR,1834,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,279,216.58.218.206 \ + 4 google.com.,IN,NS,157810,ns1.google.com. \ + google.com.,IN,NS,157810,ns2.google.com. \ + google.com.,IN,NS,157810,ns4.google.com. \ + google.com.,IN,NS,157810,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157810,216.239.34.10 \ + ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 +[73] 2016-10-20 15:24:10.398099 [#36 dns.pcap-dist 4095] \ + [172.17.0.10].34426 [44.76.218.44].53 \ + dns QUERY,NOERROR,25431,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:10.400317 [#37 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].34426 \ + dns QUERY,NOERROR,25431,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 \ + ns2.google.com.,IN,A,157810,216.239.34.10 +[56] 2016-10-20 15:24:11.406297 [#38 dns.pcap-dist 4095] \ + [172.17.0.10].41059 [44.76.218.44].53 \ + dns QUERY,NOERROR,48432,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:11.407460 [#39 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].41059 \ + dns QUERY,NOERROR,48432,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,278,216.58.218.206 \ + 4 google.com.,IN,NS,157809,ns3.google.com. \ + google.com.,IN,NS,157809,ns4.google.com. \ + google.com.,IN,NS,157809,ns2.google.com. \ + google.com.,IN,NS,157809,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157809,216.239.34.10 \ + ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 +[73] 2016-10-20 15:24:11.412133 [#40 dns.pcap-dist 4095] \ + [172.17.0.10].51181 [44.76.218.44].53 \ + dns QUERY,NOERROR,47411,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:11.413370 [#41 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].51181 \ + dns QUERY,NOERROR,47411,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 \ + ns2.google.com.,IN,A,157809,216.239.34.10 +[56] 2016-10-20 15:24:12.419936 [#42 dns.pcap-dist 4095] \ + [172.17.0.10].32976 [44.76.218.44].53 \ + dns QUERY,NOERROR,12038,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:12.421228 [#43 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].32976 \ + dns QUERY,NOERROR,12038,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,277,216.58.218.206 \ + 4 google.com.,IN,NS,157808,ns2.google.com. \ + google.com.,IN,NS,157808,ns3.google.com. \ + google.com.,IN,NS,157808,ns1.google.com. \ + google.com.,IN,NS,157808,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157808,216.239.34.10 \ + ns1.google.com.,IN,A,331810,216.239.32.10 \ + ns3.google.com.,IN,A,157808,216.239.36.10 \ + ns4.google.com.,IN,A,157808,216.239.38.10 +[56] 2016-10-20 15:24:14.428524 [#44 dns.pcap-dist 4095] \ + [172.17.0.10].53467 [44.76.218.44].53 \ + dns QUERY,NOERROR,11614,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:14.429863 [#45 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].53467 \ + dns QUERY,NOERROR,11614,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,275,216.58.218.206 \ + 4 google.com.,IN,NS,157806,ns3.google.com. \ + google.com.,IN,NS,157806,ns1.google.com. \ + google.com.,IN,NS,157806,ns4.google.com. \ + google.com.,IN,NS,157806,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157806,216.239.34.10 \ + ns1.google.com.,IN,A,331808,216.239.32.10 \ + ns3.google.com.,IN,A,157806,216.239.36.10 \ + ns4.google.com.,IN,A,157806,216.239.38.10 +[56] 2016-10-20 15:24:16.435733 [#46 dns.pcap-dist 4095] \ + [172.17.0.10].41532 [44.76.218.44].53 \ + dns QUERY,NOERROR,59173,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:16.437471 [#47 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].41532 \ + dns QUERY,NOERROR,59173,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,273,216.58.218.206 \ + 4 google.com.,IN,NS,157804,ns1.google.com. \ + google.com.,IN,NS,157804,ns3.google.com. \ + google.com.,IN,NS,157804,ns2.google.com. \ + google.com.,IN,NS,157804,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157804,216.239.34.10 \ + ns1.google.com.,IN,A,331806,216.239.32.10 \ + ns3.google.com.,IN,A,157804,216.239.36.10 \ + ns4.google.com.,IN,A,157804,216.239.38.10 +[56] 2016-10-20 15:24:18.445519 [#48 dns.pcap-dist 4095] \ + [172.17.0.10].44982 [44.76.218.44].53 \ + dns QUERY,NOERROR,45535,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:18.446775 [#49 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].44982 \ + dns QUERY,NOERROR,45535,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,271,216.58.218.206 \ + 4 google.com.,IN,NS,157802,ns4.google.com. \ + google.com.,IN,NS,157802,ns2.google.com. \ + google.com.,IN,NS,157802,ns1.google.com. \ + google.com.,IN,NS,157802,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157802,216.239.34.10 \ + ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 +[73] 2016-10-20 15:24:18.452451 [#50 dns.pcap-dist 4095] \ + [172.17.0.10].40224 [44.76.218.44].53 \ + dns QUERY,NOERROR,60808,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:18.454030 [#51 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].40224 \ + dns QUERY,NOERROR,60808,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 \ + ns2.google.com.,IN,A,157802,216.239.34.10 +[56] 2016-10-20 15:24:19.460087 [#52 dns.pcap-dist 4095] \ + [172.17.0.10].45658 [44.76.218.44].53 \ + dns QUERY,NOERROR,64325,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:19.462224 [#53 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].45658 \ + dns QUERY,NOERROR,64325,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,270,216.58.218.206 \ + 4 google.com.,IN,NS,157801,ns1.google.com. \ + google.com.,IN,NS,157801,ns3.google.com. \ + google.com.,IN,NS,157801,ns4.google.com. \ + google.com.,IN,NS,157801,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157801,216.239.34.10 \ + ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 +[73] 2016-10-20 15:24:19.467324 [#54 dns.pcap-dist 4095] \ + [172.17.0.10].60457 [44.76.218.44].53 \ + dns QUERY,NOERROR,25543,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:19.468895 [#55 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].60457 \ + dns QUERY,NOERROR,25543,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 \ + ns2.google.com.,IN,A,157801,216.239.34.10 +[56] 2016-10-20 15:24:20.475086 [#56 dns.pcap-dist 4095] \ + [172.17.0.10].59762 [44.76.218.44].53 \ + dns QUERY,NOERROR,20736,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:20.476841 [#57 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].59762 \ + dns QUERY,NOERROR,20736,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,269,216.58.218.206 \ + 4 google.com.,IN,NS,157800,ns3.google.com. \ + google.com.,IN,NS,157800,ns1.google.com. \ + google.com.,IN,NS,157800,ns4.google.com. \ + google.com.,IN,NS,157800,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157800,216.239.34.10 \ + ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 +[73] 2016-10-20 15:24:20.482188 [#58 dns.pcap-dist 4095] \ + [172.17.0.10].56022 [44.76.218.44].53 \ + dns QUERY,NOERROR,25911,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:20.483927 [#59 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].56022 \ + dns QUERY,NOERROR,25911,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 \ + ns2.google.com.,IN,A,157800,216.239.34.10 +[56] 2016-10-20 15:24:21.489468 [#60 dns.pcap-dist 4095] \ + [172.17.0.10].37669 [44.76.218.44].53 \ + dns QUERY,NOERROR,64358,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:21.490573 [#61 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].37669 \ + dns QUERY,NOERROR,64358,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,268,216.58.218.206 \ + 4 google.com.,IN,NS,157799,ns2.google.com. \ + google.com.,IN,NS,157799,ns1.google.com. \ + google.com.,IN,NS,157799,ns4.google.com. \ + google.com.,IN,NS,157799,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157799,216.239.34.10 \ + ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 +[73] 2016-10-20 15:24:21.495324 [#62 dns.pcap-dist 4095] \ + [172.17.0.10].42978 [44.76.218.44].53 \ + dns QUERY,NOERROR,37698,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:21.496815 [#63 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].42978 \ + dns QUERY,NOERROR,37698,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 \ + ns2.google.com.,IN,A,157799,216.239.34.10 +[56] 2016-10-20 15:24:22.502667 [#64 dns.pcap-dist 4095] \ + [172.17.0.10].49829 [44.76.218.44].53 \ + dns QUERY,NOERROR,54706,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:22.504738 [#65 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].49829 \ + dns QUERY,NOERROR,54706,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,267,216.58.218.206 \ + 4 google.com.,IN,NS,157798,ns2.google.com. \ + google.com.,IN,NS,157798,ns4.google.com. \ + google.com.,IN,NS,157798,ns3.google.com. \ + google.com.,IN,NS,157798,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157798,216.239.34.10 \ + ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 +[73] 2016-10-20 15:24:22.510176 [#66 dns.pcap-dist 4095] \ + [172.17.0.10].50599 [44.76.218.44].53 \ + dns QUERY,NOERROR,32142,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:22.511746 [#67 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].50599 \ + dns QUERY,NOERROR,32142,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 \ + ns2.google.com.,IN,A,157798,216.239.34.10 +[56] 2016-10-20 15:24:23.520203 [#68 dns.pcap-dist 4095] \ + [172.17.0.10].44980 [44.76.218.44].53 \ + dns QUERY,NOERROR,41808,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:23.521976 [#69 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].44980 \ + dns QUERY,NOERROR,41808,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,266,216.58.218.206 \ + 4 google.com.,IN,NS,157797,ns2.google.com. \ + google.com.,IN,NS,157797,ns4.google.com. \ + google.com.,IN,NS,157797,ns1.google.com. \ + google.com.,IN,NS,157797,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157797,216.239.34.10 \ + ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 +[73] 2016-10-20 15:24:23.527449 [#70 dns.pcap-dist 4095] \ + [172.17.0.10].60063 [44.76.218.44].53 \ + dns QUERY,NOERROR,18886,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:23.529385 [#71 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].60063 \ + dns QUERY,NOERROR,18886,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 \ + ns2.google.com.,IN,A,157797,216.239.34.10 +[56] 2016-10-20 15:24:24.537264 [#72 dns.pcap-dist 4095] \ + [172.17.0.10].42042 [44.76.218.44].53 \ + dns QUERY,NOERROR,10624,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:24.539398 [#73 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].42042 \ + dns QUERY,NOERROR,10624,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,265,216.58.218.206 \ + 4 google.com.,IN,NS,157796,ns3.google.com. \ + google.com.,IN,NS,157796,ns4.google.com. \ + google.com.,IN,NS,157796,ns1.google.com. \ + google.com.,IN,NS,157796,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157796,216.239.34.10 \ + ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 +[73] 2016-10-20 15:24:24.544538 [#74 dns.pcap-dist 4095] \ + [172.17.0.10].60469 [44.76.218.44].53 \ + dns QUERY,NOERROR,33139,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:24.546172 [#75 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].60469 \ + dns QUERY,NOERROR,33139,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 \ + ns2.google.com.,IN,A,157796,216.239.34.10 +[56] 2016-10-20 15:24:25.554744 [#76 dns.pcap-dist 4095] \ + [172.17.0.10].45703 [44.76.218.44].53 \ + dns QUERY,NOERROR,61415,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:25.556513 [#77 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].45703 \ + dns QUERY,NOERROR,61415,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,264,216.58.218.206 \ + 4 google.com.,IN,NS,157795,ns3.google.com. \ + google.com.,IN,NS,157795,ns4.google.com. \ + google.com.,IN,NS,157795,ns2.google.com. \ + google.com.,IN,NS,157795,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157795,216.239.34.10 \ + ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 +[73] 2016-10-20 15:24:25.562608 [#78 dns.pcap-dist 4095] \ + [172.17.0.10].33507 [44.76.218.44].53 \ + dns QUERY,NOERROR,59258,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:25.564509 [#79 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].33507 \ + dns QUERY,NOERROR,59258,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 \ + ns2.google.com.,IN,A,157795,216.239.34.10 +[56] 2016-10-20 15:24:26.572784 [#80 dns.pcap-dist 4095] \ + [172.17.0.10].46798 [44.76.218.44].53 \ + dns QUERY,NOERROR,17700,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:26.574350 [#81 dns.pcap-dist 4095] \ + [44.76.218.44].53 [172.17.0.10].46798 \ + dns QUERY,NOERROR,17700,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,263,216.58.218.206 \ + 4 google.com.,IN,NS,157794,ns1.google.com. \ + google.com.,IN,NS,157794,ns4.google.com. \ + google.com.,IN,NS,157794,ns3.google.com. \ + google.com.,IN,NS,157794,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157794,216.239.34.10 \ + ns1.google.com.,IN,A,331796,216.239.32.10 \ + ns3.google.com.,IN,A,157794,216.239.36.10 \ + ns4.google.com.,IN,A,157794,216.239.38.10 +cryptopan.so usage error: -c and -s options are mutually exclusive diff --git a/plugins/cryptopan/test1.sh b/plugins/cryptopan/test1.sh new file mode 100755 index 0000000..b499f12 --- /dev/null +++ b/plugins/cryptopan/test1.sh @@ -0,0 +1,27 @@ +#!/bin/sh -xe + +plugin=`find . -name 'cryptopan.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the cryptopan plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist + +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" 2>test1.out +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "some 16-byte key" 2>>test1.out +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -i "some 16-byte key" 2>>test1.out +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -a "some 16-byte key" 2>>test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "some 16-byte key" -i "some 16-byte key" -a "some 16-byte key" 2>>test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "some 16-byte key" -i "some 16-byte key" -a "some 16-byte key" -c 2>>test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "some 16-byte key" -i "some 16-byte key" -a "some 16-byte key" -s 2>>test1.out +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "some 16-byte key" -i "some 16-byte key" -a "some 16-byte key" -c -s 2>>test1.out + +osrel=`uname -s` +if [ "$osrel" = "OpenBSD" ]; then + mv test1.out test1.out.old + grep -v "^dnscap.*WARNING.*symbol.*relink" test1.out.old > test1.out + rm test1.out.old +fi + +diff test1.out "$srcdir/test1.gold" diff --git a/plugins/cryptopan/test2.gold b/plugins/cryptopan/test2.gold new file mode 100644 index 0000000..d7d5e63 --- /dev/null +++ b/plugins/cryptopan/test2.gold @@ -0,0 +1,33 @@ +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ + [11eb:460f:2668:8b63:2668:8b2a:2668:8948].51972 [1845:9ab2:426f:b370:2668:8b2a:2668:33ab].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ + [1845:9ab2:426f:b370:2668:8b2a:2668:33ab].53 [11eb:460f:2668:8b63:2668:8b2a:2668:8948].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ + [11eb:460f:2668:8b63:2668:8b2a:2668:8948].51972 [2001:4860:4860::8888].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ + [2001:4860:4860::8888].53 [11eb:460f:2668:8b63:2668:8b2a:2668:8948].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ + [2a01:3f0:0:57::245].51972 [1845:9ab2:426f:b370:2668:8b2a:2668:33ab].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ + [1845:9ab2:426f:b370:2668:8b2a:2668:33ab].53 [2a01:3f0:0:57::245].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] diff --git a/plugins/cryptopan/test2.sh b/plugins/cryptopan/test2.sh new file mode 100755 index 0000000..3f41fc4 --- /dev/null +++ b/plugins/cryptopan/test2.sh @@ -0,0 +1,30 @@ +#!/bin/sh -xe + +plugin=`find . -name 'cryptopan.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the cryptopan plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns6.pcap" dns6.pcap-dist + +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -6 -k "some 16-byte key" -i "some 16-byte key" -a "some 16-byte key" 2>test2.out +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -6 -k "some 16-byte key" -i "some 16-byte key" -a "some 16-byte key" -c 2>>test2.out +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -6 -k "some 16-byte key" -i "some 16-byte key" -a "some 16-byte key" -s 2>>test2.out + +osrel=`uname -s` +if [ "$osrel" = "OpenBSD" ]; then + mv test2.out test2.out.old + grep -v "^dnscap.*WARNING.*symbol.*relink" test2.out.old > test2.out + rm test2.out.old +fi + +# TODO: Remove when #133 is fixed +cat test2.out | \ + sed 's%,CLASS4096,OPT,%,4096,4096,%' | \ + sed 's%,CLASS512,OPT,%,512,512,%' | \ + sed 's%,41,41,0,edns0\[len=0,UDP=4096,%,4096,4096,0,edns0[len=0,UDP=4096,%' | \ + sed 's%,41,41,0,edns0\[len=0,UDP=512,%,512,512,0,edns0[len=0,UDP=512,%' >test2.new +mv test2.new test2.out + +diff test2.out "$srcdir/test2.gold" diff --git a/plugins/cryptopan/test3.gold b/plugins/cryptopan/test3.gold new file mode 100644 index 0000000..afd1d7d --- /dev/null +++ b/plugins/cryptopan/test3.gold @@ -0,0 +1,725 @@ +[56] 2016-10-20 15:23:01.075993 [#0 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].53199 [8.8.8.8].53 \ + dns QUERY,NOERROR,59311,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.077982 [#1 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].53199 \ + dns QUERY,NOERROR,59311,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns4.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[73] 2016-10-20 15:23:01.082865 [#2 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].57822 [8.8.8.8].53 \ + dns QUERY,NOERROR,35665,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:01.084107 [#3 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].57822 \ + dns QUERY,NOERROR,35665,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 \ + ns2.google.com.,IN,A,157880,216.239.34.10 +[56] 2016-10-20 15:23:01.087291 [#4 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].40043 [8.8.8.8].53 \ + dns QUERY,NOERROR,5337,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.088733 [#5 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].40043 \ + dns QUERY,NOERROR,5337,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[56] 2016-10-20 15:23:10.322117 [#6 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].37953 [8.8.8.8].53 \ + dns QUERY,NOERROR,22982,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:10.323399 [#7 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].37953 \ + dns QUERY,NOERROR,22982,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,34,216.58.218.206 \ + 4 google.com.,IN,NS,157870,ns4.google.com. \ + google.com.,IN,NS,157870,ns1.google.com. \ + google.com.,IN,NS,157870,ns2.google.com. \ + google.com.,IN,NS,157870,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157870,216.239.34.10 \ + ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 +[73] 2016-10-20 15:23:10.328324 [#8 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].48658 [8.8.8.8].53 \ + dns QUERY,NOERROR,18718,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:10.329572 [#9 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].48658 \ + dns QUERY,NOERROR,18718,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 \ + ns2.google.com.,IN,A,157870,216.239.34.10 +[56] 2016-10-20 15:23:52.860937 [#10 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].40953 [8.8.8.8].53 \ + dns QUERY,NOERROR,22531,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:52.863771 [#11 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].40953 \ + dns QUERY,NOERROR,22531,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,297,216.58.218.206 \ + 4 google.com.,IN,NS,157828,ns2.google.com. \ + google.com.,IN,NS,157828,ns4.google.com. \ + google.com.,IN,NS,157828,ns1.google.com. \ + google.com.,IN,NS,157828,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157828,216.239.34.10 \ + ns1.google.com.,IN,A,331830,216.239.32.10 \ + ns3.google.com.,IN,A,157828,216.239.36.10 \ + ns4.google.com.,IN,A,157828,216.239.38.10 +[56] 2016-10-20 15:23:59.083869 [#12 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].45174 [8.8.8.8].53 \ + dns QUERY,NOERROR,58510,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:59.086104 [#13 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].45174 \ + dns QUERY,NOERROR,58510,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,291,216.58.218.206 \ + 4 google.com.,IN,NS,157822,ns2.google.com. \ + google.com.,IN,NS,157822,ns3.google.com. \ + google.com.,IN,NS,157822,ns1.google.com. \ + google.com.,IN,NS,157822,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157822,216.239.34.10 \ + ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 +[73] 2016-10-20 15:23:59.090911 [#14 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].33916 [8.8.8.8].53 \ + dns QUERY,NOERROR,45248,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:59.092204 [#15 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].33916 \ + dns QUERY,NOERROR,45248,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 \ + ns2.google.com.,IN,A,157822,216.239.34.10 +[56] 2016-10-20 15:24:04.323868 [#16 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].43559 [8.8.8.8].53 \ + dns QUERY,NOERROR,49483,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:04.325597 [#17 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].43559 \ + dns QUERY,NOERROR,49483,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,285,216.58.218.206 \ + 4 google.com.,IN,NS,157816,ns4.google.com. \ + google.com.,IN,NS,157816,ns3.google.com. \ + google.com.,IN,NS,157816,ns1.google.com. \ + google.com.,IN,NS,157816,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157816,216.239.34.10 \ + ns1.google.com.,IN,A,331818,216.239.32.10 \ + ns3.google.com.,IN,A,157816,216.239.36.10 \ + ns4.google.com.,IN,A,157816,216.239.38.10 +[56] 2016-10-20 15:24:06.332239 [#18 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].54859 [8.8.8.8].53 \ + dns QUERY,NOERROR,31669,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:06.333743 [#19 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].54859 \ + dns QUERY,NOERROR,31669,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,283,216.58.218.206 \ + 4 google.com.,IN,NS,157814,ns2.google.com. \ + google.com.,IN,NS,157814,ns1.google.com. \ + google.com.,IN,NS,157814,ns4.google.com. \ + google.com.,IN,NS,157814,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157814,216.239.34.10 \ + ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 +[73] 2016-10-20 15:24:06.339145 [#20 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].58176 [8.8.8.8].53 \ + dns QUERY,NOERROR,25433,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:06.340820 [#21 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].58176 \ + dns QUERY,NOERROR,25433,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 \ + ns2.google.com.,IN,A,157814,216.239.34.10 +[56] 2016-10-20 15:24:07.346429 [#22 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].41266 [8.8.8.8].53 \ + dns QUERY,NOERROR,63798,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:07.348160 [#23 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].41266 \ + dns QUERY,NOERROR,63798,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,282,216.58.218.206 \ + 4 google.com.,IN,NS,157813,ns4.google.com. \ + google.com.,IN,NS,157813,ns1.google.com. \ + google.com.,IN,NS,157813,ns3.google.com. \ + google.com.,IN,NS,157813,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157813,216.239.34.10 \ + ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 +[73] 2016-10-20 15:24:07.353123 [#24 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].34607 [8.8.8.8].53 \ + dns QUERY,NOERROR,8470,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:07.354682 [#25 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].34607 \ + dns QUERY,NOERROR,8470,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 \ + ns2.google.com.,IN,A,157813,216.239.34.10 +[56] 2016-10-20 15:24:08.360528 [#26 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].60437 [8.8.8.8].53 \ + dns QUERY,NOERROR,60258,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:08.362206 [#27 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].60437 \ + dns QUERY,NOERROR,60258,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,281,216.58.218.206 \ + 4 google.com.,IN,NS,157812,ns3.google.com. \ + google.com.,IN,NS,157812,ns2.google.com. \ + google.com.,IN,NS,157812,ns4.google.com. \ + google.com.,IN,NS,157812,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157812,216.239.34.10 \ + ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 +[73] 2016-10-20 15:24:08.368516 [#28 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].37149 [8.8.8.8].53 \ + dns QUERY,NOERROR,44985,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:08.370119 [#29 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].37149 \ + dns QUERY,NOERROR,44985,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 \ + ns2.google.com.,IN,A,157812,216.239.34.10 +[56] 2016-10-20 15:24:09.375942 [#30 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].53820 [8.8.8.8].53 \ + dns QUERY,NOERROR,45512,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:09.378425 [#31 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].53820 \ + dns QUERY,NOERROR,45512,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,280,216.58.218.206 \ + 4 google.com.,IN,NS,157811,ns3.google.com. \ + google.com.,IN,NS,157811,ns4.google.com. \ + google.com.,IN,NS,157811,ns1.google.com. \ + google.com.,IN,NS,157811,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157811,216.239.34.10 \ + ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 +[73] 2016-10-20 15:24:09.384057 [#32 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].52368 [8.8.8.8].53 \ + dns QUERY,NOERROR,22980,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:09.385463 [#33 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].52368 \ + dns QUERY,NOERROR,22980,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 \ + ns2.google.com.,IN,A,157811,216.239.34.10 +[56] 2016-10-20 15:24:10.391358 [#34 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].47637 [8.8.8.8].53 \ + dns QUERY,NOERROR,1834,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:10.392886 [#35 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].47637 \ + dns QUERY,NOERROR,1834,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,279,216.58.218.206 \ + 4 google.com.,IN,NS,157810,ns1.google.com. \ + google.com.,IN,NS,157810,ns2.google.com. \ + google.com.,IN,NS,157810,ns4.google.com. \ + google.com.,IN,NS,157810,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157810,216.239.34.10 \ + ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 +[73] 2016-10-20 15:24:10.398099 [#36 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].34426 [8.8.8.8].53 \ + dns QUERY,NOERROR,25431,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:10.400317 [#37 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].34426 \ + dns QUERY,NOERROR,25431,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 \ + ns2.google.com.,IN,A,157810,216.239.34.10 +[56] 2016-10-20 15:24:11.406297 [#38 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].41059 [8.8.8.8].53 \ + dns QUERY,NOERROR,48432,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:11.407460 [#39 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].41059 \ + dns QUERY,NOERROR,48432,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,278,216.58.218.206 \ + 4 google.com.,IN,NS,157809,ns3.google.com. \ + google.com.,IN,NS,157809,ns4.google.com. \ + google.com.,IN,NS,157809,ns2.google.com. \ + google.com.,IN,NS,157809,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157809,216.239.34.10 \ + ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 +[73] 2016-10-20 15:24:11.412133 [#40 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].51181 [8.8.8.8].53 \ + dns QUERY,NOERROR,47411,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:11.413370 [#41 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].51181 \ + dns QUERY,NOERROR,47411,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 \ + ns2.google.com.,IN,A,157809,216.239.34.10 +[56] 2016-10-20 15:24:12.419936 [#42 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].32976 [8.8.8.8].53 \ + dns QUERY,NOERROR,12038,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:12.421228 [#43 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].32976 \ + dns QUERY,NOERROR,12038,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,277,216.58.218.206 \ + 4 google.com.,IN,NS,157808,ns2.google.com. \ + google.com.,IN,NS,157808,ns3.google.com. \ + google.com.,IN,NS,157808,ns1.google.com. \ + google.com.,IN,NS,157808,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157808,216.239.34.10 \ + ns1.google.com.,IN,A,331810,216.239.32.10 \ + ns3.google.com.,IN,A,157808,216.239.36.10 \ + ns4.google.com.,IN,A,157808,216.239.38.10 +[56] 2016-10-20 15:24:14.428524 [#44 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].53467 [8.8.8.8].53 \ + dns QUERY,NOERROR,11614,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:14.429863 [#45 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].53467 \ + dns QUERY,NOERROR,11614,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,275,216.58.218.206 \ + 4 google.com.,IN,NS,157806,ns3.google.com. \ + google.com.,IN,NS,157806,ns1.google.com. \ + google.com.,IN,NS,157806,ns4.google.com. \ + google.com.,IN,NS,157806,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157806,216.239.34.10 \ + ns1.google.com.,IN,A,331808,216.239.32.10 \ + ns3.google.com.,IN,A,157806,216.239.36.10 \ + ns4.google.com.,IN,A,157806,216.239.38.10 +[56] 2016-10-20 15:24:16.435733 [#46 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].41532 [8.8.8.8].53 \ + dns QUERY,NOERROR,59173,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:16.437471 [#47 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].41532 \ + dns QUERY,NOERROR,59173,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,273,216.58.218.206 \ + 4 google.com.,IN,NS,157804,ns1.google.com. \ + google.com.,IN,NS,157804,ns3.google.com. \ + google.com.,IN,NS,157804,ns2.google.com. \ + google.com.,IN,NS,157804,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157804,216.239.34.10 \ + ns1.google.com.,IN,A,331806,216.239.32.10 \ + ns3.google.com.,IN,A,157804,216.239.36.10 \ + ns4.google.com.,IN,A,157804,216.239.38.10 +[56] 2016-10-20 15:24:18.445519 [#48 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].44982 [8.8.8.8].53 \ + dns QUERY,NOERROR,45535,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:18.446775 [#49 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].44982 \ + dns QUERY,NOERROR,45535,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,271,216.58.218.206 \ + 4 google.com.,IN,NS,157802,ns4.google.com. \ + google.com.,IN,NS,157802,ns2.google.com. \ + google.com.,IN,NS,157802,ns1.google.com. \ + google.com.,IN,NS,157802,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157802,216.239.34.10 \ + ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 +[73] 2016-10-20 15:24:18.452451 [#50 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].40224 [8.8.8.8].53 \ + dns QUERY,NOERROR,60808,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:18.454030 [#51 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].40224 \ + dns QUERY,NOERROR,60808,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 \ + ns2.google.com.,IN,A,157802,216.239.34.10 +[56] 2016-10-20 15:24:19.460087 [#52 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].45658 [8.8.8.8].53 \ + dns QUERY,NOERROR,64325,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:19.462224 [#53 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].45658 \ + dns QUERY,NOERROR,64325,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,270,216.58.218.206 \ + 4 google.com.,IN,NS,157801,ns1.google.com. \ + google.com.,IN,NS,157801,ns3.google.com. \ + google.com.,IN,NS,157801,ns4.google.com. \ + google.com.,IN,NS,157801,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157801,216.239.34.10 \ + ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 +[73] 2016-10-20 15:24:19.467324 [#54 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].60457 [8.8.8.8].53 \ + dns QUERY,NOERROR,25543,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:19.468895 [#55 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].60457 \ + dns QUERY,NOERROR,25543,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 \ + ns2.google.com.,IN,A,157801,216.239.34.10 +[56] 2016-10-20 15:24:20.475086 [#56 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].59762 [8.8.8.8].53 \ + dns QUERY,NOERROR,20736,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:20.476841 [#57 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].59762 \ + dns QUERY,NOERROR,20736,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,269,216.58.218.206 \ + 4 google.com.,IN,NS,157800,ns3.google.com. \ + google.com.,IN,NS,157800,ns1.google.com. \ + google.com.,IN,NS,157800,ns4.google.com. \ + google.com.,IN,NS,157800,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157800,216.239.34.10 \ + ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 +[73] 2016-10-20 15:24:20.482188 [#58 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].56022 [8.8.8.8].53 \ + dns QUERY,NOERROR,25911,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:20.483927 [#59 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].56022 \ + dns QUERY,NOERROR,25911,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 \ + ns2.google.com.,IN,A,157800,216.239.34.10 +[56] 2016-10-20 15:24:21.489468 [#60 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].37669 [8.8.8.8].53 \ + dns QUERY,NOERROR,64358,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:21.490573 [#61 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].37669 \ + dns QUERY,NOERROR,64358,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,268,216.58.218.206 \ + 4 google.com.,IN,NS,157799,ns2.google.com. \ + google.com.,IN,NS,157799,ns1.google.com. \ + google.com.,IN,NS,157799,ns4.google.com. \ + google.com.,IN,NS,157799,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157799,216.239.34.10 \ + ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 +[73] 2016-10-20 15:24:21.495324 [#62 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].42978 [8.8.8.8].53 \ + dns QUERY,NOERROR,37698,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:21.496815 [#63 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].42978 \ + dns QUERY,NOERROR,37698,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 \ + ns2.google.com.,IN,A,157799,216.239.34.10 +[56] 2016-10-20 15:24:22.502667 [#64 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].49829 [8.8.8.8].53 \ + dns QUERY,NOERROR,54706,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:22.504738 [#65 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].49829 \ + dns QUERY,NOERROR,54706,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,267,216.58.218.206 \ + 4 google.com.,IN,NS,157798,ns2.google.com. \ + google.com.,IN,NS,157798,ns4.google.com. \ + google.com.,IN,NS,157798,ns3.google.com. \ + google.com.,IN,NS,157798,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157798,216.239.34.10 \ + ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 +[73] 2016-10-20 15:24:22.510176 [#66 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].50599 [8.8.8.8].53 \ + dns QUERY,NOERROR,32142,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:22.511746 [#67 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].50599 \ + dns QUERY,NOERROR,32142,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 \ + ns2.google.com.,IN,A,157798,216.239.34.10 +[56] 2016-10-20 15:24:23.520203 [#68 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].44980 [8.8.8.8].53 \ + dns QUERY,NOERROR,41808,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:23.521976 [#69 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].44980 \ + dns QUERY,NOERROR,41808,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,266,216.58.218.206 \ + 4 google.com.,IN,NS,157797,ns2.google.com. \ + google.com.,IN,NS,157797,ns4.google.com. \ + google.com.,IN,NS,157797,ns1.google.com. \ + google.com.,IN,NS,157797,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157797,216.239.34.10 \ + ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 +[73] 2016-10-20 15:24:23.527449 [#70 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].60063 [8.8.8.8].53 \ + dns QUERY,NOERROR,18886,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:23.529385 [#71 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].60063 \ + dns QUERY,NOERROR,18886,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 \ + ns2.google.com.,IN,A,157797,216.239.34.10 +[56] 2016-10-20 15:24:24.537264 [#72 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].42042 [8.8.8.8].53 \ + dns QUERY,NOERROR,10624,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:24.539398 [#73 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].42042 \ + dns QUERY,NOERROR,10624,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,265,216.58.218.206 \ + 4 google.com.,IN,NS,157796,ns3.google.com. \ + google.com.,IN,NS,157796,ns4.google.com. \ + google.com.,IN,NS,157796,ns1.google.com. \ + google.com.,IN,NS,157796,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157796,216.239.34.10 \ + ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 +[73] 2016-10-20 15:24:24.544538 [#74 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].60469 [8.8.8.8].53 \ + dns QUERY,NOERROR,33139,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:24.546172 [#75 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].60469 \ + dns QUERY,NOERROR,33139,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 \ + ns2.google.com.,IN,A,157796,216.239.34.10 +[56] 2016-10-20 15:24:25.554744 [#76 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].45703 [8.8.8.8].53 \ + dns QUERY,NOERROR,61415,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:25.556513 [#77 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].45703 \ + dns QUERY,NOERROR,61415,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,264,216.58.218.206 \ + 4 google.com.,IN,NS,157795,ns3.google.com. \ + google.com.,IN,NS,157795,ns4.google.com. \ + google.com.,IN,NS,157795,ns2.google.com. \ + google.com.,IN,NS,157795,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157795,216.239.34.10 \ + ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 +[73] 2016-10-20 15:24:25.562608 [#78 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].33507 [8.8.8.8].53 \ + dns QUERY,NOERROR,59258,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:25.564509 [#79 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].33507 \ + dns QUERY,NOERROR,59258,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 \ + ns2.google.com.,IN,A,157795,216.239.34.10 +[56] 2016-10-20 15:24:26.572784 [#80 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].46798 [8.8.8.8].53 \ + dns QUERY,NOERROR,17700,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:26.574350 [#81 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].46798 \ + dns QUERY,NOERROR,17700,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,263,216.58.218.206 \ + 4 google.com.,IN,NS,157794,ns1.google.com. \ + google.com.,IN,NS,157794,ns4.google.com. \ + google.com.,IN,NS,157794,ns3.google.com. \ + google.com.,IN,NS,157794,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157794,216.239.34.10 \ + ns1.google.com.,IN,A,331796,216.239.32.10 \ + ns3.google.com.,IN,A,157794,216.239.36.10 \ + ns4.google.com.,IN,A,157794,216.239.38.10 +[87] 2018-11-27 15:52:00.414188 [#0 test3.pcap.20181127.155200.414188 4095] \ + [2a01:3f0:0:57::245].51972 [2001:4860:4860::8888].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 test3.pcap.20181127.155200.414188 4095] \ + [2001:4860:4860::8888].53 [2a01:3f0:0:57::245].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] diff --git a/plugins/cryptopan/test3.sh b/plugins/cryptopan/test3.sh new file mode 100755 index 0000000..48dc90f --- /dev/null +++ b/plugins/cryptopan/test3.sh @@ -0,0 +1,32 @@ +#!/bin/sh -xe + +plugin=`find . -name 'cryptopan.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the cryptopan plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist +ln -fs "$srcdir/../../src/test/dns6.pcap" dns6.pcap-dist + +../../src/dnscap -w test3.pcap -r dns.pcap-dist -P "$plugin" -k "some 16-byte key" -i "some 16-byte key" -a "some 16-byte key" 2>test3.out +../../src/dnscap -w test3.pcap -r dns6.pcap-dist -P "$plugin" -k "some 16-byte key" -i "some 16-byte key" -a "some 16-byte key" -6 2>>test3.out +../../src/dnscap -r test3.pcap.20161020.152301.075993 -g -P "$plugin" -k "some 16-byte key" -i "some 16-byte key" -a "some 16-byte key" -D 2>>test3.out +../../src/dnscap -r test3.pcap.20181127.155200.414188 -g -P "$plugin" -k "some 16-byte key" -i "some 16-byte key" -a "some 16-byte key" -6 -D 2>>test3.out + +osrel=`uname -s` +if [ "$osrel" = "OpenBSD" ]; then + mv test3.out test3.out.old + grep -v "^dnscap.*WARNING.*symbol.*relink" test3.out.old > test3.out + rm test3.out.old +fi + +# TODO: Remove when #133 is fixed +cat test3.out | \ + sed 's%,CLASS4096,OPT,%,4096,4096,%' | \ + sed 's%,CLASS512,OPT,%,512,512,%' | \ + sed 's%,41,41,0,edns0\[len=0,UDP=4096,%,4096,4096,0,edns0[len=0,UDP=4096,%' | \ + sed 's%,41,41,0,edns0\[len=0,UDP=512,%,512,512,0,edns0[len=0,UDP=512,%' >test3.new +mv test3.new test3.out + +diff test3.out "$srcdir/test3.gold" diff --git a/plugins/cryptopan/test4.sh b/plugins/cryptopan/test4.sh new file mode 100755 index 0000000..499a86c --- /dev/null +++ b/plugins/cryptopan/test4.sh @@ -0,0 +1,26 @@ +#!/bin/sh -xe + +plugin=`find . -name 'cryptopan.