PacketQ icon indicating copy to clipboard operation
PacketQ copied to clipboard
verified publisher icon DNS-OARC

Add aslookup feature

Open arjenz opened this issue 12 years ago • 5 comments

Optional lookup ASLOOKUP to look up an AS (Autonomous System) number. Compiling with --with-GeoIP adds 2 command line parameters and 1 extra SQL keyword.

  • Usage packetq -c -s "SELECT COUNT(*) as count, ASLOOKUP(src_addr) AS asnumber FROM dns WHERE qr=0 GROUP BY asnumber ORDER BY COUNT DESC LIMIT 10" -g GeoIPASNum.dat -G GeoIPASNumv6.dat dns.pcap This generates the top 10 of querying networks.
  • Extra dependencies libgeoip C API (https://github.com/maxmind/geoip-api-c) AS lookup databases can be downloaded from http://dev.maxmind.com/geoip/legacy/geolite/

Tested on Ubuntu 12.04 and 12.10

arjenz avatar Nov 26 '13 09:11 arjenz

Can you "Allow edits from maintainers."? Should be a checkbox to the right.

jelu avatar Jun 08 '17 07:06 jelu

Done!

arjenz avatar Jun 08 '17 22:06 arjenz

Thanks but forgot that this PR was against master so need to redo the PR anyway, I will pull from your changes and create a new PR.

Any reason you haven't submitted the country code lookup?

jelu avatar Jun 09 '17 05:06 jelu

I think I was waiting for feedback on some questions I had asked the original author (and then forgot). I could send PR for that as well.

arjenz avatar Jun 09 '17 21:06 arjenz

OK :)

You don't need to do another PR, I will pull your changes and continue on them.

jelu avatar Jun 10 '17 12:06 jelu