1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
.\" DNS Reply Tool (drool)
.\"
.\" Copyright (c) 2017-2021, OARC, Inc.
.\" Copyright (c) 2017, Comcast Corporation
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. Neither the name of the copyright holder nor the names of its
.\" contributors may be used to endorse or promote products derived
.\" from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
.\" FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
.\" COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
.\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
.\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.TH drool 1 "@PACKAGE_VERSION@" "DNS Replay Tool"
.SH NAME
drool \- DNS Replay Tool
.SH SYNOPSIS
.B drool replay
[
.I options
]
.B file
.B host
.B port
.SH DESCRIPTION
\fBdrool\fR can replay DNS traffic from packet capture (PCAP) files and send
it to a specified server, with options such as to manipulate the timing
between packets, as well as loop packets infinitely or for a set number
of iterations.
This tool's goal is to be able to produce a high amount of UDP packets per
second and TCP sessions per second on common hardware.
The purpose can be to simulate Distributed Denial of Service (DDoS) attacks
on the DNS and measure normal DNS querying.
For example, the tool could enable you to take a snapshot of a DDoS and be
able to replay it later to test if new code or hardening techniques are
useful, safe & effective.
Another example is to be able to replay a packet stream for a bug that is
sequence- and/or timing-related in order to validate the efficacy of
subsequent bug fixes.
.SH OPTIONS
These options are specific for the
.B replay
command, see
.IR drool (1)
for generic options.
.TP
.B \-D
Show DNS queries and responses as processing goes.
.TP
.B \-n \-\-no\-responses
Do not wait for responses before sending next request.
.TP
.B \-\-no\-tcp
Do not use TCP.
.TP
.B \-\-no\-udp
Do not use UDP.
.TP
.B \-T \-\-threads
Use threads.
.TP
.B \-\-tcp\-threads N
Set the number of TCP threads to use, default 2.
.TP
.B \-\-udp\-threads N
Set the number of UDP threads to use, default 4.
.TP
.B \-\-timeout N.N
Set timeout for waiting on responses [seconds.nanoseconds], default 10.0.
.TP
.B \-t \-\-timing mode[=option]
Set the timing mode, see TIMING MODES.
.SH EXAMPLES
.TP
.B drool replay \-\-timing multiply=0.5 \-\-no\-tcp file.pcap 127.0.0.1 53
Send all DNS queries twice as fast as found in the PCAP file to localhost
using UDP.
.TP
.B drool replay \-\-timing keep \-\-no\-udp file.pcap 127.0.0.1 53
Send all DNS queries over TCP to localhost as they were recorded.
.TP
.B drool replay \-\-no\-tcp \-\-no\-responses \-\-threads \-\-udp\-threads 3 file.pcap 127.0.0.1 53
Take all DNS queries found in the PCAP file and send them as fast as possible
over UDP to localhost by ignoring both timings, replies and starting 3 threads
that will simultaneously send queries.
.SH TIMING MODES
.TP
.B ignore
Set the timing mode to ignore all timings and try to send traffic as fast
as possible (default).
.TP
.B keep
Set the timing mode to try and keep up with interval between the traffic
received.
.TP
.B add=<nanoseconds>
Set the timing mode to add the given nanoseconds to the interval between
the traffic received.
.TP
.B reduce=<nanoseconds>
Set the timing mode to reduce the interval between the traffic received
with the given nanoseconds.
.TP
.B multiply=<float>
Set the timing mode to multiply the interval between the traffic received,
this can be thought as percent with 1.00 being 100% of the interval, 2.00
being 200%, 0.10 being 10% and so on.
.TP
.B fixed=<nanoseconds>
Set the timing between packets to the given nanoseconds.
.SH SEE ALSO
drool(1)
.SH AUTHORS
Jerry Lundström, DNS-OARC
.LP
Maintained by DNS-OARC
.LP
.RS
.I https://www.dns-oarc.net/
.RE
.LP
.SH BUGS
For issues and feature requests please use:
.LP
.RS
\fI@PACKAGE_URL@\fP
.RE
.LP
For question and help please use:
.LP
.RS
\fI@PACKAGE_BUGREPORT@\fP
.RE
.LP
|