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the cryptopan plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist + +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -? +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -X +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k tooshort +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -i tooshort +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -a tooshort +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -K "$srcdir/test4.sh" -I "$srcdir/test4.sh" -A "$srcdir/test4.sh" +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -K does_not_exist +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -I does_not_exist +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -A does_not_exist +rm -f test4.tmp +touch test4.tmp +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -K test4.tmp +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -I test4.tmp +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -A test4.tmp +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -p 0 +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -p 1 diff --git a/plugins/cryptopant/Makefile.am b/plugins/cryptopant/Makefile.am new file mode 100644 index 0000000..3aaa44a --- /dev/null +++ b/plugins/cryptopant/Makefile.am @@ -0,0 +1,24 @@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in +CLEANFILES = *.gcda *.gcno *.gcov + +AM_CFLAGS = -I$(srcdir) \ + -I$(top_srcdir)/src \ + -I$(top_srcdir)/isc \ + $(SECCOMPFLAGS) $(libcrypto_CFLAGS) + +pkglib_LTLIBRARIES = cryptopant.la +cryptopant_la_SOURCES = cryptopant.c +cryptopant_la_LDFLAGS = -module -avoid-version $(libcrypto_LIBS) + +TESTS = test1.sh test2.sh test3.sh test4.sh + +EXTRA_DIST = $(TESTS) test1.gold keyfile test2.gold test3.gold +CLEANFILES += test1.out test2.out test3.out test3.pcap.20161020.152301.075993 \ + test3.pcap.20181127.155200.414188 + +if ENABLE_GCOV +gcov-local: + for src in $(cryptopant_la_SOURCES); do \ + gcov -o .libs -l -r -s "$(srcdir)" "$$src"; \ + done +endif diff --git a/plugins/cryptopant/cryptopant.c b/plugins/cryptopant/cryptopant.c new file mode 100644 index 0000000..6fb34ed --- /dev/null +++ b/plugins/cryptopant/cryptopant.c @@ -0,0 +1,241 @@ +/* + * Copyright (c) 2018-2021, OARC, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. Neither the name of the copyright holder nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> +#include <sys/socket.h> + +#include "dnscap_common.h" + +#if defined(HAVE_LIBCRYPTOPANT) && defined(HAVE_CRYPTOPANT_H) +#include <cryptopANT.h> +#define USE_CRYPTOPANT 1 +#endif + +static set_iaddr_t cryptopant_set_iaddr = 0; + +static logerr_t* logerr; +static int only_clients = 0, only_servers = 0, dns_port = 53, pass4 = 0, pass6 = 0, decrypt = 0; + +enum plugin_type cryptopant_type() +{ + return plugin_filter; +} + +void usage(const char* msg) +{ + fprintf(stderr, "cryptopant.so usage error: %s\n", msg); + exit(1); +} + +void cryptopant_usage() +{ + fprintf(stderr, + "\ncryptopant.so options:\n" + "\t-? print these instructions and exit\n" + "\t-k <file> Keyfile to use (generated by scramble_ips -G)\n" + "\t-4 <num> pass <num> higher bits of IPv4 through unchanged\n" + "\t-6 <num> pass <num> higher bits of IPv6 through unchanged\n" + "\t-D Decrypt IP addresses\n" + "\t-c Only encrypt clients (port != 53)\n" + "\t-s Only encrypt servers (port == 53)\n" + "\t-p <port> Set port for -c/-s, default 53\n"); +} + +void cryptopant_extension(int ext, void* arg) +{ + switch (ext) { + case DNSCAP_EXT_SET_IADDR: + cryptopant_set_iaddr = (set_iaddr_t)arg; + break; + } +} + +void cryptopant_getopt(int* argc, char** argv[]) +{ + int c; + unsigned long ul; + char * p, *keyfile = 0; + + while ((c = getopt(*argc, *argv, "?k:4:6:Dcsp:")) != EOF) { + switch (c) { + case 'k': + if (keyfile) { + free(keyfile); + } + keyfile = strdup(optarg); + break; + case '4': + ul = strtoul(optarg, &p, 0); + if (*p != '\0' || ul > 31U) + usage("pass IPv4 bits must be an integer 0..31"); + pass4 = (unsigned)ul; + break; + case '6': + ul = strtoul(optarg, &p, 0); + if (*p != '\0' || ul > 127U) + usage("pass IPv6 bits must be an integer 0..127"); + pass6 = (unsigned)ul; + break; + case 'D': + decrypt = 1; + break; + case 'c': + only_clients = 1; + break; + case 's': + only_servers = 1; + break; + case 'p': + ul = strtoul(optarg, &p, 0); + if (*p != '\0' || ul < 1U || ul > 65535U) + usage("port must be an integer 1..65535"); + dns_port = (unsigned)ul; + break; + case '?': + cryptopant_usage(); + if (!optopt || optopt == '?') { + exit(0); + } + // fallthrough + default: + exit(1); + } + } + +#ifdef USE_CRYPTOPANT + if (!keyfile) { + usage("must have a -k keyfile"); + } + + if (scramble_init_from_file(keyfile, SCRAMBLE_NONE, SCRAMBLE_NONE, 0)) { + usage("unable to initialize cryptopANT"); + } +#else + usage("no cryptopANT support built in, can't encrypt IP addresses"); +#endif + + if (only_clients && only_servers) { + usage("-c and -s options are mutually exclusive"); + } + + if (keyfile) { + free(keyfile); + } +} + +int cryptopant_start(logerr_t* a_logerr) +{ + logerr = a_logerr; + return 0; +} + +void cryptopant_stop() +{ +} + +int cryptopant_open(my_bpftimeval ts) +{ + return 0; +} + +int cryptopant_close(my_bpftimeval ts) +{ + return 0; +} + +int cryptopant_filter(const char* descr, iaddr* from, iaddr* to, uint8_t proto, unsigned flags, + unsigned sport, unsigned dport, my_bpftimeval ts, + const u_char* pkt_copy, const unsigned olen, + const u_char* payload, const unsigned payloadlen) +{ +#ifdef USE_CRYPTOPANT + for (;;) { + if (only_clients && sport == dns_port) { + from = 0; + break; + } + if (only_servers && sport != dns_port) { + from = 0; + break; + } + + switch (from->af) { + case AF_INET: + from->u.a4.s_addr = decrypt ? unscramble_ip4(from->u.a4.s_addr, pass4) : scramble_ip4(from->u.a4.s_addr, pass4); + break; + case AF_INET6: + decrypt ? unscramble_ip6(&from->u.a6, pass6) : scramble_ip6(&from->u.a6, pass6); + break; + default: + from = 0; + break; + } + break; + } + + for (;;) { + if (only_clients && dport == dns_port) { + to = 0; + break; + } + if (only_servers && dport != dns_port) { + to = 0; + break; + } + + switch (to->af) { + case AF_INET: + to->u.a4.s_addr = decrypt ? unscramble_ip4(to->u.a4.s_addr, pass4) : scramble_ip4(to->u.a4.s_addr, pass4); + break; + case AF_INET6: + decrypt ? unscramble_ip6(&to->u.a6, pass6) : scramble_ip6(&to->u.a6, pass6); + break; + default: + to = 0; + break; + } + break; + } + + if (cryptopant_set_iaddr && (from || to)) { + cryptopant_set_iaddr(from, to); + } +#endif + return 0; +} diff --git a/plugins/cryptopant/keyfile b/plugins/cryptopant/keyfile new file mode 100644 index 0000000..66e6f5c --- /dev/null +++ b/plugins/cryptopant/keyfile @@ -0,0 +1 @@ +02:02:cd6adc7b7dcaf5b926c657190ab7e05a:1df8f74f976ad7ff7a443ce7d2e2ce44235fa2a7080107b19a6785698064f121::54d9e7a215dbd120f70f054a176ca398 diff --git a/plugins/cryptopant/test1.gold b/plugins/cryptopant/test1.gold new file mode 100644 index 0000000..2201d4f --- /dev/null +++ b/plugins/cryptopant/test1.gold @@ -0,0 +1,2858 @@ +cryptopant.so usage error: must have a -k keyfile +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ + [143.24.244.213].53199 [108.201.214.210].53 \ + dns QUERY,NOERROR,59311,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].53199 \ + dns QUERY,NOERROR,59311,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns4.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[73] 2016-10-20 15:23:01.082865 [#2 dns.pcap-dist 4095] \ + [143.24.244.213].57822 [108.201.214.210].53 \ + dns QUERY,NOERROR,35665,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:01.084107 [#3 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].57822 \ + dns QUERY,NOERROR,35665,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 \ + ns2.google.com.,IN,A,157880,216.239.34.10 +[56] 2016-10-20 15:23:01.087291 [#4 dns.pcap-dist 4095] \ + [143.24.244.213].40043 [108.201.214.210].53 \ + dns QUERY,NOERROR,5337,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.088733 [#5 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].40043 \ + dns QUERY,NOERROR,5337,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[56] 2016-10-20 15:23:10.322117 [#6 dns.pcap-dist 4095] \ + [143.24.244.213].37953 [108.201.214.210].53 \ + dns QUERY,NOERROR,22982,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:10.323399 [#7 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].37953 \ + dns QUERY,NOERROR,22982,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,34,216.58.218.206 \ + 4 google.com.,IN,NS,157870,ns4.google.com. \ + google.com.,IN,NS,157870,ns1.google.com. \ + google.com.,IN,NS,157870,ns2.google.com. \ + google.com.,IN,NS,157870,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157870,216.239.34.10 \ + ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 +[73] 2016-10-20 15:23:10.328324 [#8 dns.pcap-dist 4095] \ + [143.24.244.213].48658 [108.201.214.210].53 \ + dns QUERY,NOERROR,18718,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:10.329572 [#9 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].48658 \ + dns QUERY,NOERROR,18718,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 \ + ns2.google.com.,IN,A,157870,216.239.34.10 +[56] 2016-10-20 15:23:52.860937 [#10 dns.pcap-dist 4095] \ + [143.24.244.213].40953 [108.201.214.210].53 \ + dns QUERY,NOERROR,22531,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:52.863771 [#11 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].40953 \ + dns QUERY,NOERROR,22531,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,297,216.58.218.206 \ + 4 google.com.,IN,NS,157828,ns2.google.com. \ + google.com.,IN,NS,157828,ns4.google.com. \ + google.com.,IN,NS,157828,ns1.google.com. \ + google.com.,IN,NS,157828,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157828,216.239.34.10 \ + ns1.google.com.,IN,A,331830,216.239.32.10 \ + ns3.google.com.,IN,A,157828,216.239.36.10 \ + ns4.google.com.,IN,A,157828,216.239.38.10 +[56] 2016-10-20 15:23:59.083869 [#12 dns.pcap-dist 4095] \ + [143.24.244.213].45174 [108.201.214.210].53 \ + dns QUERY,NOERROR,58510,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:59.086104 [#13 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].45174 \ + dns QUERY,NOERROR,58510,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,291,216.58.218.206 \ + 4 google.com.,IN,NS,157822,ns2.google.com. \ + google.com.,IN,NS,157822,ns3.google.com. \ + google.com.,IN,NS,157822,ns1.google.com. \ + google.com.,IN,NS,157822,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157822,216.239.34.10 \ + ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 +[73] 2016-10-20 15:23:59.090911 [#14 dns.pcap-dist 4095] \ + [143.24.244.213].33916 [108.201.214.210].53 \ + dns QUERY,NOERROR,45248,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:59.092204 [#15 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].33916 \ + dns QUERY,NOERROR,45248,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 \ + ns2.google.com.,IN,A,157822,216.239.34.10 +[56] 2016-10-20 15:24:04.323868 [#16 dns.pcap-dist 4095] \ + [143.24.244.213].43559 [108.201.214.210].53 \ + dns QUERY,NOERROR,49483,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:04.325597 [#17 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].43559 \ + dns QUERY,NOERROR,49483,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,285,216.58.218.206 \ + 4 google.com.,IN,NS,157816,ns4.google.com. \ + google.com.,IN,NS,157816,ns3.google.com. \ + google.com.,IN,NS,157816,ns1.google.com. \ + google.com.,IN,NS,157816,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157816,216.239.34.10 \ + ns1.google.com.,IN,A,331818,216.239.32.10 \ + ns3.google.com.,IN,A,157816,216.239.36.10 \ + ns4.google.com.,IN,A,157816,216.239.38.10 +[56] 2016-10-20 15:24:06.332239 [#18 dns.pcap-dist 4095] \ + [143.24.244.213].54859 [108.201.214.210].53 \ + dns QUERY,NOERROR,31669,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:06.333743 [#19 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].54859 \ + dns QUERY,NOERROR,31669,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,283,216.58.218.206 \ + 4 google.com.,IN,NS,157814,ns2.google.com. \ + google.com.,IN,NS,157814,ns1.google.com. \ + google.com.,IN,NS,157814,ns4.google.com. \ + google.com.,IN,NS,157814,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157814,216.239.34.10 \ + ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 +[73] 2016-10-20 15:24:06.339145 [#20 dns.pcap-dist 4095] \ + [143.24.244.213].58176 [108.201.214.210].53 \ + dns QUERY,NOERROR,25433,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:06.340820 [#21 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].58176 \ + dns QUERY,NOERROR,25433,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 \ + ns2.google.com.,IN,A,157814,216.239.34.10 +[56] 2016-10-20 15:24:07.346429 [#22 dns.pcap-dist 4095] \ + [143.24.244.213].41266 [108.201.214.210].53 \ + dns QUERY,NOERROR,63798,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:07.348160 [#23 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].41266 \ + dns QUERY,NOERROR,63798,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,282,216.58.218.206 \ + 4 google.com.,IN,NS,157813,ns4.google.com. \ + google.com.,IN,NS,157813,ns1.google.com. \ + google.com.,IN,NS,157813,ns3.google.com. \ + google.com.,IN,NS,157813,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157813,216.239.34.10 \ + ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 +[73] 2016-10-20 15:24:07.353123 [#24 dns.pcap-dist 4095] \ + [143.24.244.213].34607 [108.201.214.210].53 \ + dns QUERY,NOERROR,8470,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:07.354682 [#25 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].34607 \ + dns QUERY,NOERROR,8470,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 \ + ns2.google.com.,IN,A,157813,216.239.34.10 +[56] 2016-10-20 15:24:08.360528 [#26 dns.pcap-dist 4095] \ + [143.24.244.213].60437 [108.201.214.210].53 \ + dns QUERY,NOERROR,60258,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:08.362206 [#27 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].60437 \ + dns QUERY,NOERROR,60258,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,281,216.58.218.206 \ + 4 google.com.,IN,NS,157812,ns3.google.com. \ + google.com.,IN,NS,157812,ns2.google.com. \ + google.com.,IN,NS,157812,ns4.google.com. \ + google.com.,IN,NS,157812,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157812,216.239.34.10 \ + ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 +[73] 2016-10-20 15:24:08.368516 [#28 dns.pcap-dist 4095] \ + [143.24.244.213].37149 [108.201.214.210].53 \ + dns QUERY,NOERROR,44985,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:08.370119 [#29 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].37149 \ + dns QUERY,NOERROR,44985,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 \ + ns2.google.com.,IN,A,157812,216.239.34.10 +[56] 2016-10-20 15:24:09.375942 [#30 dns.pcap-dist 4095] \ + [143.24.244.213].53820 [108.201.214.210].53 \ + dns QUERY,NOERROR,45512,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:09.378425 [#31 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].53820 \ + dns QUERY,NOERROR,45512,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,280,216.58.218.206 \ + 4 google.com.,IN,NS,157811,ns3.google.com. \ + google.com.,IN,NS,157811,ns4.google.com. \ + google.com.,IN,NS,157811,ns1.google.com. \ + google.com.,IN,NS,157811,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157811,216.239.34.10 \ + ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 +[73] 2016-10-20 15:24:09.384057 [#32 dns.pcap-dist 4095] \ + [143.24.244.213].52368 [108.201.214.210].53 \ + dns QUERY,NOERROR,22980,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:09.385463 [#33 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].52368 \ + dns QUERY,NOERROR,22980,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 \ + ns2.google.com.,IN,A,157811,216.239.34.10 +[56] 2016-10-20 15:24:10.391358 [#34 dns.pcap-dist 4095] \ + [143.24.244.213].47637 [108.201.214.210].53 \ + dns QUERY,NOERROR,1834,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:10.392886 [#35 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].47637 \ + dns QUERY,NOERROR,1834,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,279,216.58.218.206 \ + 4 google.com.,IN,NS,157810,ns1.google.com. \ + google.com.,IN,NS,157810,ns2.google.com. \ + google.com.,IN,NS,157810,ns4.google.com. \ + google.com.,IN,NS,157810,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157810,216.239.34.10 \ + ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 +[73] 2016-10-20 15:24:10.398099 [#36 dns.pcap-dist 4095] \ + [143.24.244.213].34426 [108.201.214.210].53 \ + dns QUERY,NOERROR,25431,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:10.400317 [#37 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].34426 \ + dns QUERY,NOERROR,25431,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 \ + ns2.google.com.,IN,A,157810,216.239.34.10 +[56] 2016-10-20 15:24:11.406297 [#38 dns.pcap-dist 4095] \ + [143.24.244.213].41059 [108.201.214.210].53 \ + dns QUERY,NOERROR,48432,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:11.407460 [#39 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].41059 \ + dns QUERY,NOERROR,48432,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,278,216.58.218.206 \ + 4 google.com.,IN,NS,157809,ns3.google.com. \ + google.com.,IN,NS,157809,ns4.google.com. \ + google.com.,IN,NS,157809,ns2.google.com. \ + google.com.,IN,NS,157809,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157809,216.239.34.10 \ + ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 +[73] 2016-10-20 15:24:11.412133 [#40 dns.pcap-dist 4095] \ + [143.24.244.213].51181 [108.201.214.210].53 \ + dns QUERY,NOERROR,47411,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:11.413370 [#41 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].51181 \ + dns QUERY,NOERROR,47411,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 \ + ns2.google.com.,IN,A,157809,216.239.34.10 +[56] 2016-10-20 15:24:12.419936 [#42 dns.pcap-dist 4095] \ + [143.24.244.213].32976 [108.201.214.210].53 \ + dns QUERY,NOERROR,12038,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:12.421228 [#43 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].32976 \ + dns QUERY,NOERROR,12038,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,277,216.58.218.206 \ + 4 google.com.,IN,NS,157808,ns2.google.com. \ + google.com.,IN,NS,157808,ns3.google.com. \ + google.com.,IN,NS,157808,ns1.google.com. \ + google.com.,IN,NS,157808,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157808,216.239.34.10 \ + ns1.google.com.,IN,A,331810,216.239.32.10 \ + ns3.google.com.,IN,A,157808,216.239.36.10 \ + ns4.google.com.,IN,A,157808,216.239.38.10 +[56] 2016-10-20 15:24:14.428524 [#44 dns.pcap-dist 4095] \ + [143.24.244.213].53467 [108.201.214.210].53 \ + dns QUERY,NOERROR,11614,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:14.429863 [#45 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].53467 \ + dns QUERY,NOERROR,11614,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,275,216.58.218.206 \ + 4 google.com.,IN,NS,157806,ns3.google.com. \ + google.com.,IN,NS,157806,ns1.google.com. \ + google.com.,IN,NS,157806,ns4.google.com. \ + google.com.,IN,NS,157806,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157806,216.239.34.10 \ + ns1.google.com.,IN,A,331808,216.239.32.10 \ + ns3.google.com.,IN,A,157806,216.239.36.10 \ + ns4.google.com.,IN,A,157806,216.239.38.10 +[56] 2016-10-20 15:24:16.435733 [#46 dns.pcap-dist 4095] \ + [143.24.244.213].41532 [108.201.214.210].53 \ + dns QUERY,NOERROR,59173,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:16.437471 [#47 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].41532 \ + dns QUERY,NOERROR,59173,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,273,216.58.218.206 \ + 4 google.com.,IN,NS,157804,ns1.google.com. \ + google.com.,IN,NS,157804,ns3.google.com. \ + google.com.,IN,NS,157804,ns2.google.com. \ + google.com.,IN,NS,157804,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157804,216.239.34.10 \ + ns1.google.com.,IN,A,331806,216.239.32.10 \ + ns3.google.com.,IN,A,157804,216.239.36.10 \ + ns4.google.com.,IN,A,157804,216.239.38.10 +[56] 2016-10-20 15:24:18.445519 [#48 dns.pcap-dist 4095] \ + [143.24.244.213].44982 [108.201.214.210].53 \ + dns QUERY,NOERROR,45535,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:18.446775 [#49 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].44982 \ + dns QUERY,NOERROR,45535,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,271,216.58.218.206 \ + 4 google.com.,IN,NS,157802,ns4.google.com. \ + google.com.,IN,NS,157802,ns2.google.com. \ + google.com.,IN,NS,157802,ns1.google.com. \ + google.com.,IN,NS,157802,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157802,216.239.34.10 \ + ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 +[73] 2016-10-20 15:24:18.452451 [#50 dns.pcap-dist 4095] \ + [143.24.244.213].40224 [108.201.214.210].53 \ + dns QUERY,NOERROR,60808,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:18.454030 [#51 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].40224 \ + dns QUERY,NOERROR,60808,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 \ + ns2.google.com.,IN,A,157802,216.239.34.10 +[56] 2016-10-20 15:24:19.460087 [#52 dns.pcap-dist 4095] \ + [143.24.244.213].45658 [108.201.214.210].53 \ + dns QUERY,NOERROR,64325,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:19.462224 [#53 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].45658 \ + dns QUERY,NOERROR,64325,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,270,216.58.218.206 \ + 4 google.com.,IN,NS,157801,ns1.google.com. \ + google.com.,IN,NS,157801,ns3.google.com. \ + google.com.,IN,NS,157801,ns4.google.com. \ + google.com.,IN,NS,157801,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157801,216.239.34.10 \ + ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 +[73] 2016-10-20 15:24:19.467324 [#54 dns.pcap-dist 4095] \ + [143.24.244.213].60457 [108.201.214.210].53 \ + dns QUERY,NOERROR,25543,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:19.468895 [#55 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].60457 \ + dns QUERY,NOERROR,25543,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 \ + ns2.google.com.,IN,A,157801,216.239.34.10 +[56] 2016-10-20 15:24:20.475086 [#56 dns.pcap-dist 4095] \ + [143.24.244.213].59762 [108.201.214.210].53 \ + dns QUERY,NOERROR,20736,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:20.476841 [#57 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].59762 \ + dns QUERY,NOERROR,20736,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,269,216.58.218.206 \ + 4 google.com.,IN,NS,157800,ns3.google.com. \ + google.com.,IN,NS,157800,ns1.google.com. \ + google.com.,IN,NS,157800,ns4.google.com. \ + google.com.,IN,NS,157800,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157800,216.239.34.10 \ + ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 +[73] 2016-10-20 15:24:20.482188 [#58 dns.pcap-dist 4095] \ + [143.24.244.213].56022 [108.201.214.210].53 \ + dns QUERY,NOERROR,25911,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:20.483927 [#59 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].56022 \ + dns QUERY,NOERROR,25911,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 \ + ns2.google.com.,IN,A,157800,216.239.34.10 +[56] 2016-10-20 15:24:21.489468 [#60 dns.pcap-dist 4095] \ + [143.24.244.213].37669 [108.201.214.210].53 \ + dns QUERY,NOERROR,64358,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:21.490573 [#61 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].37669 \ + dns QUERY,NOERROR,64358,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,268,216.58.218.206 \ + 4 google.com.,IN,NS,157799,ns2.google.com. \ + google.com.,IN,NS,157799,ns1.google.com. \ + google.com.,IN,NS,157799,ns4.google.com. \ + google.com.,IN,NS,157799,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157799,216.239.34.10 \ + ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 +[73] 2016-10-20 15:24:21.495324 [#62 dns.pcap-dist 4095] \ + [143.24.244.213].42978 [108.201.214.210].53 \ + dns QUERY,NOERROR,37698,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:21.496815 [#63 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].42978 \ + dns QUERY,NOERROR,37698,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 \ + ns2.google.com.,IN,A,157799,216.239.34.10 +[56] 2016-10-20 15:24:22.502667 [#64 dns.pcap-dist 4095] \ + [143.24.244.213].49829 [108.201.214.210].53 \ + dns QUERY,NOERROR,54706,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:22.504738 [#65 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].49829 \ + dns QUERY,NOERROR,54706,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,267,216.58.218.206 \ + 4 google.com.,IN,NS,157798,ns2.google.com. \ + google.com.,IN,NS,157798,ns4.google.com. \ + google.com.,IN,NS,157798,ns3.google.com. \ + google.com.,IN,NS,157798,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157798,216.239.34.10 \ + ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 +[73] 2016-10-20 15:24:22.510176 [#66 dns.pcap-dist 4095] \ + [143.24.244.213].50599 [108.201.214.210].53 \ + dns QUERY,NOERROR,32142,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:22.511746 [#67 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].50599 \ + dns QUERY,NOERROR,32142,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 \ + ns2.google.com.,IN,A,157798,216.239.34.10 +[56] 2016-10-20 15:24:23.520203 [#68 dns.pcap-dist 4095] \ + [143.24.244.213].44980 [108.201.214.210].53 \ + dns QUERY,NOERROR,41808,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:23.521976 [#69 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].44980 \ + dns QUERY,NOERROR,41808,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,266,216.58.218.206 \ + 4 google.com.,IN,NS,157797,ns2.google.com. \ + google.com.,IN,NS,157797,ns4.google.com. \ + google.com.,IN,NS,157797,ns1.google.com. \ + google.com.,IN,NS,157797,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157797,216.239.34.10 \ + ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 +[73] 2016-10-20 15:24:23.527449 [#70 dns.pcap-dist 4095] \ + [143.24.244.213].60063 [108.201.214.210].53 \ + dns QUERY,NOERROR,18886,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:23.529385 [#71 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].60063 \ + dns QUERY,NOERROR,18886,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 \ + ns2.google.com.,IN,A,157797,216.239.34.10 +[56] 2016-10-20 15:24:24.537264 [#72 dns.pcap-dist 4095] \ + [143.24.244.213].42042 [108.201.214.210].53 \ + dns QUERY,NOERROR,10624,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:24.539398 [#73 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].42042 \ + dns QUERY,NOERROR,10624,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,265,216.58.218.206 \ + 4 google.com.,IN,NS,157796,ns3.google.com. \ + google.com.,IN,NS,157796,ns4.google.com. \ + google.com.,IN,NS,157796,ns1.google.com. \ + google.com.,IN,NS,157796,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157796,216.239.34.10 \ + ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 +[73] 2016-10-20 15:24:24.544538 [#74 dns.pcap-dist 4095] \ + [143.24.244.213].60469 [108.201.214.210].53 \ + dns QUERY,NOERROR,33139,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:24.546172 [#75 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].60469 \ + dns QUERY,NOERROR,33139,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 \ + ns2.google.com.,IN,A,157796,216.239.34.10 +[56] 2016-10-20 15:24:25.554744 [#76 dns.pcap-dist 4095] \ + [143.24.244.213].45703 [108.201.214.210].53 \ + dns QUERY,NOERROR,61415,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:25.556513 [#77 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].45703 \ + dns QUERY,NOERROR,61415,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,264,216.58.218.206 \ + 4 google.com.,IN,NS,157795,ns3.google.com. \ + google.com.,IN,NS,157795,ns4.google.com. \ + google.com.,IN,NS,157795,ns2.google.com. \ + google.com.,IN,NS,157795,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157795,216.239.34.10 \ + ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 +[73] 2016-10-20 15:24:25.562608 [#78 dns.pcap-dist 4095] \ + [143.24.244.213].33507 [108.201.214.210].53 \ + dns QUERY,NOERROR,59258,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:25.564509 [#79 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].33507 \ + dns QUERY,NOERROR,59258,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 \ + ns2.google.com.,IN,A,157795,216.239.34.10 +[56] 2016-10-20 15:24:26.572784 [#80 dns.pcap-dist 4095] \ + [143.24.244.213].46798 [108.201.214.210].53 \ + dns QUERY,NOERROR,17700,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:26.574350 [#81 dns.pcap-dist 4095] \ + [108.201.214.210].53 [143.24.244.213].46798 \ + dns QUERY,NOERROR,17700,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,263,216.58.218.206 \ + 4 google.com.,IN,NS,157794,ns1.google.com. \ + google.com.,IN,NS,157794,ns4.google.com. \ + google.com.,IN,NS,157794,ns3.google.com. \ + google.com.,IN,NS,157794,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157794,216.239.34.10 \ + ns1.google.com.,IN,A,331796,216.239.32.10 \ + ns3.google.com.,IN,A,157794,216.239.36.10 \ + ns4.google.com.,IN,A,157794,216.239.38.10 +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ + [172.24.244.213].53199 [8.201.214.210].53 \ + dns QUERY,NOERROR,59311,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].53199 \ + dns QUERY,NOERROR,59311,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns4.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[73] 2016-10-20 15:23:01.082865 [#2 dns.pcap-dist 4095] \ + [172.24.244.213].57822 [8.201.214.210].53 \ + dns QUERY,NOERROR,35665,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:01.084107 [#3 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].57822 \ + dns QUERY,NOERROR,35665,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 \ + ns2.google.com.,IN,A,157880,216.239.34.10 +[56] 2016-10-20 15:23:01.087291 [#4 dns.pcap-dist 4095] \ + [172.24.244.213].40043 [8.201.214.210].53 \ + dns QUERY,NOERROR,5337,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.088733 [#5 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].40043 \ + dns QUERY,NOERROR,5337,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[56] 2016-10-20 15:23:10.322117 [#6 dns.pcap-dist 4095] \ + [172.24.244.213].37953 [8.201.214.210].53 \ + dns QUERY,NOERROR,22982,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:10.323399 [#7 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].37953 \ + dns QUERY,NOERROR,22982,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,34,216.58.218.206 \ + 4 google.com.,IN,NS,157870,ns4.google.com. \ + google.com.,IN,NS,157870,ns1.google.com. \ + google.com.,IN,NS,157870,ns2.google.com. \ + google.com.,IN,NS,157870,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157870,216.239.34.10 \ + ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 +[73] 2016-10-20 15:23:10.328324 [#8 dns.pcap-dist 4095] \ + [172.24.244.213].48658 [8.201.214.210].53 \ + dns QUERY,NOERROR,18718,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:10.329572 [#9 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].48658 \ + dns QUERY,NOERROR,18718,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 \ + ns2.google.com.,IN,A,157870,216.239.34.10 +[56] 2016-10-20 15:23:52.860937 [#10 dns.pcap-dist 4095] \ + [172.24.244.213].40953 [8.201.214.210].53 \ + dns QUERY,NOERROR,22531,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:52.863771 [#11 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].40953 \ + dns QUERY,NOERROR,22531,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,297,216.58.218.206 \ + 4 google.com.,IN,NS,157828,ns2.google.com. \ + google.com.,IN,NS,157828,ns4.google.com. \ + google.com.,IN,NS,157828,ns1.google.com. \ + google.com.,IN,NS,157828,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157828,216.239.34.10 \ + ns1.google.com.,IN,A,331830,216.239.32.10 \ + ns3.google.com.,IN,A,157828,216.239.36.10 \ + ns4.google.com.,IN,A,157828,216.239.38.10 +[56] 2016-10-20 15:23:59.083869 [#12 dns.pcap-dist 4095] \ + [172.24.244.213].45174 [8.201.214.210].53 \ + dns QUERY,NOERROR,58510,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:59.086104 [#13 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].45174 \ + dns QUERY,NOERROR,58510,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,291,216.58.218.206 \ + 4 google.com.,IN,NS,157822,ns2.google.com. \ + google.com.,IN,NS,157822,ns3.google.com. \ + google.com.,IN,NS,157822,ns1.google.com. \ + google.com.,IN,NS,157822,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157822,216.239.34.10 \ + ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 +[73] 2016-10-20 15:23:59.090911 [#14 dns.pcap-dist 4095] \ + [172.24.244.213].33916 [8.201.214.210].53 \ + dns QUERY,NOERROR,45248,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:59.092204 [#15 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].33916 \ + dns QUERY,NOERROR,45248,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 \ + ns2.google.com.,IN,A,157822,216.239.34.10 +[56] 2016-10-20 15:24:04.323868 [#16 dns.pcap-dist 4095] \ + [172.24.244.213].43559 [8.201.214.210].53 \ + dns QUERY,NOERROR,49483,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:04.325597 [#17 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].43559 \ + dns QUERY,NOERROR,49483,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,285,216.58.218.206 \ + 4 google.com.,IN,NS,157816,ns4.google.com. \ + google.com.,IN,NS,157816,ns3.google.com. \ + google.com.,IN,NS,157816,ns1.google.com. \ + google.com.,IN,NS,157816,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157816,216.239.34.10 \ + ns1.google.com.,IN,A,331818,216.239.32.10 \ + ns3.google.com.,IN,A,157816,216.239.36.10 \ + ns4.google.com.,IN,A,157816,216.239.38.10 +[56] 2016-10-20 15:24:06.332239 [#18 dns.pcap-dist 4095] \ + [172.24.244.213].54859 [8.201.214.210].53 \ + dns QUERY,NOERROR,31669,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:06.333743 [#19 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].54859 \ + dns QUERY,NOERROR,31669,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,283,216.58.218.206 \ + 4 google.com.,IN,NS,157814,ns2.google.com. \ + google.com.,IN,NS,157814,ns1.google.com. \ + google.com.,IN,NS,157814,ns4.google.com. \ + google.com.,IN,NS,157814,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157814,216.239.34.10 \ + ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 +[73] 2016-10-20 15:24:06.339145 [#20 dns.pcap-dist 4095] \ + [172.24.244.213].58176 [8.201.214.210].53 \ + dns QUERY,NOERROR,25433,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:06.340820 [#21 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].58176 \ + dns QUERY,NOERROR,25433,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 \ + ns2.google.com.,IN,A,157814,216.239.34.10 +[56] 2016-10-20 15:24:07.346429 [#22 dns.pcap-dist 4095] \ + [172.24.244.213].41266 [8.201.214.210].53 \ + dns QUERY,NOERROR,63798,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:07.348160 [#23 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].41266 \ + dns QUERY,NOERROR,63798,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,282,216.58.218.206 \ + 4 google.com.,IN,NS,157813,ns4.google.com. \ + google.com.,IN,NS,157813,ns1.google.com. \ + google.com.,IN,NS,157813,ns3.google.com. \ + google.com.,IN,NS,157813,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157813,216.239.34.10 \ + ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 +[73] 2016-10-20 15:24:07.353123 [#24 dns.pcap-dist 4095] \ + [172.24.244.213].34607 [8.201.214.210].53 \ + dns QUERY,NOERROR,8470,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:07.354682 [#25 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].34607 \ + dns QUERY,NOERROR,8470,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 \ + ns2.google.com.,IN,A,157813,216.239.34.10 +[56] 2016-10-20 15:24:08.360528 [#26 dns.pcap-dist 4095] \ + [172.24.244.213].60437 [8.201.214.210].53 \ + dns QUERY,NOERROR,60258,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:08.362206 [#27 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].60437 \ + dns QUERY,NOERROR,60258,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,281,216.58.218.206 \ + 4 google.com.,IN,NS,157812,ns3.google.com. \ + google.com.,IN,NS,157812,ns2.google.com. \ + google.com.,IN,NS,157812,ns4.google.com. \ + google.com.,IN,NS,157812,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157812,216.239.34.10 \ + ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 +[73] 2016-10-20 15:24:08.368516 [#28 dns.pcap-dist 4095] \ + [172.24.244.213].37149 [8.201.214.210].53 \ + dns QUERY,NOERROR,44985,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:08.370119 [#29 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].37149 \ + dns QUERY,NOERROR,44985,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 \ + ns2.google.com.,IN,A,157812,216.239.34.10 +[56] 2016-10-20 15:24:09.375942 [#30 dns.pcap-dist 4095] \ + [172.24.244.213].53820 [8.201.214.210].53 \ + dns QUERY,NOERROR,45512,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:09.378425 [#31 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].53820 \ + dns QUERY,NOERROR,45512,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,280,216.58.218.206 \ + 4 google.com.,IN,NS,157811,ns3.google.com. \ + google.com.,IN,NS,157811,ns4.google.com. \ + google.com.,IN,NS,157811,ns1.google.com. \ + google.com.,IN,NS,157811,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157811,216.239.34.10 \ + ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 +[73] 2016-10-20 15:24:09.384057 [#32 dns.pcap-dist 4095] \ + [172.24.244.213].52368 [8.201.214.210].53 \ + dns QUERY,NOERROR,22980,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:09.385463 [#33 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].52368 \ + dns QUERY,NOERROR,22980,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 \ + ns2.google.com.,IN,A,157811,216.239.34.10 +[56] 2016-10-20 15:24:10.391358 [#34 dns.pcap-dist 4095] \ + [172.24.244.213].47637 [8.201.214.210].53 \ + dns QUERY,NOERROR,1834,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:10.392886 [#35 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].47637 \ + dns QUERY,NOERROR,1834,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,279,216.58.218.206 \ + 4 google.com.,IN,NS,157810,ns1.google.com. \ + google.com.,IN,NS,157810,ns2.google.com. \ + google.com.,IN,NS,157810,ns4.google.com. \ + google.com.,IN,NS,157810,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157810,216.239.34.10 \ + ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 +[73] 2016-10-20 15:24:10.398099 [#36 dns.pcap-dist 4095] \ + [172.24.244.213].34426 [8.201.214.210].53 \ + dns QUERY,NOERROR,25431,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:10.400317 [#37 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].34426 \ + dns QUERY,NOERROR,25431,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 \ + ns2.google.com.,IN,A,157810,216.239.34.10 +[56] 2016-10-20 15:24:11.406297 [#38 dns.pcap-dist 4095] \ + [172.24.244.213].41059 [8.201.214.210].53 \ + dns QUERY,NOERROR,48432,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:11.407460 [#39 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].41059 \ + dns QUERY,NOERROR,48432,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,278,216.58.218.206 \ + 4 google.com.,IN,NS,157809,ns3.google.com. \ + google.com.,IN,NS,157809,ns4.google.com. \ + google.com.,IN,NS,157809,ns2.google.com. \ + google.com.,IN,NS,157809,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157809,216.239.34.10 \ + ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 +[73] 2016-10-20 15:24:11.412133 [#40 dns.pcap-dist 4095] \ + [172.24.244.213].51181 [8.201.214.210].53 \ + dns QUERY,NOERROR,47411,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:11.413370 [#41 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].51181 \ + dns QUERY,NOERROR,47411,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 \ + ns2.google.com.,IN,A,157809,216.239.34.10 +[56] 2016-10-20 15:24:12.419936 [#42 dns.pcap-dist 4095] \ + [172.24.244.213].32976 [8.201.214.210].53 \ + dns QUERY,NOERROR,12038,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:12.421228 [#43 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].32976 \ + dns QUERY,NOERROR,12038,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,277,216.58.218.206 \ + 4 google.com.,IN,NS,157808,ns2.google.com. \ + google.com.,IN,NS,157808,ns3.google.com. \ + google.com.,IN,NS,157808,ns1.google.com. \ + google.com.,IN,NS,157808,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157808,216.239.34.10 \ + ns1.google.com.,IN,A,331810,216.239.32.10 \ + ns3.google.com.,IN,A,157808,216.239.36.10 \ + ns4.google.com.,IN,A,157808,216.239.38.10 +[56] 2016-10-20 15:24:14.428524 [#44 dns.pcap-dist 4095] \ + [172.24.244.213].53467 [8.201.214.210].53 \ + dns QUERY,NOERROR,11614,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:14.429863 [#45 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].53467 \ + dns QUERY,NOERROR,11614,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,275,216.58.218.206 \ + 4 google.com.,IN,NS,157806,ns3.google.com. \ + google.com.,IN,NS,157806,ns1.google.com. \ + google.com.,IN,NS,157806,ns4.google.com. \ + google.com.,IN,NS,157806,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157806,216.239.34.10 \ + ns1.google.com.,IN,A,331808,216.239.32.10 \ + ns3.google.com.,IN,A,157806,216.239.36.10 \ + ns4.google.com.,IN,A,157806,216.239.38.10 +[56] 2016-10-20 15:24:16.435733 [#46 dns.pcap-dist 4095] \ + [172.24.244.213].41532 [8.201.214.210].53 \ + dns QUERY,NOERROR,59173,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:16.437471 [#47 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].41532 \ + dns QUERY,NOERROR,59173,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,273,216.58.218.206 \ + 4 google.com.,IN,NS,157804,ns1.google.com. \ + google.com.,IN,NS,157804,ns3.google.com. \ + google.com.,IN,NS,157804,ns2.google.com. \ + google.com.,IN,NS,157804,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157804,216.239.34.10 \ + ns1.google.com.,IN,A,331806,216.239.32.10 \ + ns3.google.com.,IN,A,157804,216.239.36.10 \ + ns4.google.com.,IN,A,157804,216.239.38.10 +[56] 2016-10-20 15:24:18.445519 [#48 dns.pcap-dist 4095] \ + [172.24.244.213].44982 [8.201.214.210].53 \ + dns QUERY,NOERROR,45535,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:18.446775 [#49 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].44982 \ + dns QUERY,NOERROR,45535,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,271,216.58.218.206 \ + 4 google.com.,IN,NS,157802,ns4.google.com. \ + google.com.,IN,NS,157802,ns2.google.com. \ + google.com.,IN,NS,157802,ns1.google.com. \ + google.com.,IN,NS,157802,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157802,216.239.34.10 \ + ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 +[73] 2016-10-20 15:24:18.452451 [#50 dns.pcap-dist 4095] \ + [172.24.244.213].40224 [8.201.214.210].53 \ + dns QUERY,NOERROR,60808,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:18.454030 [#51 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].40224 \ + dns QUERY,NOERROR,60808,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 \ + ns2.google.com.,IN,A,157802,216.239.34.10 +[56] 2016-10-20 15:24:19.460087 [#52 dns.pcap-dist 4095] \ + [172.24.244.213].45658 [8.201.214.210].53 \ + dns QUERY,NOERROR,64325,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:19.462224 [#53 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].45658 \ + dns QUERY,NOERROR,64325,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,270,216.58.218.206 \ + 4 google.com.,IN,NS,157801,ns1.google.com. \ + google.com.,IN,NS,157801,ns3.google.com. \ + google.com.,IN,NS,157801,ns4.google.com. \ + google.com.,IN,NS,157801,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157801,216.239.34.10 \ + ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 +[73] 2016-10-20 15:24:19.467324 [#54 dns.pcap-dist 4095] \ + [172.24.244.213].60457 [8.201.214.210].53 \ + dns QUERY,NOERROR,25543,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:19.468895 [#55 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].60457 \ + dns QUERY,NOERROR,25543,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 \ + ns2.google.com.,IN,A,157801,216.239.34.10 +[56] 2016-10-20 15:24:20.475086 [#56 dns.pcap-dist 4095] \ + [172.24.244.213].59762 [8.201.214.210].53 \ + dns QUERY,NOERROR,20736,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:20.476841 [#57 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].59762 \ + dns QUERY,NOERROR,20736,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,269,216.58.218.206 \ + 4 google.com.,IN,NS,157800,ns3.google.com. \ + google.com.,IN,NS,157800,ns1.google.com. \ + google.com.,IN,NS,157800,ns4.google.com. \ + google.com.,IN,NS,157800,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157800,216.239.34.10 \ + ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 +[73] 2016-10-20 15:24:20.482188 [#58 dns.pcap-dist 4095] \ + [172.24.244.213].56022 [8.201.214.210].53 \ + dns QUERY,NOERROR,25911,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:20.483927 [#59 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].56022 \ + dns QUERY,NOERROR,25911,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 \ + ns2.google.com.,IN,A,157800,216.239.34.10 +[56] 2016-10-20 15:24:21.489468 [#60 dns.pcap-dist 4095] \ + [172.24.244.213].37669 [8.201.214.210].53 \ + dns QUERY,NOERROR,64358,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:21.490573 [#61 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].37669 \ + dns QUERY,NOERROR,64358,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,268,216.58.218.206 \ + 4 google.com.,IN,NS,157799,ns2.google.com. \ + google.com.,IN,NS,157799,ns1.google.com. \ + google.com.,IN,NS,157799,ns4.google.com. \ + google.com.,IN,NS,157799,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157799,216.239.34.10 \ + ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 +[73] 2016-10-20 15:24:21.495324 [#62 dns.pcap-dist 4095] \ + [172.24.244.213].42978 [8.201.214.210].53 \ + dns QUERY,NOERROR,37698,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:21.496815 [#63 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].42978 \ + dns QUERY,NOERROR,37698,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 \ + ns2.google.com.,IN,A,157799,216.239.34.10 +[56] 2016-10-20 15:24:22.502667 [#64 dns.pcap-dist 4095] \ + [172.24.244.213].49829 [8.201.214.210].53 \ + dns QUERY,NOERROR,54706,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:22.504738 [#65 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].49829 \ + dns QUERY,NOERROR,54706,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,267,216.58.218.206 \ + 4 google.com.,IN,NS,157798,ns2.google.com. \ + google.com.,IN,NS,157798,ns4.google.com. \ + google.com.,IN,NS,157798,ns3.google.com. \ + google.com.,IN,NS,157798,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157798,216.239.34.10 \ + ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 +[73] 2016-10-20 15:24:22.510176 [#66 dns.pcap-dist 4095] \ + [172.24.244.213].50599 [8.201.214.210].53 \ + dns QUERY,NOERROR,32142,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:22.511746 [#67 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].50599 \ + dns QUERY,NOERROR,32142,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 \ + ns2.google.com.,IN,A,157798,216.239.34.10 +[56] 2016-10-20 15:24:23.520203 [#68 dns.pcap-dist 4095] \ + [172.24.244.213].44980 [8.201.214.210].53 \ + dns QUERY,NOERROR,41808,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:23.521976 [#69 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].44980 \ + dns QUERY,NOERROR,41808,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,266,216.58.218.206 \ + 4 google.com.,IN,NS,157797,ns2.google.com. \ + google.com.,IN,NS,157797,ns4.google.com. \ + google.com.,IN,NS,157797,ns1.google.com. \ + google.com.,IN,NS,157797,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157797,216.239.34.10 \ + ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 +[73] 2016-10-20 15:24:23.527449 [#70 dns.pcap-dist 4095] \ + [172.24.244.213].60063 [8.201.214.210].53 \ + dns QUERY,NOERROR,18886,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:23.529385 [#71 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].60063 \ + dns QUERY,NOERROR,18886,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 \ + ns2.google.com.,IN,A,157797,216.239.34.10 +[56] 2016-10-20 15:24:24.537264 [#72 dns.pcap-dist 4095] \ + [172.24.244.213].42042 [8.201.214.210].53 \ + dns QUERY,NOERROR,10624,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:24.539398 [#73 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].42042 \ + dns QUERY,NOERROR,10624,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,265,216.58.218.206 \ + 4 google.com.,IN,NS,157796,ns3.google.com. \ + google.com.,IN,NS,157796,ns4.google.com. \ + google.com.,IN,NS,157796,ns1.google.com. \ + google.com.,IN,NS,157796,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157796,216.239.34.10 \ + ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 +[73] 2016-10-20 15:24:24.544538 [#74 dns.pcap-dist 4095] \ + [172.24.244.213].60469 [8.201.214.210].53 \ + dns QUERY,NOERROR,33139,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:24.546172 [#75 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].60469 \ + dns QUERY,NOERROR,33139,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 \ + ns2.google.com.,IN,A,157796,216.239.34.10 +[56] 2016-10-20 15:24:25.554744 [#76 dns.pcap-dist 4095] \ + [172.24.244.213].45703 [8.201.214.210].53 \ + dns QUERY,NOERROR,61415,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:25.556513 [#77 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].45703 \ + dns QUERY,NOERROR,61415,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,264,216.58.218.206 \ + 4 google.com.,IN,NS,157795,ns3.google.com. \ + google.com.,IN,NS,157795,ns4.google.com. \ + google.com.,IN,NS,157795,ns2.google.com. \ + google.com.,IN,NS,157795,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157795,216.239.34.10 \ + ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 +[73] 2016-10-20 15:24:25.562608 [#78 dns.pcap-dist 4095] \ + [172.24.244.213].33507 [8.201.214.210].53 \ + dns QUERY,NOERROR,59258,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:25.564509 [#79 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].33507 \ + dns QUERY,NOERROR,59258,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 \ + ns2.google.com.,IN,A,157795,216.239.34.10 +[56] 2016-10-20 15:24:26.572784 [#80 dns.pcap-dist 4095] \ + [172.24.244.213].46798 [8.201.214.210].53 \ + dns QUERY,NOERROR,17700,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:26.574350 [#81 dns.pcap-dist 4095] \ + [8.201.214.210].53 [172.24.244.213].46798 \ + dns QUERY,NOERROR,17700,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,263,216.58.218.206 \ + 4 google.com.,IN,NS,157794,ns1.google.com. \ + google.com.,IN,NS,157794,ns4.google.com. \ + google.com.,IN,NS,157794,ns3.google.com. \ + google.com.,IN,NS,157794,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157794,216.239.34.10 \ + ns1.google.com.,IN,A,331796,216.239.32.10 \ + ns3.google.com.,IN,A,157794,216.239.36.10 \ + ns4.google.com.,IN,A,157794,216.239.38.10 +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ + [143.24.244.213].53199 [8.8.8.8].53 \ + dns QUERY,NOERROR,59311,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].53199 \ + dns QUERY,NOERROR,59311,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns4.