DNS packet injector capture the traffic from a network interface in promiscuous mode, and attempt to inject forged responses to selected DNS A requests. The DNS poisoning attack detector detects DNS poisoning attack attempts, such as those generated by DNS packet injector.
Usage:
For Injection:
dnsinject [-i interface] [-f hostnames] expression
-i Listen on network device <interface> (e.g., eth0). If not specified,
listens on default interface.
-f List of IP address and hostname pairs specifying the hostnames to
be hijacked. If '-f' is not specified, dnsinject forge replies for
all observed requests with the local machine's IP address as an answer.
<expression> is a BPF filter that specifies a subset of the traffic to be
monitored. This option is useful for targeting a single or a set of particular
victims
e.g. ./dnsinject -i eth0 -f attackfile ip src <ip >
For Detection:
dnsdetect [-i interface] [-r tracefile] expression
-i Listen on network device <interface> (e.g., eth0). If not specified,
the program listen on default interface.
-r Read packets from <tracefile> (tcpdump format).
<expression> is a BPF filter that specifies a subset of the traffic to be
monitored.
e.g. ./dnsdetect -r submit.pcap