drool(1) | General Commands Manual | drool(1) |
drool - DNS Replay Tool
drool replay [ options ] file host port
drool can replay DNS traffic from packet capture (PCAP) files and send it to a specified server, with options such as to manipulate the timing between packets, as well as loop packets infinitely or for a set number of iterations. This tool's goal is to be able to produce a high amount of UDP packets per second and TCP sessions per second on common hardware.
The purpose can be to simulate Distributed Denial of Service (DDoS) attacks on the DNS and measure normal DNS querying. For example, the tool could enable you to take a snapshot of a DDoS and be able to replay it later to test if new code or hardening techniques are useful, safe & effective. Another example is to be able to replay a packet stream for a bug that is sequence- and/or timing-related in order to validate the efficacy of subsequent bug fixes.
These options are specific for the replay command, see drool(1) for generic options.
Send all DNS queries twice as fast as found in the PCAP file to localhost using UDP.
Send all DNS queries over TCP to localhost as they were recorded.
Take all DNS queries found in the PCAP file and send them as fast as possible over UDP to localhost by ignoring both timings, replies and starting 3 threads that will simultaneously send queries.
drool(1)
Jerry Lundström, DNS-OARC
Maintained by DNS-OARC
For issues and feature requests please use:
For question and help please use:
2.0.0 | DNS Replay Tool |