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[73] 2016-10-20 15:23:01.082865 [#2 dns.pcap-dist 4095] \ + [143.24.244.213].57822 [8.8.8.8].53 \ + dns QUERY,NOERROR,35665,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:01.084107 [#3 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].57822 \ + dns QUERY,NOERROR,35665,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 \ + ns2.google.com.,IN,A,157880,216.239.34.10 +[56] 2016-10-20 15:23:01.087291 [#4 dns.pcap-dist 4095] \ + [143.24.244.213].40043 [8.8.8.8].53 \ + dns QUERY,NOERROR,5337,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.088733 [#5 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].40043 \ + dns QUERY,NOERROR,5337,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[56] 2016-10-20 15:23:10.322117 [#6 dns.pcap-dist 4095] \ + [143.24.244.213].37953 [8.8.8.8].53 \ + dns QUERY,NOERROR,22982,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:10.323399 [#7 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].37953 \ + dns QUERY,NOERROR,22982,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,34,216.58.218.206 \ + 4 google.com.,IN,NS,157870,ns4.google.com. \ + google.com.,IN,NS,157870,ns1.google.com. \ + google.com.,IN,NS,157870,ns2.google.com. \ + google.com.,IN,NS,157870,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157870,216.239.34.10 \ + ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 +[73] 2016-10-20 15:23:10.328324 [#8 dns.pcap-dist 4095] \ + [143.24.244.213].48658 [8.8.8.8].53 \ + dns QUERY,NOERROR,18718,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:10.329572 [#9 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].48658 \ + dns QUERY,NOERROR,18718,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 \ + ns2.google.com.,IN,A,157870,216.239.34.10 +[56] 2016-10-20 15:23:52.860937 [#10 dns.pcap-dist 4095] \ + [143.24.244.213].40953 [8.8.8.8].53 \ + dns QUERY,NOERROR,22531,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:52.863771 [#11 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].40953 \ + dns QUERY,NOERROR,22531,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,297,216.58.218.206 \ + 4 google.com.,IN,NS,157828,ns2.google.com. \ + google.com.,IN,NS,157828,ns4.google.com. \ + google.com.,IN,NS,157828,ns1.google.com. \ + google.com.,IN,NS,157828,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157828,216.239.34.10 \ + ns1.google.com.,IN,A,331830,216.239.32.10 \ + ns3.google.com.,IN,A,157828,216.239.36.10 \ + ns4.google.com.,IN,A,157828,216.239.38.10 +[56] 2016-10-20 15:23:59.083869 [#12 dns.pcap-dist 4095] \ + [143.24.244.213].45174 [8.8.8.8].53 \ + dns QUERY,NOERROR,58510,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:59.086104 [#13 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].45174 \ + dns QUERY,NOERROR,58510,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,291,216.58.218.206 \ + 4 google.com.,IN,NS,157822,ns2.google.com. \ + google.com.,IN,NS,157822,ns3.google.com. \ + google.com.,IN,NS,157822,ns1.google.com. \ + google.com.,IN,NS,157822,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157822,216.239.34.10 \ + ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 +[73] 2016-10-20 15:23:59.090911 [#14 dns.pcap-dist 4095] \ + [143.24.244.213].33916 [8.8.8.8].53 \ + dns QUERY,NOERROR,45248,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:59.092204 [#15 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].33916 \ + dns QUERY,NOERROR,45248,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 \ + ns2.google.com.,IN,A,157822,216.239.34.10 +[56] 2016-10-20 15:24:04.323868 [#16 dns.pcap-dist 4095] \ + [143.24.244.213].43559 [8.8.8.8].53 \ + dns QUERY,NOERROR,49483,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:04.325597 [#17 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].43559 \ + dns QUERY,NOERROR,49483,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,285,216.58.218.206 \ + 4 google.com.,IN,NS,157816,ns4.google.com. \ + google.com.,IN,NS,157816,ns3.google.com. \ + google.com.,IN,NS,157816,ns1.google.com. \ + google.com.,IN,NS,157816,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157816,216.239.34.10 \ + ns1.google.com.,IN,A,331818,216.239.32.10 \ + ns3.google.com.,IN,A,157816,216.239.36.10 \ + ns4.google.com.,IN,A,157816,216.239.38.10 +[56] 2016-10-20 15:24:06.332239 [#18 dns.pcap-dist 4095] \ + [143.24.244.213].54859 [8.8.8.8].53 \ + dns QUERY,NOERROR,31669,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:06.333743 [#19 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].54859 \ + dns QUERY,NOERROR,31669,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,283,216.58.218.206 \ + 4 google.com.,IN,NS,157814,ns2.google.com. \ + google.com.,IN,NS,157814,ns1.google.com. \ + google.com.,IN,NS,157814,ns4.google.com. \ + google.com.,IN,NS,157814,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157814,216.239.34.10 \ + ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 +[73] 2016-10-20 15:24:06.339145 [#20 dns.pcap-dist 4095] \ + [143.24.244.213].58176 [8.8.8.8].53 \ + dns QUERY,NOERROR,25433,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:06.340820 [#21 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].58176 \ + dns QUERY,NOERROR,25433,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 \ + ns2.google.com.,IN,A,157814,216.239.34.10 +[56] 2016-10-20 15:24:07.346429 [#22 dns.pcap-dist 4095] \ + [143.24.244.213].41266 [8.8.8.8].53 \ + dns QUERY,NOERROR,63798,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:07.348160 [#23 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].41266 \ + dns QUERY,NOERROR,63798,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,282,216.58.218.206 \ + 4 google.com.,IN,NS,157813,ns4.google.com. \ + google.com.,IN,NS,157813,ns1.google.com. \ + google.com.,IN,NS,157813,ns3.google.com. \ + google.com.,IN,NS,157813,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157813,216.239.34.10 \ + ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 +[73] 2016-10-20 15:24:07.353123 [#24 dns.pcap-dist 4095] \ + [143.24.244.213].34607 [8.8.8.8].53 \ + dns QUERY,NOERROR,8470,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:07.354682 [#25 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].34607 \ + dns QUERY,NOERROR,8470,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 \ + ns2.google.com.,IN,A,157813,216.239.34.10 +[56] 2016-10-20 15:24:08.360528 [#26 dns.pcap-dist 4095] \ + [143.24.244.213].60437 [8.8.8.8].53 \ + dns QUERY,NOERROR,60258,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:08.362206 [#27 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].60437 \ + dns QUERY,NOERROR,60258,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,281,216.58.218.206 \ + 4 google.com.,IN,NS,157812,ns3.google.com. \ + google.com.,IN,NS,157812,ns2.google.com. \ + google.com.,IN,NS,157812,ns4.google.com. \ + google.com.,IN,NS,157812,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157812,216.239.34.10 \ + ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 +[73] 2016-10-20 15:24:08.368516 [#28 dns.pcap-dist 4095] \ + [143.24.244.213].37149 [8.8.8.8].53 \ + dns QUERY,NOERROR,44985,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:08.370119 [#29 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].37149 \ + dns QUERY,NOERROR,44985,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 \ + ns2.google.com.,IN,A,157812,216.239.34.10 +[56] 2016-10-20 15:24:09.375942 [#30 dns.pcap-dist 4095] \ + [143.24.244.213].53820 [8.8.8.8].53 \ + dns QUERY,NOERROR,45512,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:09.378425 [#31 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].53820 \ + dns QUERY,NOERROR,45512,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,280,216.58.218.206 \ + 4 google.com.,IN,NS,157811,ns3.google.com. \ + google.com.,IN,NS,157811,ns4.google.com. \ + google.com.,IN,NS,157811,ns1.google.com. \ + google.com.,IN,NS,157811,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157811,216.239.34.10 \ + ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 +[73] 2016-10-20 15:24:09.384057 [#32 dns.pcap-dist 4095] \ + [143.24.244.213].52368 [8.8.8.8].53 \ + dns QUERY,NOERROR,22980,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:09.385463 [#33 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].52368 \ + dns QUERY,NOERROR,22980,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 \ + ns2.google.com.,IN,A,157811,216.239.34.10 +[56] 2016-10-20 15:24:10.391358 [#34 dns.pcap-dist 4095] \ + [143.24.244.213].47637 [8.8.8.8].53 \ + dns QUERY,NOERROR,1834,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:10.392886 [#35 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].47637 \ + dns QUERY,NOERROR,1834,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,279,216.58.218.206 \ + 4 google.com.,IN,NS,157810,ns1.google.com. \ + google.com.,IN,NS,157810,ns2.google.com. \ + google.com.,IN,NS,157810,ns4.google.com. \ + google.com.,IN,NS,157810,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157810,216.239.34.10 \ + ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 +[73] 2016-10-20 15:24:10.398099 [#36 dns.pcap-dist 4095] \ + [143.24.244.213].34426 [8.8.8.8].53 \ + dns QUERY,NOERROR,25431,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:10.400317 [#37 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].34426 \ + dns QUERY,NOERROR,25431,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 \ + ns2.google.com.,IN,A,157810,216.239.34.10 +[56] 2016-10-20 15:24:11.406297 [#38 dns.pcap-dist 4095] \ + [143.24.244.213].41059 [8.8.8.8].53 \ + dns QUERY,NOERROR,48432,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:11.407460 [#39 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].41059 \ + dns QUERY,NOERROR,48432,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,278,216.58.218.206 \ + 4 google.com.,IN,NS,157809,ns3.google.com. \ + google.com.,IN,NS,157809,ns4.google.com. \ + google.com.,IN,NS,157809,ns2.google.com. \ + google.com.,IN,NS,157809,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157809,216.239.34.10 \ + ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 +[73] 2016-10-20 15:24:11.412133 [#40 dns.pcap-dist 4095] \ + [143.24.244.213].51181 [8.8.8.8].53 \ + dns QUERY,NOERROR,47411,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:11.413370 [#41 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].51181 \ + dns QUERY,NOERROR,47411,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 \ + ns2.google.com.,IN,A,157809,216.239.34.10 +[56] 2016-10-20 15:24:12.419936 [#42 dns.pcap-dist 4095] \ + [143.24.244.213].32976 [8.8.8.8].53 \ + dns QUERY,NOERROR,12038,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:12.421228 [#43 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].32976 \ + dns QUERY,NOERROR,12038,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,277,216.58.218.206 \ + 4 google.com.,IN,NS,157808,ns2.google.com. \ + google.com.,IN,NS,157808,ns3.google.com. \ + google.com.,IN,NS,157808,ns1.google.com. \ + google.com.,IN,NS,157808,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157808,216.239.34.10 \ + ns1.google.com.,IN,A,331810,216.239.32.10 \ + ns3.google.com.,IN,A,157808,216.239.36.10 \ + ns4.google.com.,IN,A,157808,216.239.38.10 +[56] 2016-10-20 15:24:14.428524 [#44 dns.pcap-dist 4095] \ + [143.24.244.213].53467 [8.8.8.8].53 \ + dns QUERY,NOERROR,11614,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:14.429863 [#45 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].53467 \ + dns QUERY,NOERROR,11614,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,275,216.58.218.206 \ + 4 google.com.,IN,NS,157806,ns3.google.com. \ + google.com.,IN,NS,157806,ns1.google.com. \ + google.com.,IN,NS,157806,ns4.google.com. \ + google.com.,IN,NS,157806,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157806,216.239.34.10 \ + ns1.google.com.,IN,A,331808,216.239.32.10 \ + ns3.google.com.,IN,A,157806,216.239.36.10 \ + ns4.google.com.,IN,A,157806,216.239.38.10 +[56] 2016-10-20 15:24:16.435733 [#46 dns.pcap-dist 4095] \ + [143.24.244.213].41532 [8.8.8.8].53 \ + dns QUERY,NOERROR,59173,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:16.437471 [#47 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].41532 \ + dns QUERY,NOERROR,59173,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,273,216.58.218.206 \ + 4 google.com.,IN,NS,157804,ns1.google.com. \ + google.com.,IN,NS,157804,ns3.google.com. \ + google.com.,IN,NS,157804,ns2.google.com. \ + google.com.,IN,NS,157804,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157804,216.239.34.10 \ + ns1.google.com.,IN,A,331806,216.239.32.10 \ + ns3.google.com.,IN,A,157804,216.239.36.10 \ + ns4.google.com.,IN,A,157804,216.239.38.10 +[56] 2016-10-20 15:24:18.445519 [#48 dns.pcap-dist 4095] \ + [143.24.244.213].44982 [8.8.8.8].53 \ + dns QUERY,NOERROR,45535,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:18.446775 [#49 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].44982 \ + dns QUERY,NOERROR,45535,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,271,216.58.218.206 \ + 4 google.com.,IN,NS,157802,ns4.google.com. \ + google.com.,IN,NS,157802,ns2.google.com. \ + google.com.,IN,NS,157802,ns1.google.com. \ + google.com.,IN,NS,157802,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157802,216.239.34.10 \ + ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 +[73] 2016-10-20 15:24:18.452451 [#50 dns.pcap-dist 4095] \ + [143.24.244.213].40224 [8.8.8.8].53 \ + dns QUERY,NOERROR,60808,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:18.454030 [#51 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].40224 \ + dns QUERY,NOERROR,60808,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 \ + ns2.google.com.,IN,A,157802,216.239.34.10 +[56] 2016-10-20 15:24:19.460087 [#52 dns.pcap-dist 4095] \ + [143.24.244.213].45658 [8.8.8.8].53 \ + dns QUERY,NOERROR,64325,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:19.462224 [#53 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].45658 \ + dns QUERY,NOERROR,64325,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,270,216.58.218.206 \ + 4 google.com.,IN,NS,157801,ns1.google.com. \ + google.com.,IN,NS,157801,ns3.google.com. \ + google.com.,IN,NS,157801,ns4.google.com. \ + google.com.,IN,NS,157801,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157801,216.239.34.10 \ + ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 +[73] 2016-10-20 15:24:19.467324 [#54 dns.pcap-dist 4095] \ + [143.24.244.213].60457 [8.8.8.8].53 \ + dns QUERY,NOERROR,25543,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:19.468895 [#55 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].60457 \ + dns QUERY,NOERROR,25543,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 \ + ns2.google.com.,IN,A,157801,216.239.34.10 +[56] 2016-10-20 15:24:20.475086 [#56 dns.pcap-dist 4095] \ + [143.24.244.213].59762 [8.8.8.8].53 \ + dns QUERY,NOERROR,20736,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:20.476841 [#57 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].59762 \ + dns QUERY,NOERROR,20736,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,269,216.58.218.206 \ + 4 google.com.,IN,NS,157800,ns3.google.com. \ + google.com.,IN,NS,157800,ns1.google.com. \ + google.com.,IN,NS,157800,ns4.google.com. \ + google.com.,IN,NS,157800,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157800,216.239.34.10 \ + ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 +[73] 2016-10-20 15:24:20.482188 [#58 dns.pcap-dist 4095] \ + [143.24.244.213].56022 [8.8.8.8].53 \ + dns QUERY,NOERROR,25911,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:20.483927 [#59 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].56022 \ + dns QUERY,NOERROR,25911,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 \ + ns2.google.com.,IN,A,157800,216.239.34.10 +[56] 2016-10-20 15:24:21.489468 [#60 dns.pcap-dist 4095] \ + [143.24.244.213].37669 [8.8.8.8].53 \ + dns QUERY,NOERROR,64358,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:21.490573 [#61 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].37669 \ + dns QUERY,NOERROR,64358,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,268,216.58.218.206 \ + 4 google.com.,IN,NS,157799,ns2.google.com. \ + google.com.,IN,NS,157799,ns1.google.com. \ + google.com.,IN,NS,157799,ns4.google.com. \ + google.com.,IN,NS,157799,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157799,216.239.34.10 \ + ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 +[73] 2016-10-20 15:24:21.495324 [#62 dns.pcap-dist 4095] \ + [143.24.244.213].42978 [8.8.8.8].53 \ + dns QUERY,NOERROR,37698,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:21.496815 [#63 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].42978 \ + dns QUERY,NOERROR,37698,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 \ + ns2.google.com.,IN,A,157799,216.239.34.10 +[56] 2016-10-20 15:24:22.502667 [#64 dns.pcap-dist 4095] \ + [143.24.244.213].49829 [8.8.8.8].53 \ + dns QUERY,NOERROR,54706,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:22.504738 [#65 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].49829 \ + dns QUERY,NOERROR,54706,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,267,216.58.218.206 \ + 4 google.com.,IN,NS,157798,ns2.google.com. \ + google.com.,IN,NS,157798,ns4.google.com. \ + google.com.,IN,NS,157798,ns3.google.com. \ + google.com.,IN,NS,157798,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157798,216.239.34.10 \ + ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 +[73] 2016-10-20 15:24:22.510176 [#66 dns.pcap-dist 4095] \ + [143.24.244.213].50599 [8.8.8.8].53 \ + dns QUERY,NOERROR,32142,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:22.511746 [#67 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].50599 \ + dns QUERY,NOERROR,32142,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 \ + ns2.google.com.,IN,A,157798,216.239.34.10 +[56] 2016-10-20 15:24:23.520203 [#68 dns.pcap-dist 4095] \ + [143.24.244.213].44980 [8.8.8.8].53 \ + dns QUERY,NOERROR,41808,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:23.521976 [#69 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].44980 \ + dns QUERY,NOERROR,41808,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,266,216.58.218.206 \ + 4 google.com.,IN,NS,157797,ns2.google.com. \ + google.com.,IN,NS,157797,ns4.google.com. \ + google.com.,IN,NS,157797,ns1.google.com. \ + google.com.,IN,NS,157797,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157797,216.239.34.10 \ + ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 +[73] 2016-10-20 15:24:23.527449 [#70 dns.pcap-dist 4095] \ + [143.24.244.213].60063 [8.8.8.8].53 \ + dns QUERY,NOERROR,18886,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:23.529385 [#71 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].60063 \ + dns QUERY,NOERROR,18886,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 \ + ns2.google.com.,IN,A,157797,216.239.34.10 +[56] 2016-10-20 15:24:24.537264 [#72 dns.pcap-dist 4095] \ + [143.24.244.213].42042 [8.8.8.8].53 \ + dns QUERY,NOERROR,10624,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:24.539398 [#73 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].42042 \ + dns QUERY,NOERROR,10624,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,265,216.58.218.206 \ + 4 google.com.,IN,NS,157796,ns3.google.com. \ + google.com.,IN,NS,157796,ns4.google.com. \ + google.com.,IN,NS,157796,ns1.google.com. \ + google.com.,IN,NS,157796,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157796,216.239.34.10 \ + ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 +[73] 2016-10-20 15:24:24.544538 [#74 dns.pcap-dist 4095] \ + [143.24.244.213].60469 [8.8.8.8].53 \ + dns QUERY,NOERROR,33139,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:24.546172 [#75 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].60469 \ + dns QUERY,NOERROR,33139,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 \ + ns2.google.com.,IN,A,157796,216.239.34.10 +[56] 2016-10-20 15:24:25.554744 [#76 dns.pcap-dist 4095] \ + [143.24.244.213].45703 [8.8.8.8].53 \ + dns QUERY,NOERROR,61415,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:25.556513 [#77 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].45703 \ + dns QUERY,NOERROR,61415,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,264,216.58.218.206 \ + 4 google.com.,IN,NS,157795,ns3.google.com. \ + google.com.,IN,NS,157795,ns4.google.com. \ + google.com.,IN,NS,157795,ns2.google.com. \ + google.com.,IN,NS,157795,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157795,216.239.34.10 \ + ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 +[73] 2016-10-20 15:24:25.562608 [#78 dns.pcap-dist 4095] \ + [143.24.244.213].33507 [8.8.8.8].53 \ + dns QUERY,NOERROR,59258,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:25.564509 [#79 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].33507 \ + dns QUERY,NOERROR,59258,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 \ + ns2.google.com.,IN,A,157795,216.239.34.10 +[56] 2016-10-20 15:24:26.572784 [#80 dns.pcap-dist 4095] \ + [143.24.244.213].46798 [8.8.8.8].53 \ + dns QUERY,NOERROR,17700,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:26.574350 [#81 dns.pcap-dist 4095] \ + [8.8.8.8].53 [143.24.244.213].46798 \ + dns QUERY,NOERROR,17700,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,263,216.58.218.206 \ + 4 google.com.,IN,NS,157794,ns1.google.com. \ + google.com.,IN,NS,157794,ns4.google.com. \ + google.com.,IN,NS,157794,ns3.google.com. \ + google.com.,IN,NS,157794,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157794,216.239.34.10 \ + ns1.google.com.,IN,A,331796,216.239.32.10 \ + ns3.google.com.,IN,A,157794,216.239.36.10 \ + ns4.google.com.,IN,A,157794,216.239.38.10 +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ + [172.17.0.10].53199 [108.201.214.210].53 \ + dns QUERY,NOERROR,59311,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].53199 \ + dns QUERY,NOERROR,59311,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns4.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[73] 2016-10-20 15:23:01.082865 [#2 dns.pcap-dist 4095] \ + [172.17.0.10].57822 [108.201.214.210].53 \ + dns QUERY,NOERROR,35665,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:01.084107 [#3 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].57822 \ + dns QUERY,NOERROR,35665,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 \ + ns2.google.com.,IN,A,157880,216.239.34.10 +[56] 2016-10-20 15:23:01.087291 [#4 dns.pcap-dist 4095] \ + [172.17.0.10].40043 [108.201.214.210].53 \ + dns QUERY,NOERROR,5337,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.088733 [#5 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].40043 \ + dns QUERY,NOERROR,5337,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[56] 2016-10-20 15:23:10.322117 [#6 dns.pcap-dist 4095] \ + [172.17.0.10].37953 [108.201.214.210].53 \ + dns QUERY,NOERROR,22982,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:10.323399 [#7 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].37953 \ + dns QUERY,NOERROR,22982,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,34,216.58.218.206 \ + 4 google.com.,IN,NS,157870,ns4.google.com. \ + google.com.,IN,NS,157870,ns1.google.com. \ + google.com.,IN,NS,157870,ns2.google.com. \ + google.com.,IN,NS,157870,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157870,216.239.34.10 \ + ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 +[73] 2016-10-20 15:23:10.328324 [#8 dns.pcap-dist 4095] \ + [172.17.0.10].48658 [108.201.214.210].53 \ + dns QUERY,NOERROR,18718,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:10.329572 [#9 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].48658 \ + dns QUERY,NOERROR,18718,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 \ + ns2.google.com.,IN,A,157870,216.239.34.10 +[56] 2016-10-20 15:23:52.860937 [#10 dns.pcap-dist 4095] \ + [172.17.0.10].40953 [108.201.214.210].53 \ + dns QUERY,NOERROR,22531,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:52.863771 [#11 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].40953 \ + dns QUERY,NOERROR,22531,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,297,216.58.218.206 \ + 4 google.com.,IN,NS,157828,ns2.google.com. \ + google.com.,IN,NS,157828,ns4.google.com. \ + google.com.,IN,NS,157828,ns1.google.com. \ + google.com.,IN,NS,157828,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157828,216.239.34.10 \ + ns1.google.com.,IN,A,331830,216.239.32.10 \ + ns3.google.com.,IN,A,157828,216.239.36.10 \ + ns4.google.com.,IN,A,157828,216.239.38.10 +[56] 2016-10-20 15:23:59.083869 [#12 dns.pcap-dist 4095] \ + [172.17.0.10].45174 [108.201.214.210].53 \ + dns QUERY,NOERROR,58510,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:59.086104 [#13 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].45174 \ + dns QUERY,NOERROR,58510,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,291,216.58.218.206 \ + 4 google.com.,IN,NS,157822,ns2.google.com. \ + google.com.,IN,NS,157822,ns3.google.com. \ + google.com.,IN,NS,157822,ns1.google.com. \ + google.com.,IN,NS,157822,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157822,216.239.34.10 \ + ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 +[73] 2016-10-20 15:23:59.090911 [#14 dns.pcap-dist 4095] \ + [172.17.0.10].33916 [108.201.214.210].53 \ + dns QUERY,NOERROR,45248,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:59.092204 [#15 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].33916 \ + dns QUERY,NOERROR,45248,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 \ + ns2.google.com.,IN,A,157822,216.239.34.10 +[56] 2016-10-20 15:24:04.323868 [#16 dns.pcap-dist 4095] \ + [172.17.0.10].43559 [108.201.214.210].53 \ + dns QUERY,NOERROR,49483,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:04.325597 [#17 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].43559 \ + dns QUERY,NOERROR,49483,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,285,216.58.218.206 \ + 4 google.com.,IN,NS,157816,ns4.google.com. \ + google.com.,IN,NS,157816,ns3.google.com. \ + google.com.,IN,NS,157816,ns1.google.com. \ + google.com.,IN,NS,157816,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157816,216.239.34.10 \ + ns1.google.com.,IN,A,331818,216.239.32.10 \ + ns3.google.com.,IN,A,157816,216.239.36.10 \ + ns4.google.com.,IN,A,157816,216.239.38.10 +[56] 2016-10-20 15:24:06.332239 [#18 dns.pcap-dist 4095] \ + [172.17.0.10].54859 [108.201.214.210].53 \ + dns QUERY,NOERROR,31669,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:06.333743 [#19 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].54859 \ + dns QUERY,NOERROR,31669,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,283,216.58.218.206 \ + 4 google.com.,IN,NS,157814,ns2.google.com. \ + google.com.,IN,NS,157814,ns1.google.com. \ + google.com.,IN,NS,157814,ns4.google.com. \ + google.com.,IN,NS,157814,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157814,216.239.34.10 \ + ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 +[73] 2016-10-20 15:24:06.339145 [#20 dns.pcap-dist 4095] \ + [172.17.0.10].58176 [108.201.214.210].53 \ + dns QUERY,NOERROR,25433,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:06.340820 [#21 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].58176 \ + dns QUERY,NOERROR,25433,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 \ + ns2.google.com.,IN,A,157814,216.239.34.10 +[56] 2016-10-20 15:24:07.346429 [#22 dns.pcap-dist 4095] \ + [172.17.0.10].41266 [108.201.214.210].53 \ + dns QUERY,NOERROR,63798,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:07.348160 [#23 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].41266 \ + dns QUERY,NOERROR,63798,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,282,216.58.218.206 \ + 4 google.com.,IN,NS,157813,ns4.google.com. \ + google.com.,IN,NS,157813,ns1.google.com. \ + google.com.,IN,NS,157813,ns3.google.com. \ + google.com.,IN,NS,157813,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157813,216.239.34.10 \ + ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 +[73] 2016-10-20 15:24:07.353123 [#24 dns.pcap-dist 4095] \ + [172.17.0.10].34607 [108.201.214.210].53 \ + dns QUERY,NOERROR,8470,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:07.354682 [#25 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].34607 \ + dns QUERY,NOERROR,8470,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 \ + ns2.google.com.,IN,A,157813,216.239.34.10 +[56] 2016-10-20 15:24:08.360528 [#26 dns.pcap-dist 4095] \ + [172.17.0.10].60437 [108.201.214.210].53 \ + dns QUERY,NOERROR,60258,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:08.362206 [#27 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].60437 \ + dns QUERY,NOERROR,60258,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,281,216.58.218.206 \ + 4 google.com.,IN,NS,157812,ns3.google.com. \ + google.com.,IN,NS,157812,ns2.google.com. \ + google.com.,IN,NS,157812,ns4.google.com. \ + google.com.,IN,NS,157812,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157812,216.239.34.10 \ + ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 +[73] 2016-10-20 15:24:08.368516 [#28 dns.pcap-dist 4095] \ + [172.17.0.10].37149 [108.201.214.210].53 \ + dns QUERY,NOERROR,44985,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:08.370119 [#29 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].37149 \ + dns QUERY,NOERROR,44985,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 \ + ns2.google.com.,IN,A,157812,216.239.34.10 +[56] 2016-10-20 15:24:09.375942 [#30 dns.pcap-dist 4095] \ + [172.17.0.10].53820 [108.201.214.210].53 \ + dns QUERY,NOERROR,45512,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:09.378425 [#31 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].53820 \ + dns QUERY,NOERROR,45512,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,280,216.58.218.206 \ + 4 google.com.,IN,NS,157811,ns3.google.com. \ + google.com.,IN,NS,157811,ns4.google.com. \ + google.com.,IN,NS,157811,ns1.google.com. \ + google.com.,IN,NS,157811,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157811,216.239.34.10 \ + ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 +[73] 2016-10-20 15:24:09.384057 [#32 dns.pcap-dist 4095] \ + [172.17.0.10].52368 [108.201.214.210].53 \ + dns QUERY,NOERROR,22980,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:09.385463 [#33 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].52368 \ + dns QUERY,NOERROR,22980,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 \ + ns2.google.com.,IN,A,157811,216.239.34.10 +[56] 2016-10-20 15:24:10.391358 [#34 dns.pcap-dist 4095] \ + [172.17.0.10].47637 [108.201.214.210].53 \ + dns QUERY,NOERROR,1834,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:10.392886 [#35 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].47637 \ + dns QUERY,NOERROR,1834,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,279,216.58.218.206 \ + 4 google.com.,IN,NS,157810,ns1.google.com. \ + google.com.,IN,NS,157810,ns2.google.com. \ + google.com.,IN,NS,157810,ns4.google.com. \ + google.com.,IN,NS,157810,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157810,216.239.34.10 \ + ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 +[73] 2016-10-20 15:24:10.398099 [#36 dns.pcap-dist 4095] \ + [172.17.0.10].34426 [108.201.214.210].53 \ + dns QUERY,NOERROR,25431,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:10.400317 [#37 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].34426 \ + dns QUERY,NOERROR,25431,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 \ + ns2.google.com.,IN,A,157810,216.239.34.10 +[56] 2016-10-20 15:24:11.406297 [#38 dns.pcap-dist 4095] \ + [172.17.0.10].41059 [108.201.214.210].53 \ + dns QUERY,NOERROR,48432,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:11.407460 [#39 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].41059 \ + dns QUERY,NOERROR,48432,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,278,216.58.218.206 \ + 4 google.com.,IN,NS,157809,ns3.google.com. \ + google.com.,IN,NS,157809,ns4.google.com. \ + google.com.,IN,NS,157809,ns2.google.com. \ + google.com.,IN,NS,157809,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157809,216.239.34.10 \ + ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 +[73] 2016-10-20 15:24:11.412133 [#40 dns.pcap-dist 4095] \ + [172.17.0.10].51181 [108.201.214.210].53 \ + dns QUERY,NOERROR,47411,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:11.413370 [#41 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].51181 \ + dns QUERY,NOERROR,47411,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 \ + ns2.google.com.,IN,A,157809,216.239.34.10 +[56] 2016-10-20 15:24:12.419936 [#42 dns.pcap-dist 4095] \ + [172.17.0.10].32976 [108.201.214.210].53 \ + dns QUERY,NOERROR,12038,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:12.421228 [#43 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].32976 \ + dns QUERY,NOERROR,12038,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,277,216.58.218.206 \ + 4 google.com.,IN,NS,157808,ns2.google.com. \ + google.com.,IN,NS,157808,ns3.google.com. \ + google.com.,IN,NS,157808,ns1.google.com. \ + google.com.,IN,NS,157808,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157808,216.239.34.10 \ + ns1.google.com.,IN,A,331810,216.239.32.10 \ + ns3.google.com.,IN,A,157808,216.239.36.10 \ + ns4.google.com.,IN,A,157808,216.239.38.10 +[56] 2016-10-20 15:24:14.428524 [#44 dns.pcap-dist 4095] \ + [172.17.0.10].53467 [108.201.214.210].53 \ + dns QUERY,NOERROR,11614,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:14.429863 [#45 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].53467 \ + dns QUERY,NOERROR,11614,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,275,216.58.218.206 \ + 4 google.com.,IN,NS,157806,ns3.google.com. \ + google.com.,IN,NS,157806,ns1.google.com. \ + google.com.,IN,NS,157806,ns4.google.com. \ + google.com.,IN,NS,157806,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157806,216.239.34.10 \ + ns1.google.com.,IN,A,331808,216.239.32.10 \ + ns3.google.com.,IN,A,157806,216.239.36.10 \ + ns4.google.com.,IN,A,157806,216.239.38.10 +[56] 2016-10-20 15:24:16.435733 [#46 dns.pcap-dist 4095] \ + [172.17.0.10].41532 [108.201.214.210].53 \ + dns QUERY,NOERROR,59173,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:16.437471 [#47 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].41532 \ + dns QUERY,NOERROR,59173,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,273,216.58.218.206 \ + 4 google.com.,IN,NS,157804,ns1.google.com. \ + google.com.,IN,NS,157804,ns3.google.com. \ + google.com.,IN,NS,157804,ns2.google.com. \ + google.com.,IN,NS,157804,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157804,216.239.34.10 \ + ns1.google.com.,IN,A,331806,216.239.32.10 \ + ns3.google.com.,IN,A,157804,216.239.36.10 \ + ns4.google.com.,IN,A,157804,216.239.38.10 +[56] 2016-10-20 15:24:18.445519 [#48 dns.pcap-dist 4095] \ + [172.17.0.10].44982 [108.201.214.210].53 \ + dns QUERY,NOERROR,45535,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:18.446775 [#49 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].44982 \ + dns QUERY,NOERROR,45535,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,271,216.58.218.206 \ + 4 google.com.,IN,NS,157802,ns4.google.com. \ + google.com.,IN,NS,157802,ns2.google.com. \ + google.com.,IN,NS,157802,ns1.google.com. \ + google.com.,IN,NS,157802,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157802,216.239.34.10 \ + ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 +[73] 2016-10-20 15:24:18.452451 [#50 dns.pcap-dist 4095] \ + [172.17.0.10].40224 [108.201.214.210].53 \ + dns QUERY,NOERROR,60808,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:18.454030 [#51 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].40224 \ + dns QUERY,NOERROR,60808,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 \ + ns2.google.com.,IN,A,157802,216.239.34.10 +[56] 2016-10-20 15:24:19.460087 [#52 dns.pcap-dist 4095] \ + [172.17.0.10].45658 [108.201.214.210].53 \ + dns QUERY,NOERROR,64325,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:19.462224 [#53 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].45658 \ + dns QUERY,NOERROR,64325,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,270,216.58.218.206 \ + 4 google.com.,IN,NS,157801,ns1.google.com. \ + google.com.,IN,NS,157801,ns3.google.com. \ + google.com.,IN,NS,157801,ns4.google.com. \ + google.com.,IN,NS,157801,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157801,216.239.34.10 \ + ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 +[73] 2016-10-20 15:24:19.467324 [#54 dns.pcap-dist 4095] \ + [172.17.0.10].60457 [108.201.214.210].53 \ + dns QUERY,NOERROR,25543,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:19.468895 [#55 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].60457 \ + dns QUERY,NOERROR,25543,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 \ + ns2.google.com.,IN,A,157801,216.239.34.10 +[56] 2016-10-20 15:24:20.475086 [#56 dns.pcap-dist 4095] \ + [172.17.0.10].59762 [108.201.214.210].53 \ + dns QUERY,NOERROR,20736,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:20.476841 [#57 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].59762 \ + dns QUERY,NOERROR,20736,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,269,216.58.218.206 \ + 4 google.com.,IN,NS,157800,ns3.google.com. \ + google.com.,IN,NS,157800,ns1.google.com. \ + google.com.,IN,NS,157800,ns4.google.com. \ + google.com.,IN,NS,157800,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157800,216.239.34.10 \ + ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 +[73] 2016-10-20 15:24:20.482188 [#58 dns.pcap-dist 4095] \ + [172.17.0.10].56022 [108.201.214.210].53 \ + dns QUERY,NOERROR,25911,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:20.483927 [#59 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].56022 \ + dns QUERY,NOERROR,25911,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 \ + ns2.google.com.,IN,A,157800,216.239.34.10 +[56] 2016-10-20 15:24:21.489468 [#60 dns.pcap-dist 4095] \ + [172.17.0.10].37669 [108.201.214.210].53 \ + dns QUERY,NOERROR,64358,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:21.490573 [#61 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].37669 \ + dns QUERY,NOERROR,64358,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,268,216.58.218.206 \ + 4 google.com.,IN,NS,157799,ns2.google.com. \ + google.com.,IN,NS,157799,ns1.google.com. \ + google.com.,IN,NS,157799,ns4.google.com. \ + google.com.,IN,NS,157799,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157799,216.239.34.10 \ + ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 +[73] 2016-10-20 15:24:21.495324 [#62 dns.pcap-dist 4095] \ + [172.17.0.10].42978 [108.201.214.210].53 \ + dns QUERY,NOERROR,37698,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:21.496815 [#63 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].42978 \ + dns QUERY,NOERROR,37698,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 \ + ns2.google.com.,IN,A,157799,216.239.34.10 +[56] 2016-10-20 15:24:22.502667 [#64 dns.pcap-dist 4095] \ + [172.17.0.10].49829 [108.201.214.210].53 \ + dns QUERY,NOERROR,54706,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:22.504738 [#65 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].49829 \ + dns QUERY,NOERROR,54706,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,267,216.58.218.206 \ + 4 google.com.,IN,NS,157798,ns2.google.com. \ + google.com.,IN,NS,157798,ns4.google.com. \ + google.com.,IN,NS,157798,ns3.google.com. \ + google.com.,IN,NS,157798,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157798,216.239.34.10 \ + ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 +[73] 2016-10-20 15:24:22.510176 [#66 dns.pcap-dist 4095] \ + [172.17.0.10].50599 [108.201.214.210].53 \ + dns QUERY,NOERROR,32142,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:22.511746 [#67 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].50599 \ + dns QUERY,NOERROR,32142,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 \ + ns2.google.com.,IN,A,157798,216.239.34.10 +[56] 2016-10-20 15:24:23.520203 [#68 dns.pcap-dist 4095] \ + [172.17.0.10].44980 [108.201.214.210].53 \ + dns QUERY,NOERROR,41808,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:23.521976 [#69 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].44980 \ + dns QUERY,NOERROR,41808,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,266,216.58.218.206 \ + 4 google.com.,IN,NS,157797,ns2.google.com. \ + google.com.,IN,NS,157797,ns4.google.com. \ + google.com.,IN,NS,157797,ns1.google.com. \ + google.com.,IN,NS,157797,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157797,216.239.34.10 \ + ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 +[73] 2016-10-20 15:24:23.527449 [#70 dns.pcap-dist 4095] \ + [172.17.0.10].60063 [108.201.214.210].53 \ + dns QUERY,NOERROR,18886,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:23.529385 [#71 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].60063 \ + dns QUERY,NOERROR,18886,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 \ + ns2.google.com.,IN,A,157797,216.239.34.10 +[56] 2016-10-20 15:24:24.537264 [#72 dns.pcap-dist 4095] \ + [172.17.0.10].42042 [108.201.214.210].53 \ + dns QUERY,NOERROR,10624,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:24.539398 [#73 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].42042 \ + dns QUERY,NOERROR,10624,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,265,216.58.218.206 \ + 4 google.com.,IN,NS,157796,ns3.google.com. \ + google.com.,IN,NS,157796,ns4.google.com. \ + google.com.,IN,NS,157796,ns1.google.com. \ + google.com.,IN,NS,157796,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157796,216.239.34.10 \ + ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 +[73] 2016-10-20 15:24:24.544538 [#74 dns.pcap-dist 4095] \ + [172.17.0.10].60469 [108.201.214.210].53 \ + dns QUERY,NOERROR,33139,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:24.546172 [#75 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].60469 \ + dns QUERY,NOERROR,33139,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 \ + ns2.google.com.,IN,A,157796,216.239.34.10 +[56] 2016-10-20 15:24:25.554744 [#76 dns.pcap-dist 4095] \ + [172.17.0.10].45703 [108.201.214.210].53 \ + dns QUERY,NOERROR,61415,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:25.556513 [#77 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].45703 \ + dns QUERY,NOERROR,61415,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,264,216.58.218.206 \ + 4 google.com.,IN,NS,157795,ns3.google.com. \ + google.com.,IN,NS,157795,ns4.google.com. \ + google.com.,IN,NS,157795,ns2.google.com. \ + google.com.,IN,NS,157795,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157795,216.239.34.10 \ + ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 +[73] 2016-10-20 15:24:25.562608 [#78 dns.pcap-dist 4095] \ + [172.17.0.10].33507 [108.201.214.210].53 \ + dns QUERY,NOERROR,59258,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:25.564509 [#79 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].33507 \ + dns QUERY,NOERROR,59258,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 \ + ns2.google.com.,IN,A,157795,216.239.34.10 +[56] 2016-10-20 15:24:26.572784 [#80 dns.pcap-dist 4095] \ + [172.17.0.10].46798 [108.201.214.210].53 \ + dns QUERY,NOERROR,17700,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:26.574350 [#81 dns.pcap-dist 4095] \ + [108.201.214.210].53 [172.17.0.10].46798 \ + dns QUERY,NOERROR,17700,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,263,216.58.218.206 \ + 4 google.com.,IN,NS,157794,ns1.google.com. \ + google.com.,IN,NS,157794,ns4.google.com. \ + google.com.,IN,NS,157794,ns3.google.com. \ + google.com.,IN,NS,157794,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157794,216.239.34.10 \ + ns1.google.com.,IN,A,331796,216.239.32.10 \ + ns3.google.com.,IN,A,157794,216.239.36.10 \ + ns4.google.com.,IN,A,157794,216.239.38.10 +cryptopant.so usage error: -c and -s options are mutually exclusive diff --git a/plugins/cryptopant/test1.sh b/plugins/cryptopant/test1.sh new file mode 100755 index 0000000..cb632cf --- /dev/null +++ b/plugins/cryptopant/test1.sh @@ -0,0 +1,31 @@ +#!/bin/sh -xe + +plugin=`find . -name 'cryptopant.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the cryptopant plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist + +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" 2>test1.out || true +if grep -q "no cryptopANT support built in" test1.out 2>/dev/null; then + echo "No cryptopANT support, skipping tests" + exit 0 +fi + +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" 2>test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" 2>>test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" -4 8 2>>test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" -c 2>>test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" -s 2>>test1.out +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" -c -s 2>>test1.out + +osrel=`uname -s` +if [ "$osrel" = "OpenBSD" ]; then + mv test1.out test1.out.old + grep -v "^dnscap.*WARNING.*symbol.*relink" test1.out.old > test1.out + rm test1.out.old +fi + +diff test1.out "$srcdir/test1.gold" diff --git a/plugins/cryptopant/test2.gold b/plugins/cryptopant/test2.gold new file mode 100644 index 0000000..60525e4 --- /dev/null +++ b/plugins/cryptopant/test2.gold @@ -0,0 +1,33 @@ +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ + [2a01:3a0:52c7:8483:3fd2:892c:443c:197e].51972 [2001:48e7:eb7b:8330:a6b3:e29f:c7a1:a114].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ + [2001:48e7:eb7b:8330:a6b3:e29f:c7a1:a114].53 [2a01:3a0:52c7:8483:3fd2:892c:443c:197e].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ + [f97c:c1a0:52c7:8483:3fd2:892c:443c:197e].51972 [2001:4860:4860::8888].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ + [2001:4860:4860::8888].53 [f97c:c1a0:52c7:8483:3fd2:892c:443c:197e].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ + [2a01:3f0:0:57::245].51972 [f29a:ede7:eb7b:8330:a6b3:e29f:c7a1:a114].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ + [f29a:ede7:eb7b:8330:a6b3:e29f:c7a1:a114].53 [2a01:3f0:0:57::245].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] diff --git a/plugins/cryptopant/test2.sh b/plugins/cryptopant/test2.sh new file mode 100755 index 0000000..9d50269 --- /dev/null +++ b/plugins/cryptopant/test2.sh @@ -0,0 +1,37 @@ +#!/bin/sh -xe + +plugin=`find . -name 'cryptopant.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the cryptopant plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns6.pcap" dns6.pcap-dist + +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" 2>test2.out || true +if grep -q "no cryptopANT support built in" test2.out 2>/dev/null; then + echo "No cryptopANT support, skipping tests" + exit 0 +fi + +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" 2>test2.out +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" -6 24 2>test2.out +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" -c 2>>test2.out +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -k "$srcdir/keyfile" -s 2>>test2.out + +osrel=`uname -s` +if [ "$osrel" = "OpenBSD" ]; then + mv test2.out test2.out.old + grep -v "^dnscap.*WARNING.*symbol.*relink" test2.out.old > test2.out + rm test2.out.old +fi + +# TODO: Remove when #133 is fixed +cat test2.out | \ + sed 's%,CLASS4096,OPT,%,4096,4096,%' | \ + sed 's%,CLASS512,OPT,%,512,512,%' | \ + sed 's%,41,41,0,edns0\[len=0,UDP=4096,%,4096,4096,0,edns0[len=0,UDP=4096,%' | \ + sed 's%,41,41,0,edns0\[len=0,UDP=512,%,512,512,0,edns0[len=0,UDP=512,%' >test2.new +mv test2.new test2.out + +diff test2.out "$srcdir/test2.gold" diff --git a/plugins/cryptopant/test3.gold b/plugins/cryptopant/test3.gold new file mode 100644 index 0000000..afd1d7d --- /dev/null +++ b/plugins/cryptopant/test3.gold @@ -0,0 +1,725 @@ +[56] 2016-10-20 15:23:01.075993 [#0 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].53199 [8.8.8.8].53 \ + dns QUERY,NOERROR,59311,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.077982 [#1 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].53199 \ + dns QUERY,NOERROR,59311,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns4.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[73] 2016-10-20 15:23:01.082865 [#2 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].57822 [8.8.8.8].53 \ + dns QUERY,NOERROR,35665,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:01.084107 [#3 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].57822 \ + dns QUERY,NOERROR,35665,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 \ + ns2.google.com.,IN,A,157880,216.239.34.10 +[56] 2016-10-20 15:23:01.087291 [#4 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].40043 [8.8.8.8].53 \ + dns QUERY,NOERROR,5337,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.088733 [#5 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].40043 \ + dns QUERY,NOERROR,5337,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[56] 2016-10-20 15:23:10.322117 [#6 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].37953 [8.8.8.8].53 \ + dns QUERY,NOERROR,22982,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:10.323399 [#7 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].37953 \ + dns QUERY,NOERROR,22982,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,34,216.58.218.206 \ + 4 google.com.,IN,NS,157870,ns4.google.com. \ + google.com.,IN,NS,157870,ns1.google.com. \ + google.com.,IN,NS,157870,ns2.google.com. \ + google.com.,IN,NS,157870,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157870,216.239.34.10 \ + ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 +[73] 2016-10-20 15:23:10.328324 [#8 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].48658 [8.8.8.8].53 \ + dns QUERY,NOERROR,18718,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:10.329572 [#9 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].48658 \ + dns QUERY,NOERROR,18718,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 \ + ns2.google.com.,IN,A,157870,216.239.34.10 +[56] 2016-10-20 15:23:52.860937 [#10 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].40953 [8.8.8.8].53 \ + dns QUERY,NOERROR,22531,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:52.863771 [#11 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].40953 \ + dns QUERY,NOERROR,22531,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,297,216.58.218.206 \ + 4 google.com.,IN,NS,157828,ns2.google.com. \ + google.com.,IN,NS,157828,ns4.google.com. \ + google.com.,IN,NS,157828,ns1.google.com. \ + google.com.,IN,NS,157828,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157828,216.239.34.10 \ + ns1.google.com.,IN,A,331830,216.239.32.10 \ + ns3.google.com.,IN,A,157828,216.239.36.10 \ + ns4.google.com.,IN,A,157828,216.239.38.10 +[56] 2016-10-20 15:23:59.083869 [#12 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].45174 [8.8.8.8].53 \ + dns QUERY,NOERROR,58510,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:59.086104 [#13 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].45174 \ + dns QUERY,NOERROR,58510,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,291,216.58.218.206 \ + 4 google.com.,IN,NS,157822,ns2.google.com. \ + google.com.,IN,NS,157822,ns3.google.com. \ + google.com.,IN,NS,157822,ns1.google.com. \ + google.com.,IN,NS,157822,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157822,216.239.34.10 \ + ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 +[73] 2016-10-20 15:23:59.090911 [#14 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].33916 [8.8.8.8].53 \ + dns QUERY,NOERROR,45248,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:59.092204 [#15 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].33916 \ + dns QUERY,NOERROR,45248,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 \ + ns2.google.com.,IN,A,157822,216.239.34.10 +[56] 2016-10-20 15:24:04.323868 [#16 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].43559 [8.8.8.8].53 \ + dns QUERY,NOERROR,49483,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:04.325597 [#17 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].43559 \ + dns QUERY,NOERROR,49483,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,285,216.58.218.206 \ + 4 google.com.,IN,NS,157816,ns4.google.com. \ + google.com.,IN,NS,157816,ns3.google.com. \ + google.com.,IN,NS,157816,ns1.google.com. \ + google.com.,IN,NS,157816,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157816,216.239.34.10 \ + ns1.google.com.,IN,A,331818,216.239.32.10 \ + ns3.google.com.,IN,A,157816,216.239.36.10 \ + ns4.google.com.,IN,A,157816,216.239.38.10 +[56] 2016-10-20 15:24:06.332239 [#18 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].54859 [8.8.8.8].53 \ + dns QUERY,NOERROR,31669,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:06.333743 [#19 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].54859 \ + dns QUERY,NOERROR,31669,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,283,216.58.218.206 \ + 4 google.com.,IN,NS,157814,ns2.google.com. \ + google.com.,IN,NS,157814,ns1.google.com. \ + google.com.,IN,NS,157814,ns4.google.com. \ + google.com.,IN,NS,157814,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157814,216.239.34.10 \ + ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 +[73] 2016-10-20 15:24:06.339145 [#20 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].58176 [8.8.8.8].53 \ + dns QUERY,NOERROR,25433,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:06.340820 [#21 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].58176 \ + dns QUERY,NOERROR,25433,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 \ + ns2.google.com.,IN,A,157814,216.239.34.10 +[56] 2016-10-20 15:24:07.346429 [#22 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].41266 [8.8.8.8].53 \ + dns QUERY,NOERROR,63798,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:07.348160 [#23 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].41266 \ + dns QUERY,NOERROR,63798,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,282,216.58.218.206 \ + 4 google.com.,IN,NS,157813,ns4.google.com. \ + google.com.,IN,NS,157813,ns1.google.com. \ + google.com.,IN,NS,157813,ns3.google.com. \ + google.com.,IN,NS,157813,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157813,216.239.34.10 \ + ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 +[73] 2016-10-20 15:24:07.353123 [#24 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].34607 [8.8.8.8].53 \ + dns QUERY,NOERROR,8470,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:07.354682 [#25 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].34607 \ + dns QUERY,NOERROR,8470,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 \ + ns2.google.com.,IN,A,157813,216.239.34.10 +[56] 2016-10-20 15:24:08.360528 [#26 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].60437 [8.8.8.8].53 \ + dns QUERY,NOERROR,60258,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:08.362206 [#27 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].60437 \ + dns QUERY,NOERROR,60258,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,281,216.58.218.206 \ + 4 google.com.,IN,NS,157812,ns3.google.com. \ + google.com.,IN,NS,157812,ns2.google.com. \ + google.com.,IN,NS,157812,ns4.google.com. \ + google.com.,IN,NS,157812,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157812,216.239.34.10 \ + ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 +[73] 2016-10-20 15:24:08.368516 [#28 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].37149 [8.8.8.8].53 \ + dns QUERY,NOERROR,44985,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:08.370119 [#29 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].37149 \ + dns QUERY,NOERROR,44985,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 \ + ns2.google.com.,IN,A,157812,216.239.34.10 +[56] 2016-10-20 15:24:09.375942 [#30 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].53820 [8.8.8.8].53 \ + dns QUERY,NOERROR,45512,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:09.378425 [#31 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].53820 \ + dns QUERY,NOERROR,45512,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,280,216.58.218.206 \ + 4 google.com.,IN,NS,157811,ns3.google.com. \ + google.com.,IN,NS,157811,ns4.google.com. \ + google.com.,IN,NS,157811,ns1.google.com. \ + google.com.,IN,NS,157811,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157811,216.239.34.10 \ + ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 +[73] 2016-10-20 15:24:09.384057 [#32 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].52368 [8.8.8.8].53 \ + dns QUERY,NOERROR,22980,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:09.385463 [#33 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].52368 \ + dns QUERY,NOERROR,22980,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 \ + ns2.google.com.,IN,A,157811,216.239.34.10 +[56] 2016-10-20 15:24:10.391358 [#34 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].47637 [8.8.8.8].53 \ + dns QUERY,NOERROR,1834,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:10.392886 [#35 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].47637 \ + dns QUERY,NOERROR,1834,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,279,216.58.218.206 \ + 4 google.com.,IN,NS,157810,ns1.google.com. \ + google.com.,IN,NS,157810,ns2.google.com. \ + google.com.,IN,NS,157810,ns4.google.com. \ + google.com.,IN,NS,157810,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157810,216.239.34.10 \ + ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 +[73] 2016-10-20 15:24:10.398099 [#36 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].34426 [8.8.8.8].53 \ + dns QUERY,NOERROR,25431,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:10.400317 [#37 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].34426 \ + dns QUERY,NOERROR,25431,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 \ + ns2.google.com.,IN,A,157810,216.239.34.10 +[56] 2016-10-20 15:24:11.406297 [#38 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].41059 [8.8.8.8].53 \ + dns QUERY,NOERROR,48432,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:11.407460 [#39 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].41059 \ + dns QUERY,NOERROR,48432,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,278,216.58.218.206 \ + 4 google.com.,IN,NS,157809,ns3.google.com. \ + google.com.,IN,NS,157809,ns4.google.com. \ + google.com.,IN,NS,157809,ns2.google.com. \ + google.com.,IN,NS,157809,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157809,216.239.34.10 \ + ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 +[73] 2016-10-20 15:24:11.412133 [#40 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].51181 [8.8.8.8].53 \ + dns QUERY,NOERROR,47411,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:11.413370 [#41 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].51181 \ + dns QUERY,NOERROR,47411,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 \ + ns2.google.com.,IN,A,157809,216.239.34.10 +[56] 2016-10-20 15:24:12.419936 [#42 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].32976 [8.8.8.8].53 \ + dns QUERY,NOERROR,12038,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:12.421228 [#43 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].32976 \ + dns QUERY,NOERROR,12038,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,277,216.58.218.206 \ + 4 google.com.,IN,NS,157808,ns2.google.com. \ + google.com.,IN,NS,157808,ns3.google.com. \ + google.com.,IN,NS,157808,ns1.google.com. \ + google.com.,IN,NS,157808,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157808,216.239.34.10 \ + ns1.google.com.,IN,A,331810,216.239.32.10 \ + ns3.google.com.,IN,A,157808,216.239.36.10 \ + ns4.google.com.,IN,A,157808,216.239.38.10 +[56] 2016-10-20 15:24:14.428524 [#44 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].53467 [8.8.8.8].53 \ + dns QUERY,NOERROR,11614,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:14.429863 [#45 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].53467 \ + dns QUERY,NOERROR,11614,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,275,216.58.218.206 \ + 4 google.com.,IN,NS,157806,ns3.google.com. \ + google.com.,IN,NS,157806,ns1.google.com. \ + google.com.,IN,NS,157806,ns4.google.com. \ + google.com.,IN,NS,157806,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157806,216.239.34.10 \ + ns1.google.com.,IN,A,331808,216.239.32.10 \ + ns3.google.com.,IN,A,157806,216.239.36.10 \ + ns4.google.com.,IN,A,157806,216.239.38.10 +[56] 2016-10-20 15:24:16.435733 [#46 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].41532 [8.8.8.8].53 \ + dns QUERY,NOERROR,59173,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:16.437471 [#47 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].41532 \ + dns QUERY,NOERROR,59173,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,273,216.58.218.206 \ + 4 google.com.,IN,NS,157804,ns1.google.com. \ + google.com.,IN,NS,157804,ns3.google.com. \ + google.com.,IN,NS,157804,ns2.google.com. \ + google.com.,IN,NS,157804,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157804,216.239.34.10 \ + ns1.google.com.,IN,A,331806,216.239.32.10 \ + ns3.google.com.,IN,A,157804,216.239.36.10 \ + ns4.google.com.,IN,A,157804,216.239.38.10 +[56] 2016-10-20 15:24:18.445519 [#48 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].44982 [8.8.8.8].53 \ + dns QUERY,NOERROR,45535,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:18.446775 [#49 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].44982 \ + dns QUERY,NOERROR,45535,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,271,216.58.218.206 \ + 4 google.com.,IN,NS,157802,ns4.google.com. \ + google.com.,IN,NS,157802,ns2.google.com. \ + google.com.,IN,NS,157802,ns1.google.com. \ + google.com.,IN,NS,157802,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157802,216.239.34.10 \ + ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 +[73] 2016-10-20 15:24:18.452451 [#50 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].40224 [8.8.8.8].53 \ + dns QUERY,NOERROR,60808,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:18.454030 [#51 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].40224 \ + dns QUERY,NOERROR,60808,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 \ + ns2.google.com.,IN,A,157802,216.239.34.10 +[56] 2016-10-20 15:24:19.460087 [#52 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].45658 [8.8.8.8].53 \ + dns QUERY,NOERROR,64325,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:19.462224 [#53 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].45658 \ + dns QUERY,NOERROR,64325,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,270,216.58.218.206 \ + 4 google.com.,IN,NS,157801,ns1.google.com. \ + google.com.,IN,NS,157801,ns3.google.com. \ + google.com.,IN,NS,157801,ns4.google.com. \ + google.com.,IN,NS,157801,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157801,216.239.34.10 \ + ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 +[73] 2016-10-20 15:24:19.467324 [#54 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].60457 [8.8.8.8].53 \ + dns QUERY,NOERROR,25543,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:19.468895 [#55 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].60457 \ + dns QUERY,NOERROR,25543,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 \ + ns2.google.com.,IN,A,157801,216.239.34.10 +[56] 2016-10-20 15:24:20.475086 [#56 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].59762 [8.8.8.8].53 \ + dns QUERY,NOERROR,20736,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:20.476841 [#57 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].59762 \ + dns QUERY,NOERROR,20736,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,269,216.58.218.206 \ + 4 google.com.,IN,NS,157800,ns3.google.com. \ + google.com.,IN,NS,157800,ns1.google.com. \ + google.com.,IN,NS,157800,ns4.google.com. \ + google.com.,IN,NS,157800,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157800,216.239.34.10 \ + ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 +[73] 2016-10-20 15:24:20.482188 [#58 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].56022 [8.8.8.8].53 \ + dns QUERY,NOERROR,25911,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:20.483927 [#59 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].56022 \ + dns QUERY,NOERROR,25911,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 \ + ns2.google.com.,IN,A,157800,216.239.34.10 +[56] 2016-10-20 15:24:21.489468 [#60 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].37669 [8.8.8.8].53 \ + dns QUERY,NOERROR,64358,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:21.490573 [#61 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].37669 \ + dns QUERY,NOERROR,64358,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,268,216.58.218.206 \ + 4 google.com.,IN,NS,157799,ns2.google.com. \ + google.com.,IN,NS,157799,ns1.google.com. \ + google.com.,IN,NS,157799,ns4.google.com. \ + google.com.,IN,NS,157799,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157799,216.239.34.10 \ + ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 +[73] 2016-10-20 15:24:21.495324 [#62 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].42978 [8.8.8.8].53 \ + dns QUERY,NOERROR,37698,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:21.496815 [#63 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].42978 \ + dns QUERY,NOERROR,37698,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 \ + ns2.google.com.,IN,A,157799,216.239.34.10 +[56] 2016-10-20 15:24:22.502667 [#64 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].49829 [8.8.8.8].53 \ + dns QUERY,NOERROR,54706,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:22.504738 [#65 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].49829 \ + dns QUERY,NOERROR,54706,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,267,216.58.218.206 \ + 4 google.com.,IN,NS,157798,ns2.google.com. \ + google.com.,IN,NS,157798,ns4.google.com. \ + google.com.,IN,NS,157798,ns3.google.com. \ + google.com.,IN,NS,157798,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157798,216.239.34.10 \ + ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 +[73] 2016-10-20 15:24:22.510176 [#66 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].50599 [8.8.8.8].53 \ + dns QUERY,NOERROR,32142,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:22.511746 [#67 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].50599 \ + dns QUERY,NOERROR,32142,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 \ + ns2.google.com.,IN,A,157798,216.239.34.10 +[56] 2016-10-20 15:24:23.520203 [#68 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].44980 [8.8.8.8].53 \ + dns QUERY,NOERROR,41808,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:23.521976 [#69 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].44980 \ + dns QUERY,NOERROR,41808,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,266,216.58.218.206 \ + 4 google.com.,IN,NS,157797,ns2.google.com. \ + google.com.,IN,NS,157797,ns4.google.com. \ + google.com.,IN,NS,157797,ns1.google.com. \ + google.com.,IN,NS,157797,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157797,216.239.34.10 \ + ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 +[73] 2016-10-20 15:24:23.527449 [#70 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].60063 [8.8.8.8].53 \ + dns QUERY,NOERROR,18886,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:23.529385 [#71 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].60063 \ + dns QUERY,NOERROR,18886,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 \ + ns2.google.com.,IN,A,157797,216.239.34.10 +[56] 2016-10-20 15:24:24.537264 [#72 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].42042 [8.8.8.8].53 \ + dns QUERY,NOERROR,10624,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:24.539398 [#73 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].42042 \ + dns QUERY,NOERROR,10624,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,265,216.58.218.206 \ + 4 google.com.,IN,NS,157796,ns3.google.com. \ + google.com.,IN,NS,157796,ns4.google.com. \ + google.com.,IN,NS,157796,ns1.google.com. \ + google.com.,IN,NS,157796,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157796,216.239.34.10 \ + ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 +[73] 2016-10-20 15:24:24.544538 [#74 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].60469 [8.8.8.8].53 \ + dns QUERY,NOERROR,33139,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:24.546172 [#75 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].60469 \ + dns QUERY,NOERROR,33139,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 \ + ns2.google.com.,IN,A,157796,216.239.34.10 +[56] 2016-10-20 15:24:25.554744 [#76 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].45703 [8.8.8.8].53 \ + dns QUERY,NOERROR,61415,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:25.556513 [#77 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].45703 \ + dns QUERY,NOERROR,61415,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,264,216.58.218.206 \ + 4 google.com.,IN,NS,157795,ns3.google.com. \ + google.com.,IN,NS,157795,ns4.google.com. \ + google.com.,IN,NS,157795,ns2.google.com. \ + google.com.,IN,NS,157795,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157795,216.239.34.10 \ + ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 +[73] 2016-10-20 15:24:25.562608 [#78 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].33507 [8.8.8.8].53 \ + dns QUERY,NOERROR,59258,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:25.564509 [#79 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].33507 \ + dns QUERY,NOERROR,59258,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 \ + ns2.google.com.,IN,A,157795,216.239.34.10 +[56] 2016-10-20 15:24:26.572784 [#80 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].46798 [8.8.8.8].53 \ + dns QUERY,NOERROR,17700,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:26.574350 [#81 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].46798 \ + dns QUERY,NOERROR,17700,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,263,216.58.218.206 \ + 4 google.com.,IN,NS,157794,ns1.google.com. \ + google.com.,IN,NS,157794,ns4.google.com. \ + google.com.,IN,NS,157794,ns3.google.com. \ + google.com.,IN,NS,157794,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157794,216.239.34.10 \ + ns1.google.com.,IN,A,331796,216.239.32.10 \ + ns3.google.com.,IN,A,157794,216.239.36.10 \ + ns4.google.com.,IN,A,157794,216.239.38.10 +[87] 2018-11-27 15:52:00.414188 [#0 test3.pcap.20181127.155200.414188 4095] \ + [2a01:3f0:0:57::245].51972 [2001:4860:4860::8888].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 test3.pcap.20181127.155200.414188 4095] \ + [2001:4860:4860::8888].53 [2a01:3f0:0:57::245].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] diff --git a/plugins/cryptopant/test3.sh b/plugins/cryptopant/test3.sh new file mode 100755 index 0000000..1ebb524 --- /dev/null +++ b/plugins/cryptopant/test3.sh @@ -0,0 +1,38 @@ +#!/bin/sh -xe + +plugin=`find . -name 'cryptopant.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the cryptopant plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist +ln -fs "$srcdir/../../src/test/dns6.pcap" dns6.pcap-dist + +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" 2>test3.out || true +if grep -q "no cryptopANT support built in" test3.out 2>/dev/null; then + echo "No cryptopANT support, skipping tests" + exit 0 +fi + +../../src/dnscap -w test3.pcap -r dns.pcap-dist -P "$plugin" -k "$srcdir/keyfile" 2>test3.out +../../src/dnscap -w test3.pcap -r dns6.pcap-dist -P "$plugin" -k "$srcdir/keyfile" 2>>test3.out +../../src/dnscap -r test3.pcap.20161020.152301.075993 -g -P "$plugin" -k "$srcdir/keyfile" -D 2>>test3.out +../../src/dnscap -r test3.pcap.20181127.155200.414188 -g -P "$plugin" -k "$srcdir/keyfile" -D 2>>test3.out + +osrel=`uname -s` +if [ "$osrel" = "OpenBSD" ]; then + mv test3.out test3.out.old + grep -v "^dnscap.*WARNING.*symbol.*relink" test3.out.old > test3.out + rm test3.out.old +fi + +# TODO: Remove when #133 is fixed +cat test3.out | \ + sed 's%,CLASS4096,OPT,%,4096,4096,%' | \ + sed 's%,CLASS512,OPT,%,512,512,%' | \ + sed 's%,41,41,0,edns0\[len=0,UDP=4096,%,4096,4096,0,edns0[len=0,UDP=4096,%' | \ + sed 's%,41,41,0,edns0\[len=0,UDP=512,%,512,512,0,edns0[len=0,UDP=512,%' >test3.new +mv test3.new test3.out + +diff test3.out "$srcdir/test3.gold" diff --git a/plugins/cryptopant/test4.sh b/plugins/cryptopant/test4.sh new file mode 100755 index 0000000..986d120 --- /dev/null +++ b/plugins/cryptopant/test4.sh @@ -0,0 +1,22 @@ +#!/bin/sh -xe + +plugin=`find . -name 'cryptopant.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the cryptopant plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist + +# ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" 2>test1.out || true +# if grep -q "no cryptopANT support built in" test1.out 2>/dev/null; then +# echo "No cryptopANT support, skipping tests" +# exit 0 +# fi + +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -? +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -X +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -p 0 +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -p 1 +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -4 99 +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -6 999 diff --git a/plugins/eventlog/Makefile.am b/plugins/eventlog/Makefile.am new file mode 100644 index 0000000..e29af63 --- /dev/null +++ b/plugins/eventlog/Makefile.am @@ -0,0 +1,22 @@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in +CLEANFILES = *.gcda *.gcno *.gcov + +AM_CFLAGS = -I$(srcdir) \ + -I$(top_srcdir)/src \ + -I$(top_srcdir)/isc \ + $(SECCOMPFLAGS) + +pkglib_LTLIBRARIES = eventlog.la +eventlog_la_SOURCES = eventlog.c +eventlog_la_LDFLAGS = -module -avoid-version + +TESTS = test1.sh +EXTRA_DIST = $(TESTS) +CLEANFILES += test1.out *.pcap-dist + +if ENABLE_GCOV +gcov-local: + for src in $(eventlog_la_SOURCES); do \ + gcov -o .libs -l -r -s "$(srcdir)" "$$src"; \ + done +endif diff --git a/plugins/eventlog/eventlog.c b/plugins/eventlog/eventlog.c new file mode 100644 index 0000000..93d0d15 --- /dev/null +++ b/plugins/eventlog/eventlog.c @@ -0,0 +1,425 @@ +/* eventlog.c + * + * Byron Darrah - May 20, 2020 + * Version 1.0 + * + * This is a plugin for dnscap, based on the txtout plugin. + * + * This plugin generates one line of output for each packet, with a human- + * readable timestamp, and includes the results of A and AAAA queries (which + * is either a list of IP addresses, or an NXDOMAIN flag). + * + * Below is the original copyright notice from txtout.c. + */ +/* + * Copyright (c) 2016-2021, OARC, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. Neither the name of the copyright holder nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> +#include <netinet/in.h> +#include <ctype.h> +#include <errno.h> +#include <arpa/inet.h> +#include <arpa/nameser.h> +#include <ldns/ldns.h> + +#include "dnscap_common.h" + +static logerr_t* logerr; +static char* opt_o = NULL; +static int opt_s = 0; +static FILE* out = 0; +static int opt_t = 0; +static char* opt_n = NULL; + +output_t eventlog_output; + +void eventlog_usage() +{ + fprintf(stderr, + "\neventlog.so options:\n" + " -? print these instructions and exit\n" + " -o <arg> output file name\n" + " -s short output, only QTYPE/QNAME for IN\n" + " -t prefix event messages with DNS packet timestamp\n" + " -n <arg> include name with each event message\n\n" + "Produces a line of text per packet suitable for event logging,\n" + "including IP addresses from query responses.\n"); +} + +void eventlog_getopt(int* argc, char** argv[]) +{ + /* + * The "getopt" function will be called from the parent to + * process plugin options. + */ + int c; + while ((c = getopt(*argc, *argv, "?so:tn:")) != EOF) { + switch (c) { + case 'o': + if (opt_o) + free(opt_o); + opt_o = strdup(optarg); + break; + case 's': + opt_s = 1; + break; + case 't': + opt_t = 1; + break; + case 'n': + opt_n = strdup(optarg); + break; + case '?': + eventlog_usage(); + if (!optopt || optopt == '?') { + exit(0); + } + // fallthrough + default: + exit(1); + } + } +} + +int eventlog_start(logerr_t* a_logerr) +{ + /* + * The "start" function is called once, when the program + * starts. It is used to initialize the plugin. If the + * plugin wants to write debugging and or error messages, + * it should save the a_logerr pointer passed from the + * parent code. + */ + logerr = a_logerr; + if (opt_o) { + out = fopen(opt_o, "a"); + if (0 == out) { + logerr("%s: %s\n", opt_o, strerror(errno)); + exit(1); + } + } else { + out = stdout; + } + setbuf(out, 0); + + if (opt_t) { + time_t curtime; + char time_text[25]; + struct tm res; + curtime = time(NULL); + if (strftime(time_text, 25, "%G %m/%d %T", localtime_r(&curtime, &res)) > 0) { + fprintf(out, "%s ", time_text); + } else { + fprintf(out, "**ERROR reading time** "); + } + } + if (opt_n) { + fprintf(out, "%s ", opt_n); + } + fprintf(out, "DNS event logging started.\n"); + + return 0; +} + +void eventlog_stop() +{ + /* + * The "start" function is called once, when the program + * is exiting normally. It might be used to clean up state, + * free memory, etc. + */ + if (out != stdout) + fclose(out); +} + +int eventlog_open(my_bpftimeval ts) +{ + /* + * The "open" function is called at the start of each + * collection interval, which might be based on a period + * of time or a number of packets. In the original code, + * this is where we opened an output pcap file. + */ + return 0; +} + +int eventlog_close(my_bpftimeval ts) +{ + /* + * The "close" function is called at the end of each + * collection interval, which might be based on a period + * of time or on a number of packets. In the original code + * this is where we closed an output pcap file. + */ + return 0; +} + +ia_str_t ia_str = 0; +tcpstate_getcurr_t tcpstate_getcurr = 0; +tcpstate_reset_t tcpstate_reset = 0; + +void eventlog_extension(int ext, void* arg) +{ + switch (ext) { + case DNSCAP_EXT_IA_STR: + ia_str = (ia_str_t)arg; + break; + case DNSCAP_EXT_TCPSTATE_GETCURR: + tcpstate_getcurr = (tcpstate_getcurr_t)arg; + break; + case DNSCAP_EXT_TCPSTATE_RESET: + tcpstate_reset = (tcpstate_reset_t)arg; + break; + } +} + +static void eventlog_output_ipbytes(size_t len, const uint8_t* data) +{ + + /* If there are 4 bytes, print them as an IPv4 address. */ + if (len == 4) { + fprintf(out, "%u.%u.%u.%u", data[0], data[1], data[2], data[3]); + } + + /* If there are 16 bytes, print them as an IPv6 address. */ + else if (len == 16) { + /* If there are 16 bytes, print them as an IPv6 address. */ + fprintf(out, "%x:%x:%x:%x:%x:%x:%x:%x", + ((unsigned int)data[0]) << 8 | data[1], + ((unsigned int)data[2]) << 8 | data[3], + ((unsigned int)data[4]) << 8 | data[5], + ((unsigned int)data[6]) << 8 | data[7], + ((unsigned int)data[8]) << 8 | data[9], + ((unsigned int)data[10]) << 8 | data[11], + ((unsigned int)data[12]) << 8 | data[13], + ((unsigned int)data[14]) << 8 | data[15]); + } +} + +void eventlog_output(const char* descr, iaddr from, iaddr to, uint8_t proto, unsigned flags, + unsigned sport, unsigned dport, my_bpftimeval ts, + const u_char* pkt_copy, unsigned olen, + const u_char* payload, unsigned payloadlen) +{ + + /* Do not output anything if there is no DNS info to report. */ + if (!(flags & DNSCAP_OUTPUT_ISDNS)) { + return; + } + ldns_pkt* pkt; + if (ldns_wire2pkt(&pkt, payload, payloadlen) != LDNS_STATUS_OK) { + if (tcpstate_getcurr && tcpstate_reset) + tcpstate_reset(tcpstate_getcurr(), ""); + return; + } + ldns_buffer* buf = ldns_buffer_new(512); + if (!buf) { + logerr("out of memmory\n"); + exit(1); + } + + /* + * Output the packet timestamp + */ + if (opt_t) { + char time_text[25]; + struct tm res; + if (strftime(time_text, 25, "%G %m/%d %T", localtime_r(&ts.tv_sec, &res)) > 0) { + fprintf(out, "%s ", time_text); + } else { + fprintf(out, "**ERROR reading packet time** "); + } + } + if (opt_n) { + fprintf(out, "%s ", opt_n); + } + + /* + * Short output, only print QTYPE and QNAME for IN records + */ + if (opt_s) { + ldns_rr_list* qds = ldns_pkt_question(pkt); + if (qds) { + ldns_rr* qd = ldns_rr_list_rr(qds, 0); + + if (qd && ldns_rr_get_class(qd) == LDNS_RR_CLASS_IN) { + if (ldns_rr_type2buffer_str(buf, ldns_rr_get_type(qd)) == LDNS_STATUS_OK) { + fprintf(out, "%s", (char*)ldns_buffer_begin(buf)); + } else { + fprintf(out, "ERR"); + } + + ldns_buffer_clear(buf); + if (ldns_rdf2buffer_str(buf, ldns_rr_owner(qd)) == LDNS_STATUS_OK) { + fprintf(out, " %s\n", (char*)ldns_buffer_begin(buf)); + } else { + fprintf(out, "ERR\n"); + } + } + } + ldns_pkt_free(pkt); + ldns_buffer_free(buf); + return; + } + + /* + * IP Stuff + */ + fprintf(out, "src=%s spt=%u ", ia_str(from), sport); + fprintf(out, "dst=%s dpt=%u ", ia_str(to), dport); + switch (proto) { + case 17: + fprintf(out, "proto=UDP"); + break; + case 6: + fprintf(out, "proto=TCP"); + break; + default: + fprintf(out, "proto=%hhu", proto); + break; + } + + /* + * DNS Header + */ + fprintf(out, " mid=%u", ldns_pkt_id(pkt)); + fprintf(out, " op=%u", ldns_pkt_get_opcode(pkt)); + fprintf(out, " fl=|"); + if (ldns_pkt_qr(pkt)) + fprintf(out, "QR|"); + if (ldns_pkt_aa(pkt)) + fprintf(out, "AA|"); + if (ldns_pkt_tc(pkt)) + fprintf(out, "TC|"); + if (ldns_pkt_rd(pkt)) + fprintf(out, "RD|"); + if (ldns_pkt_ra(pkt)) + fprintf(out, "RA|"); + if (ldns_pkt_ad(pkt)) + fprintf(out, "AD|"); + if (ldns_pkt_cd(pkt)) + fprintf(out, "CD|"); + switch (ldns_pkt_get_rcode(pkt)) { + case LDNS_RCODE_NOERROR: + fprintf(out, " rc=OK"); + break; + case LDNS_RCODE_NXDOMAIN: + fprintf(out, " rc=NXDOMAIN"); + break; + case LDNS_RCODE_SERVFAIL: + fprintf(out, " rc=SRVFAIL"); + break; + default: + fprintf(out, " rc=%u", ldns_pkt_get_rcode(pkt)); + break; + } + + ldns_rr_list* qds = ldns_pkt_question(pkt); + ldns_rr* qd; + if (qds && (qd = ldns_rr_list_rr(qds, 0))) { + if (ldns_rr_class2buffer_str(buf, ldns_rr_get_class(qd)) == LDNS_STATUS_OK) { + fprintf(out, " cl=%s", (char*)ldns_buffer_begin(buf)); + } else { + fprintf(out, " **ERROR parsing response record**\n"); + ldns_pkt_free(pkt); + ldns_buffer_free(buf); + return; + } + + ldns_buffer_clear(buf); + if (ldns_rr_type2buffer_str(buf, ldns_rr_get_type(qd)) == LDNS_STATUS_OK) { + fprintf(out, " tp=%s", (char*)ldns_buffer_begin(buf)); + } else { + fprintf(out, " **ERROR parsing response record**\n"); + ldns_pkt_free(pkt); + ldns_buffer_free(buf); + return; + } + + ldns_buffer_clear(buf); + if (ldns_rdf2buffer_str(buf, ldns_rr_owner(qd)) == LDNS_STATUS_OK) { + fprintf(out, " name=%s\n", (char*)ldns_buffer_begin(buf)); + } else { + fprintf(out, " **ERROR parsing response record**\n"); + ldns_pkt_free(pkt); + ldns_buffer_free(buf); + return; + } + } + + /* output the query answers */ + ldns_rr_list* ans = ldns_pkt_answer(pkt); + if (ans) { + const char* delim = " ans="; + size_t i, n; + for (i = 0, n = ldns_rr_list_rr_count(ans); i < n; i++) { + ldns_rr* rr = ldns_rr_list_rr(ans, i); + + if (rr) { + switch (ldns_rr_get_type(rr)) { + case LDNS_RR_TYPE_A: + case LDNS_RR_TYPE_AAAA: { + ldns_rdf* rdf = ldns_rr_rdf(rr, 0); + if (rdf) { + fprintf(out, "%s", delim); + delim = ","; + eventlog_output_ipbytes(ldns_rdf_size(rdf), ldns_rdf_data(rdf)); + continue; + } + break; + } + default: + continue; + } + } + + fprintf(out, " **ERROR parsing response record**\n"); + ldns_pkt_free(pkt); + ldns_buffer_free(buf); + return; + } + } + + /* + * Done + */ + fprintf(out, "\n"); + ldns_pkt_free(pkt); + ldns_buffer_free(buf); +} diff --git a/plugins/eventlog/test1.sh b/plugins/eventlog/test1.sh new file mode 100755 index 0000000..7dda20e --- /dev/null +++ b/plugins/eventlog/test1.sh @@ -0,0 +1,22 @@ +#!/bin/sh -xe + +plugin=`find . -name 'eventlog.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the eventlog plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist +ln -fs "$srcdir/../../src/test/dns6.pcap" dns6.pcap-dist +ln -fs "$srcdir/../../src/test/dnso1tcp.pcap" dnso1tcp.pcap-dist + +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -? +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -o test1.out -o test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -s +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -t +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -n test +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -X + +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" +../../src/dnscap -T -r dnso1tcp.pcap-dist -g -P "$plugin" diff --git a/plugins/ipcrypt/Makefile.am b/plugins/ipcrypt/Makefile.am new file mode 100644 index 0000000..64effb7 --- /dev/null +++ b/plugins/ipcrypt/Makefile.am @@ -0,0 +1,24 @@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in +CLEANFILES = *.gcda *.gcno *.gcov + +AM_CFLAGS = -I$(srcdir) \ + -I$(top_srcdir)/src \ + -I$(top_srcdir)/isc \ + $(SECCOMPFLAGS) + +pkglib_LTLIBRARIES = ipcrypt.la +ipcrypt_la_SOURCES = ipcrypt.c +ipcrypt_la_LDFLAGS = -module -avoid-version + +TESTS = test1.sh test2.sh test3.sh test4.sh + +EXTRA_DIST = $(TESTS) test1.gold test2.gold test3.gold +CLEANFILES += test1.out test2.out test3.out test3.pcap.20161020.152301.075993 \ + test3.pcap.20181127.155200.414188 test4.tmp + +if ENABLE_GCOV +gcov-local: + for src in $(ipcrypt_la_SOURCES); do \ + gcov -o .libs -l -r -s "$(srcdir)" "$$src"; \ + done +endif diff --git a/plugins/ipcrypt/ipcrypt.c b/plugins/ipcrypt/ipcrypt.c new file mode 100644 index 0000000..2fadcf4 --- /dev/null +++ b/plugins/ipcrypt/ipcrypt.c @@ -0,0 +1,351 @@ +/* + * Copyright (c) 2018-2021, OARC, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. Neither the name of the copyright holder nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> +#include <sys/socket.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> + +#include "dnscap_common.h" + +static set_iaddr_t ipcrypt_set_iaddr = 0; + +static logerr_t* logerr; +static int only_clients = 0, only_servers = 0, dns_port = 53, iterations = 1, encrypt_v6 = 0, decrypt = 0; +static uint8_t key[16]; + +/* + * ipcrypt based on Python and Go code at https://github.com/veorq/ipcrypt + * by Jean-Philippe Aumasson jeanphilippe.aumasson@gmail.com + */ + +static inline uint8_t rotl(uint8_t b, int r) +{ + return (b << r) | (b >> (8 - r)); +} + +static inline void permute_fwd(uint8_t* state) +{ + state[0] += state[1]; + state[2] += state[3]; + state[1] = rotl(state[1], 2) ^ state[0]; + state[3] = rotl(state[3], 5) ^ state[2]; + // state[1] ^= state[0]; + // state[3] ^= state[2]; + state[0] = rotl(state[0], 4) + state[3]; + // state[0] += state[3]; + state[2] += state[1]; + state[1] = rotl(state[1], 3) ^ state[2]; + state[3] = rotl(state[3], 7) ^ state[0]; + // state[1] ^= state[2]; + // state[3] ^= state[0]; + state[2] = rotl(state[2], 4); +} + +static inline void permute_bwd(uint8_t* state) +{ + state[2] = rotl(state[2], 4); + state[1] ^= state[2]; + state[3] ^= state[0]; + state[1] = rotl(state[1], 5); + state[3] = rotl(state[3], 1); + state[0] -= state[3]; + state[2] -= state[1]; + state[0] = rotl(state[0], 4); + state[1] ^= state[0]; + state[3] ^= state[2]; + state[1] = rotl(state[1], 6); + state[3] = rotl(state[3], 3); + state[0] -= state[1]; + state[2] -= state[3]; +} + +static inline void xor4(uint8_t* x, uint8_t* y) +{ + *(uint32_t*)x ^= *(uint32_t*)y; + // x[0] ^= y[0]; + // x[1] ^= y[1]; + // x[2] ^= y[2]; + // x[3] ^= y[3]; +} + +static inline void _encrypt(uint8_t* ip) +{ + int i = iterations; + for (; i; i--) { + xor4(ip, key); + permute_fwd(ip); + xor4(ip, &key[4]); + permute_fwd(ip); + xor4(ip, &key[8]); + permute_fwd(ip); + xor4(ip, &key[12]); + } +} + +static inline void _decrypt(uint8_t* ip) +{ + int i = iterations; + for (; i; i--) { + xor4(ip, &key[12]); + permute_bwd(ip); + xor4(ip, &key[8]); + permute_bwd(ip); + xor4(ip, &key[4]); + permute_bwd(ip); + xor4(ip, key); + } +} + +enum plugin_type ipcrypt_type() +{ + return plugin_filter; +} + +void usage(const char* msg) +{ + fprintf(stderr, "ipcrypt.so usage error: %s\n", msg); + exit(1); +} + +void ipcrypt_usage() +{ + fprintf(stderr, + "\nipcrypt.so options:\n" + "\t-? print these instructions and exit\n" + "\t-k <key> A 16 character long key\n" + "\t-f <file> Read the 16 first bytes from file and use as key\n" + "\t-D Decrypt IP addresses\n" + "\t-c Only en/de-crypt clients (port != 53)\n" + "\t-s Only en/de-crypt servers (port == 53)\n" + "\t-p <port> Set port for -c/-s, default 53\n" + "\t-i <num> Number of en/de-cryption iterations, default 1\n" + "\t-6 En/de-crypt IPv6 addresses, not default or recommended\n"); +} + +void ipcrypt_extension(int ext, void* arg) +{ + switch (ext) { + case DNSCAP_EXT_SET_IADDR: + ipcrypt_set_iaddr = (set_iaddr_t)arg; + break; + } +} + +void ipcrypt_getopt(int* argc, char** argv[]) +{ + int c, got_key = 0; + unsigned long ul; + char* p; + + while ((c = getopt(*argc, *argv, "?k:f:Dcsp:i:6")) != EOF) { + switch (c) { + case 'k': + if (strlen(optarg) != 16) { + usage("key must be 16 characters long"); + } + memcpy(key, optarg, 16); + got_key = 1; + break; + case 'f': { + int fd; + ssize_t r; + if ((fd = open(optarg, O_RDONLY)) < 0) { + perror("open()"); + usage("unable to open key file"); + } + if ((r = read(fd, key, 16)) < 0) { + perror("read()"); + usage("unable to read from key file"); + } + if (r != 16) { + usage("unable to read 16 bytes from key file"); + } + close(fd); + got_key = 1; + break; + } + case 'D': + decrypt = 1; + break; + case 'c': + only_clients = 1; + break; + case 's': + only_servers = 1; + break; + case 'p': + ul = strtoul(optarg, &p, 0); + if (*p != '\0' || ul < 1U || ul > 65535U) + usage("port must be an integer 1..65535"); + dns_port = (unsigned)ul; + break; + case 'i': + ul = strtoul(optarg, &p, 0); + if (*p != '\0' || ul < 1U || ul > 65535U) + usage("iterations must be an integer 1..65535"); + iterations = (unsigned)ul; + break; + case '6': + encrypt_v6 = 1; + break; + case '?': + ipcrypt_usage(); + if (!optopt || optopt == '?') { + exit(0); + } + // fallthrough + default: + exit(1); + } + } + + if (!got_key) { + usage("must have -k <key> or -f <file>"); + } + + if (only_clients && only_servers) { + usage("-c and -s options are mutually exclusive"); + } +} + +int ipcrypt_start(logerr_t* a_logerr) +{ + logerr = a_logerr; + return 0; +} + +void ipcrypt_stop() +{ +} + +int ipcrypt_open(my_bpftimeval ts) +{ + return 0; +} + +int ipcrypt_close(my_bpftimeval ts) +{ + return 0; +} + +int ipcrypt_filter(const char* descr, iaddr* from, iaddr* to, uint8_t proto, unsigned flags, + unsigned sport, unsigned dport, my_bpftimeval ts, + const u_char* pkt_copy, const unsigned olen, + const u_char* payload, const unsigned payloadlen) +{ + for (;;) { + if (only_clients && sport == dns_port) { + from = 0; + break; + } + if (only_servers && sport != dns_port) { + from = 0; + break; + } + + switch (from->af) { + case AF_INET: + decrypt ? _decrypt((uint8_t*)&from->u.a4) : _encrypt((uint8_t*)&from->u.a4); + break; + case AF_INET6: + if (encrypt_v6) { + if (decrypt) { + _decrypt((uint8_t*)&from->u.a6); + _decrypt(((uint8_t*)&from->u.a6) + 4); + _decrypt(((uint8_t*)&from->u.a6) + 8); + _decrypt(((uint8_t*)&from->u.a6) + 12); + } else { + _encrypt((uint8_t*)&from->u.a6); + _encrypt(((uint8_t*)&from->u.a6) + 4); + _encrypt(((uint8_t*)&from->u.a6) + 8); + _encrypt(((uint8_t*)&from->u.a6) + 12); + } + break; + } + default: + from = 0; + break; + } + break; + } + + for (;;) { + if (only_clients && dport == dns_port) { + to = 0; + break; + } + if (only_servers && dport != dns_port) { + to = 0; + break; + } + + switch (to->af) { + case AF_INET: + decrypt ? _decrypt((uint8_t*)&to->u.a4) : _encrypt((uint8_t*)&to->u.a4); + break; + case AF_INET6: + if (encrypt_v6) { + if (decrypt) { + _decrypt((uint8_t*)&to->u.a6); + _decrypt(((uint8_t*)&to->u.a6) + 4); + _decrypt(((uint8_t*)&to->u.a6) + 8); + _decrypt(((uint8_t*)&to->u.a6) + 12); + } else { + _encrypt((uint8_t*)&to->u.a6); + _encrypt(((uint8_t*)&to->u.a6) + 4); + _encrypt(((uint8_t*)&to->u.a6) + 8); + _encrypt(((uint8_t*)&to->u.a6) + 12); + } + break; + } + default: + to = 0; + break; + } + break; + } + + if (ipcrypt_set_iaddr && (from || to)) { + ipcrypt_set_iaddr(from, to); + } + + return 0; +} diff --git a/plugins/ipcrypt/test1.gold b/plugins/ipcrypt/test1.gold new file mode 100644 index 0000000..040d875 --- /dev/null +++ b/plugins/ipcrypt/test1.gold @@ -0,0 +1,2144 @@ +ipcrypt.so usage error: must have -k <key> or -f <file> +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ + [66.11.55.236].53199 [46.48.51.50].53 \ + dns QUERY,NOERROR,59311,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].53199 \ + dns QUERY,NOERROR,59311,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns4.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[73] 2016-10-20 15:23:01.082865 [#2 dns.pcap-dist 4095] \ + [66.11.55.236].57822 [46.48.51.50].53 \ + dns QUERY,NOERROR,35665,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:01.084107 [#3 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].57822 \ + dns QUERY,NOERROR,35665,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 \ + ns2.google.com.,IN,A,157880,216.239.34.10 +[56] 2016-10-20 15:23:01.087291 [#4 dns.pcap-dist 4095] \ + [66.11.55.236].40043 [46.48.51.50].53 \ + dns QUERY,NOERROR,5337,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.088733 [#5 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].40043 \ + dns QUERY,NOERROR,5337,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[56] 2016-10-20 15:23:10.322117 [#6 dns.pcap-dist 4095] \ + [66.11.55.236].37953 [46.48.51.50].53 \ + dns QUERY,NOERROR,22982,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:10.323399 [#7 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].37953 \ + dns QUERY,NOERROR,22982,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,34,216.58.218.206 \ + 4 google.com.,IN,NS,157870,ns4.google.com. \ + google.com.,IN,NS,157870,ns1.google.com. \ + google.com.,IN,NS,157870,ns2.google.com. \ + google.com.,IN,NS,157870,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157870,216.239.34.10 \ + ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 +[73] 2016-10-20 15:23:10.328324 [#8 dns.pcap-dist 4095] \ + [66.11.55.236].48658 [46.48.51.50].53 \ + dns QUERY,NOERROR,18718,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:10.329572 [#9 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].48658 \ + dns QUERY,NOERROR,18718,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 \ + ns2.google.com.,IN,A,157870,216.239.34.10 +[56] 2016-10-20 15:23:52.860937 [#10 dns.pcap-dist 4095] \ + [66.11.55.236].40953 [46.48.51.50].53 \ + dns QUERY,NOERROR,22531,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:52.863771 [#11 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].40953 \ + dns QUERY,NOERROR,22531,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,297,216.58.218.206 \ + 4 google.com.,IN,NS,157828,ns2.google.com. \ + google.com.,IN,NS,157828,ns4.google.com. \ + google.com.,IN,NS,157828,ns1.google.com. \ + google.com.,IN,NS,157828,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157828,216.239.34.10 \ + ns1.google.com.,IN,A,331830,216.239.32.10 \ + ns3.google.com.,IN,A,157828,216.239.36.10 \ + ns4.google.com.,IN,A,157828,216.239.38.10 +[56] 2016-10-20 15:23:59.083869 [#12 dns.pcap-dist 4095] \ + [66.11.55.236].45174 [46.48.51.50].53 \ + dns QUERY,NOERROR,58510,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:59.086104 [#13 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].45174 \ + dns QUERY,NOERROR,58510,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,291,216.58.218.206 \ + 4 google.com.,IN,NS,157822,ns2.google.com. \ + google.com.,IN,NS,157822,ns3.google.com. \ + google.com.,IN,NS,157822,ns1.google.com. \ + google.com.,IN,NS,157822,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157822,216.239.34.10 \ + ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 +[73] 2016-10-20 15:23:59.090911 [#14 dns.pcap-dist 4095] \ + [66.11.55.236].33916 [46.48.51.50].53 \ + dns QUERY,NOERROR,45248,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:59.092204 [#15 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].33916 \ + dns QUERY,NOERROR,45248,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 \ + ns2.google.com.,IN,A,157822,216.239.34.10 +[56] 2016-10-20 15:24:04.323868 [#16 dns.pcap-dist 4095] \ + [66.11.55.236].43559 [46.48.51.50].53 \ + dns QUERY,NOERROR,49483,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:04.325597 [#17 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].43559 \ + dns QUERY,NOERROR,49483,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,285,216.58.218.206 \ + 4 google.com.,IN,NS,157816,ns4.google.com. \ + google.com.,IN,NS,157816,ns3.google.com. \ + google.com.,IN,NS,157816,ns1.google.com. \ + google.com.,IN,NS,157816,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157816,216.239.34.10 \ + ns1.google.com.,IN,A,331818,216.239.32.10 \ + ns3.google.com.,IN,A,157816,216.239.36.10 \ + ns4.google.com.,IN,A,157816,216.239.38.10 +[56] 2016-10-20 15:24:06.332239 [#18 dns.pcap-dist 4095] \ + [66.11.55.236].54859 [46.48.51.50].53 \ + dns QUERY,NOERROR,31669,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:06.333743 [#19 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].54859 \ + dns QUERY,NOERROR,31669,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,283,216.58.218.206 \ + 4 google.com.,IN,NS,157814,ns2.google.com. \ + google.com.,IN,NS,157814,ns1.google.com. \ + google.com.,IN,NS,157814,ns4.google.com. \ + google.com.,IN,NS,157814,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157814,216.239.34.10 \ + ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 +[73] 2016-10-20 15:24:06.339145 [#20 dns.pcap-dist 4095] \ + [66.11.55.236].58176 [46.48.51.50].53 \ + dns QUERY,NOERROR,25433,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:06.340820 [#21 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].58176 \ + dns QUERY,NOERROR,25433,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 \ + ns2.google.com.,IN,A,157814,216.239.34.10 +[56] 2016-10-20 15:24:07.346429 [#22 dns.pcap-dist 4095] \ + [66.11.55.236].41266 [46.48.51.50].53 \ + dns QUERY,NOERROR,63798,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:07.348160 [#23 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].41266 \ + dns QUERY,NOERROR,63798,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,282,216.58.218.206 \ + 4 google.com.,IN,NS,157813,ns4.google.com. \ + google.com.,IN,NS,157813,ns1.google.com. \ + google.com.,IN,NS,157813,ns3.google.com. \ + google.com.,IN,NS,157813,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157813,216.239.34.10 \ + ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 +[73] 2016-10-20 15:24:07.353123 [#24 dns.pcap-dist 4095] \ + [66.11.55.236].34607 [46.48.51.50].53 \ + dns QUERY,NOERROR,8470,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:07.354682 [#25 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].34607 \ + dns QUERY,NOERROR,8470,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 \ + ns2.google.com.,IN,A,157813,216.239.34.10 +[56] 2016-10-20 15:24:08.360528 [#26 dns.pcap-dist 4095] \ + [66.11.55.236].60437 [46.48.51.50].53 \ + dns QUERY,NOERROR,60258,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:08.362206 [#27 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].60437 \ + dns QUERY,NOERROR,60258,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,281,216.58.218.206 \ + 4 google.com.,IN,NS,157812,ns3.google.com. \ + google.com.,IN,NS,157812,ns2.google.com. \ + google.com.,IN,NS,157812,ns4.google.com. \ + google.com.,IN,NS,157812,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157812,216.239.34.10 \ + ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 +[73] 2016-10-20 15:24:08.368516 [#28 dns.pcap-dist 4095] \ + [66.11.55.236].37149 [46.48.51.50].53 \ + dns QUERY,NOERROR,44985,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:08.370119 [#29 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].37149 \ + dns QUERY,NOERROR,44985,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 \ + ns2.google.com.,IN,A,157812,216.239.34.10 +[56] 2016-10-20 15:24:09.375942 [#30 dns.pcap-dist 4095] \ + [66.11.55.236].53820 [46.48.51.50].53 \ + dns QUERY,NOERROR,45512,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:09.378425 [#31 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].53820 \ + dns QUERY,NOERROR,45512,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,280,216.58.218.206 \ + 4 google.com.,IN,NS,157811,ns3.google.com. \ + google.com.,IN,NS,157811,ns4.google.com. \ + google.com.,IN,NS,157811,ns1.google.com. \ + google.com.,IN,NS,157811,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157811,216.239.34.10 \ + ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 +[73] 2016-10-20 15:24:09.384057 [#32 dns.pcap-dist 4095] \ + [66.11.55.236].52368 [46.48.51.50].53 \ + dns QUERY,NOERROR,22980,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:09.385463 [#33 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].52368 \ + dns QUERY,NOERROR,22980,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 \ + ns2.google.com.,IN,A,157811,216.239.34.10 +[56] 2016-10-20 15:24:10.391358 [#34 dns.pcap-dist 4095] \ + [66.11.55.236].47637 [46.48.51.50].53 \ + dns QUERY,NOERROR,1834,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:10.392886 [#35 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].47637 \ + dns QUERY,NOERROR,1834,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,279,216.58.218.206 \ + 4 google.com.,IN,NS,157810,ns1.google.com. \ + google.com.,IN,NS,157810,ns2.google.com. \ + google.com.,IN,NS,157810,ns4.google.com. \ + google.com.,IN,NS,157810,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157810,216.239.34.10 \ + ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 +[73] 2016-10-20 15:24:10.398099 [#36 dns.pcap-dist 4095] \ + [66.11.55.236].34426 [46.48.51.50].53 \ + dns QUERY,NOERROR,25431,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:10.400317 [#37 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].34426 \ + dns QUERY,NOERROR,25431,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 \ + ns2.google.com.,IN,A,157810,216.239.34.10 +[56] 2016-10-20 15:24:11.406297 [#38 dns.pcap-dist 4095] \ + [66.11.55.236].41059 [46.48.51.50].53 \ + dns QUERY,NOERROR,48432,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:11.407460 [#39 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].41059 \ + dns QUERY,NOERROR,48432,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,278,216.58.218.206 \ + 4 google.com.,IN,NS,157809,ns3.google.com. \ + google.com.,IN,NS,157809,ns4.google.com. \ + google.com.,IN,NS,157809,ns2.google.com. \ + google.com.,IN,NS,157809,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157809,216.239.34.10 \ + ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 +[73] 2016-10-20 15:24:11.412133 [#40 dns.pcap-dist 4095] \ + [66.11.55.236].51181 [46.48.51.50].53 \ + dns QUERY,NOERROR,47411,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:11.413370 [#41 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].51181 \ + dns QUERY,NOERROR,47411,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 \ + ns2.google.com.,IN,A,157809,216.239.34.10 +[56] 2016-10-20 15:24:12.419936 [#42 dns.pcap-dist 4095] \ + [66.11.55.236].32976 [46.48.51.50].53 \ + dns QUERY,NOERROR,12038,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:12.421228 [#43 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].32976 \ + dns QUERY,NOERROR,12038,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,277,216.58.218.206 \ + 4 google.com.,IN,NS,157808,ns2.google.com. \ + google.com.,IN,NS,157808,ns3.google.com. \ + google.com.,IN,NS,157808,ns1.google.com. \ + google.com.,IN,NS,157808,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157808,216.239.34.10 \ + ns1.google.com.,IN,A,331810,216.239.32.10 \ + ns3.google.com.,IN,A,157808,216.239.36.10 \ + ns4.google.com.,IN,A,157808,216.239.38.10 +[56] 2016-10-20 15:24:14.428524 [#44 dns.pcap-dist 4095] \ + [66.11.55.236].53467 [46.48.51.50].53 \ + dns QUERY,NOERROR,11614,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:14.429863 [#45 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].53467 \ + dns QUERY,NOERROR,11614,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,275,216.58.218.206 \ + 4 google.com.,IN,NS,157806,ns3.google.com. \ + google.com.,IN,NS,157806,ns1.google.com. \ + google.com.,IN,NS,157806,ns4.google.com. \ + google.com.,IN,NS,157806,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157806,216.239.34.10 \ + ns1.google.com.,IN,A,331808,216.239.32.10 \ + ns3.google.com.,IN,A,157806,216.239.36.10 \ + ns4.google.com.,IN,A,157806,216.239.38.10 +[56] 2016-10-20 15:24:16.435733 [#46 dns.pcap-dist 4095] \ + [66.11.55.236].41532 [46.48.51.50].53 \ + dns QUERY,NOERROR,59173,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:16.437471 [#47 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].41532 \ + dns QUERY,NOERROR,59173,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,273,216.58.218.206 \ + 4 google.com.,IN,NS,157804,ns1.google.com. \ + google.com.,IN,NS,157804,ns3.google.com. \ + google.com.,IN,NS,157804,ns2.google.com. \ + google.com.,IN,NS,157804,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157804,216.239.34.10 \ + ns1.google.com.,IN,A,331806,216.239.32.10 \ + ns3.google.com.,IN,A,157804,216.239.36.10 \ + ns4.google.com.,IN,A,157804,216.239.38.10 +[56] 2016-10-20 15:24:18.445519 [#48 dns.pcap-dist 4095] \ + [66.11.55.236].44982 [46.48.51.50].53 \ + dns QUERY,NOERROR,45535,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:18.446775 [#49 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].44982 \ + dns QUERY,NOERROR,45535,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,271,216.58.218.206 \ + 4 google.com.,IN,NS,157802,ns4.google.com. \ + google.com.,IN,NS,157802,ns2.google.com. \ + google.com.,IN,NS,157802,ns1.google.com. \ + google.com.,IN,NS,157802,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157802,216.239.34.10 \ + ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 +[73] 2016-10-20 15:24:18.452451 [#50 dns.pcap-dist 4095] \ + [66.11.55.236].40224 [46.48.51.50].53 \ + dns QUERY,NOERROR,60808,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:18.454030 [#51 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].40224 \ + dns QUERY,NOERROR,60808,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 \ + ns2.google.com.,IN,A,157802,216.239.34.10 +[56] 2016-10-20 15:24:19.460087 [#52 dns.pcap-dist 4095] \ + [66.11.55.236].45658 [46.48.51.50].53 \ + dns QUERY,NOERROR,64325,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:19.462224 [#53 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].45658 \ + dns QUERY,NOERROR,64325,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,270,216.58.218.206 \ + 4 google.com.,IN,NS,157801,ns1.google.com. \ + google.com.,IN,NS,157801,ns3.google.com. \ + google.com.,IN,NS,157801,ns4.google.com. \ + google.com.,IN,NS,157801,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157801,216.239.34.10 \ + ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 +[73] 2016-10-20 15:24:19.467324 [#54 dns.pcap-dist 4095] \ + [66.11.55.236].60457 [46.48.51.50].53 \ + dns QUERY,NOERROR,25543,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:19.468895 [#55 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].60457 \ + dns QUERY,NOERROR,25543,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 \ + ns2.google.com.,IN,A,157801,216.239.34.10 +[56] 2016-10-20 15:24:20.475086 [#56 dns.pcap-dist 4095] \ + [66.11.55.236].59762 [46.48.51.50].53 \ + dns QUERY,NOERROR,20736,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:20.476841 [#57 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].59762 \ + dns QUERY,NOERROR,20736,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,269,216.58.218.206 \ + 4 google.com.,IN,NS,157800,ns3.google.com. \ + google.com.,IN,NS,157800,ns1.google.com. \ + google.com.,IN,NS,157800,ns4.google.com. \ + google.com.,IN,NS,157800,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157800,216.239.34.10 \ + ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 +[73] 2016-10-20 15:24:20.482188 [#58 dns.pcap-dist 4095] \ + [66.11.55.236].56022 [46.48.51.50].53 \ + dns QUERY,NOERROR,25911,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:20.483927 [#59 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].56022 \ + dns QUERY,NOERROR,25911,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 \ + ns2.google.com.,IN,A,157800,216.239.34.10 +[56] 2016-10-20 15:24:21.489468 [#60 dns.pcap-dist 4095] \ + [66.11.55.236].37669 [46.48.51.50].53 \ + dns QUERY,NOERROR,64358,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:21.490573 [#61 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].37669 \ + dns QUERY,NOERROR,64358,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,268,216.58.218.206 \ + 4 google.com.,IN,NS,157799,ns2.google.com. \ + google.com.,IN,NS,157799,ns1.google.com. \ + google.com.,IN,NS,157799,ns4.google.com. \ + google.com.,IN,NS,157799,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157799,216.239.34.10 \ + ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 +[73] 2016-10-20 15:24:21.495324 [#62 dns.pcap-dist 4095] \ + [66.11.55.236].42978 [46.48.51.50].53 \ + dns QUERY,NOERROR,37698,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:21.496815 [#63 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].42978 \ + dns QUERY,NOERROR,37698,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 \ + ns2.google.com.,IN,A,157799,216.239.34.10 +[56] 2016-10-20 15:24:22.502667 [#64 dns.pcap-dist 4095] \ + [66.11.55.236].49829 [46.48.51.50].53 \ + dns QUERY,NOERROR,54706,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:22.504738 [#65 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].49829 \ + dns QUERY,NOERROR,54706,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,267,216.58.218.206 \ + 4 google.com.,IN,NS,157798,ns2.google.com. \ + google.com.,IN,NS,157798,ns4.google.com. \ + google.com.,IN,NS,157798,ns3.google.com. \ + google.com.,IN,NS,157798,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157798,216.239.34.10 \ + ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 +[73] 2016-10-20 15:24:22.510176 [#66 dns.pcap-dist 4095] \ + [66.11.55.236].50599 [46.48.51.50].53 \ + dns QUERY,NOERROR,32142,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:22.511746 [#67 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].50599 \ + dns QUERY,NOERROR,32142,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 \ + ns2.google.com.,IN,A,157798,216.239.34.10 +[56] 2016-10-20 15:24:23.520203 [#68 dns.pcap-dist 4095] \ + [66.11.55.236].44980 [46.48.51.50].53 \ + dns QUERY,NOERROR,41808,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:23.521976 [#69 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].44980 \ + dns QUERY,NOERROR,41808,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,266,216.58.218.206 \ + 4 google.com.,IN,NS,157797,ns2.google.com. \ + google.com.,IN,NS,157797,ns4.google.com. \ + google.com.,IN,NS,157797,ns1.google.com. \ + google.com.,IN,NS,157797,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157797,216.239.34.10 \ + ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 +[73] 2016-10-20 15:24:23.527449 [#70 dns.pcap-dist 4095] \ + [66.11.55.236].60063 [46.48.51.50].53 \ + dns QUERY,NOERROR,18886,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:23.529385 [#71 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].60063 \ + dns QUERY,NOERROR,18886,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 \ + ns2.google.com.,IN,A,157797,216.239.34.10 +[56] 2016-10-20 15:24:24.537264 [#72 dns.pcap-dist 4095] \ + [66.11.55.236].42042 [46.48.51.50].53 \ + dns QUERY,NOERROR,10624,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:24.539398 [#73 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].42042 \ + dns QUERY,NOERROR,10624,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,265,216.58.218.206 \ + 4 google.com.,IN,NS,157796,ns3.google.com. \ + google.com.,IN,NS,157796,ns4.google.com. \ + google.com.,IN,NS,157796,ns1.google.com. \ + google.com.,IN,NS,157796,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157796,216.239.34.10 \ + ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 +[73] 2016-10-20 15:24:24.544538 [#74 dns.pcap-dist 4095] \ + [66.11.55.236].60469 [46.48.51.50].53 \ + dns QUERY,NOERROR,33139,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:24.546172 [#75 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].60469 \ + dns QUERY,NOERROR,33139,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 \ + ns2.google.com.,IN,A,157796,216.239.34.10 +[56] 2016-10-20 15:24:25.554744 [#76 dns.pcap-dist 4095] \ + [66.11.55.236].45703 [46.48.51.50].53 \ + dns QUERY,NOERROR,61415,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:25.556513 [#77 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].45703 \ + dns QUERY,NOERROR,61415,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,264,216.58.218.206 \ + 4 google.com.,IN,NS,157795,ns3.google.com. \ + google.com.,IN,NS,157795,ns4.google.com. \ + google.com.,IN,NS,157795,ns2.google.com. \ + google.com.,IN,NS,157795,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157795,216.239.34.10 \ + ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 +[73] 2016-10-20 15:24:25.562608 [#78 dns.pcap-dist 4095] \ + [66.11.55.236].33507 [46.48.51.50].53 \ + dns QUERY,NOERROR,59258,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:25.564509 [#79 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].33507 \ + dns QUERY,NOERROR,59258,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 \ + ns2.google.com.,IN,A,157795,216.239.34.10 +[56] 2016-10-20 15:24:26.572784 [#80 dns.pcap-dist 4095] \ + [66.11.55.236].46798 [46.48.51.50].53 \ + dns QUERY,NOERROR,17700,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:26.574350 [#81 dns.pcap-dist 4095] \ + [46.48.51.50].53 [66.11.55.236].46798 \ + dns QUERY,NOERROR,17700,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,263,216.58.218.206 \ + 4 google.com.,IN,NS,157794,ns1.google.com. \ + google.com.,IN,NS,157794,ns4.google.com. \ + google.com.,IN,NS,157794,ns3.google.com. \ + google.com.,IN,NS,157794,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157794,216.239.34.10 \ + ns1.google.com.,IN,A,331796,216.239.32.10 \ + ns3.google.com.,IN,A,157794,216.239.36.10 \ + ns4.google.com.,IN,A,157794,216.239.38.10 +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ + [66.11.55.236].53199 [8.8.8.8].53 \ + dns QUERY,NOERROR,59311,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].53199 \ + dns QUERY,NOERROR,59311,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns4.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[73] 2016-10-20 15:23:01.082865 [#2 dns.pcap-dist 4095] \ + [66.11.55.236].57822 [8.8.8.8].53 \ + dns QUERY,NOERROR,35665,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:01.084107 [#3 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].57822 \ + dns QUERY,NOERROR,35665,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 \ + ns2.google.com.,IN,A,157880,216.239.34.10 +[56] 2016-10-20 15:23:01.087291 [#4 dns.pcap-dist 4095] \ + [66.11.55.236].40043 [8.8.8.8].53 \ + dns QUERY,NOERROR,5337,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.088733 [#5 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].40043 \ + dns QUERY,NOERROR,5337,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[56] 2016-10-20 15:23:10.322117 [#6 dns.pcap-dist 4095] \ + [66.11.55.236].37953 [8.8.8.8].53 \ + dns QUERY,NOERROR,22982,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:10.323399 [#7 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].37953 \ + dns QUERY,NOERROR,22982,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,34,216.58.218.206 \ + 4 google.com.,IN,NS,157870,ns4.google.com. \ + google.com.,IN,NS,157870,ns1.google.com. \ + google.com.,IN,NS,157870,ns2.google.com. \ + google.com.,IN,NS,157870,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157870,216.239.34.10 \ + ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 +[73] 2016-10-20 15:23:10.328324 [#8 dns.pcap-dist 4095] \ + [66.11.55.236].48658 [8.8.8.8].53 \ + dns QUERY,NOERROR,18718,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:10.329572 [#9 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].48658 \ + dns QUERY,NOERROR,18718,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 \ + ns2.google.com.,IN,A,157870,216.239.34.10 +[56] 2016-10-20 15:23:52.860937 [#10 dns.pcap-dist 4095] \ + [66.11.55.236].40953 [8.8.8.8].53 \ + dns QUERY,NOERROR,22531,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:52.863771 [#11 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].40953 \ + dns QUERY,NOERROR,22531,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,297,216.58.218.206 \ + 4 google.com.,IN,NS,157828,ns2.google.com. \ + google.com.,IN,NS,157828,ns4.google.com. \ + google.com.,IN,NS,157828,ns1.google.com. \ + google.com.,IN,NS,157828,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157828,216.239.34.10 \ + ns1.google.com.,IN,A,331830,216.239.32.10 \ + ns3.google.com.,IN,A,157828,216.239.36.10 \ + ns4.google.com.,IN,A,157828,216.239.38.10 +[56] 2016-10-20 15:23:59.083869 [#12 dns.pcap-dist 4095] \ + [66.11.55.236].45174 [8.8.8.8].53 \ + dns QUERY,NOERROR,58510,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:59.086104 [#13 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].45174 \ + dns QUERY,NOERROR,58510,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,291,216.58.218.206 \ + 4 google.com.,IN,NS,157822,ns2.google.com. \ + google.com.,IN,NS,157822,ns3.google.com. \ + google.com.,IN,NS,157822,ns1.google.com. \ + google.com.,IN,NS,157822,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157822,216.239.34.10 \ + ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 +[73] 2016-10-20 15:23:59.090911 [#14 dns.pcap-dist 4095] \ + [66.11.55.236].33916 [8.8.8.8].53 \ + dns QUERY,NOERROR,45248,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:59.092204 [#15 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].33916 \ + dns QUERY,NOERROR,45248,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 \ + ns2.google.com.,IN,A,157822,216.239.34.10 +[56] 2016-10-20 15:24:04.323868 [#16 dns.pcap-dist 4095] \ + [66.11.55.236].43559 [8.8.8.8].53 \ + dns QUERY,NOERROR,49483,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:04.325597 [#17 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].43559 \ + dns QUERY,NOERROR,49483,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,285,216.58.218.206 \ + 4 google.com.,IN,NS,157816,ns4.google.com. \ + google.com.,IN,NS,157816,ns3.google.com. \ + google.com.,IN,NS,157816,ns1.google.com. \ + google.com.,IN,NS,157816,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157816,216.239.34.10 \ + ns1.google.com.,IN,A,331818,216.239.32.10 \ + ns3.google.com.,IN,A,157816,216.239.36.10 \ + ns4.google.com.,IN,A,157816,216.239.38.10 +[56] 2016-10-20 15:24:06.332239 [#18 dns.pcap-dist 4095] \ + [66.11.55.236].54859 [8.8.8.8].53 \ + dns QUERY,NOERROR,31669,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:06.333743 [#19 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].54859 \ + dns QUERY,NOERROR,31669,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,283,216.58.218.206 \ + 4 google.com.,IN,NS,157814,ns2.google.com. \ + google.com.,IN,NS,157814,ns1.google.com. \ + google.com.,IN,NS,157814,ns4.google.com. \ + google.com.,IN,NS,157814,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157814,216.239.34.10 \ + ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 +[73] 2016-10-20 15:24:06.339145 [#20 dns.pcap-dist 4095] \ + [66.11.55.236].58176 [8.8.8.8].53 \ + dns QUERY,NOERROR,25433,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:06.340820 [#21 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].58176 \ + dns QUERY,NOERROR,25433,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 \ + ns2.google.com.,IN,A,157814,216.239.34.10 +[56] 2016-10-20 15:24:07.346429 [#22 dns.pcap-dist 4095] \ + [66.11.55.236].41266 [8.8.8.8].53 \ + dns QUERY,NOERROR,63798,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:07.348160 [#23 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].41266 \ + dns QUERY,NOERROR,63798,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,282,216.58.218.206 \ + 4 google.com.,IN,NS,157813,ns4.google.com. \ + google.com.,IN,NS,157813,ns1.google.com. \ + google.com.,IN,NS,157813,ns3.google.com. \ + google.com.,IN,NS,157813,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157813,216.239.34.10 \ + ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 +[73] 2016-10-20 15:24:07.353123 [#24 dns.pcap-dist 4095] \ + [66.11.55.236].34607 [8.8.8.8].53 \ + dns QUERY,NOERROR,8470,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:07.354682 [#25 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].34607 \ + dns QUERY,NOERROR,8470,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 \ + ns2.google.com.,IN,A,157813,216.239.34.10 +[56] 2016-10-20 15:24:08.360528 [#26 dns.pcap-dist 4095] \ + [66.11.55.236].60437 [8.8.8.8].53 \ + dns QUERY,NOERROR,60258,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:08.362206 [#27 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].60437 \ + dns QUERY,NOERROR,60258,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,281,216.58.218.206 \ + 4 google.com.,IN,NS,157812,ns3.google.com. \ + google.com.,IN,NS,157812,ns2.google.com. \ + google.com.,IN,NS,157812,ns4.google.com. \ + google.com.,IN,NS,157812,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157812,216.239.34.10 \ + ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 +[73] 2016-10-20 15:24:08.368516 [#28 dns.pcap-dist 4095] \ + [66.11.55.236].37149 [8.8.8.8].53 \ + dns QUERY,NOERROR,44985,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:08.370119 [#29 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].37149 \ + dns QUERY,NOERROR,44985,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 \ + ns2.google.com.,IN,A,157812,216.239.34.10 +[56] 2016-10-20 15:24:09.375942 [#30 dns.pcap-dist 4095] \ + [66.11.55.236].53820 [8.8.8.8].53 \ + dns QUERY,NOERROR,45512,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:09.378425 [#31 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].53820 \ + dns QUERY,NOERROR,45512,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,280,216.58.218.206 \ + 4 google.com.,IN,NS,157811,ns3.google.com. \ + google.com.,IN,NS,157811,ns4.google.com. \ + google.com.,IN,NS,157811,ns1.google.com. \ + google.com.,IN,NS,157811,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157811,216.239.34.10 \ + ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 +[73] 2016-10-20 15:24:09.384057 [#32 dns.pcap-dist 4095] \ + [66.11.55.236].52368 [8.8.8.8].53 \ + dns QUERY,NOERROR,22980,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:09.385463 [#33 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].52368 \ + dns QUERY,NOERROR,22980,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 \ + ns2.google.com.,IN,A,157811,216.239.34.10 +[56] 2016-10-20 15:24:10.391358 [#34 dns.pcap-dist 4095] \ + [66.11.55.236].47637 [8.8.8.8].53 \ + dns QUERY,NOERROR,1834,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:10.392886 [#35 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].47637 \ + dns QUERY,NOERROR,1834,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,279,216.58.218.206 \ + 4 google.com.,IN,NS,157810,ns1.google.com. \ + google.com.,IN,NS,157810,ns2.google.com. \ + google.com.,IN,NS,157810,ns4.google.com. \ + google.com.,IN,NS,157810,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157810,216.239.34.10 \ + ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 +[73] 2016-10-20 15:24:10.398099 [#36 dns.pcap-dist 4095] \ + [66.11.55.236].34426 [8.8.8.8].53 \ + dns QUERY,NOERROR,25431,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:10.400317 [#37 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].34426 \ + dns QUERY,NOERROR,25431,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 \ + ns2.google.com.,IN,A,157810,216.239.34.10 +[56] 2016-10-20 15:24:11.406297 [#38 dns.pcap-dist 4095] \ + [66.11.55.236].41059 [8.8.8.8].53 \ + dns QUERY,NOERROR,48432,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:11.407460 [#39 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].41059 \ + dns QUERY,NOERROR,48432,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,278,216.58.218.206 \ + 4 google.com.,IN,NS,157809,ns3.google.com. \ + google.com.,IN,NS,157809,ns4.google.com. \ + google.com.,IN,NS,157809,ns2.google.com. \ + google.com.,IN,NS,157809,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157809,216.239.34.10 \ + ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 +[73] 2016-10-20 15:24:11.412133 [#40 dns.pcap-dist 4095] \ + [66.11.55.236].51181 [8.8.8.8].53 \ + dns QUERY,NOERROR,47411,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:11.413370 [#41 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].51181 \ + dns QUERY,NOERROR,47411,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 \ + ns2.google.com.,IN,A,157809,216.239.34.10 +[56] 2016-10-20 15:24:12.419936 [#42 dns.pcap-dist 4095] \ + [66.11.55.236].32976 [8.8.8.8].53 \ + dns QUERY,NOERROR,12038,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:12.421228 [#43 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].32976 \ + dns QUERY,NOERROR,12038,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,277,216.58.218.206 \ + 4 google.com.,IN,NS,157808,ns2.google.com. \ + google.com.,IN,NS,157808,ns3.google.com. \ + google.com.,IN,NS,157808,ns1.google.com. \ + google.com.,IN,NS,157808,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157808,216.239.34.10 \ + ns1.google.com.,IN,A,331810,216.239.32.10 \ + ns3.google.com.,IN,A,157808,216.239.36.10 \ + ns4.google.com.,IN,A,157808,216.239.38.10 +[56] 2016-10-20 15:24:14.428524 [#44 dns.pcap-dist 4095] \ + [66.11.55.236].53467 [8.8.8.8].53 \ + dns QUERY,NOERROR,11614,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:14.429863 [#45 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].53467 \ + dns QUERY,NOERROR,11614,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,275,216.58.218.206 \ + 4 google.com.,IN,NS,157806,ns3.google.com. \ + google.com.,IN,NS,157806,ns1.google.com. \ + google.com.,IN,NS,157806,ns4.google.com. \ + google.com.,IN,NS,157806,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157806,216.239.34.10 \ + ns1.google.com.,IN,A,331808,216.239.32.10 \ + ns3.google.com.,IN,A,157806,216.239.36.10 \ + ns4.google.com.,IN,A,157806,216.239.38.10 +[56] 2016-10-20 15:24:16.435733 [#46 dns.pcap-dist 4095] \ + [66.11.55.236].41532 [8.8.8.8].53 \ + dns QUERY,NOERROR,59173,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:16.437471 [#47 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].41532 \ + dns QUERY,NOERROR,59173,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,273,216.58.218.206 \ + 4 google.com.,IN,NS,157804,ns1.google.com. \ + google.com.,IN,NS,157804,ns3.google.com. \ + google.com.,IN,NS,157804,ns2.google.com. \ + google.com.,IN,NS,157804,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157804,216.239.34.10 \ + ns1.google.com.,IN,A,331806,216.239.32.10 \ + ns3.google.com.,IN,A,157804,216.239.36.10 \ + ns4.google.com.,IN,A,157804,216.239.38.10 +[56] 2016-10-20 15:24:18.445519 [#48 dns.pcap-dist 4095] \ + [66.11.55.236].44982 [8.8.8.8].53 \ + dns QUERY,NOERROR,45535,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:18.446775 [#49 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].44982 \ + dns QUERY,NOERROR,45535,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,271,216.58.218.206 \ + 4 google.com.,IN,NS,157802,ns4.google.com. \ + google.com.,IN,NS,157802,ns2.google.com. \ + google.com.,IN,NS,157802,ns1.google.com. \ + google.com.,IN,NS,157802,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157802,216.239.34.10 \ + ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 +[73] 2016-10-20 15:24:18.452451 [#50 dns.pcap-dist 4095] \ + [66.11.55.236].40224 [8.8.8.8].53 \ + dns QUERY,NOERROR,60808,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:18.454030 [#51 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].40224 \ + dns QUERY,NOERROR,60808,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 \ + ns2.google.com.,IN,A,157802,216.239.34.10 +[56] 2016-10-20 15:24:19.460087 [#52 dns.pcap-dist 4095] \ + [66.11.55.236].45658 [8.8.8.8].53 \ + dns QUERY,NOERROR,64325,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:19.462224 [#53 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].45658 \ + dns QUERY,NOERROR,64325,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,270,216.58.218.206 \ + 4 google.com.,IN,NS,157801,ns1.google.com. \ + google.com.,IN,NS,157801,ns3.google.com. \ + google.com.,IN,NS,157801,ns4.google.com. \ + google.com.,IN,NS,157801,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157801,216.239.34.10 \ + ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 +[73] 2016-10-20 15:24:19.467324 [#54 dns.pcap-dist 4095] \ + [66.11.55.236].60457 [8.8.8.8].53 \ + dns QUERY,NOERROR,25543,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:19.468895 [#55 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].60457 \ + dns QUERY,NOERROR,25543,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 \ + ns2.google.com.,IN,A,157801,216.239.34.10 +[56] 2016-10-20 15:24:20.475086 [#56 dns.pcap-dist 4095] \ + [66.11.55.236].59762 [8.8.8.8].53 \ + dns QUERY,NOERROR,20736,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:20.476841 [#57 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].59762 \ + dns QUERY,NOERROR,20736,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,269,216.58.218.206 \ + 4 google.com.,IN,NS,157800,ns3.google.com. \ + google.com.,IN,NS,157800,ns1.google.com. \ + google.com.,IN,NS,157800,ns4.google.com. \ + google.com.,IN,NS,157800,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157800,216.239.34.10 \ + ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 +[73] 2016-10-20 15:24:20.482188 [#58 dns.pcap-dist 4095] \ + [66.11.55.236].56022 [8.8.8.8].53 \ + dns QUERY,NOERROR,25911,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:20.483927 [#59 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].56022 \ + dns QUERY,NOERROR,25911,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 \ + ns2.google.com.,IN,A,157800,216.239.34.10 +[56] 2016-10-20 15:24:21.489468 [#60 dns.pcap-dist 4095] \ + [66.11.55.236].37669 [8.8.8.8].53 \ + dns QUERY,NOERROR,64358,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:21.490573 [#61 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].37669 \ + dns QUERY,NOERROR,64358,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,268,216.58.218.206 \ + 4 google.com.,IN,NS,157799,ns2.google.com. \ + google.com.,IN,NS,157799,ns1.google.com. \ + google.com.,IN,NS,157799,ns4.google.com. \ + google.com.,IN,NS,157799,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157799,216.239.34.10 \ + ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 +[73] 2016-10-20 15:24:21.495324 [#62 dns.pcap-dist 4095] \ + [66.11.55.236].42978 [8.8.8.8].53 \ + dns QUERY,NOERROR,37698,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:21.496815 [#63 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].42978 \ + dns QUERY,NOERROR,37698,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 \ + ns2.google.com.,IN,A,157799,216.239.34.10 +[56] 2016-10-20 15:24:22.502667 [#64 dns.pcap-dist 4095] \ + [66.11.55.236].49829 [8.8.8.8].53 \ + dns QUERY,NOERROR,54706,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:22.504738 [#65 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].49829 \ + dns QUERY,NOERROR,54706,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,267,216.58.218.206 \ + 4 google.com.,IN,NS,157798,ns2.google.com. \ + google.com.,IN,NS,157798,ns4.google.com. \ + google.com.,IN,NS,157798,ns3.google.com. \ + google.com.,IN,NS,157798,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157798,216.239.34.10 \ + ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 +[73] 2016-10-20 15:24:22.510176 [#66 dns.pcap-dist 4095] \ + [66.11.55.236].50599 [8.8.8.8].53 \ + dns QUERY,NOERROR,32142,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:22.511746 [#67 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].50599 \ + dns QUERY,NOERROR,32142,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 \ + ns2.google.com.,IN,A,157798,216.239.34.10 +[56] 2016-10-20 15:24:23.520203 [#68 dns.pcap-dist 4095] \ + [66.11.55.236].44980 [8.8.8.8].53 \ + dns QUERY,NOERROR,41808,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:23.521976 [#69 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].44980 \ + dns QUERY,NOERROR,41808,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,266,216.58.218.206 \ + 4 google.com.,IN,NS,157797,ns2.google.com. \ + google.com.,IN,NS,157797,ns4.google.com. \ + google.com.,IN,NS,157797,ns1.google.com. \ + google.com.,IN,NS,157797,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157797,216.239.34.10 \ + ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 +[73] 2016-10-20 15:24:23.527449 [#70 dns.pcap-dist 4095] \ + [66.11.55.236].60063 [8.8.8.8].53 \ + dns QUERY,NOERROR,18886,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:23.529385 [#71 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].60063 \ + dns QUERY,NOERROR,18886,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 \ + ns2.google.com.,IN,A,157797,216.239.34.10 +[56] 2016-10-20 15:24:24.537264 [#72 dns.pcap-dist 4095] \ + [66.11.55.236].42042 [8.8.8.8].53 \ + dns QUERY,NOERROR,10624,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:24.539398 [#73 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].42042 \ + dns QUERY,NOERROR,10624,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,265,216.58.218.206 \ + 4 google.com.,IN,NS,157796,ns3.google.com. \ + google.com.,IN,NS,157796,ns4.google.com. \ + google.com.,IN,NS,157796,ns1.google.com. \ + google.com.,IN,NS,157796,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157796,216.239.34.10 \ + ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 +[73] 2016-10-20 15:24:24.544538 [#74 dns.pcap-dist 4095] \ + [66.11.55.236].60469 [8.8.8.8].53 \ + dns QUERY,NOERROR,33139,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:24.546172 [#75 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].60469 \ + dns QUERY,NOERROR,33139,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 \ + ns2.google.com.,IN,A,157796,216.239.34.10 +[56] 2016-10-20 15:24:25.554744 [#76 dns.pcap-dist 4095] \ + [66.11.55.236].45703 [8.8.8.8].53 \ + dns QUERY,NOERROR,61415,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:25.556513 [#77 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].45703 \ + dns QUERY,NOERROR,61415,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,264,216.58.218.206 \ + 4 google.com.,IN,NS,157795,ns3.google.com. \ + google.com.,IN,NS,157795,ns4.google.com. \ + google.com.,IN,NS,157795,ns2.google.com. \ + google.com.,IN,NS,157795,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157795,216.239.34.10 \ + ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 +[73] 2016-10-20 15:24:25.562608 [#78 dns.pcap-dist 4095] \ + [66.11.55.236].33507 [8.8.8.8].53 \ + dns QUERY,NOERROR,59258,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:25.564509 [#79 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].33507 \ + dns QUERY,NOERROR,59258,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 \ + ns2.google.com.,IN,A,157795,216.239.34.10 +[56] 2016-10-20 15:24:26.572784 [#80 dns.pcap-dist 4095] \ + [66.11.55.236].46798 [8.8.8.8].53 \ + dns QUERY,NOERROR,17700,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:26.574350 [#81 dns.pcap-dist 4095] \ + [8.8.8.8].53 [66.11.55.236].46798 \ + dns QUERY,NOERROR,17700,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,263,216.58.218.206 \ + 4 google.com.,IN,NS,157794,ns1.google.com. \ + google.com.,IN,NS,157794,ns4.google.com. \ + google.com.,IN,NS,157794,ns3.google.com. \ + google.com.,IN,NS,157794,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157794,216.239.34.10 \ + ns1.google.com.,IN,A,331796,216.239.32.10 \ + ns3.google.com.,IN,A,157794,216.239.36.10 \ + ns4.google.com.,IN,A,157794,216.239.38.10 +[56] 2016-10-20 15:23:01.075993 [#0 dns.pcap-dist 4095] \ + [172.17.0.10].53199 [46.48.51.50].53 \ + dns QUERY,NOERROR,59311,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.077982 [#1 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].53199 \ + dns QUERY,NOERROR,59311,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns4.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[73] 2016-10-20 15:23:01.082865 [#2 dns.pcap-dist 4095] \ + [172.17.0.10].57822 [46.48.51.50].53 \ + dns QUERY,NOERROR,35665,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:01.084107 [#3 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].57822 \ + dns QUERY,NOERROR,35665,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 \ + ns2.google.com.,IN,A,157880,216.239.34.10 +[56] 2016-10-20 15:23:01.087291 [#4 dns.pcap-dist 4095] \ + [172.17.0.10].40043 [46.48.51.50].53 \ + dns QUERY,NOERROR,5337,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.088733 [#5 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].40043 \ + dns QUERY,NOERROR,5337,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[56] 2016-10-20 15:23:10.322117 [#6 dns.pcap-dist 4095] \ + [172.17.0.10].37953 [46.48.51.50].53 \ + dns QUERY,NOERROR,22982,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:10.323399 [#7 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].37953 \ + dns QUERY,NOERROR,22982,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,34,216.58.218.206 \ + 4 google.com.,IN,NS,157870,ns4.google.com. \ + google.com.,IN,NS,157870,ns1.google.com. \ + google.com.,IN,NS,157870,ns2.google.com. \ + google.com.,IN,NS,157870,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157870,216.239.34.10 \ + ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 +[73] 2016-10-20 15:23:10.328324 [#8 dns.pcap-dist 4095] \ + [172.17.0.10].48658 [46.48.51.50].53 \ + dns QUERY,NOERROR,18718,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:10.329572 [#9 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].48658 \ + dns QUERY,NOERROR,18718,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 \ + ns2.google.com.,IN,A,157870,216.239.34.10 +[56] 2016-10-20 15:23:52.860937 [#10 dns.pcap-dist 4095] \ + [172.17.0.10].40953 [46.48.51.50].53 \ + dns QUERY,NOERROR,22531,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:52.863771 [#11 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].40953 \ + dns QUERY,NOERROR,22531,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,297,216.58.218.206 \ + 4 google.com.,IN,NS,157828,ns2.google.com. \ + google.com.,IN,NS,157828,ns4.google.com. \ + google.com.,IN,NS,157828,ns1.google.com. \ + google.com.,IN,NS,157828,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157828,216.239.34.10 \ + ns1.google.com.,IN,A,331830,216.239.32.10 \ + ns3.google.com.,IN,A,157828,216.239.36.10 \ + ns4.google.com.,IN,A,157828,216.239.38.10 +[56] 2016-10-20 15:23:59.083869 [#12 dns.pcap-dist 4095] \ + [172.17.0.10].45174 [46.48.51.50].53 \ + dns QUERY,NOERROR,58510,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:59.086104 [#13 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].45174 \ + dns QUERY,NOERROR,58510,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,291,216.58.218.206 \ + 4 google.com.,IN,NS,157822,ns2.google.com. \ + google.com.,IN,NS,157822,ns3.google.com. \ + google.com.,IN,NS,157822,ns1.google.com. \ + google.com.,IN,NS,157822,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157822,216.239.34.10 \ + ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 +[73] 2016-10-20 15:23:59.090911 [#14 dns.pcap-dist 4095] \ + [172.17.0.10].33916 [46.48.51.50].53 \ + dns QUERY,NOERROR,45248,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:59.092204 [#15 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].33916 \ + dns QUERY,NOERROR,45248,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 \ + ns2.google.com.,IN,A,157822,216.239.34.10 +[56] 2016-10-20 15:24:04.323868 [#16 dns.pcap-dist 4095] \ + [172.17.0.10].43559 [46.48.51.50].53 \ + dns QUERY,NOERROR,49483,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:04.325597 [#17 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].43559 \ + dns QUERY,NOERROR,49483,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,285,216.58.218.206 \ + 4 google.com.,IN,NS,157816,ns4.google.com. \ + google.com.,IN,NS,157816,ns3.google.com. \ + google.com.,IN,NS,157816,ns1.google.com. \ + google.com.,IN,NS,157816,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157816,216.239.34.10 \ + ns1.google.com.,IN,A,331818,216.239.32.10 \ + ns3.google.com.,IN,A,157816,216.239.36.10 \ + ns4.google.com.,IN,A,157816,216.239.38.10 +[56] 2016-10-20 15:24:06.332239 [#18 dns.pcap-dist 4095] \ + [172.17.0.10].54859 [46.48.51.50].53 \ + dns QUERY,NOERROR,31669,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:06.333743 [#19 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].54859 \ + dns QUERY,NOERROR,31669,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,283,216.58.218.206 \ + 4 google.com.,IN,NS,157814,ns2.google.com. \ + google.com.,IN,NS,157814,ns1.google.com. \ + google.com.,IN,NS,157814,ns4.google.com. \ + google.com.,IN,NS,157814,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157814,216.239.34.10 \ + ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 +[73] 2016-10-20 15:24:06.339145 [#20 dns.pcap-dist 4095] \ + [172.17.0.10].58176 [46.48.51.50].53 \ + dns QUERY,NOERROR,25433,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:06.340820 [#21 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].58176 \ + dns QUERY,NOERROR,25433,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 \ + ns2.google.com.,IN,A,157814,216.239.34.10 +[56] 2016-10-20 15:24:07.346429 [#22 dns.pcap-dist 4095] \ + [172.17.0.10].41266 [46.48.51.50].53 \ + dns QUERY,NOERROR,63798,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:07.348160 [#23 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].41266 \ + dns QUERY,NOERROR,63798,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,282,216.58.218.206 \ + 4 google.com.,IN,NS,157813,ns4.google.com. \ + google.com.,IN,NS,157813,ns1.google.com. \ + google.com.,IN,NS,157813,ns3.google.com. \ + google.com.,IN,NS,157813,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157813,216.239.34.10 \ + ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 +[73] 2016-10-20 15:24:07.353123 [#24 dns.pcap-dist 4095] \ + [172.17.0.10].34607 [46.48.51.50].53 \ + dns QUERY,NOERROR,8470,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:07.354682 [#25 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].34607 \ + dns QUERY,NOERROR,8470,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 \ + ns2.google.com.,IN,A,157813,216.239.34.10 +[56] 2016-10-20 15:24:08.360528 [#26 dns.pcap-dist 4095] \ + [172.17.0.10].60437 [46.48.51.50].53 \ + dns QUERY,NOERROR,60258,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:08.362206 [#27 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].60437 \ + dns QUERY,NOERROR,60258,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,281,216.58.218.206 \ + 4 google.com.,IN,NS,157812,ns3.google.com. \ + google.com.,IN,NS,157812,ns2.google.com. \ + google.com.,IN,NS,157812,ns4.google.com. \ + google.com.,IN,NS,157812,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157812,216.239.34.10 \ + ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 +[73] 2016-10-20 15:24:08.368516 [#28 dns.pcap-dist 4095] \ + [172.17.0.10].37149 [46.48.51.50].53 \ + dns QUERY,NOERROR,44985,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:08.370119 [#29 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].37149 \ + dns QUERY,NOERROR,44985,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 \ + ns2.google.com.,IN,A,157812,216.239.34.10 +[56] 2016-10-20 15:24:09.375942 [#30 dns.pcap-dist 4095] \ + [172.17.0.10].53820 [46.48.51.50].53 \ + dns QUERY,NOERROR,45512,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:09.378425 [#31 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].53820 \ + dns QUERY,NOERROR,45512,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,280,216.58.218.206 \ + 4 google.com.,IN,NS,157811,ns3.google.com. \ + google.com.,IN,NS,157811,ns4.google.com. \ + google.com.,IN,NS,157811,ns1.google.com. \ + google.com.,IN,NS,157811,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157811,216.239.34.10 \ + ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 +[73] 2016-10-20 15:24:09.384057 [#32 dns.pcap-dist 4095] \ + [172.17.0.10].52368 [46.48.51.50].53 \ + dns QUERY,NOERROR,22980,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:09.385463 [#33 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].52368 \ + dns QUERY,NOERROR,22980,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 \ + ns2.google.com.,IN,A,157811,216.239.34.10 +[56] 2016-10-20 15:24:10.391358 [#34 dns.pcap-dist 4095] \ + [172.17.0.10].47637 [46.48.51.50].53 \ + dns QUERY,NOERROR,1834,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:10.392886 [#35 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].47637 \ + dns QUERY,NOERROR,1834,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,279,216.58.218.206 \ + 4 google.com.,IN,NS,157810,ns1.google.com. \ + google.com.,IN,NS,157810,ns2.google.com. \ + google.com.,IN,NS,157810,ns4.google.com. \ + google.com.,IN,NS,157810,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157810,216.239.34.10 \ + ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 +[73] 2016-10-20 15:24:10.398099 [#36 dns.pcap-dist 4095] \ + [172.17.0.10].34426 [46.48.51.50].53 \ + dns QUERY,NOERROR,25431,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:10.400317 [#37 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].34426 \ + dns QUERY,NOERROR,25431,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 \ + ns2.google.com.,IN,A,157810,216.239.34.10 +[56] 2016-10-20 15:24:11.406297 [#38 dns.pcap-dist 4095] \ + [172.17.0.10].41059 [46.48.51.50].53 \ + dns QUERY,NOERROR,48432,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:11.407460 [#39 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].41059 \ + dns QUERY,NOERROR,48432,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,278,216.58.218.206 \ + 4 google.com.,IN,NS,157809,ns3.google.com. \ + google.com.,IN,NS,157809,ns4.google.com. \ + google.com.,IN,NS,157809,ns2.google.com. \ + google.com.,IN,NS,157809,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157809,216.239.34.10 \ + ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 +[73] 2016-10-20 15:24:11.412133 [#40 dns.pcap-dist 4095] \ + [172.17.0.10].51181 [46.48.51.50].53 \ + dns QUERY,NOERROR,47411,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:11.413370 [#41 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].51181 \ + dns QUERY,NOERROR,47411,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 \ + ns2.google.com.,IN,A,157809,216.239.34.10 +[56] 2016-10-20 15:24:12.419936 [#42 dns.pcap-dist 4095] \ + [172.17.0.10].32976 [46.48.51.50].53 \ + dns QUERY,NOERROR,12038,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:12.421228 [#43 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].32976 \ + dns QUERY,NOERROR,12038,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,277,216.58.218.206 \ + 4 google.com.,IN,NS,157808,ns2.google.com. \ + google.com.,IN,NS,157808,ns3.google.com. \ + google.com.,IN,NS,157808,ns1.google.com. \ + google.com.,IN,NS,157808,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157808,216.239.34.10 \ + ns1.google.com.,IN,A,331810,216.239.32.10 \ + ns3.google.com.,IN,A,157808,216.239.36.10 \ + ns4.google.com.,IN,A,157808,216.239.38.10 +[56] 2016-10-20 15:24:14.428524 [#44 dns.pcap-dist 4095] \ + [172.17.0.10].53467 [46.48.51.50].53 \ + dns QUERY,NOERROR,11614,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:14.429863 [#45 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].53467 \ + dns QUERY,NOERROR,11614,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,275,216.58.218.206 \ + 4 google.com.,IN,NS,157806,ns3.google.com. \ + google.com.,IN,NS,157806,ns1.google.com. \ + google.com.,IN,NS,157806,ns4.google.com. \ + google.com.,IN,NS,157806,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157806,216.239.34.10 \ + ns1.google.com.,IN,A,331808,216.239.32.10 \ + ns3.google.com.,IN,A,157806,216.239.36.10 \ + ns4.google.com.,IN,A,157806,216.239.38.10 +[56] 2016-10-20 15:24:16.435733 [#46 dns.pcap-dist 4095] \ + [172.17.0.10].41532 [46.48.51.50].53 \ + dns QUERY,NOERROR,59173,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:16.437471 [#47 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].41532 \ + dns QUERY,NOERROR,59173,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,273,216.58.218.206 \ + 4 google.com.,IN,NS,157804,ns1.google.com. \ + google.com.,IN,NS,157804,ns3.google.com. \ + google.com.,IN,NS,157804,ns2.google.com. \ + google.com.,IN,NS,157804,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157804,216.239.34.10 \ + ns1.google.com.,IN,A,331806,216.239.32.10 \ + ns3.google.com.,IN,A,157804,216.239.36.10 \ + ns4.google.com.,IN,A,157804,216.239.38.10 +[56] 2016-10-20 15:24:18.445519 [#48 dns.pcap-dist 4095] \ + [172.17.0.10].44982 [46.48.51.50].53 \ + dns QUERY,NOERROR,45535,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:18.446775 [#49 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].44982 \ + dns QUERY,NOERROR,45535,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,271,216.58.218.206 \ + 4 google.com.,IN,NS,157802,ns4.google.com. \ + google.com.,IN,NS,157802,ns2.google.com. \ + google.com.,IN,NS,157802,ns1.google.com. \ + google.com.,IN,NS,157802,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157802,216.239.34.10 \ + ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 +[73] 2016-10-20 15:24:18.452451 [#50 dns.pcap-dist 4095] \ + [172.17.0.10].40224 [46.48.51.50].53 \ + dns QUERY,NOERROR,60808,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:18.454030 [#51 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].40224 \ + dns QUERY,NOERROR,60808,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 \ + ns2.google.com.,IN,A,157802,216.239.34.10 +[56] 2016-10-20 15:24:19.460087 [#52 dns.pcap-dist 4095] \ + [172.17.0.10].45658 [46.48.51.50].53 \ + dns QUERY,NOERROR,64325,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:19.462224 [#53 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].45658 \ + dns QUERY,NOERROR,64325,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,270,216.58.218.206 \ + 4 google.com.,IN,NS,157801,ns1.google.com. \ + google.com.,IN,NS,157801,ns3.google.com. \ + google.com.,IN,NS,157801,ns4.google.com. \ + google.com.,IN,NS,157801,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157801,216.239.34.10 \ + ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 +[73] 2016-10-20 15:24:19.467324 [#54 dns.pcap-dist 4095] \ + [172.17.0.10].60457 [46.48.51.50].53 \ + dns QUERY,NOERROR,25543,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:19.468895 [#55 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].60457 \ + dns QUERY,NOERROR,25543,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 \ + ns2.google.com.,IN,A,157801,216.239.34.10 +[56] 2016-10-20 15:24:20.475086 [#56 dns.pcap-dist 4095] \ + [172.17.0.10].59762 [46.48.51.50].53 \ + dns QUERY,NOERROR,20736,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:20.476841 [#57 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].59762 \ + dns QUERY,NOERROR,20736,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,269,216.58.218.206 \ + 4 google.com.,IN,NS,157800,ns3.google.com. \ + google.com.,IN,NS,157800,ns1.google.com. \ + google.com.,IN,NS,157800,ns4.google.com. \ + google.com.,IN,NS,157800,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157800,216.239.34.10 \ + ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 +[73] 2016-10-20 15:24:20.482188 [#58 dns.pcap-dist 4095] \ + [172.17.0.10].56022 [46.48.51.50].53 \ + dns QUERY,NOERROR,25911,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:20.483927 [#59 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].56022 \ + dns QUERY,NOERROR,25911,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 \ + ns2.google.com.,IN,A,157800,216.239.34.10 +[56] 2016-10-20 15:24:21.489468 [#60 dns.pcap-dist 4095] \ + [172.17.0.10].37669 [46.48.51.50].53 \ + dns QUERY,NOERROR,64358,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:21.490573 [#61 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].37669 \ + dns QUERY,NOERROR,64358,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,268,216.58.218.206 \ + 4 google.com.,IN,NS,157799,ns2.google.com. \ + google.com.,IN,NS,157799,ns1.google.com. \ + google.com.,IN,NS,157799,ns4.google.com. \ + google.com.,IN,NS,157799,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157799,216.239.34.10 \ + ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 +[73] 2016-10-20 15:24:21.495324 [#62 dns.pcap-dist 4095] \ + [172.17.0.10].42978 [46.48.51.50].53 \ + dns QUERY,NOERROR,37698,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:21.496815 [#63 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].42978 \ + dns QUERY,NOERROR,37698,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 \ + ns2.google.com.,IN,A,157799,216.239.34.10 +[56] 2016-10-20 15:24:22.502667 [#64 dns.pcap-dist 4095] \ + [172.17.0.10].49829 [46.48.51.50].53 \ + dns QUERY,NOERROR,54706,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:22.504738 [#65 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].49829 \ + dns QUERY,NOERROR,54706,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,267,216.58.218.206 \ + 4 google.com.,IN,NS,157798,ns2.google.com. \ + google.com.,IN,NS,157798,ns4.google.com. \ + google.com.,IN,NS,157798,ns3.google.com. \ + google.com.,IN,NS,157798,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157798,216.239.34.10 \ + ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 +[73] 2016-10-20 15:24:22.510176 [#66 dns.pcap-dist 4095] \ + [172.17.0.10].50599 [46.48.51.50].53 \ + dns QUERY,NOERROR,32142,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:22.511746 [#67 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].50599 \ + dns QUERY,NOERROR,32142,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 \ + ns2.google.com.,IN,A,157798,216.239.34.10 +[56] 2016-10-20 15:24:23.520203 [#68 dns.pcap-dist 4095] \ + [172.17.0.10].44980 [46.48.51.50].53 \ + dns QUERY,NOERROR,41808,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:23.521976 [#69 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].44980 \ + dns QUERY,NOERROR,41808,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,266,216.58.218.206 \ + 4 google.com.,IN,NS,157797,ns2.google.com. \ + google.com.,IN,NS,157797,ns4.google.com. \ + google.com.,IN,NS,157797,ns1.google.com. \ + google.com.,IN,NS,157797,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157797,216.239.34.10 \ + ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 +[73] 2016-10-20 15:24:23.527449 [#70 dns.pcap-dist 4095] \ + [172.17.0.10].60063 [46.48.51.50].53 \ + dns QUERY,NOERROR,18886,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:23.529385 [#71 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].60063 \ + dns QUERY,NOERROR,18886,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 \ + ns2.google.com.,IN,A,157797,216.239.34.10 +[56] 2016-10-20 15:24:24.537264 [#72 dns.pcap-dist 4095] \ + [172.17.0.10].42042 [46.48.51.50].53 \ + dns QUERY,NOERROR,10624,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:24.539398 [#73 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].42042 \ + dns QUERY,NOERROR,10624,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,265,216.58.218.206 \ + 4 google.com.,IN,NS,157796,ns3.google.com. \ + google.com.,IN,NS,157796,ns4.google.com. \ + google.com.,IN,NS,157796,ns1.google.com. \ + google.com.,IN,NS,157796,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157796,216.239.34.10 \ + ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 +[73] 2016-10-20 15:24:24.544538 [#74 dns.pcap-dist 4095] \ + [172.17.0.10].60469 [46.48.51.50].53 \ + dns QUERY,NOERROR,33139,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:24.546172 [#75 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].60469 \ + dns QUERY,NOERROR,33139,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 \ + ns2.google.com.,IN,A,157796,216.239.34.10 +[56] 2016-10-20 15:24:25.554744 [#76 dns.pcap-dist 4095] \ + [172.17.0.10].45703 [46.48.51.50].53 \ + dns QUERY,NOERROR,61415,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:25.556513 [#77 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].45703 \ + dns QUERY,NOERROR,61415,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,264,216.58.218.206 \ + 4 google.com.,IN,NS,157795,ns3.google.com. \ + google.com.,IN,NS,157795,ns4.google.com. \ + google.com.,IN,NS,157795,ns2.google.com. \ + google.com.,IN,NS,157795,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157795,216.239.34.10 \ + ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 +[73] 2016-10-20 15:24:25.562608 [#78 dns.pcap-dist 4095] \ + [172.17.0.10].33507 [46.48.51.50].53 \ + dns QUERY,NOERROR,59258,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:25.564509 [#79 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].33507 \ + dns QUERY,NOERROR,59258,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 \ + ns2.google.com.,IN,A,157795,216.239.34.10 +[56] 2016-10-20 15:24:26.572784 [#80 dns.pcap-dist 4095] \ + [172.17.0.10].46798 [46.48.51.50].53 \ + dns QUERY,NOERROR,17700,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:26.574350 [#81 dns.pcap-dist 4095] \ + [46.48.51.50].53 [172.17.0.10].46798 \ + dns QUERY,NOERROR,17700,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,263,216.58.218.206 \ + 4 google.com.,IN,NS,157794,ns1.google.com. \ + google.com.,IN,NS,157794,ns4.google.com. \ + google.com.,IN,NS,157794,ns3.google.com. \ + google.com.,IN,NS,157794,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157794,216.239.34.10 \ + ns1.google.com.,IN,A,331796,216.239.32.10 \ + ns3.google.com.,IN,A,157794,216.239.36.10 \ + ns4.google.com.,IN,A,157794,216.239.38.10 +ipcrypt.so usage error: -c and -s options are mutually exclusive diff --git a/plugins/ipcrypt/test1.sh b/plugins/ipcrypt/test1.sh new file mode 100755 index 0000000..3be7107 --- /dev/null +++ b/plugins/ipcrypt/test1.sh @@ -0,0 +1,24 @@ +#!/bin/sh -xe + +plugin=`find . -name 'ipcrypt.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the ipcrypt plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist + +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" 2>test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "some 16-byte key" 2>>test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "some 16-byte key" -c 2>>test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "some 16-byte key" -s 2>>test1.out +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k "some 16-byte key" -c -s 2>>test1.out + +osrel=`uname -s` +if [ "$osrel" = "OpenBSD" ]; then + mv test1.out test1.out.old + grep -v "^dnscap.*WARNING.*symbol.*relink" test1.out.old > test1.out + rm test1.out.old +fi + +diff test1.out "$srcdir/test1.gold" diff --git a/plugins/ipcrypt/test2.gold b/plugins/ipcrypt/test2.gold new file mode 100644 index 0000000..3118c84 --- /dev/null +++ b/plugins/ipcrypt/test2.gold @@ -0,0 +1,33 @@ +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ + [150a:8a55:31dc:6eac:cbc:bc41:5a09:3606].51972 [830c:987b:b17f:8b55:cbc:bc41:6b7c:2e56].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ + [830c:987b:b17f:8b55:cbc:bc41:6b7c:2e56].53 [150a:8a55:31dc:6eac:cbc:bc41:5a09:3606].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ + [150a:8a55:31dc:6eac:cbc:bc41:5a09:3606].51972 [2001:4860:4860::8888].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ + [2001:4860:4860::8888].53 [150a:8a55:31dc:6eac:cbc:bc41:5a09:3606].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] +[87] 2018-11-27 15:52:00.414188 [#0 dns6.pcap-dist 4095] \ + [2a01:3f0:0:57::245].51972 [830c:987b:b17f:8b55:cbc:bc41:6b7c:2e56].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 dns6.pcap-dist 4095] \ + [830c:987b:b17f:8b55:cbc:bc41:6b7c:2e56].53 [2a01:3f0:0:57::245].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] diff --git a/plugins/ipcrypt/test2.sh b/plugins/ipcrypt/test2.sh new file mode 100755 index 0000000..7b99122 --- /dev/null +++ b/plugins/ipcrypt/test2.sh @@ -0,0 +1,30 @@ +#!/bin/sh -xe + +plugin=`find . -name 'ipcrypt.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the ipcrypt plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns6.pcap" dns6.pcap-dist + +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -6 -k "some 16-byte key" 2>test2.out +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -6 -k "some 16-byte key" -c 2>>test2.out +../../src/dnscap -r dns6.pcap-dist -g -P "$plugin" -6 -k "some 16-byte key" -s 2>>test2.out + +osrel=`uname -s` +if [ "$osrel" = "OpenBSD" ]; then + mv test2.out test2.out.old + grep -v "^dnscap.*WARNING.*symbol.*relink" test2.out.old > test2.out + rm test2.out.old +fi + +# TODO: Remove when #133 is fixed +cat test2.out | \ + sed 's%,CLASS4096,OPT,%,4096,4096,%' | \ + sed 's%,CLASS512,OPT,%,512,512,%' | \ + sed 's%,41,41,0,edns0\[len=0,UDP=4096,%,4096,4096,0,edns0[len=0,UDP=4096,%' | \ + sed 's%,41,41,0,edns0\[len=0,UDP=512,%,512,512,0,edns0[len=0,UDP=512,%' >test2.new +mv test2.new test2.out + +diff test2.out "$srcdir/test2.gold" diff --git a/plugins/ipcrypt/test3.gold b/plugins/ipcrypt/test3.gold new file mode 100644 index 0000000..afd1d7d --- /dev/null +++ b/plugins/ipcrypt/test3.gold @@ -0,0 +1,725 @@ +[56] 2016-10-20 15:23:01.075993 [#0 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].53199 [8.8.8.8].53 \ + dns QUERY,NOERROR,59311,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.077982 [#1 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].53199 \ + dns QUERY,NOERROR,59311,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns4.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[73] 2016-10-20 15:23:01.082865 [#2 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].57822 [8.8.8.8].53 \ + dns QUERY,NOERROR,35665,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:01.084107 [#3 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].57822 \ + dns QUERY,NOERROR,35665,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72125,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71608,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71608,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 \ + ns2.google.com.,IN,A,157880,216.239.34.10 +[56] 2016-10-20 15:23:01.087291 [#4 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].40043 [8.8.8.8].53 \ + dns QUERY,NOERROR,5337,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:01.088733 [#5 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].40043 \ + dns QUERY,NOERROR,5337,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,44,216.58.218.206 \ + 4 google.com.,IN,NS,157880,ns1.google.com. \ + google.com.,IN,NS,157880,ns2.google.com. \ + google.com.,IN,NS,157880,ns3.google.com. \ + google.com.,IN,NS,157880,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157880,216.239.34.10 \ + ns1.google.com.,IN,A,331882,216.239.32.10 \ + ns3.google.com.,IN,A,157880,216.239.36.10 \ + ns4.google.com.,IN,A,157880,216.239.38.10 +[56] 2016-10-20 15:23:10.322117 [#6 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].37953 [8.8.8.8].53 \ + dns QUERY,NOERROR,22982,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:10.323399 [#7 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].37953 \ + dns QUERY,NOERROR,22982,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,34,216.58.218.206 \ + 4 google.com.,IN,NS,157870,ns4.google.com. \ + google.com.,IN,NS,157870,ns1.google.com. \ + google.com.,IN,NS,157870,ns2.google.com. \ + google.com.,IN,NS,157870,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157870,216.239.34.10 \ + ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 +[73] 2016-10-20 15:23:10.328324 [#8 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].48658 [8.8.8.8].53 \ + dns QUERY,NOERROR,18718,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:10.329572 [#9 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].48658 \ + dns QUERY,NOERROR,18718,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72115,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71598,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71598,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331872,216.239.32.10 \ + ns3.google.com.,IN,A,157870,216.239.36.10 \ + ns4.google.com.,IN,A,157870,216.239.38.10 \ + ns2.google.com.,IN,A,157870,216.239.34.10 +[56] 2016-10-20 15:23:52.860937 [#10 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].40953 [8.8.8.8].53 \ + dns QUERY,NOERROR,22531,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:52.863771 [#11 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].40953 \ + dns QUERY,NOERROR,22531,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,297,216.58.218.206 \ + 4 google.com.,IN,NS,157828,ns2.google.com. \ + google.com.,IN,NS,157828,ns4.google.com. \ + google.com.,IN,NS,157828,ns1.google.com. \ + google.com.,IN,NS,157828,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157828,216.239.34.10 \ + ns1.google.com.,IN,A,331830,216.239.32.10 \ + ns3.google.com.,IN,A,157828,216.239.36.10 \ + ns4.google.com.,IN,A,157828,216.239.38.10 +[56] 2016-10-20 15:23:59.083869 [#12 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].45174 [8.8.8.8].53 \ + dns QUERY,NOERROR,58510,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:23:59.086104 [#13 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].45174 \ + dns QUERY,NOERROR,58510,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,291,216.58.218.206 \ + 4 google.com.,IN,NS,157822,ns2.google.com. \ + google.com.,IN,NS,157822,ns3.google.com. \ + google.com.,IN,NS,157822,ns1.google.com. \ + google.com.,IN,NS,157822,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157822,216.239.34.10 \ + ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 +[73] 2016-10-20 15:23:59.090911 [#14 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].33916 [8.8.8.8].53 \ + dns QUERY,NOERROR,45248,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:23:59.092204 [#15 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].33916 \ + dns QUERY,NOERROR,45248,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72067,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71550,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71550,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331824,216.239.32.10 \ + ns3.google.com.,IN,A,157822,216.239.36.10 \ + ns4.google.com.,IN,A,157822,216.239.38.10 \ + ns2.google.com.,IN,A,157822,216.239.34.10 +[56] 2016-10-20 15:24:04.323868 [#16 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].43559 [8.8.8.8].53 \ + dns QUERY,NOERROR,49483,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:04.325597 [#17 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].43559 \ + dns QUERY,NOERROR,49483,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,285,216.58.218.206 \ + 4 google.com.,IN,NS,157816,ns4.google.com. \ + google.com.,IN,NS,157816,ns3.google.com. \ + google.com.,IN,NS,157816,ns1.google.com. \ + google.com.,IN,NS,157816,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157816,216.239.34.10 \ + ns1.google.com.,IN,A,331818,216.239.32.10 \ + ns3.google.com.,IN,A,157816,216.239.36.10 \ + ns4.google.com.,IN,A,157816,216.239.38.10 +[56] 2016-10-20 15:24:06.332239 [#18 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].54859 [8.8.8.8].53 \ + dns QUERY,NOERROR,31669,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:06.333743 [#19 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].54859 \ + dns QUERY,NOERROR,31669,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,283,216.58.218.206 \ + 4 google.com.,IN,NS,157814,ns2.google.com. \ + google.com.,IN,NS,157814,ns1.google.com. \ + google.com.,IN,NS,157814,ns4.google.com. \ + google.com.,IN,NS,157814,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157814,216.239.34.10 \ + ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 +[73] 2016-10-20 15:24:06.339145 [#20 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].58176 [8.8.8.8].53 \ + dns QUERY,NOERROR,25433,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:06.340820 [#21 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].58176 \ + dns QUERY,NOERROR,25433,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72059,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71542,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71542,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331816,216.239.32.10 \ + ns3.google.com.,IN,A,157814,216.239.36.10 \ + ns4.google.com.,IN,A,157814,216.239.38.10 \ + ns2.google.com.,IN,A,157814,216.239.34.10 +[56] 2016-10-20 15:24:07.346429 [#22 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].41266 [8.8.8.8].53 \ + dns QUERY,NOERROR,63798,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:07.348160 [#23 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].41266 \ + dns QUERY,NOERROR,63798,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,282,216.58.218.206 \ + 4 google.com.,IN,NS,157813,ns4.google.com. \ + google.com.,IN,NS,157813,ns1.google.com. \ + google.com.,IN,NS,157813,ns3.google.com. \ + google.com.,IN,NS,157813,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157813,216.239.34.10 \ + ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 +[73] 2016-10-20 15:24:07.353123 [#24 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].34607 [8.8.8.8].53 \ + dns QUERY,NOERROR,8470,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:07.354682 [#25 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].34607 \ + dns QUERY,NOERROR,8470,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72058,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71541,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71541,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331815,216.239.32.10 \ + ns3.google.com.,IN,A,157813,216.239.36.10 \ + ns4.google.com.,IN,A,157813,216.239.38.10 \ + ns2.google.com.,IN,A,157813,216.239.34.10 +[56] 2016-10-20 15:24:08.360528 [#26 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].60437 [8.8.8.8].53 \ + dns QUERY,NOERROR,60258,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:08.362206 [#27 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].60437 \ + dns QUERY,NOERROR,60258,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,281,216.58.218.206 \ + 4 google.com.,IN,NS,157812,ns3.google.com. \ + google.com.,IN,NS,157812,ns2.google.com. \ + google.com.,IN,NS,157812,ns4.google.com. \ + google.com.,IN,NS,157812,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157812,216.239.34.10 \ + ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 +[73] 2016-10-20 15:24:08.368516 [#28 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].37149 [8.8.8.8].53 \ + dns QUERY,NOERROR,44985,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:08.370119 [#29 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].37149 \ + dns QUERY,NOERROR,44985,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72057,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71540,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71540,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331814,216.239.32.10 \ + ns3.google.com.,IN,A,157812,216.239.36.10 \ + ns4.google.com.,IN,A,157812,216.239.38.10 \ + ns2.google.com.,IN,A,157812,216.239.34.10 +[56] 2016-10-20 15:24:09.375942 [#30 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].53820 [8.8.8.8].53 \ + dns QUERY,NOERROR,45512,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:09.378425 [#31 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].53820 \ + dns QUERY,NOERROR,45512,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,280,216.58.218.206 \ + 4 google.com.,IN,NS,157811,ns3.google.com. \ + google.com.,IN,NS,157811,ns4.google.com. \ + google.com.,IN,NS,157811,ns1.google.com. \ + google.com.,IN,NS,157811,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157811,216.239.34.10 \ + ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 +[73] 2016-10-20 15:24:09.384057 [#32 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].52368 [8.8.8.8].53 \ + dns QUERY,NOERROR,22980,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:09.385463 [#33 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].52368 \ + dns QUERY,NOERROR,22980,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72056,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71539,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71539,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331813,216.239.32.10 \ + ns3.google.com.,IN,A,157811,216.239.36.10 \ + ns4.google.com.,IN,A,157811,216.239.38.10 \ + ns2.google.com.,IN,A,157811,216.239.34.10 +[56] 2016-10-20 15:24:10.391358 [#34 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].47637 [8.8.8.8].53 \ + dns QUERY,NOERROR,1834,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:10.392886 [#35 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].47637 \ + dns QUERY,NOERROR,1834,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,279,216.58.218.206 \ + 4 google.com.,IN,NS,157810,ns1.google.com. \ + google.com.,IN,NS,157810,ns2.google.com. \ + google.com.,IN,NS,157810,ns4.google.com. \ + google.com.,IN,NS,157810,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157810,216.239.34.10 \ + ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 +[73] 2016-10-20 15:24:10.398099 [#36 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].34426 [8.8.8.8].53 \ + dns QUERY,NOERROR,25431,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:10.400317 [#37 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].34426 \ + dns QUERY,NOERROR,25431,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72055,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71538,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71538,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331812,216.239.32.10 \ + ns3.google.com.,IN,A,157810,216.239.36.10 \ + ns4.google.com.,IN,A,157810,216.239.38.10 \ + ns2.google.com.,IN,A,157810,216.239.34.10 +[56] 2016-10-20 15:24:11.406297 [#38 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].41059 [8.8.8.8].53 \ + dns QUERY,NOERROR,48432,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:11.407460 [#39 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].41059 \ + dns QUERY,NOERROR,48432,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,278,216.58.218.206 \ + 4 google.com.,IN,NS,157809,ns3.google.com. \ + google.com.,IN,NS,157809,ns4.google.com. \ + google.com.,IN,NS,157809,ns2.google.com. \ + google.com.,IN,NS,157809,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157809,216.239.34.10 \ + ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 +[73] 2016-10-20 15:24:11.412133 [#40 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].51181 [8.8.8.8].53 \ + dns QUERY,NOERROR,47411,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:11.413370 [#41 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].51181 \ + dns QUERY,NOERROR,47411,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72054,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71537,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71537,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331811,216.239.32.10 \ + ns3.google.com.,IN,A,157809,216.239.36.10 \ + ns4.google.com.,IN,A,157809,216.239.38.10 \ + ns2.google.com.,IN,A,157809,216.239.34.10 +[56] 2016-10-20 15:24:12.419936 [#42 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].32976 [8.8.8.8].53 \ + dns QUERY,NOERROR,12038,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:12.421228 [#43 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].32976 \ + dns QUERY,NOERROR,12038,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,277,216.58.218.206 \ + 4 google.com.,IN,NS,157808,ns2.google.com. \ + google.com.,IN,NS,157808,ns3.google.com. \ + google.com.,IN,NS,157808,ns1.google.com. \ + google.com.,IN,NS,157808,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157808,216.239.34.10 \ + ns1.google.com.,IN,A,331810,216.239.32.10 \ + ns3.google.com.,IN,A,157808,216.239.36.10 \ + ns4.google.com.,IN,A,157808,216.239.38.10 +[56] 2016-10-20 15:24:14.428524 [#44 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].53467 [8.8.8.8].53 \ + dns QUERY,NOERROR,11614,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:14.429863 [#45 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].53467 \ + dns QUERY,NOERROR,11614,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,275,216.58.218.206 \ + 4 google.com.,IN,NS,157806,ns3.google.com. \ + google.com.,IN,NS,157806,ns1.google.com. \ + google.com.,IN,NS,157806,ns4.google.com. \ + google.com.,IN,NS,157806,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157806,216.239.34.10 \ + ns1.google.com.,IN,A,331808,216.239.32.10 \ + ns3.google.com.,IN,A,157806,216.239.36.10 \ + ns4.google.com.,IN,A,157806,216.239.38.10 +[56] 2016-10-20 15:24:16.435733 [#46 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].41532 [8.8.8.8].53 \ + dns QUERY,NOERROR,59173,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:16.437471 [#47 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].41532 \ + dns QUERY,NOERROR,59173,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,273,216.58.218.206 \ + 4 google.com.,IN,NS,157804,ns1.google.com. \ + google.com.,IN,NS,157804,ns3.google.com. \ + google.com.,IN,NS,157804,ns2.google.com. \ + google.com.,IN,NS,157804,ns4.google.com. \ + 4 ns2.google.com.,IN,A,157804,216.239.34.10 \ + ns1.google.com.,IN,A,331806,216.239.32.10 \ + ns3.google.com.,IN,A,157804,216.239.36.10 \ + ns4.google.com.,IN,A,157804,216.239.38.10 +[56] 2016-10-20 15:24:18.445519 [#48 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].44982 [8.8.8.8].53 \ + dns QUERY,NOERROR,45535,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:18.446775 [#49 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].44982 \ + dns QUERY,NOERROR,45535,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,271,216.58.218.206 \ + 4 google.com.,IN,NS,157802,ns4.google.com. \ + google.com.,IN,NS,157802,ns2.google.com. \ + google.com.,IN,NS,157802,ns1.google.com. \ + google.com.,IN,NS,157802,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157802,216.239.34.10 \ + ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 +[73] 2016-10-20 15:24:18.452451 [#50 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].40224 [8.8.8.8].53 \ + dns QUERY,NOERROR,60808,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:18.454030 [#51 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].40224 \ + dns QUERY,NOERROR,60808,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72047,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71530,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71530,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331804,216.239.32.10 \ + ns3.google.com.,IN,A,157802,216.239.36.10 \ + ns4.google.com.,IN,A,157802,216.239.38.10 \ + ns2.google.com.,IN,A,157802,216.239.34.10 +[56] 2016-10-20 15:24:19.460087 [#52 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].45658 [8.8.8.8].53 \ + dns QUERY,NOERROR,64325,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:19.462224 [#53 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].45658 \ + dns QUERY,NOERROR,64325,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,270,216.58.218.206 \ + 4 google.com.,IN,NS,157801,ns1.google.com. \ + google.com.,IN,NS,157801,ns3.google.com. \ + google.com.,IN,NS,157801,ns4.google.com. \ + google.com.,IN,NS,157801,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157801,216.239.34.10 \ + ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 +[73] 2016-10-20 15:24:19.467324 [#54 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].60457 [8.8.8.8].53 \ + dns QUERY,NOERROR,25543,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:19.468895 [#55 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].60457 \ + dns QUERY,NOERROR,25543,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72046,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71529,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71529,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331803,216.239.32.10 \ + ns3.google.com.,IN,A,157801,216.239.36.10 \ + ns4.google.com.,IN,A,157801,216.239.38.10 \ + ns2.google.com.,IN,A,157801,216.239.34.10 +[56] 2016-10-20 15:24:20.475086 [#56 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].59762 [8.8.8.8].53 \ + dns QUERY,NOERROR,20736,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:20.476841 [#57 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].59762 \ + dns QUERY,NOERROR,20736,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,269,216.58.218.206 \ + 4 google.com.,IN,NS,157800,ns3.google.com. \ + google.com.,IN,NS,157800,ns1.google.com. \ + google.com.,IN,NS,157800,ns4.google.com. \ + google.com.,IN,NS,157800,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157800,216.239.34.10 \ + ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 +[73] 2016-10-20 15:24:20.482188 [#58 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].56022 [8.8.8.8].53 \ + dns QUERY,NOERROR,25911,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:20.483927 [#59 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].56022 \ + dns QUERY,NOERROR,25911,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72045,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71528,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71528,ns3.google.com. \ + 4 ns1.google.com.,IN,A,331802,216.239.32.10 \ + ns3.google.com.,IN,A,157800,216.239.36.10 \ + ns4.google.com.,IN,A,157800,216.239.38.10 \ + ns2.google.com.,IN,A,157800,216.239.34.10 +[56] 2016-10-20 15:24:21.489468 [#60 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].37669 [8.8.8.8].53 \ + dns QUERY,NOERROR,64358,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:21.490573 [#61 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].37669 \ + dns QUERY,NOERROR,64358,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,268,216.58.218.206 \ + 4 google.com.,IN,NS,157799,ns2.google.com. \ + google.com.,IN,NS,157799,ns1.google.com. \ + google.com.,IN,NS,157799,ns4.google.com. \ + google.com.,IN,NS,157799,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157799,216.239.34.10 \ + ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 +[73] 2016-10-20 15:24:21.495324 [#62 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].42978 [8.8.8.8].53 \ + dns QUERY,NOERROR,37698,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:21.496815 [#63 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].42978 \ + dns QUERY,NOERROR,37698,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72044,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71527,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71527,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331801,216.239.32.10 \ + ns3.google.com.,IN,A,157799,216.239.36.10 \ + ns4.google.com.,IN,A,157799,216.239.38.10 \ + ns2.google.com.,IN,A,157799,216.239.34.10 +[56] 2016-10-20 15:24:22.502667 [#64 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].49829 [8.8.8.8].53 \ + dns QUERY,NOERROR,54706,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:22.504738 [#65 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].49829 \ + dns QUERY,NOERROR,54706,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,267,216.58.218.206 \ + 4 google.com.,IN,NS,157798,ns2.google.com. \ + google.com.,IN,NS,157798,ns4.google.com. \ + google.com.,IN,NS,157798,ns3.google.com. \ + google.com.,IN,NS,157798,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157798,216.239.34.10 \ + ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 +[73] 2016-10-20 15:24:22.510176 [#66 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].50599 [8.8.8.8].53 \ + dns QUERY,NOERROR,32142,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:22.511746 [#67 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].50599 \ + dns QUERY,NOERROR,32142,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72043,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71526,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71526,ns4.google.com. \ + 4 ns1.google.com.,IN,A,331800,216.239.32.10 \ + ns3.google.com.,IN,A,157798,216.239.36.10 \ + ns4.google.com.,IN,A,157798,216.239.38.10 \ + ns2.google.com.,IN,A,157798,216.239.34.10 +[56] 2016-10-20 15:24:23.520203 [#68 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].44980 [8.8.8.8].53 \ + dns QUERY,NOERROR,41808,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:23.521976 [#69 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].44980 \ + dns QUERY,NOERROR,41808,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,266,216.58.218.206 \ + 4 google.com.,IN,NS,157797,ns2.google.com. \ + google.com.,IN,NS,157797,ns4.google.com. \ + google.com.,IN,NS,157797,ns1.google.com. \ + google.com.,IN,NS,157797,ns3.google.com. \ + 4 ns2.google.com.,IN,A,157797,216.239.34.10 \ + ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 +[73] 2016-10-20 15:24:23.527449 [#70 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].60063 [8.8.8.8].53 \ + dns QUERY,NOERROR,18886,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:23.529385 [#71 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].60063 \ + dns QUERY,NOERROR,18886,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72042,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71525,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71525,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331799,216.239.32.10 \ + ns3.google.com.,IN,A,157797,216.239.36.10 \ + ns4.google.com.,IN,A,157797,216.239.38.10 \ + ns2.google.com.,IN,A,157797,216.239.34.10 +[56] 2016-10-20 15:24:24.537264 [#72 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].42042 [8.8.8.8].53 \ + dns QUERY,NOERROR,10624,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:24.539398 [#73 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].42042 \ + dns QUERY,NOERROR,10624,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,265,216.58.218.206 \ + 4 google.com.,IN,NS,157796,ns3.google.com. \ + google.com.,IN,NS,157796,ns4.google.com. \ + google.com.,IN,NS,157796,ns1.google.com. \ + google.com.,IN,NS,157796,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157796,216.239.34.10 \ + ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 +[73] 2016-10-20 15:24:24.544538 [#74 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].60469 [8.8.8.8].53 \ + dns QUERY,NOERROR,33139,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:24.546172 [#75 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].60469 \ + dns QUERY,NOERROR,33139,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f206.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72041,dfw06s47-in-f14.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71524,ns2.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71524,ns1.google.com. \ + 4 ns1.google.com.,IN,A,331798,216.239.32.10 \ + ns3.google.com.,IN,A,157796,216.239.36.10 \ + ns4.google.com.,IN,A,157796,216.239.38.10 \ + ns2.google.com.,IN,A,157796,216.239.34.10 +[56] 2016-10-20 15:24:25.554744 [#76 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].45703 [8.8.8.8].53 \ + dns QUERY,NOERROR,61415,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:25.556513 [#77 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].45703 \ + dns QUERY,NOERROR,61415,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,264,216.58.218.206 \ + 4 google.com.,IN,NS,157795,ns3.google.com. \ + google.com.,IN,NS,157795,ns4.google.com. \ + google.com.,IN,NS,157795,ns2.google.com. \ + google.com.,IN,NS,157795,ns1.google.com. \ + 4 ns2.google.com.,IN,A,157795,216.239.34.10 \ + ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 +[73] 2016-10-20 15:24:25.562608 [#78 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].33507 [8.8.8.8].53 \ + dns QUERY,NOERROR,59258,rd \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR 0 0 0 +[289] 2016-10-20 15:24:25.564509 [#79 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].33507 \ + dns QUERY,NOERROR,59258,qr|rd|ra \ + 1 206.218.58.216.in-addr.arpa.,IN,PTR \ + 2 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f14.1e100.net. \ + 206.218.58.216.in-addr.arpa.,IN,PTR,72040,dfw06s47-in-f206.1e100.net. \ + 4 218.58.216.in-addr.arpa.,IN,NS,71523,ns1.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns4.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns3.google.com. \ + 218.58.216.in-addr.arpa.,IN,NS,71523,ns2.google.com. \ + 4 ns1.google.com.,IN,A,331797,216.239.32.10 \ + ns3.google.com.,IN,A,157795,216.239.36.10 \ + ns4.google.com.,IN,A,157795,216.239.38.10 \ + ns2.google.com.,IN,A,157795,216.239.34.10 +[56] 2016-10-20 15:24:26.572784 [#80 test3.pcap.20161020.152301.075993 4095] \ + [172.17.0.10].46798 [8.8.8.8].53 \ + dns QUERY,NOERROR,17700,rd \ + 1 google.com.,IN,A 0 0 0 +[208] 2016-10-20 15:24:26.574350 [#81 test3.pcap.20161020.152301.075993 4095] \ + [8.8.8.8].53 [172.17.0.10].46798 \ + dns QUERY,NOERROR,17700,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,263,216.58.218.206 \ + 4 google.com.,IN,NS,157794,ns1.google.com. \ + google.com.,IN,NS,157794,ns4.google.com. \ + google.com.,IN,NS,157794,ns3.google.com. \ + google.com.,IN,NS,157794,ns2.google.com. \ + 4 ns2.google.com.,IN,A,157794,216.239.34.10 \ + ns1.google.com.,IN,A,331796,216.239.32.10 \ + ns3.google.com.,IN,A,157794,216.239.36.10 \ + ns4.google.com.,IN,A,157794,216.239.38.10 +[87] 2018-11-27 15:52:00.414188 [#0 test3.pcap.20181127.155200.414188 4095] \ + [2a01:3f0:0:57::245].51972 [2001:4860:4860::8888].53 \ + dns QUERY,NOERROR,51420,rd|ad \ + 1 google.com.,IN,A 0 0 \ + 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] +[103] 2018-11-27 15:52:00.428453 [#1 test3.pcap.20181127.155200.414188 4095] \ + [2001:4860:4860::8888].53 [2a01:3f0:0:57::245].51972 \ + dns QUERY,NOERROR,51420,qr|rd|ra \ + 1 google.com.,IN,A \ + 1 google.com.,IN,A,299,172.217.20.46 0 \ + 1 .,512,512,0,edns0[len=0,UDP=512,ver=0,rcode=0,DO=0,z=0] diff --git a/plugins/ipcrypt/test3.sh b/plugins/ipcrypt/test3.sh new file mode 100755 index 0000000..860f272 --- /dev/null +++ b/plugins/ipcrypt/test3.sh @@ -0,0 +1,32 @@ +#!/bin/sh -xe + +plugin=`find . -name 'ipcrypt.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the ipcrypt plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist +ln -fs "$srcdir/../../src/test/dns6.pcap" dns6.pcap-dist + +../../src/dnscap -w test3.pcap -r dns.pcap-dist -P "$plugin" -k "some 16-byte key" 2>test3.out +../../src/dnscap -w test3.pcap -r dns6.pcap-dist -P "$plugin" -k "some 16-byte key" -6 2>>test3.out +../../src/dnscap -r test3.pcap.20161020.152301.075993 -g -P "$plugin" -k "some 16-byte key" -D 2>>test3.out +../../src/dnscap -r test3.pcap.20181127.155200.414188 -g -P "$plugin" -k "some 16-byte key" -6 -D 2>>test3.out + +osrel=`uname -s` +if [ "$osrel" = "OpenBSD" ]; then + mv test3.out test3.out.old + grep -v "^dnscap.*WARNING.*symbol.*relink" test3.out.old > test3.out + rm test3.out.old +fi + +# TODO: Remove when #133 is fixed +cat test3.out | \ + sed 's%,CLASS4096,OPT,%,4096,4096,%' | \ + sed 's%,CLASS512,OPT,%,512,512,%' | \ + sed 's%,41,41,0,edns0\[len=0,UDP=4096,%,4096,4096,0,edns0[len=0,UDP=4096,%' | \ + sed 's%,41,41,0,edns0\[len=0,UDP=512,%,512,512,0,edns0[len=0,UDP=512,%' >test3.new +mv test3.new test3.out + +diff test3.out "$srcdir/test3.gold" diff --git a/plugins/ipcrypt/test4.sh b/plugins/ipcrypt/test4.sh new file mode 100755 index 0000000..e92abf1 --- /dev/null +++ b/plugins/ipcrypt/test4.sh @@ -0,0 +1,21 @@ +#!/bin/sh -xe + +plugin=`find . -name 'ipcrypt.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the ipcrypt plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist + +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -? +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -X +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k tooshort +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -f does_not_exist +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -i 0 +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -p 0 +rm -f test4.tmp +touch test4.tmp +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -f test4.tmp + +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -p 1 -i 1 -f "$srcdir/test4.sh" diff --git a/plugins/pcapdump/Makefile.am b/plugins/pcapdump/Makefile.am new file mode 100644 index 0000000..bfbf8a4 --- /dev/null +++ b/plugins/pcapdump/Makefile.am @@ -0,0 +1,22 @@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in +CLEANFILES = *.gcda *.gcno *.gcov + +AM_CFLAGS = -I$(srcdir) \ + -I$(top_srcdir)/src \ + -I$(top_srcdir)/isc \ + $(SECCOMPFLAGS) + +pkglib_LTLIBRARIES = pcapdump.la +pcapdump_la_SOURCES = pcapdump.c +pcapdump_la_LDFLAGS = -module -avoid-version + +TESTS = test1.sh +EXTRA_DIST = $(TESTS) +CLEANFILES += test1.out* *.pcap-dist + +if ENABLE_GCOV +gcov-local: + for src in $(pcapdump_la_SOURCES); do \ + gcov -o .libs -l -r -s "$(srcdir)" "$$src"; \ + done +endif diff --git a/plugins/pcapdump/pcapdump.c b/plugins/pcapdump/pcapdump.c new file mode 100644 index 0000000..ff70fe3 --- /dev/null +++ b/plugins/pcapdump/pcapdump.c @@ -0,0 +1,262 @@ +/* + * Copyright (c) 2016-2021, OARC, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. Neither the name of the copyright holder nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#define _GNU_SOURCE +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> +#include <pcap.h> +#include <stdarg.h> +#include <errno.h> +#include <assert.h> +#include <sys/wait.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include <arpa/nameser.h> + +#if HAVE_ARPA_NAMESER_COMPAT_H +#include <arpa/nameser_compat.h> +#endif + +#include "dnscap_common.h" + +#define SNAPLEN 65536 +#define THOUSAND 1000 +#define MILLION (THOUSAND * THOUSAND) + +output_t pcapdump_output; + +static logerr_t* logerr = 0; +char* dump_base = 0; +static int to_stdout = 0; +static int dbg_lvl = 0; +static char* dumpname = 0; +static char* dumpnamepart = 0; +static pcap_t* pcap_dead = 0; +static pcap_dumper_t* dumper = 0; +static char* kick_cmd = 0; +static int flush = 0; +static int dir_wanted = DIR_INITIATE | DIR_RESPONSE; + +void pcapdump_usage() +{ + fprintf(stderr, + "\npcapdump.so options:\n" + "\t-? print these instructions and exit\n" + "\t-d increase debugging\n" + "\t-f flush output on every packet\n" + "\t-k <cmd> kick off <cmd> when each dump closes\n" + "\t-s [ir] select sides: initiations, responses\n" + "\t-w <base> dump to <base>.<timesec>.<timeusec>\n"); +} + +void pcapdump_getopt(int* argc, char** argv[]) +{ + int c; + int u; + const char* p; + while ((c = getopt(*argc, *argv, "?dfk:s:w:")) != EOF) { + switch (c) { + case 'd': + dbg_lvl++; + break; + case 'f': + flush = 1; + break; + case 'k': + if (kick_cmd) + free(kick_cmd); + kick_cmd = strdup(optarg); + break; + case 's': + u = 0; + for (p = optarg; *p; p++) + switch (*p) { + case 'i': + u |= DIR_INITIATE; + break; + case 'r': + u |= DIR_RESPONSE; + break; + default: + fprintf(stderr, "-s takes only [ir]\n"); + pcapdump_usage(); + break; + } + dir_wanted = u; + break; + case 'w': + if (!strcmp(optarg, "-")) + to_stdout = 1; + else { + if (dump_base) + free(dump_base); + dump_base = strdup(optarg); + } + break; + case '?': + pcapdump_usage(); + if (!optopt || optopt == '?') { + exit(0); + } + // fallthrough + default: + exit(1); + } + } + if (!to_stdout && !dump_base) { + fprintf(stderr, "-w basename argument is required\n"); + pcapdump_usage(); + exit(1); + } + if (to_stdout && kick_cmd) { + fprintf(stderr, "Can't use -k when dumping to stdout\n"); + pcapdump_usage(); + exit(1); + } +} + +int pcapdump_start(logerr_t* a_logerr) +{ + logerr = a_logerr; + pcap_dead = pcap_open_dead(DLT_RAW, SNAPLEN); + return 0; +} + +void pcapdump_stop() +{ + pcap_close(pcap_dead); + pcap_dead = 0; +} + +int pcapdump_open(my_bpftimeval ts) +{ + const char* t = NULL; + if (to_stdout) { + t = "-"; + } else { + char sbuf[64]; + struct tm tm; + while (ts.tv_usec >= MILLION) { + ts.tv_sec++; + ts.tv_usec -= MILLION; + } + gmtime_r((time_t*)&ts.tv_sec, &tm); + strftime(sbuf, 64, "%Y%m%d.%H%M%S", &tm); + if (asprintf(&dumpname, "%s.%s.%06lu", + dump_base, sbuf, (u_long)ts.tv_usec) + < 0 + || asprintf(&dumpnamepart, "%s.part", dumpname) < 0) { + logerr("asprintf: %s", strerror(errno)); + return 1; + } + t = dumpnamepart; + } + dumper = pcap_dump_open(pcap_dead, t); + if (dumper == NULL) { + logerr("pcap dump open: %s", pcap_geterr(pcap_dead)); + return 1; + } + return 0; +} + +int pcapdump_close(my_bpftimeval ts) +{ + int ret = 0; +#if 0 + if (print_pcap_stats) + do_pcap_stats(); +#endif + pcap_dump_close(dumper); + dumper = 0; + if (to_stdout) { + assert(dumpname == 0); + assert(dumpnamepart == 0); + if (dbg_lvl >= 1) + logerr("breaking"); + ret = 0; + } else { + char* cmd = NULL; + if (dbg_lvl >= 1) + logerr("closing %s", dumpname); + if (rename(dumpnamepart, dumpname)) { + logerr("rename: %s", strerror(errno)); + return 1; + } + if (kick_cmd != NULL) + if (asprintf(&cmd, "%s %s &", kick_cmd, dumpname) < 0) { + logerr("asprintf: %s", strerror(errno)); + cmd = NULL; + } + free(dumpnamepart); + dumpnamepart = NULL; + free(dumpname); + dumpname = NULL; + if (cmd != NULL) { + int x = system(cmd); + if (x) { + logerr("system %s returned %d", cmd, x); + } + free(cmd); + } + if (kick_cmd == NULL) + ret = 0; + } + return ret; +} + +void pcapdump_output(const char* descr, iaddr from, iaddr to, uint8_t proto, unsigned flags, + unsigned sport, unsigned dport, my_bpftimeval ts, + const u_char* pkt_copy, const unsigned olen, const u_char* payload, const unsigned payloadlen) +{ + struct pcap_pkthdr h; + if (flags & DNSCAP_OUTPUT_ISLAYER) + return; + if (flags & DNSCAP_OUTPUT_ISDNS) { + HEADER* dns = (HEADER*)payload; + if (0 == dns->qr && 0 == (dir_wanted & DIR_INITIATE)) + return; + if (1 == dns->qr && 0 == (dir_wanted & DIR_RESPONSE)) + return; + } + memset(&h, 0, sizeof h); + h.ts = ts; + h.len = h.caplen = olen; + pcap_dump((u_char*)dumper, &h, pkt_copy); + if (flush) + pcap_dump_flush(dumper); +} diff --git a/plugins/pcapdump/test1.sh b/plugins/pcapdump/test1.sh new file mode 100755 index 0000000..bcf2fdb --- /dev/null +++ b/plugins/pcapdump/test1.sh @@ -0,0 +1,16 @@ +#!/bin/sh -xe + +plugin=`find . -name 'pcapdump.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the pcapdump plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist + +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -? +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -dddd -w test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -dddd -f -w test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -dddd -s r -w test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -dddd -s i -w test1.out +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -X diff --git a/plugins/royparse/Makefile.am b/plugins/royparse/Makefile.am new file mode 100644 index 0000000..795a277 --- /dev/null +++ b/plugins/royparse/Makefile.am @@ -0,0 +1,22 @@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in +CLEANFILES = *.gcda *.gcno *.gcov + +AM_CFLAGS = -I$(srcdir) \ + -I$(top_srcdir)/src \ + -I$(top_srcdir)/isc \ + $(SECCOMPFLAGS) + +pkglib_LTLIBRARIES = royparse.la +royparse_la_SOURCES = royparse.c +royparse_la_LDFLAGS = -module -avoid-version + +TESTS = test1.sh +EXTRA_DIST = $(TESTS) +CLEANFILES += test1.out* *.pcap-dist + +if ENABLE_GCOV +gcov-local: + for src in $(royparse_la_SOURCES); do \ + gcov -o .libs -l -r -s "$(srcdir)" "$$src"; \ + done +endif diff --git a/plugins/royparse/royparse.c b/plugins/royparse/royparse.c new file mode 100644 index 0000000..83e26a6 --- /dev/null +++ b/plugins/royparse/royparse.c @@ -0,0 +1,272 @@ +/* + * Author Roy Arends + * + * Copyright (c) 2017-2021, OARC, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. Neither the name of the copyright holder nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> +#include <netinet/in.h> + +#include "dnscap_common.h" + +#include <errno.h> +#include <arpa/inet.h> +#include <arpa/nameser.h> +#include <pcap.h> +#include <ldns/ldns.h> + +static logerr_t* logerr; +static char* opt_q = 0; +static char* opt_r = 0; + +pcap_t* pcap; +pcap_dumper_t* q_out = 0; +static FILE* r_out = 0; + +output_t royparse_output; +ia_str_t royparse_ia_str = 0; + +void royparse_usage() +{ + fprintf(stderr, + "\nroyparse splits a pcap into two streams: queries in pcap format and responses in ASCII format.\n" + "\nroyparse.so options:\n" + "\t-? print these instructions and exit\n" + "\t-q <arg> query pcap stream output file name (default: no output)\n" + "\t-r <arg> royparse output file name (default: stdout)\n"); +} + +void royparse_extension(int ext, void* arg) +{ + switch (ext) { + case DNSCAP_EXT_IA_STR: + royparse_ia_str = (ia_str_t)arg; + break; + } +} + +void royparse_getopt(int* argc, char** argv[]) +{ + int c; + + while ((c = getopt(*argc, *argv, "?q:r:")) != EOF) { + switch (c) { + case 'q': + if (opt_q) + free(opt_q); + opt_q = strdup(optarg); + break; + case 'r': + if (opt_r) + free(opt_r); + opt_r = strdup(optarg); + break; + case '?': + royparse_usage(); + if (!optopt || optopt == '?') { + exit(0); + } + // fallthrough + default: + exit(1); + } + } +} + +int royparse_start(logerr_t* a_logerr) +{ + logerr = a_logerr; + + if (opt_q) { + pcap = pcap_open_dead(DLT_RAW, 65535); + q_out = pcap_dump_open(pcap, opt_q); + if (q_out == 0) { + logerr("%s: %s\n", opt_q, strerror(errno)); + exit(1); + } + } + if (opt_r) { + r_out = fopen(opt_r, "w"); + if (r_out == 0) { + logerr("%s: %s\n", opt_r, strerror(errno)); + exit(1); + } + } else { + r_out = stdout; + } + setbuf(r_out, 0); + + return 0; +} + +void royparse_stop() +{ + if (q_out != 0) { + pcap_close(pcap); + pcap_dump_close(q_out); + } + if (r_out != stdout) + fclose(r_out); +} + +int royparse_open(my_bpftimeval ts) +{ + return 0; +} + +int royparse_close(my_bpftimeval ts) +{ + return 0; +} + +void royparse_normalize(char* str) +{ + /* + * The "normalize" function converts upper case characters to lower case, + * and replaces the space and comma characters with a question mark. + */ + + for (; *str; str++) { + if (('A' <= *str) && (*str <= 'Z')) { + *str |= 32; + } else if ((*str == ',') || (*str == ' ')) { + *str = '?'; + } + } +} + +void royparse_output(const char* descr, iaddr from, iaddr to, uint8_t proto, unsigned flags, + unsigned sport, unsigned dport, my_bpftimeval ts, + const u_char* pkt_copy, unsigned olen, + const u_char* payload, unsigned payloadlen) +{ + if (flags & DNSCAP_OUTPUT_ISDNS) { + ldns_buffer* buf = ldns_buffer_new(512); + if (!buf) { + logerr("out of memmory\n"); + exit(1); + } + + ldns_pkt* pkt; + if (ldns_wire2pkt(&pkt, payload, payloadlen) != LDNS_STATUS_OK) { + fprintf(r_out, "ERR\n"); + ldns_buffer_free(buf); + return; + } + if (ldns_pkt_qr(pkt) && sport == 53) { + fprintf(r_out, "%cD_", ldns_pkt_rd(pkt) ? 'R' : 'N'); + + switch (ldns_pkt_get_opcode(pkt)) { + case LDNS_PACKET_QUERY: + fprintf(r_out, "QUERY"); + break; + case LDNS_PACKET_NOTIFY: + fprintf(r_out, "NOTIFY"); + break; + case LDNS_PACKET_UPDATE: + fprintf(r_out, "UPDATE"); + break; + default: + fprintf(r_out, "ELSE"); + } + + fprintf(r_out, "_%u_%cA_", ldns_pkt_ancount(pkt) ? 1 : 0, ldns_pkt_aa(pkt) ? 'A' : 'N'); + + switch (ldns_pkt_get_rcode(pkt)) { + case LDNS_RCODE_NOERROR: + fprintf(r_out, "NOERROR"); + break; + case LDNS_RCODE_FORMERR: + fprintf(r_out, "FORMERR"); + break; + case LDNS_RCODE_NXDOMAIN: + fprintf(r_out, "NXDOMAIN"); + break; + case LDNS_RCODE_NOTIMPL: + fprintf(r_out, "NOTIMP"); + break; + case LDNS_RCODE_REFUSED: + fprintf(r_out, "REFUSED"); + break; + case LDNS_RCODE_NOTAUTH: + fprintf(r_out, "NOTAUTH"); + break; + default: + fprintf(r_out, "ELSE"); + } + + fprintf(r_out, " %s,", royparse_ia_str(to)); + + ldns_rr_list* qds = ldns_pkt_question(pkt); + ldns_rr* qd; + if (qds && (qd = ldns_rr_list_rr(qds, 0))) { + if (ldns_rdf2buffer_str(buf, ldns_rr_owner(qd)) == LDNS_STATUS_OK) { + royparse_normalize((char*)ldns_buffer_begin(buf)); + fprintf(r_out, "%s%s,%u", (char*)ldns_buffer_begin(buf), + ((char*)ldns_buffer_begin(buf))[0] == '.' ? "" : ".", + ldns_rr_get_type(qd)); + } else { + fprintf(r_out, "ERR,ERR"); + } + } else + fprintf(r_out, ","); + + fprintf(r_out, ",%zu,%s%s%s%s", ldns_pkt_size(pkt), ldns_pkt_id(pkt) < 256 ? "-L" : "", + ldns_pkt_tc(pkt) ? "-TC" : "", + ldns_pkt_ad(pkt) ? "-AD" : "", + ldns_pkt_cd(pkt) ? "-CD" : ""); + if (ldns_pkt_edns(pkt)) { + fprintf(r_out, "-%c", ldns_pkt_edns_do(pkt) ? 'D' : 'E'); + } + fprintf(r_out, "\n"); + } else if (opt_q != 0 && !ldns_pkt_qr(pkt) && dport == 53) { + struct pcap_pkthdr h; + if (flags & DNSCAP_OUTPUT_ISLAYER) { + ldns_pkt_free(pkt); + ldns_buffer_free(buf); + return; + } + memset(&h, 0, sizeof h); + h.ts = ts; + h.len = h.caplen = olen; + pcap_dump((u_char*)q_out, &h, pkt_copy); + } + ldns_pkt_free(pkt); + ldns_buffer_free(buf); + } +} diff --git a/plugins/royparse/test1.sh b/plugins/royparse/test1.sh new file mode 100755 index 0000000..ec07886 --- /dev/null +++ b/plugins/royparse/test1.sh @@ -0,0 +1,15 @@ +#!/bin/sh -xe + +plugin=`find . -name 'royparse.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the royparse plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist + +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -? +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -q test1.out +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -r test1.out +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -X diff --git a/plugins/rssm/.gitignore b/plugins/rssm/.gitignore new file mode 100644 index 0000000..7d3ffec --- /dev/null +++ b/plugins/rssm/.gitignore @@ -0,0 +1 @@ +hashtbl.c diff --git a/plugins/rssm/Makefile.am b/plugins/rssm/Makefile.am new file mode 100644 index 0000000..08e4429 --- /dev/null +++ b/plugins/rssm/Makefile.am @@ -0,0 +1,42 @@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in +CLEANFILES = $(srcdir)/hashtbl.c \ + hashtbl.c *.gcda *.gcno *.gcov + +AM_CFLAGS = -I$(srcdir) \ + -I$(top_srcdir)/src \ + -I$(top_srcdir)/isc \ + $(SECCOMPFLAGS) \ + $(libldns_CFLAGS) + +pkglib_LTLIBRARIES = rssm.la +rssm_la_SOURCES = rssm.c +nodist_rssm_la_SOURCES = hashtbl.c +BUILT_SOURCES = hashtbl.c +rssm_la_LDFLAGS = -module -avoid-version $(libldns_LIBS) +TESTS = test1.sh test2.sh test3.sh test4.sh test5.sh +EXTRA_DIST = $(TESTS) test1.gold test2.gold dnscap-rssm-rssac002.1.in \ + test3.gold test5.gold +dist_bin_SCRIPTS = dnscap-rssm-rssac002 +man1_MANS = dnscap-rssm-rssac002.1 +CLEANFILES += test1.20161020.152301.075993 test2.out $(man1_MANS) \ + test3.20181127.155200.414188 test4.*20161020.152301.075993 \ + test5.20180110.112241.543825 + +if ENABLE_GCOV +gcov-local: + for src in $(rssm_la_SOURCES) $(nodist_rssm_la_SOURCES); do \ + gcov -o .libs -l -r -s "$(srcdir)" "$$src"; \ + done +endif + +hashtbl.c: $(top_srcdir)/src/hashtbl.c + cp $(top_srcdir)/src/hashtbl.c ./ + +$(srcdir)/hashtbl.c: $(top_srcdir)/src/hashtbl.c + cp $(top_srcdir)/src/hashtbl.c $(srcdir)/ + +dnscap-rssm-rssac002.1: dnscap-rssm-rssac002.1.in Makefile + sed -e 's,[@]PACKAGE_VERSION[@],$(PACKAGE_VERSION),g' \ + -e 's,[@]PACKAGE_URL[@],$(PACKAGE_URL),g' \ + -e 's,[@]PACKAGE_BUGREPORT[@],$(PACKAGE_BUGREPORT),g' \ + < $(srcdir)/dnscap-rssm-rssac002.1.in > dnscap-rssm-rssac002.1 diff --git a/plugins/rssm/README.md b/plugins/rssm/README.md new file mode 100644 index 0000000..98fbde4 --- /dev/null +++ b/plugins/rssm/README.md @@ -0,0 +1,41 @@ +# Root Server Scaling Measurement (RSSM) plugin + +This plugin collects data as described by the [RSSAC002v3 specification](https://www.icann.org/en/system/files/files/rssac-002-measurements-root-06jun16-en.pdf) +which has been created by [ICANN Root Server System Advisory Committee](https://www.icann.org/groups/rssac) (RSSAC). + +## Additions + +As the RSSAC002v3 specification states that measurements should be saved per +24 hours interval, this plugin produces additional metrics that can be used +to compile the 24 hours measurements allowing for variable time between +output generation. + +Metric `dnscap-rssm-sources` has a hash entry called `sources` which lists +IP addresses and the number of times they appeared. + +Metric `dnscap-rssm-aggregated-sources` has a hash entry called `aggregated-sources` +which lists the aggregated IPv6 addresses by a /64 net and the number of times +it has appeared. + +## Merge Tool + +The Perl script `dnscap-rssm-rssac002` is included and installed with `dnscap` +and can be used to multiple combine RSSM plugin RSSAC002v3 YAML output files +into one file. + +The script will merge and remove metric specific to this plugin and replace +others to fill in correct values for the new time period. The earliest +`start-period` found will be used for all metrics. + +**NOTE** no parsing of `start-period` is performed, it is up to the operator +to only give input files related to the same 24 hour period. + +Options: +- `--no-recompile`: Disabled the combining of metrics and the removal of + metrics specific to this plugin +- `--keep-dnscap-rssm`: Do the combining but keep the metrics specific to + this plugin +- `--sort`: Output will always start with `version:`, `service:`, + `start-period:` and `metric:`, rest of the values are not ordered by label. + This option enabled sorting of them, which is not required by the + specification but may help in debugging and testing cases. diff --git a/plugins/rssm/dnscap-rssm-rssac002 b/plugins/rssm/dnscap-rssm-rssac002 new file mode 100755 index 0000000..f7eaaf6 --- /dev/null +++ b/plugins/rssm/dnscap-rssm-rssac002 @@ -0,0 +1,209 @@ +#!/usr/bin/env perl +# +# Copyright (c) 2018-2021, OARC, Inc. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. Neither the name of the copyright holder nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + +use strict; +use warnings; +use YAML; + +unless (scalar @ARGV > 1) { + print "usage: dnscap-rssm-rssac002 [--no-recompile|--keep-dnscap-rssm|--sort] <YAML files to merge...>\n"; + exit(1); +} + +my %service = (); +my $earliest_start_period; +my $recompile = 1; +my $keep_dnscap_rssm = 0; +my $sort = 0; + +foreach my $file (@ARGV) { + if ($file eq '--no-recompile') { + $recompile = 0; + next; + } elsif ($file eq '--keep-dnscap-rssm') { + $keep_dnscap_rssm = 1; + next; + } elsif ($file eq '--sort') { + $sort = 1; + next; + } + foreach my $doc (YAML::LoadFile($file)) { + my $version = delete $doc->{version}; + my $service = delete $doc->{service}; + my $start_period = delete $doc->{'start-period'}; + my $metric = delete $doc->{metric}; + unless ($version) { + die "$file: not valid RSSAC002 YAML, missing version"; + } + unless ($service) { + die "$file: not valid RSSAC002 YAML, missing service"; + } + unless ($start_period) { + die "$file: not valid RSSAC002 YAML, missing start-period"; + } + unless ($metric) { + die "$file: not valid RSSAC002 YAML, missing metric"; + } + unless ($version eq 'rssac002v3') { + die "$file: unsupported RSSAC002 version $version"; + } + + push(@{$service{$service}->{$metric}}, $doc); + + if (!$earliest_start_period or $start_period lt $earliest_start_period) { + $earliest_start_period = $start_period; + } + } +} + +foreach my $service (keys %service) { + foreach my $metric (keys %{$service{$service}}) { + my %doc = (); + foreach (@{$service{$service}->{$metric}}) { + eval { + merge(\%doc, $_); + }; + if ($@) { + die "service $service metric $metric: $@"; + } + } + $service{$service}->{$metric} = \%doc; + } +} + +if ($recompile) { + foreach my $service (keys %service) { + my ($ipv4, $ipv6, $aggregated) = (0, 0, 0); + my $metric; + + if ($keep_dnscap_rssm) { + $metric = $service{$service}->{'dnscap-rssm-sources'}; + } else { + $metric = delete $service{$service}->{'dnscap-rssm-sources'}; + } + if ($metric) { + if (ref($metric->{sources}) eq 'HASH') { + foreach my $ip (keys %{$metric->{sources}}) { + if ($ip =~ /:/o) { + $ipv6++; + } else { + $ipv4++; + } + } + } + } + + if ($keep_dnscap_rssm) { + $metric = $service{$service}->{'dnscap-rssm-aggregated-sources'}; + } else { + $metric = delete $service{$service}->{'dnscap-rssm-aggregated-sources'}; + } + if ($metric) { + if (ref($metric->{'aggregated-sources'}) eq 'HASH') { + my @keys = keys %{$metric->{'aggregated-sources'}}; + $aggregated += scalar @keys; + } + } + + $service{$service}->{'unique-sources'} = { + 'num-sources-ipv4' => $ipv4, + 'num-sources-ipv6' => $ipv6, + 'num-sources-ipv6-aggregate' => $aggregated, + }; + } +} + +if ($sort) { + my $first = 1; + $YAML::SortKeys = 1; + foreach my $service (sort keys %service) { + foreach my $metric (sort keys %{$service{$service}}) { + if ($first) { + $first = 0; + } else { + print "\n"; + } + print YAML::Dump({ + version => "rssac002v3", + service => $service, + 'start-period' => $earliest_start_period, + metric => $metric, + %{ $service{$service}->{$metric} }, + }); + } + } +} else { + my $first = 1; + $YAML::SortKeys = 0; + foreach my $service (keys %service) { + foreach my $metric (keys %{$service{$service}}) { + if ($first) { + $first = 0; + } else { + print "\n"; + } + print YAML::Dump({ + version => "rssac002v3", + service => $service, + 'start-period' => $earliest_start_period, + metric => $metric, + %{ $service{$service}->{$metric} }, + }); + } + } +} + +sub merge { + my ( $doc, $measurements ) = @_; + + foreach my $key (keys %$measurements) { + if (ref($doc->{$key}) eq 'HASH') { + unless (ref($measurements->{$key}) eq 'HASH') { + die "invalid measurement types for key $key: not a hash"; + } + eval { + merge($doc->{$key}, $measurements->{$key}); + }; + die $@ if ($@); + next; + } + if (defined($doc->{$key})) { + if (defined($measurements->{$key}) and $measurements->{$key} ne '') { + $doc->{$key} += $measurements->{$key}; + } + } else { + $doc->{$key} = $measurements->{$key}; + } + } +} diff --git a/plugins/rssm/dnscap-rssm-rssac002.1.in b/plugins/rssm/dnscap-rssm-rssac002.1.in new file mode 100644 index 0000000..a625d9b --- /dev/null +++ b/plugins/rssm/dnscap-rssm-rssac002.1.in @@ -0,0 +1,98 @@ +.\" Copyright (c) 2017-2021, OARC, Inc. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. Neither the name of the copyright holder nor the names of its +.\" contributors may be used to endorse or promote products derived +.\" from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS +.\" FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE +.\" COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, +.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +.\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN +.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.TH dnscap-rssm-rssac002 1 "dnscap-v@PACKAGE_VERSION@" "dnscap RSSAC002v3 Tool" +.SH NAME +dnscap-rssm-rssac002 \- Combine RSSAC002v3 YAML files +.SH SYNOPSIS +.B dnscap-rssm-rssac002 +[ +.B \--no-recompile +.B \--keep-dnscap-rssm +.B \--sort +] +.I files... +.SH DESCRIPTION +This Perl script will merge and remove metric specific to this plugin and +replace others to fill in correct values for the new time period. +The earliest +.I start-period +found will be used for all metrics. +.LP +.B NOTE +no parsing of +.I start-period +is performed, it is up to the operator to only give input files related +to the same 24 hour period. +.SH OPTIONS +.TP +.B \--no-recompile +Disabled the combining of metrics and the removal of metrics specific to +this plugin. +.TP +.B \--keep-dnscap-rssm +Do the combining but keep the metrics specific to this plugin. +.TP +.B \--sort +Output will always start with +.IR version: , +.IR service: , +.I start-period: +and +.IR metric: , +rest of the values are not ordered by label. +This option enabled sorting of them, which is not required by the +specification but may help in debugging and testing cases. +.SH SEE ALSO +.BR dnscap (1) +.SH AUTHORS +Jerry Lundström, DNS-OARC +.LP +Maintained by DNS-OARC +.LP +.RS +.I https://www.dns-oarc.net/ +.RE +.LP +.SH BUGS +For issues and feature requests please use: +.LP +.RS +\fI@PACKAGE_URL@\fP +.RE +.LP +For question and help please use: +.LP +.RS +\fI@PACKAGE_BUGREPORT@\fP +.RE +.LP diff --git a/plugins/rssm/rssm.c b/plugins/rssm/rssm.c new file mode 100644 index 0000000..45b0ec9 --- /dev/null +++ b/plugins/rssm/rssm.c @@ -0,0 +1,696 @@ +/* + * Copyright (c) 2016-2021, OARC, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. Neither the name of the copyright holder nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#define _GNU_SOURCE +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <memory.h> +#include <stdarg.h> +#include <errno.h> +#include <assert.h> +#include <sys/wait.h> +#include <netinet/in.h> +#include <arpa/inet.h> + +#include <arpa/nameser.h> +#if HAVE_ARPA_NAMESER_COMPAT_H +#include <arpa/nameser_compat.h> +#endif + +#include <netinet/in_systm.h> +#include <netinet/in.h> +#include <netinet/ip.h> +#include <netinet/ip6.h> + +#include <ldns/ldns.h> + +#include "dnscap_common.h" + +#include "hashtbl.h" + +static logerr_t* logerr; +static my_bpftimeval open_ts; +static my_bpftimeval close_ts; +#define COUNTS_PREFIX_DEFAULT "rssm" +static char* counts_prefix = 0; +static char* sources_prefix = 0; +static char* aggregated_prefix = 0; +static int dont_fork_on_close = 0; +static int sources_into_counters = 0; +static int aggregated_into_counters = 0; +static char* service_name = 0; +static int rssac002v3_yaml = 0; + +output_t rssm_output; + +#define MAX_SIZE_INDEX 4096 +#define MSG_SIZE_SHIFT 4 +#define MAX_TBL_ADDRS 2000000 +#define MAX_TBL_ADDRS2 200000 +#define MAX_RCODE (1 << 12) + +typedef struct { + hashtbl* tbl; + iaddr addrs[MAX_TBL_ADDRS]; + uint64_t count[MAX_TBL_ADDRS]; + unsigned int num_addrs; +} my_hashtbl; + +typedef struct { + hashtbl* tbl; + iaddr addrs[MAX_TBL_ADDRS2]; + uint64_t count[MAX_TBL_ADDRS2]; + unsigned int num_addrs; +} my_hashtbl2; + +struct { + uint64_t dns_udp_queries_received_ipv4; + uint64_t dns_udp_queries_received_ipv6; + uint64_t dns_tcp_queries_received_ipv4; + uint64_t dns_tcp_queries_received_ipv6; + uint64_t dns_udp_responses_sent_ipv4; + uint64_t dns_udp_responses_sent_ipv6; + uint64_t dns_tcp_responses_sent_ipv4; + uint64_t dns_tcp_responses_sent_ipv6; + uint64_t udp_query_size[MAX_SIZE_INDEX]; + uint64_t tcp_query_size[MAX_SIZE_INDEX]; + uint64_t udp_response_size[MAX_SIZE_INDEX]; + uint64_t tcp_response_size[MAX_SIZE_INDEX]; + uint64_t rcodes[MAX_RCODE]; + my_hashtbl sources; + my_hashtbl2 aggregated; + uint64_t num_ipv4_sources; + uint64_t num_ipv6_sources; +} counts; + +static unsigned int +iaddr_hash(const void* key) +{ + const iaddr* ia = (const iaddr*)key; + + if (AF_INET == ia->af) + return ia->u.a4.s_addr >> 8; + else if (AF_INET6 == ia->af) { + uint16_t* h = (uint16_t*)&ia->u; + return h[2] + h[3] + h[4]; + } else + return 0; +} + +static int +iaddr_cmp(const void* _a, const void* _b) +{ + const iaddr *a = (const iaddr*)_a, *b = (const iaddr*)_b; + + if (a->af == b->af) { + if (AF_INET == a->af) + return memcmp(&a->u.a4.s_addr, &b->u.a4.s_addr, sizeof(a->u.a4.s_addr)); + if (AF_INET6 == a->af) + return memcmp(&a->u.a6.s6_addr, &b->u.a6.s6_addr, sizeof(a->u.a6.s6_addr)); + return 0; + } + if (a->af < b->af) + return -1; + return 1; +} + +ia_str_t ia_str = 0; + +void rssm_extension(int ext, void* arg) +{ + switch (ext) { + case DNSCAP_EXT_IA_STR: + ia_str = (ia_str_t)arg; + break; + } +} + +void rssm_usage() +{ + fprintf(stderr, + "\nrssm.so options:\n" + "\t-? print these instructions and exit\n" + "\t-w <name> write basic counters to <name>.<timesec>.<timeusec>\n" + "\t-Y use RSSAC002v3 YAML format when writing counters, the\n" + "\t file will contain multiple YAML documents, one for each\n" + "\t RSSAC002v3 metric\n" + "\t Used with; -S adds custom metric \"dnscap-rssm-sources\"\n" + "\t and -A adds \"dnscap-rssm-aggregated-sources\"\n" + "\t-n <name> the service name to use in RSSAC002v3 YAML\n" + "\t-S write source IPs into counters file with the prefix\n" + "\t \"source\" or ...\n" + "\t-s <name> write source IPs to <name>.<timesec>.<timeusec>\n" + "\t-A write aggregated IPv6(/64) sources into counters file\n" + "\t with the prefix \"aggregated-source\" or ...\n" + "\t-a <name> write aggregated IPv6(/64) sources to\n" + "\t <name>.<timesec>.<timeusec>\n" + "\t-D don't fork on close\n"); +} + +void rssm_getopt(int* argc, char** argv[]) +{ + int c; + while ((c = getopt(*argc, *argv, "?w:Yn:Ss:Aa:D")) != EOF) { + switch (c) { + case 'w': + if (counts_prefix) + free(counts_prefix); + counts_prefix = strdup(optarg); + break; + case 'Y': + rssac002v3_yaml = 1; + break; + case 'n': + if (service_name) + free(service_name); + service_name = strdup(optarg); + break; + case 'S': + sources_into_counters = 1; + break; + case 's': + if (sources_prefix) + free(sources_prefix); + sources_prefix = strdup(optarg); + break; + case 'A': + aggregated_into_counters = 1; + break; + case 'a': + if (aggregated_prefix) + free(aggregated_prefix); + aggregated_prefix = strdup(optarg); + break; + case 'D': + dont_fork_on_close = 1; + break; + case '?': + rssm_usage(); + if (!optopt || optopt == '?') { + exit(0); + } + // fallthrough + default: + exit(1); + } + } + if (sources_into_counters && sources_prefix) { + fprintf(stderr, "rssm: -S and -s can not be used at the same time!\n"); + rssm_usage(); + exit(1); + } + if (aggregated_into_counters && aggregated_prefix) { + fprintf(stderr, "rssm: -A and -a can not be used at the same time!\n"); + rssm_usage(); + exit(1); + } + if (rssac002v3_yaml && !service_name) { + fprintf(stderr, "rssm: service name (-n) needed for RSSAC002v3 YAML (-Y) output!\n"); + rssm_usage(); + exit(1); + } +} + +int rssm_start(logerr_t* a_logerr) +{ + logerr = a_logerr; + return 0; +} + +void rssm_stop() +{ +} + +int rssm_open(my_bpftimeval ts) +{ + open_ts = ts; + if (counts.sources.tbl) + hash_destroy(counts.sources.tbl); + if (counts.aggregated.tbl) + hash_destroy(counts.aggregated.tbl); + memset(&counts, 0, sizeof(counts)); + if (!(counts.sources.tbl = hash_create(65536, iaddr_hash, iaddr_cmp, 0))) { + return -1; + } + if (!(counts.aggregated.tbl = hash_create(4096, iaddr_hash, iaddr_cmp, 0))) { + return -1; + } + return 0; +} + +void rssm_save_counts(const char* sbuf) +{ + FILE* fp; + int i; + char* tbuf = 0; + i = asprintf(&tbuf, "%s.%s.%06lu", counts_prefix ? counts_prefix : COUNTS_PREFIX_DEFAULT, sbuf, (u_long)open_ts.tv_usec); + if (i < 1 || !tbuf) { + logerr("asprintf: out of memory"); + return; + } + fprintf(stderr, "rssm: saving counts in %s\n", tbuf); + fp = fopen(tbuf, "w"); + if (!fp) { + logerr("%s: %s", sbuf, strerror(errno)); + free(tbuf); + return; + } + if (rssac002v3_yaml) { + char tz[21]; + struct tm tm; + + gmtime_r((time_t*)&open_ts.tv_sec, &tm); + if (!strftime(tz, sizeof(tz), "%Y-%m-%dT%H:%M:%SZ", &tm)) { + logerr("rssm: strftime failed"); + fclose(fp); + free(tbuf); + return; + } + + fprintf(fp, "---\nversion: rssac002v3\nservice: %s\nstart-period: %s\nmetric: traffic-volume\n", service_name, tz); + fprintf(fp, "dns-udp-queries-received-ipv4: %" PRIu64 "\n", counts.dns_udp_queries_received_ipv4); + fprintf(fp, "dns-udp-queries-received-ipv6: %" PRIu64 "\n", counts.dns_udp_queries_received_ipv6); + fprintf(fp, "dns-tcp-queries-received-ipv4: %" PRIu64 "\n", counts.dns_tcp_queries_received_ipv4); + fprintf(fp, "dns-tcp-queries-received-ipv6: %" PRIu64 "\n", counts.dns_tcp_queries_received_ipv6); + fprintf(fp, "dns-udp-responses-sent-ipv4: %" PRIu64 "\n", counts.dns_udp_responses_sent_ipv4); + fprintf(fp, "dns-udp-responses-sent-ipv6: %" PRIu64 "\n", counts.dns_udp_responses_sent_ipv6); + fprintf(fp, "dns-tcp-responses-sent-ipv4: %" PRIu64 "\n", counts.dns_tcp_responses_sent_ipv4); + fprintf(fp, "dns-tcp-responses-sent-ipv6: %" PRIu64 "\n", counts.dns_tcp_responses_sent_ipv6); + + fprintf(fp, "\n---\nversion: rssac002v3\nservice: %s\nstart-period: %s\nmetric: traffic-sizes\n", service_name, tz); + i = 0; + for (; i < MAX_SIZE_INDEX; i++) { + if (counts.udp_query_size[i]) { + break; + } + } + if (i < MAX_SIZE_INDEX) { + fprintf(fp, "udp-request-sizes:\n"); + for (; i < MAX_SIZE_INDEX; i++) { + if (counts.udp_query_size[i]) { + fprintf(fp, " %d-%d: %" PRIu64 "\n", + i << MSG_SIZE_SHIFT, + ((i + 1) << MSG_SIZE_SHIFT) - 1, + counts.udp_query_size[i]); + } + } + } else { + fprintf(fp, "udp-request-sizes: {}\n"); + } + i = 0; + for (; i < MAX_SIZE_INDEX; i++) { + if (counts.udp_response_size[i]) { + break; + } + } + if (i < MAX_SIZE_INDEX) { + fprintf(fp, "udp-response-sizes:\n"); + for (; i < MAX_SIZE_INDEX; i++) { + if (counts.udp_response_size[i]) { + fprintf(fp, " %d-%d: %" PRIu64 "\n", + i << MSG_SIZE_SHIFT, + ((i + 1) << MSG_SIZE_SHIFT) - 1, + counts.udp_response_size[i]); + } + } + } else { + fprintf(fp, "udp-response-sizes: {}\n"); + } + i = 0; + for (; i < MAX_SIZE_INDEX; i++) { + if (counts.tcp_query_size[i]) { + break; + } + } + if (i < MAX_SIZE_INDEX) { + fprintf(fp, "tcp-request-sizes:\n"); + for (; i < MAX_SIZE_INDEX; i++) { + if (counts.tcp_query_size[i]) { + fprintf(fp, " %d-%d: %" PRIu64 "\n", + i << MSG_SIZE_SHIFT, + ((i + 1) << MSG_SIZE_SHIFT) - 1, + counts.tcp_query_size[i]); + } + } + } else { + fprintf(fp, "tcp-request-sizes: {}\n"); + } + i = 0; + for (; i < MAX_SIZE_INDEX; i++) { + if (counts.tcp_response_size[i]) { + break; + } + } + if (i < MAX_SIZE_INDEX) { + fprintf(fp, "tcp-response-sizes:\n"); + for (; i < MAX_SIZE_INDEX; i++) { + if (counts.tcp_response_size[i]) { + fprintf(fp, " %d-%d: %" PRIu64 "\n", + i << MSG_SIZE_SHIFT, + ((i + 1) << MSG_SIZE_SHIFT) - 1, + counts.tcp_response_size[i]); + } + } + } else { + fprintf(fp, "tcp-response-sizes: {}\n"); + } + + fprintf(fp, "\n---\nversion: rssac002v3\nservice: %s\nstart-period: %s\nmetric: rcode-volume\n", service_name, tz); + for (i = 0; i < MAX_RCODE; i++) { + if (counts.rcodes[i]) { + fprintf(fp, "%d: %" PRIu64 "\n", i, counts.rcodes[i]); + } + } + + fprintf(fp, "\n---\nversion: rssac002v3\nservice: %s\nstart-period: %s\nmetric: unique-sources\n", service_name, tz); + fprintf(fp, "num-sources-ipv4: %" PRIu64 "\n", counts.num_ipv4_sources); + fprintf(fp, "num-sources-ipv6: %" PRIu64 "\n", counts.num_ipv6_sources); + fprintf(fp, "num-sources-ipv6-aggregate: %u\n", counts.aggregated.num_addrs); + + if (sources_into_counters) { + fprintf(fp, "\n---\nversion: rssac002v3\nservice: %s\nstart-period: %s\nmetric: dnscap-rssm-sources\n", service_name, tz); + if (counts.sources.num_addrs) { + fprintf(fp, "sources:\n"); + for (i = 0; i < counts.sources.num_addrs; i++) { + fprintf(fp, " %s: %" PRIu64 "\n", ia_str(counts.sources.addrs[i]), counts.sources.count[i]); + } + } else { + fprintf(fp, "sources: {}\n"); + } + } + + if (aggregated_into_counters) { + fprintf(fp, "\n---\nversion: rssac002v3\nservice: %s\nstart-period: %s\nmetric: dnscap-rssm-aggregated-sources\n", service_name, tz); + if (counts.aggregated.num_addrs) { + fprintf(fp, "aggregated-sources:\n"); + for (i = 0; i < counts.aggregated.num_addrs; i++) { + fprintf(fp, " %s: %" PRIu64 "\n", ia_str(counts.aggregated.addrs[i]), counts.aggregated.count[i]); + } + } else { + fprintf(fp, "aggregated-sources: {}\n"); + } + } + } else { + fprintf(fp, "first-packet-time %ld\n", (long)open_ts.tv_sec); + fprintf(fp, "last-packet-time %ld\n", (long)close_ts.tv_sec); + fprintf(fp, "dns-udp-queries-received-ipv4 %" PRIu64 "\n", counts.dns_udp_queries_received_ipv4); + fprintf(fp, "dns-udp-queries-received-ipv6 %" PRIu64 "\n", counts.dns_udp_queries_received_ipv6); + fprintf(fp, "dns-tcp-queries-received-ipv4 %" PRIu64 "\n", counts.dns_tcp_queries_received_ipv4); + fprintf(fp, "dns-tcp-queries-received-ipv6 %" PRIu64 "\n", counts.dns_tcp_queries_received_ipv6); + fprintf(fp, "dns-udp-responses-sent-ipv4 %" PRIu64 "\n", counts.dns_udp_responses_sent_ipv4); + fprintf(fp, "dns-udp-responses-sent-ipv6 %" PRIu64 "\n", counts.dns_udp_responses_sent_ipv6); + fprintf(fp, "dns-tcp-responses-sent-ipv4 %" PRIu64 "\n", counts.dns_tcp_responses_sent_ipv4); + fprintf(fp, "dns-tcp-responses-sent-ipv6 %" PRIu64 "\n", counts.dns_tcp_responses_sent_ipv6); + for (i = 0; i < MAX_SIZE_INDEX; i++) + if (counts.udp_query_size[i]) + fprintf(fp, "dns-udp-query-size %d-%d %" PRIu64 "\n", + i << MSG_SIZE_SHIFT, + ((i + 1) << MSG_SIZE_SHIFT) - 1, + counts.udp_query_size[i]); + for (i = 0; i < MAX_SIZE_INDEX; i++) + if (counts.tcp_query_size[i]) + fprintf(fp, "dns-tcp-query-size %d-%d %" PRIu64 "\n", + i << MSG_SIZE_SHIFT, + ((i + 1) << MSG_SIZE_SHIFT) - 1, + counts.tcp_query_size[i]); + for (i = 0; i < MAX_SIZE_INDEX; i++) + if (counts.udp_response_size[i]) + fprintf(fp, "dns-udp-response-size %d-%d %" PRIu64 "\n", + i << MSG_SIZE_SHIFT, + ((i + 1) << MSG_SIZE_SHIFT) - 1, + counts.udp_response_size[i]); + for (i = 0; i < MAX_SIZE_INDEX; i++) + if (counts.tcp_response_size[i]) + fprintf(fp, "dns-tcp-response-size %d-%d %" PRIu64 "\n", + i << MSG_SIZE_SHIFT, + ((i + 1) << MSG_SIZE_SHIFT) - 1, + counts.tcp_response_size[i]); + for (i = 0; i < MAX_RCODE; i++) + if (counts.rcodes[i]) + fprintf(fp, "dns-rcode %d %" PRIu64 "\n", + i, counts.rcodes[i]); + fprintf(fp, "num-sources %u\n", counts.sources.num_addrs); + if (sources_into_counters) { + for (i = 0; i < counts.sources.num_addrs; i++) { + fprintf(fp, "source %s %" PRIu64 "\n", ia_str(counts.sources.addrs[i]), counts.sources.count[i]); + } + } + if (aggregated_into_counters) { + for (i = 0; i < counts.aggregated.num_addrs; i++) { + fprintf(fp, "aggregated-source %s %" PRIu64 "\n", ia_str(counts.aggregated.addrs[i]), counts.aggregated.count[i]); + } + } + } + fclose(fp); + fprintf(stderr, "rssm: done\n"); + free(tbuf); +} + +void rssm_save_sources(const char* sbuf) +{ + FILE* fp; + char* tbuf = 0; + int i; + i = asprintf(&tbuf, "%s.%s.%06lu", sources_prefix, sbuf, (u_long)open_ts.tv_usec); + if (i < 1 || !tbuf) { + logerr("asprintf: out of memory"); + return; + } + fprintf(stderr, "rssm: saving %u sources in %s\n", counts.sources.num_addrs, tbuf); + fp = fopen(tbuf, "w"); + if (!fp) { + logerr("%s: %s", tbuf, strerror(errno)); + free(tbuf); + return; + } + for (i = 0; i < counts.sources.num_addrs; i++) { + fprintf(fp, "%s %" PRIu64 "\n", ia_str(counts.sources.addrs[i]), counts.sources.count[i]); + } + fclose(fp); + fprintf(stderr, "rssm: done\n"); + free(tbuf); +} + +void rssm_save_aggregated(const char* sbuf) +{ + FILE* fp; + char* tbuf = 0; + int i; + i = asprintf(&tbuf, "%s.%s.%06lu", aggregated_prefix, sbuf, (u_long)open_ts.tv_usec); + if (i < 1 || !tbuf) { + logerr("asprintf: out of memory"); + return; + } + fprintf(stderr, "rssm: saving %u aggregated in %s\n", counts.aggregated.num_addrs, tbuf); + fp = fopen(tbuf, "w"); + if (!fp) { + logerr("%s: %s", tbuf, strerror(errno)); + free(tbuf); + return; + } + for (i = 0; i < counts.aggregated.num_addrs; i++) { + fprintf(fp, "%s %" PRIu64 "\n", ia_str(counts.aggregated.addrs[i]), counts.aggregated.count[i]); + } + fclose(fp); + fprintf(stderr, "rssm: done\n"); + free(tbuf); +} + +/* + * Fork a separate process so that we don't block the main dnscap. Use double-fork + * to avoid zombies for the main dnscap process. + */ +int rssm_close(my_bpftimeval ts) +{ + char sbuf[265]; + pid_t pid; + struct tm tm; + + if (dont_fork_on_close) { + struct tm tm; + gmtime_r((time_t*)&open_ts.tv_sec, &tm); + strftime(sbuf, sizeof(sbuf), "%Y%m%d.%H%M%S", &tm); + close_ts = ts; + rssm_save_counts(sbuf); + if (sources_prefix) + rssm_save_sources(sbuf); + if (aggregated_prefix) + rssm_save_aggregated(sbuf); + return 0; + } + + pid = fork(); + if (pid < 0) { + logerr("rssm.so: fork: %s", strerror(errno)); + return 1; + } else if (pid) { + /* parent */ + waitpid(pid, NULL, 0); + return 0; + } + /* 1st gen child continues */ + pid = fork(); + if (pid < 0) { + logerr("rssm.so: fork: %s", strerror(errno)); + return 1; + } else if (pid) { + /* 1st gen child exits */ + exit(0); + } + /* grandchild (2nd gen) continues */ + gmtime_r((time_t*)&open_ts.tv_sec, &tm); + strftime(sbuf, sizeof(sbuf), "%Y%m%d.%H%M%S", &tm); + close_ts = ts; + rssm_save_counts(sbuf); + if (sources_prefix) + rssm_save_sources(sbuf); + if (aggregated_prefix) + rssm_save_aggregated(sbuf); + exit(0); +} + +static void +find_or_add(iaddr ia) +{ + uint64_t* c = hash_find(&ia, counts.sources.tbl); + if (c) { + (*c)++; + } else { + if (counts.sources.num_addrs == MAX_TBL_ADDRS) + return; + counts.sources.addrs[counts.sources.num_addrs] = ia; + if (hash_add(&counts.sources.addrs[counts.sources.num_addrs], &counts.sources.count[counts.sources.num_addrs], counts.sources.tbl)) { + logerr("rssm.so: unable to add address to hash"); + return; + } + counts.sources.count[counts.sources.num_addrs]++; + counts.sources.num_addrs++; + if (ia.af == AF_INET) { + counts.num_ipv4_sources++; + } else { + counts.num_ipv6_sources++; + } + } + + if (ia.af == AF_INET6) { + iaddr v6agg = ia; + + memset(((uint8_t*)&v6agg.u.a6) + 8, 0, 8); + c = hash_find(&v6agg, counts.aggregated.tbl); + if (c) { + (*c)++; + } else { + if (counts.aggregated.num_addrs == MAX_TBL_ADDRS2) + return; + counts.aggregated.addrs[counts.aggregated.num_addrs] = v6agg; + if (hash_add(&counts.aggregated.addrs[counts.aggregated.num_addrs], &counts.aggregated.count[counts.aggregated.num_addrs], counts.aggregated.tbl)) { + logerr("rssm.so: unable to add aggregated address to hash"); + return; + } + counts.aggregated.count[counts.aggregated.num_addrs]++; + counts.aggregated.num_addrs++; + } + } +} + +void rssm_output(const char* descr, iaddr from, iaddr to, uint8_t proto, unsigned flags, + unsigned sport, unsigned dport, my_bpftimeval ts, + const u_char* pkt_copy, const unsigned olen, + const u_char* payload, const unsigned payloadlen) +{ + unsigned dnslen; + ldns_pkt* pkt = 0; + + if (!(flags & DNSCAP_OUTPUT_ISDNS)) + return; + + if (ldns_wire2pkt(&pkt, payload, payloadlen) != LDNS_STATUS_OK) { + return; + } + + dnslen = payloadlen >> MSG_SIZE_SHIFT; + if (dnslen >= MAX_SIZE_INDEX) + dnslen = MAX_SIZE_INDEX - 1; + + if (!ldns_pkt_qr(pkt)) { + find_or_add(from); + if (IPPROTO_UDP == proto) { + counts.udp_query_size[dnslen]++; + } else if (IPPROTO_TCP == proto) { + counts.tcp_query_size[dnslen]++; + } + if (AF_INET == from.af) { + if (IPPROTO_UDP == proto) { + counts.dns_udp_queries_received_ipv4++; + } else if (IPPROTO_TCP == proto) { + counts.dns_tcp_queries_received_ipv4++; + } + } else if (AF_INET6 == from.af) { + if (IPPROTO_UDP == proto) { + counts.dns_udp_queries_received_ipv6++; + } else if (IPPROTO_TCP == proto) { + counts.dns_tcp_queries_received_ipv6++; + } + } + } else { + uint16_t rcode = ldns_pkt_get_rcode(pkt); + if (IPPROTO_UDP == proto) { + counts.udp_response_size[dnslen]++; + } else if (IPPROTO_TCP == proto) { + counts.tcp_response_size[dnslen]++; + } + if (AF_INET == from.af) { + if (IPPROTO_UDP == proto) { + counts.dns_udp_responses_sent_ipv4++; + } else if (IPPROTO_TCP == proto) { + counts.dns_tcp_responses_sent_ipv4++; + } + } else if (AF_INET6 == from.af) { + if (IPPROTO_UDP == proto) { + counts.dns_udp_responses_sent_ipv6++; + } else if (IPPROTO_TCP == proto) { + counts.dns_tcp_responses_sent_ipv6++; + } + } + if (ldns_pkt_arcount(pkt)) { + rcode |= ((uint16_t)ldns_pkt_edns_extended_rcode(pkt) << 4); + } + counts.rcodes[rcode]++; + } + + ldns_pkt_free(pkt); +} diff --git a/plugins/rssm/test1.gold b/plugins/rssm/test1.gold new file mode 100644 index 0000000..86957d0 --- /dev/null +++ b/plugins/rssm/test1.gold @@ -0,0 +1,58 @@ +--- +version: rssac002v3 +service: test1 +start-period: 2016-10-20T15:23:01Z +metric: traffic-volume +dns-udp-queries-received-ipv4: 41 +dns-udp-queries-received-ipv6: 0 +dns-tcp-queries-received-ipv4: 0 +dns-tcp-queries-received-ipv6: 0 +dns-udp-responses-sent-ipv4: 41 +dns-udp-responses-sent-ipv6: 0 +dns-tcp-responses-sent-ipv4: 0 +dns-tcp-responses-sent-ipv6: 0 + +--- +version: rssac002v3 +service: test1 +start-period: 2016-10-20T15:23:01Z +metric: traffic-sizes +udp-request-sizes: + 16-31: 24 + 32-47: 17 +udp-response-sizes: + 176-191: 24 + 256-271: 17 +tcp-request-sizes: {} +tcp-response-sizes: {} + +--- +version: rssac002v3 +service: test1 +start-period: 2016-10-20T15:23:01Z +metric: rcode-volume +0: 41 + +--- +version: rssac002v3 +service: test1 +start-period: 2016-10-20T15:23:01Z +metric: unique-sources +num-sources-ipv4: 1 +num-sources-ipv6: 0 +num-sources-ipv6-aggregate: 0 + +--- +version: rssac002v3 +service: test1 +start-period: 2016-10-20T15:23:01Z +metric: dnscap-rssm-sources +sources: + 172.17.0.10: 41 + +--- +version: rssac002v3 +service: test1 +start-period: 2016-10-20T15:23:01Z +metric: dnscap-rssm-aggregated-sources +aggregated-sources: {} diff --git a/plugins/rssm/test1.sh b/plugins/rssm/test1.sh new file mode 100755 index 0000000..d43b947 --- /dev/null +++ b/plugins/rssm/test1.sh @@ -0,0 +1,11 @@ +#!/bin/sh -xe + +plugin=`find . -name 'rssm.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the RSSM plugin" + exit 1 +fi + +../../src/dnscap -N -T -r "$srcdir/../../src/test/dns.pcap" -P "$plugin" -w test1 -Y -n test1 -A -S -D + +diff test1.20161020.152301.075993 "$srcdir/test1.gold" diff --git a/plugins/rssm/test2.gold b/plugins/rssm/test2.gold new file mode 100644 index 0000000..85625c0 --- /dev/null +++ b/plugins/rssm/test2.gold @@ -0,0 +1,43 @@ +--- +0: 123 +metric: rcode-volume +service: test1 +start-period: 2016-10-20T15:23:01Z +version: rssac002v3 + +--- +metric: traffic-sizes +service: test1 +start-period: 2016-10-20T15:23:01Z +tcp-request-sizes: {} +tcp-response-sizes: {} +udp-request-sizes: + 16-31: 72 + 32-47: 51 +udp-response-sizes: + 176-191: 72 + 256-271: 51 +version: rssac002v3 + +--- +dns-tcp-queries-received-ipv4: 0 +dns-tcp-queries-received-ipv6: 0 +dns-tcp-responses-sent-ipv4: 0 +dns-tcp-responses-sent-ipv6: 0 +dns-udp-queries-received-ipv4: 123 +dns-udp-queries-received-ipv6: 0 +dns-udp-responses-sent-ipv4: 123 +dns-udp-responses-sent-ipv6: 0 +metric: traffic-volume +service: test1 +start-period: 2016-10-20T15:23:01Z +version: rssac002v3 + +--- +metric: unique-sources +num-sources-ipv4: 1 +num-sources-ipv6: 0 +num-sources-ipv6-aggregate: 0 +service: test1 +start-period: 2016-10-20T15:23:01Z +version: rssac002v3 diff --git a/plugins/rssm/test2.sh b/plugins/rssm/test2.sh new file mode 100755 index 0000000..11f44af --- /dev/null +++ b/plugins/rssm/test2.sh @@ -0,0 +1,5 @@ +#!/bin/sh -xe + +"$srcdir"/dnscap-rssm-rssac002 --sort "$srcdir/test1.gold" "$srcdir/test1.gold" "$srcdir/test1.gold" > test2.out + +diff test2.out "$srcdir/test2.gold" diff --git a/plugins/rssm/test3.gold b/plugins/rssm/test3.gold new file mode 100644 index 0000000..237af89 --- /dev/null +++ b/plugins/rssm/test3.gold @@ -0,0 +1,57 @@ +--- +version: rssac002v3 +service: test3 +start-period: 2018-11-27T15:52:00Z +metric: traffic-volume +dns-udp-queries-received-ipv4: 0 +dns-udp-queries-received-ipv6: 1 +dns-tcp-queries-received-ipv4: 0 +dns-tcp-queries-received-ipv6: 0 +dns-udp-responses-sent-ipv4: 0 +dns-udp-responses-sent-ipv6: 1 +dns-tcp-responses-sent-ipv4: 0 +dns-tcp-responses-sent-ipv6: 0 + +--- +version: rssac002v3 +service: test3 +start-period: 2018-11-27T15:52:00Z +metric: traffic-sizes +udp-request-sizes: + 32-47: 1 +udp-response-sizes: + 48-63: 1 +tcp-request-sizes: {} +tcp-response-sizes: {} + +--- +version: rssac002v3 +service: test3 +start-period: 2018-11-27T15:52:00Z +metric: rcode-volume +0: 1 + +--- +version: rssac002v3 +service: test3 +start-period: 2018-11-27T15:52:00Z +metric: unique-sources +num-sources-ipv4: 0 +num-sources-ipv6: 1 +num-sources-ipv6-aggregate: 1 + +--- +version: rssac002v3 +service: test3 +start-period: 2018-11-27T15:52:00Z +metric: dnscap-rssm-sources +sources: + 2a01:3f0:0:57::245: 1 + +--- +version: rssac002v3 +service: test3 +start-period: 2018-11-27T15:52:00Z +metric: dnscap-rssm-aggregated-sources +aggregated-sources: + 2a01:3f0:0:57::: 1 diff --git a/plugins/rssm/test3.sh b/plugins/rssm/test3.sh new file mode 100755 index 0000000..60b2e8a --- /dev/null +++ b/plugins/rssm/test3.sh @@ -0,0 +1,11 @@ +#!/bin/sh -xe + +plugin=`find . -name 'rssm.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the RSSM plugin" + exit 1 +fi + +../../src/dnscap -N -T -r "$srcdir/../../src/test/dns6.pcap" -P "$plugin" -w test3 -Y -n test3 -A -S -D + +diff test3.20181127.155200.414188 "$srcdir/test3.gold" diff --git a/plugins/rssm/test4.sh b/plugins/rssm/test4.sh new file mode 100755 index 0000000..3c28711 --- /dev/null +++ b/plugins/rssm/test4.sh @@ -0,0 +1,14 @@ +#!/bin/sh -xe + +plugin=`find . -name 'rssm.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the RSSM plugin" + exit 1 +fi + +../../src/dnscap -r "$srcdir/../../src/test/dns.pcap" -P "$plugin" -? +! ../../src/dnscap -r "$srcdir/../../src/test/dns.pcap" -P "$plugin" -X +! ../../src/dnscap -r "$srcdir/../../src/test/dns.pcap" -P "$plugin" -s s -s s -S +! ../../src/dnscap -r "$srcdir/../../src/test/dns.pcap" -P "$plugin" -a a -a a -A +! ../../src/dnscap -r "$srcdir/../../src/test/dns.pcap" -P "$plugin" -Y +../../src/dnscap -r "$srcdir/../../src/test/dns.pcap" -P "$plugin" -D -w test4 -w test4 -n n -n n -s test4.src -a test4.agg diff --git a/plugins/rssm/test5.gold b/plugins/rssm/test5.gold new file mode 100644 index 0000000..acaa7cd --- /dev/null +++ b/plugins/rssm/test5.gold @@ -0,0 +1,58 @@ +--- +version: rssac002v3 +service: test5 +start-period: 2018-01-10T11:22:41Z +metric: traffic-volume +dns-udp-queries-received-ipv4: 0 +dns-udp-queries-received-ipv6: 0 +dns-tcp-queries-received-ipv4: 41 +dns-tcp-queries-received-ipv6: 0 +dns-udp-responses-sent-ipv4: 0 +dns-udp-responses-sent-ipv6: 0 +dns-tcp-responses-sent-ipv4: 41 +dns-tcp-responses-sent-ipv6: 0 + +--- +version: rssac002v3 +service: test5 +start-period: 2018-01-10T11:22:41Z +metric: traffic-sizes +udp-request-sizes: {} +udp-response-sizes: {} +tcp-request-sizes: + 16-31: 24 + 32-47: 17 +tcp-response-sizes: + 32-47: 24 + 128-143: 17 + +--- +version: rssac002v3 +service: test5 +start-period: 2018-01-10T11:22:41Z +metric: rcode-volume +0: 41 + +--- +version: rssac002v3 +service: test5 +start-period: 2018-01-10T11:22:41Z +metric: unique-sources +num-sources-ipv4: 1 +num-sources-ipv6: 0 +num-sources-ipv6-aggregate: 0 + +--- +version: rssac002v3 +service: test5 +start-period: 2018-01-10T11:22:41Z +metric: dnscap-rssm-sources +sources: + 172.17.0.8: 41 + +--- +version: rssac002v3 +service: test5 +start-period: 2018-01-10T11:22:41Z +metric: dnscap-rssm-aggregated-sources +aggregated-sources: {} diff --git a/plugins/rssm/test5.sh b/plugins/rssm/test5.sh new file mode 100755 index 0000000..4b93df5 --- /dev/null +++ b/plugins/rssm/test5.sh @@ -0,0 +1,11 @@ +#!/bin/sh -xe + +plugin=`find . -name 'rssm.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the RSSM plugin" + exit 1 +fi + +../../src/dnscap -N -T -r "$srcdir/../../src/test/dnso1tcp.pcap" -P "$plugin" -w test5 -Y -n test5 -A -S -D + +diff test5.20180110.112241.543825 "$srcdir/test5.gold" diff --git a/plugins/rzkeychange/Makefile.am b/plugins/rzkeychange/Makefile.am new file mode 100644 index 0000000..869eba6 --- /dev/null +++ b/plugins/rzkeychange/Makefile.am @@ -0,0 +1,23 @@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in +CLEANFILES = *.gcda *.gcno *.gcov + +AM_CFLAGS = -I$(srcdir) \ + -I$(top_srcdir)/src \ + -I$(top_srcdir)/isc \ + $(SECCOMPFLAGS) \ + $(libldns_CFLAGS) + +pkglib_LTLIBRARIES = rzkeychange.la +rzkeychange_la_SOURCES = rzkeychange.c +rzkeychange_la_LDFLAGS = -module -avoid-version $(libldns_LIBS) + +TESTS = test1.sh +EXTRA_DIST = $(TESTS) +CLEANFILES += *.pcap-dist + +if ENABLE_GCOV +gcov-local: + for src in $(rzkeychange_la_SOURCES); do \ + gcov -o .libs -l -r -s "$(srcdir)" "$$src"; \ + done +endif diff --git a/plugins/rzkeychange/rzkeychange.c b/plugins/rzkeychange/rzkeychange.c new file mode 100644 index 0000000..4f14c40 --- /dev/null +++ b/plugins/rzkeychange/rzkeychange.c @@ -0,0 +1,470 @@ +/* + * Author Duane Wessels + */ + +#define _GNU_SOURCE +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <memory.h> +#include <time.h> +#include <stdarg.h> +#include <errno.h> +#include <assert.h> +#include <sys/wait.h> + +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> + +#include <arpa/nameser.h> + +#include <netinet/in_systm.h> +#include <netinet/ip.h> +#include <netinet/ip6.h> +#include <netinet/ip_icmp.h> + +#include <ldns/ldns.h> + +#include "dnscap_common.h" + +static logerr_t* logerr = 0; +static my_bpftimeval open_ts = { 0, 0 }; +static my_bpftimeval clos_ts = { 0, 0 }; +static char* report_zone = 0; +static char* report_server = 0; +static char* report_node = 0; +static char* keytag_zone = 0; +static unsigned short resolver_port = 0; +static unsigned int resolver_use_tcp = 0; +static ldns_resolver* res; + +static int dry_run = 0; + +output_t rzkeychange_output; +is_responder_t rzkeychange_is_responder = 0; +ia_str_t rzkeychange_ia_str = 0; + +#define MAX_KEY_TAG_SIGNALS 500 +static unsigned int num_key_tag_signals; +struct { + iaddr addr; + uint8_t flags; + const char* signal; +} key_tag_signals[MAX_KEY_TAG_SIGNALS]; + +#define KEYTAG_FLAG_DO 1 +#define KEYTAG_FLAG_CD 2 +#define KEYTAG_FLAG_RD 4 + +struct { + uint64_t dnskey; + uint64_t tc_bit; + uint64_t tcp; + uint64_t icmp_unreach_frag; + uint64_t icmp_timxceed_reass; + uint64_t icmp_timxceed_intrans; + uint64_t total; +} counts; + +#define MAX_NAMESERVERS 10 +static unsigned int num_ns_addrs = 0; +static char* ns_addrs[MAX_NAMESERVERS]; + +void rzkeychange_usage() +{ + fprintf(stderr, + "\nrzkeychange.so options:\n" + "\t-? print these instructions and exit\n" + "\t-D dry run, just print queries\n" + "\t-z <zone> Report counters to DNS zone <zone> (required)\n" + "\t-s <server> Data is from server <server> (required)\n" + "\t-n <node> Data is from site/node <node> (required)\n" + "\t-k <zone> Report RFC 8145 key tag signals to <zone>\n" + "\t-a <addr> Send DNS queries to this addr\n" + "\t-p <port> Send DNS queries to this port\n" + "\t-t Use TCP for DNS queries\n"); +} + +void rzkeychange_extension(int ext, void* arg) +{ + switch (ext) { + case DNSCAP_EXT_IS_RESPONDER: + rzkeychange_is_responder = (is_responder_t)arg; + break; + case DNSCAP_EXT_IA_STR: + rzkeychange_ia_str = (ia_str_t)arg; + break; + } +} + +void rzkeychange_getopt(int* argc, char** argv[]) +{ + int c; + while ((c = getopt(*argc, *argv, "?a:k:n:p:s:tz:D")) != EOF) { + switch (c) { + case 'n': + if (report_node) + free(report_node); + report_node = strdup(optarg); + if (!report_node) { + fprintf(stderr, "strdup() out of memory\n"); + exit(1); + } + break; + case 's': + if (report_server) + free(report_server); + report_server = strdup(optarg); + if (!report_server) { + fprintf(stderr, "strdup() out of memory\n"); + exit(1); + } + break; + case 'z': + if (report_zone) + free(report_zone); + report_zone = strdup(optarg); + if (!report_zone) { + fprintf(stderr, "strdup() out of memory\n"); + exit(1); + } + break; + case 'k': + if (keytag_zone) + free(keytag_zone); + keytag_zone = strdup(optarg); + if (!keytag_zone) { + fprintf(stderr, "strdup() out of memory\n"); + exit(1); + } + break; + case 'a': + if (num_ns_addrs < MAX_NAMESERVERS) { + ns_addrs[num_ns_addrs] = strdup(optarg); + if (!ns_addrs[num_ns_addrs]) { + fprintf(stderr, "strdup() out of memory\n"); + exit(1); + } + num_ns_addrs++; + } else { + fprintf(stderr, "too many nameservers\n"); + exit(1); + } + break; + case 'p': + resolver_port = strtoul(optarg, 0, 10); + break; + case 't': + resolver_use_tcp = 1; + break; + case 'D': + dry_run = 1; + break; + case '?': + rzkeychange_usage(); + if (!optopt || optopt == '?') { + exit(0); + } + // fallthrough + default: + exit(1); + } + } + if (!report_zone || !report_server || !report_node) { + rzkeychange_usage(); + exit(1); + } +} + +ldns_pkt* +dns_query(const char* name, ldns_rr_type type) +{ + fprintf(stderr, "%s\n", name); + if (dry_run) { + return 0; + } + + ldns_rdf* domain = ldns_dname_new_frm_str(name); + if (0 == domain) { + fprintf(stderr, "bad query name: '%s'\n", name); + exit(1); + } + ldns_pkt* pkt = ldns_resolver_query(res, + domain, + type, + LDNS_RR_CLASS_IN, + LDNS_RD); + ldns_rdf_deep_free(domain); + return pkt; +} + +static void +add_resolver_nameserver(const char* s) +{ + ldns_rdf* nsaddr; + fprintf(stderr, "adding nameserver '%s' to resolver config\n", s); + if (strchr(s, ':')) + nsaddr = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_AAAA, s); + else + nsaddr = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, s); + if (!nsaddr) { + logerr("rzkeychange.so: invalid IP address '%s'", s); + exit(1); + } + assert(LDNS_STATUS_OK == ldns_resolver_push_nameserver(res, nsaddr)); +} + +int rzkeychange_start(logerr_t* a_logerr) +{ + ldns_pkt* pkt; + struct timeval to; + char qname[256]; + logerr = a_logerr; + if (LDNS_STATUS_OK != ldns_resolver_new_frm_file(&res, NULL)) { + fprintf(stderr, "Failed to initialize ldns resolver\n"); + exit(1); + } + if (num_ns_addrs) { + unsigned int i; + ldns_resolver_set_nameserver_count(res, 0); + for (i = 0; i < num_ns_addrs; i++) + add_resolver_nameserver(ns_addrs[i]); + } + if (0 == ldns_resolver_nameserver_count(res)) + add_resolver_nameserver("127.0.0.1"); + if (resolver_port) + ldns_resolver_set_port(res, resolver_port); + if (resolver_use_tcp) + ldns_resolver_set_usevc(res, 1); + + if (dry_run) { + return 0; + } + + fprintf(stderr, "Testing reachability of zone '%s'\n", report_zone); + pkt = dns_query(report_zone, LDNS_RR_TYPE_TXT); + if (!pkt) { + fprintf(stderr, "Test of zone '%s' failed\n", report_zone); + exit(1); + } + if (0 != ldns_pkt_get_rcode(pkt)) { + fprintf(stderr, "Query to zone '%s' returned rcode %d\n", report_zone, ldns_pkt_get_rcode(pkt)); + exit(1); + } + fprintf(stderr, "Success.\n"); + if (pkt) + ldns_pkt_free(pkt); + /* + * For all subsequent queries we don't actually care about the response + * and don't wait to wait very long for it so the timeout is set really low. + */ + to.tv_sec = 0; + to.tv_usec = 500000; + ldns_resolver_set_timeout(res, to); + snprintf(qname, sizeof(qname), "ts-elapsed-tot-dnskey-tcp-tc-unreachfrag-texcfrag-texcttl.%s.%s.%s", report_node, report_server, report_zone); + pkt = dns_query(qname, LDNS_RR_TYPE_TXT); + if (pkt) + ldns_pkt_free(pkt); + return 0; +} + +void rzkeychange_stop() +{ +} + +int rzkeychange_open(my_bpftimeval ts) +{ + open_ts = clos_ts.tv_sec ? clos_ts : ts; + memset(&counts, 0, sizeof(counts)); + memset(&key_tag_signals, 0, sizeof(key_tag_signals)); + num_key_tag_signals = 0; + return 0; +} + +void rzkeychange_submit_counts(void) +{ + char qname[256]; + ldns_pkt* pkt; + double elapsed = (double)clos_ts.tv_sec - (double)open_ts.tv_sec + 0.000001 * clos_ts.tv_usec - 0.000001 * open_ts.tv_usec; //NOSONAR + int k; + + k = snprintf(qname, sizeof(qname), "%lu-%u-%" PRIu64 "-%" PRIu64 "-%" PRIu64 "-%" PRIu64 "-%" PRIu64 "-%" PRIu64 "-%" PRIu64 ".%s.%s.%s", + (u_long)open_ts.tv_sec, + (unsigned int)(elapsed + 0.5), + counts.total, + counts.dnskey, + counts.tcp, + counts.tc_bit, + counts.icmp_unreach_frag, + counts.icmp_timxceed_reass, + counts.icmp_timxceed_intrans, + report_node, + report_server, + report_zone); + + if (k < sizeof(qname)) { + pkt = dns_query(qname, LDNS_RR_TYPE_TXT); + if (pkt) + ldns_pkt_free(pkt); + } + + if (keytag_zone != 0) { + unsigned int i; + + for (i = 0; i < num_key_tag_signals; i++) { + char* s = strdup(rzkeychange_ia_str(key_tag_signals[i].addr)); + char* t; + + if (0 == s) { + /* + * Apparently out of memory. This function is called in + * a child process which will exit right after this we + * break from the loop and return from this function. + */ + break; + } + + for (t = s; *t; t++) + if (*t == '.' || *t == ':') + *t = '-'; + + k = snprintf(qname, sizeof(qname), "%lu.%s.%hhx.%s.%s.%s.%s", + (u_long)open_ts.tv_sec, + s, + key_tag_signals[i].flags, + key_tag_signals[i].signal, + report_node, + report_server, + keytag_zone); + free(s); + + if (k >= sizeof(qname)) + continue; // qname was truncated in snprintf() + + pkt = dns_query(qname, LDNS_RR_TYPE_TXT); + if (pkt) + ldns_pkt_free(pkt); + } + } +} + +/* + * Fork a separate process so that we don't block the main dnscap. Use + * double-fork to avoid zombies for the main dnscap process. + */ +int rzkeychange_close(my_bpftimeval ts) +{ + pid_t pid; + pid = fork(); + if (pid < 0) { + logerr("rzkeychange.so: fork: %s", strerror(errno)); + return 1; + } else if (pid) { + /* parent */ + waitpid(pid, NULL, 0); + return 0; + } + /* 1st gen child continues */ + pid = fork(); + if (pid < 0) { + logerr("rzkeychange.so: fork: %s", strerror(errno)); + return 1; + } else if (pid) { + /* 1st gen child exits */ + exit(0); + } + /* grandchild (2nd gen) continues */ + clos_ts = ts; + rzkeychange_submit_counts(); + exit(0); +} + +void rzkeychange_keytagsignal(const ldns_pkt* pkt, const ldns_rr* question_rr, iaddr addr) +{ + ldns_rdf* qn; + char* qn_str = 0; + if (LDNS_RR_TYPE_NULL != ldns_rr_get_type(question_rr)) + return; + if (num_key_tag_signals == MAX_KEY_TAG_SIGNALS) + return; + qn = ldns_rr_owner(question_rr); + if (qn == 0) + return; + qn_str = ldns_rdf2str(qn); + if (qn_str == 0) + return; + if (0 != strncasecmp(qn_str, "_ta-", 4)) + goto keytagsignal_done; + qn_str[strlen(qn_str) - 1] = 0; // ldns always adds terminating dot + if (strchr(qn_str, '.')) // dont want non-root keytag signals + goto keytagsignal_done; + key_tag_signals[num_key_tag_signals].addr = addr; + key_tag_signals[num_key_tag_signals].signal = strdup(qn_str); + assert(key_tag_signals[num_key_tag_signals].signal); + if (ldns_pkt_rd(pkt)) + key_tag_signals[num_key_tag_signals].flags |= KEYTAG_FLAG_RD; + if (ldns_pkt_cd(pkt)) + key_tag_signals[num_key_tag_signals].flags |= KEYTAG_FLAG_CD; + if (ldns_pkt_edns_do(pkt)) + key_tag_signals[num_key_tag_signals].flags |= KEYTAG_FLAG_DO; + num_key_tag_signals++; +keytagsignal_done: + if (qn_str) + free(qn_str); +} + +void rzkeychange_output(const char* descr, iaddr from, iaddr to, uint8_t proto, unsigned flags, + unsigned sport, unsigned dport, my_bpftimeval ts, + const u_char* pkt_copy, const unsigned olen, + const u_char* payload, const unsigned payloadlen) +{ + ldns_pkt* pkt = 0; + ldns_rr_list* question_rr_list = 0; + ldns_rr* question_rr = 0; + if (!(flags & DNSCAP_OUTPUT_ISDNS)) { + if (IPPROTO_ICMP == proto && payloadlen >= 4) { + struct icmp* icmp; + if (rzkeychange_is_responder && !rzkeychange_is_responder(to)) + goto done; + icmp = (void*)payload; + if (ICMP_UNREACH == icmp->icmp_type) { + if (ICMP_UNREACH_NEEDFRAG == icmp->icmp_code) + counts.icmp_unreach_frag++; + } else if (ICMP_TIMXCEED == icmp->icmp_type) { + if (ICMP_TIMXCEED_INTRANS == icmp->icmp_code) + counts.icmp_timxceed_intrans++; + else if (ICMP_TIMXCEED_REASS == icmp->icmp_code) + counts.icmp_timxceed_reass++; + } + } + goto done; + } + if (LDNS_STATUS_OK != ldns_wire2pkt(&pkt, payload, payloadlen)) + return; + if (0 == ldns_pkt_qr(pkt)) + goto done; + counts.total++; + if (IPPROTO_UDP == proto) { + if (0 != ldns_pkt_tc(pkt)) + counts.tc_bit++; + } else if (IPPROTO_TCP == proto) { + counts.tcp++; + } + if (LDNS_PACKET_QUERY != ldns_pkt_get_opcode(pkt)) + goto done; + question_rr_list = ldns_pkt_question(pkt); + if (0 == question_rr_list) + goto done; + question_rr = ldns_rr_list_rr(question_rr_list, 0); + if (0 == question_rr) + goto done; + if (LDNS_RR_CLASS_IN == ldns_rr_get_class(question_rr)) + if (LDNS_RR_TYPE_DNSKEY == ldns_rr_get_type(question_rr)) + counts.dnskey++; + if (keytag_zone != 0) + rzkeychange_keytagsignal(pkt, question_rr, to); // 'to' here because plugin should be processing responses +done: + ldns_pkt_free(pkt); +} diff --git a/plugins/rzkeychange/test1.sh b/plugins/rzkeychange/test1.sh new file mode 100755 index 0000000..de066e3 --- /dev/null +++ b/plugins/rzkeychange/test1.sh @@ -0,0 +1,21 @@ +#!/bin/sh -xe + +plugin=`find . -name 'rzkeychange.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the rzkeychange plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist + +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -? +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -X +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -n text -n text +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -s text -s text +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -z text -z text +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -k text -k text +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -a 1 -a 2 -a 3 -a 4 -a 5 -a 6 -a 7 -a 8 -a 9 -a 10 -a 11 + +# LDNS resolver needs /etc/resolv.conf +test -f /etc/resolv.conf || exit 0 +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -D -t -p 5353 -a 127.0.0.1 -n n -s s -z example.com -k k diff --git a/plugins/template/Makefile.am b/plugins/template/Makefile.am new file mode 100644 index 0000000..2cc0d7e --- /dev/null +++ b/plugins/template/Makefile.am @@ -0,0 +1,22 @@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in +CLEANFILES = *.gcda *.gcno *.gcov + +AM_CFLAGS = -I$(srcdir) \ + -I$(top_srcdir)/src \ + -I$(top_srcdir)/isc \ + $(SECCOMPFLAGS) + +pkglib_LTLIBRARIES = template.la +template_la_SOURCES = template.c +template_la_LDFLAGS = -module -avoid-version + +TESTS = test1.sh +EXTRA_DIST = $(TESTS) +CLEANFILES += *.pcap-dist + +if ENABLE_GCOV +gcov-local: + for src in $(template_la_SOURCES); do \ + gcov -o .libs -l -r -s "$(srcdir)" "$$src"; \ + done +endif diff --git a/plugins/template/template.c b/plugins/template/template.c new file mode 100644 index 0000000..6abf23c --- /dev/null +++ b/plugins/template/template.c @@ -0,0 +1,147 @@ +/* + * Copyright (c) 2016-2021, OARC, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. Neither the name of the copyright holder nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> +#include <netinet/in.h> + +#include "dnscap_common.h" + +static logerr_t* logerr; +static int opt_f = 0; +static const char* opt_x = 0; + +output_t template_output; + +void template_usage() +{ + fprintf(stderr, + "\ntemplate.so options:\n" + "\t-? print these instructions and exit\n" + "\t-f flag option\n" + "\t-x <arg> option with argument\n"); +} + +void template_getopt(int* argc, char** argv[]) +{ + /* + * The "getopt" function will be called from the parent to + * process plugin options. + */ + int c; + while ((c = getopt(*argc, *argv, "?fx:")) != EOF) { + switch (c) { + case 'f': + opt_f = 1; + break; + case 'x': + opt_x = strdup(optarg); + break; + case '?': + template_usage(); + if (!optopt || optopt == '?') { + exit(0); + } + // fallthrough + default: + exit(1); + } + } +} + +int template_start(logerr_t* a_logerr) +{ + /* + * The "start" function is called once, when the program + * starts. It is used to initialize the plugin. If the + * plugin wants to write debugging and or error messages, + * it should save the a_logerr pointer passed from the + * parent code. + */ + logerr = a_logerr; + return 0; +} + +void template_stop() +{ + /* + * The "start" function is called once, when the program + * is exiting normally. It might be used to clean up state, + * free memory, etc. + */ +} + +int template_open(my_bpftimeval ts) +{ + /* + * The "open" function is called at the start of each + * collection interval, which might be based on a period + * of time or a number of packets. In the original code, + * this is where we opened an output pcap file. + */ + return 0; +} + +int template_close(my_bpftimeval ts) +{ + /* + * The "close" function is called at the end of each + * collection interval, which might be based on a period + * of time or on a number of packets. In the original code + * this is where we closed an output pcap file. + */ + return 0; +} + +void template_output(const char* descr, iaddr from, iaddr to, uint8_t proto, unsigned flags, + unsigned sport, unsigned dport, my_bpftimeval ts, + const u_char* pkt_copy, const unsigned olen, + const u_char* payload, const unsigned payloadlen) +{ + /* + * Here you can "process" a packet. The function is named + * "output" because in the original code this is where + * packets were outputted. + * + * if flags & PCAP_OUTPUT_ISDNS != 0 then payload is the start of a DNS message. + * + * if flags & PCAP_OUTPUT_ISFRAG != 0 then the packet is a fragment. + * + * if flags & PCAP_OUTPUT_ISLAYER != 0 then the pkt_copy is the same as payload. + */ +} diff --git a/plugins/template/test1.sh b/plugins/template/test1.sh new file mode 100755 index 0000000..3cb518f --- /dev/null +++ b/plugins/template/test1.sh @@ -0,0 +1,13 @@ +#!/bin/sh -xe + +plugin=`find . -name 'template.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the template plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist + +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -? +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -X diff --git a/plugins/txtout/Makefile.am b/plugins/txtout/Makefile.am new file mode 100644 index 0000000..c802b92 --- /dev/null +++ b/plugins/txtout/Makefile.am @@ -0,0 +1,22 @@ +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in +CLEANFILES = *.gcda *.gcno *.gcov + +AM_CFLAGS = -I$(srcdir) \ + -I$(top_srcdir)/src \ + -I$(top_srcdir)/isc \ + $(SECCOMPFLAGS) $(libldns_CFLAGS) + +pkglib_LTLIBRARIES = txtout.la +txtout_la_SOURCES = txtout.c +txtout_la_LDFLAGS = -module -avoid-version $(libldns_LIBS) + +TESTS = test1.sh +EXTRA_DIST = $(TESTS) +CLEANFILES += test1.out *.pcap-dist + +if ENABLE_GCOV +gcov-local: + for src in $(txtout_la_SOURCES); do \ + gcov -o .libs -l -r -s "$(srcdir)" "$$src"; \ + done +endif diff --git a/plugins/txtout/test1.sh b/plugins/txtout/test1.sh new file mode 100755 index 0000000..c862e46 --- /dev/null +++ b/plugins/txtout/test1.sh @@ -0,0 +1,15 @@ +#!/bin/sh -xe + +plugin=`find . -name 'txtout.so' | head -n 1` +if [ -z "$plugin" ]; then + echo "Unable to find the txtout plugin" + exit 1 +fi + +ln -fs "$srcdir/../../src/test/dns.pcap" dns.pcap-dist + +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -? +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -s +../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -o test1.out +! ../../src/dnscap -r dns.pcap-dist -g -P "$plugin" -X diff --git a/plugins/txtout/txtout.c b/plugins/txtout/txtout.c new file mode 100644 index 0000000..37249b9 --- /dev/null +++ b/plugins/txtout/txtout.c @@ -0,0 +1,299 @@ +/* + * Copyright (c) 2016-2021, OARC, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. Neither the name of the copyright holder nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> +#include <netinet/in.h> +#include <ctype.h> +#include <errno.h> +#include <arpa/inet.h> +#include <arpa/nameser.h> +#include <resolv.h> +#include <ldns/ldns.h> + +#include "dnscap_common.h" + +static logerr_t* logerr; +static char* opt_o = 0; +static int opt_s = 0; +static FILE* out = 0; + +output_t txtout_output; + +void txtout_usage() +{ + fprintf(stderr, + "\ntxtout.so options:\n" + "\t-? print these instructions and exit\n" + "\t-o <arg> output file name\n" + "\t-s short output, only QTYPE/QNAME for IN\n"); +} + +void txtout_getopt(int* argc, char** argv[]) +{ + /* + * The "getopt" function will be called from the parent to + * process plugin options. + */ + int c; + while ((c = getopt(*argc, *argv, "?so:")) != EOF) { + switch (c) { + case 'o': + if (opt_o) + free(opt_o); + opt_o = strdup(optarg); + break; + case 's': + opt_s = 1; + break; + case '?': + txtout_usage(); + if (!optopt || optopt == '?') { + exit(0); + } + // fallthrough + default: + exit(1); + } + } +} + +int txtout_start(logerr_t* a_logerr) +{ + /* + * The "start" function is called once, when the program + * starts. It is used to initialize the plugin. If the + * plugin wants to write debugging and or error messages, + * it should save the a_logerr pointer passed from the + * parent code. + */ + logerr = a_logerr; + if (opt_o) { + out = fopen(opt_o, "w"); + if (0 == out) { + logerr("%s: %s\n", opt_o, strerror(errno)); + exit(1); + } + } else { + out = stdout; + } + setbuf(out, 0); + return 0; +} + +void txtout_stop() +{ + /* + * The "start" function is called once, when the program + * is exiting normally. It might be used to clean up state, + * free memory, etc. + */ + if (out != stdout) + fclose(out); +} + +int txtout_open(my_bpftimeval ts) +{ + /* + * The "open" function is called at the start of each + * collection interval, which might be based on a period + * of time or a number of packets. In the original code, + * this is where we opened an output pcap file. + */ + return 0; +} + +int txtout_close(my_bpftimeval ts) +{ + /* + * The "close" function is called at the end of each + * collection interval, which might be based on a period + * of time or on a number of packets. In the original code + * this is where we closed an output pcap file. + */ + return 0; +} + +ia_str_t ia_str = 0; +tcpstate_getcurr_t tcpstate_getcurr = 0; +tcpstate_reset_t tcpstate_reset = 0; + +void txtout_extension(int ext, void* arg) +{ + switch (ext) { + case DNSCAP_EXT_IA_STR: + ia_str = (ia_str_t)arg; + break; + case DNSCAP_EXT_TCPSTATE_GETCURR: + tcpstate_getcurr = (tcpstate_getcurr_t)arg; + break; + case DNSCAP_EXT_TCPSTATE_RESET: + tcpstate_reset = (tcpstate_reset_t)arg; + break; + } +} + +void txtout_output(const char* descr, iaddr from, iaddr to, uint8_t proto, unsigned flags, + unsigned sport, unsigned dport, my_bpftimeval ts, + const u_char* pkt_copy, unsigned olen, + const u_char* payload, unsigned payloadlen) +{ + /* + * Short output, only print QTYPE and QNAME for IN records + */ + if (opt_s) { + if (flags & DNSCAP_OUTPUT_ISDNS) { + ldns_pkt* pkt; + + if (ldns_wire2pkt(&pkt, payload, payloadlen) != LDNS_STATUS_OK) { + if (tcpstate_getcurr && tcpstate_reset) + tcpstate_reset(tcpstate_getcurr(), ""); + return; + } + + ldns_rr_list* qds = ldns_pkt_question(pkt); + if (qds) { + ldns_rr* qd = ldns_rr_list_rr(qds, 0); + + if (qd && ldns_rr_get_class(qd) == LDNS_RR_CLASS_IN) { + ldns_buffer* buf = ldns_buffer_new(512); + if (!buf) { + logerr("out of memmory\n"); + exit(1); + } + + if (ldns_rr_type2buffer_str(buf, ldns_rr_get_type(qd)) == LDNS_STATUS_OK) { + fprintf(out, "%s", (char*)ldns_buffer_begin(buf)); + } else { + fprintf(out, "ERR"); + } + + ldns_buffer_clear(buf); + if (ldns_rdf2buffer_str(buf, ldns_rr_owner(qd)) == LDNS_STATUS_OK) { + fprintf(out, " %s\n", (char*)ldns_buffer_begin(buf)); + } else { + fprintf(out, "ERR\n"); + } + ldns_buffer_free(buf); + } + } + ldns_pkt_free(pkt); + } + return; + } + + /* + * IP Stuff + */ + fprintf(out, "%10ld.%06ld", (long)ts.tv_sec, (long)ts.tv_usec); + fprintf(out, " %s %u", ia_str(from), sport); + fprintf(out, " %s %u", ia_str(to), dport); + fprintf(out, " %hhu", proto); + + if (flags & DNSCAP_OUTPUT_ISDNS) { + ldns_pkt* pkt; + + if (ldns_wire2pkt(&pkt, payload, payloadlen) != LDNS_STATUS_OK) { + if (tcpstate_getcurr && tcpstate_reset) + tcpstate_reset(tcpstate_getcurr(), ""); + fprintf(out, "\n"); + return; + } + + /* + * DNS Header + */ + fprintf(out, " %u", ldns_pkt_id(pkt)); + fprintf(out, " %u", ldns_pkt_get_opcode(pkt)); + fprintf(out, " %u", ldns_pkt_get_rcode(pkt)); + fprintf(out, " |"); + if (ldns_pkt_qr(pkt)) + fprintf(out, "QR|"); + if (ldns_pkt_aa(pkt)) + fprintf(out, "AA|"); + if (ldns_pkt_tc(pkt)) + fprintf(out, "TC|"); + if (ldns_pkt_rd(pkt)) + fprintf(out, "RD|"); + if (ldns_pkt_ra(pkt)) + fprintf(out, "RA|"); + if (ldns_pkt_ad(pkt)) + fprintf(out, "AD|"); + if (ldns_pkt_cd(pkt)) + fprintf(out, "CD|"); + + ldns_rr_list* qds = ldns_pkt_question(pkt); + if (qds) { + ldns_rr* qd = ldns_rr_list_rr(qds, 0); + + if (qd) { + ldns_buffer* buf = ldns_buffer_new(512); + if (!buf) { + logerr("out of memmory\n"); + exit(1); + } + + if (ldns_rr_class2buffer_str(buf, ldns_rr_get_class(qd)) == LDNS_STATUS_OK) { + fprintf(out, " %s", (char*)ldns_buffer_begin(buf)); + } else { + fprintf(out, " ERR"); + } + + ldns_buffer_clear(buf); + if (ldns_rr_type2buffer_str(buf, ldns_rr_get_type(qd)) == LDNS_STATUS_OK) { + fprintf(out, " %s", (char*)ldns_buffer_begin(buf)); + } else { + fprintf(out, " ERR"); + } + + ldns_buffer_clear(buf); + if (ldns_rdf2buffer_str(buf, ldns_rr_owner(qd)) == LDNS_STATUS_OK) { + fprintf(out, " %s", (char*)ldns_buffer_begin(buf)); + } else { + fprintf(out, "ERR"); + } + ldns_buffer_free(buf); + } + } + ldns_pkt_free(pkt); + } + /* + * Done + */ + fprintf(out, "\n"); +} |