DownloadsAll tools require the installation of Npcap which the excellent Wireshark and NMap tools use. Npcap can be downloaded at https://npcap.com
|
MyDNSMon
My original project that emerged from troubleshooting DNS resolution. When a destination URLs use a CDN or load balancer, different devices can get different DNS responses. This caused problems when defining destination IPs for firewall rules.
MyDNSMon shows every detail of the DNS packet with every response for each query.
How to use MyDNSMon
MyDNSMon syntax
MyDNSMon.exe [/csv | /basic | /detail | /all] [/logfile <file name>] [/capture <file name>.pcapng]
Download from MajorGeeks
MyDNSMon shows every detail of the DNS packet with every response for each query.
How to use MyDNSMon
- Make sure you have an up to date version of Npcap installed.
- When you run MyDNSMon, select the network interface you want to listen on.
- Press CTRL + C to stop MyDNSMon. On exit, packet count and unanswered queries are displayed.
MyDNSMon syntax
MyDNSMon.exe [/csv | /basic | /detail | /all] [/logfile <file name>] [/capture <file name>.pcapng]
- MyDNSMon.exe
With no parameters, the view defaults to /csv - /csv
Information displayed includes detection time, source IP, source port, destination IP, destination port, domain queried, and query responses. Comma separated output. - /basic
This expands the view and also includes response types. - /detail
This also includes UDP header information, protocol type, query/answer count, answer class. - /all
This also includes every field included in the DNS packet. - /logfile
Allows you to specify a file name to write the output to. - /capture
Specify a file name with a .pcapng extension to save captured packets to.
If you see question marks or "unknown" in MyDNSMon output, run it using this parameter to save the packets and send to [email protected]
Download from MajorGeeks
LLDP-CDPMon
LLDP-CDPMon (when LLDP or CDP is enabled on all switch ports) reports the switch and port your device is connected to. This has saved me a lot of bother wandering round data centres finding cabinets and tracing cables to work out the right port.
NOTE: if your switch/network device does not advertise LLDP or CDP, LLDP-CDPMon can't detect any packets so will not display any info.
How to use LLDP-CDPMon
LLDP-CDPMon syntax
** NOTE **
As there are thousands of various switches, routers, etc from hundreds of vendors, it's impossible to include the LLDP information every one advertises.
If you run "LLDP-CDPMon.exe /detail" and you see "Unknown" values reported, e.g. "Unknown TLV" , run "LLDP-CDPMon.exe /capture LLDP-CDPMon.pcap" (you can choose your own file name ending in ".pcap").
This will write the LLDP or CDP packet to file. You can then send this in an email to [email protected] and I will try and include the missing TLVs in the next release. I will prioritise major vendors.
Download from MajorGeeks
NOTE: if your switch/network device does not advertise LLDP or CDP, LLDP-CDPMon can't detect any packets so will not display any info.
How to use LLDP-CDPMon
- Make sure you have an up to date version of Npcap installed. Npcap can be downloaded from https://npcap.com
- When you run LLDP-CDPMon, select the network interface you want to listen on.
- Press CTRL + C to stop LLDP-CDPMon listening.
LLDP-CDPMon syntax
- LLDP-CDPMon.exe
With no parameters, information displayed includes the system name, system description, management address(es), port description and port ID interface name (if available). - LLDP-CDPMon.exe /detail
This displays all information the switch/networking device advertises within the LLDP or CDP packet. - LLDP-CDPMon.exe /capture <file name.pcap>
This saves the LLDP or CDP packet to file. If you see unknown TLV messages displayed, you can then email the .pcapng file to [email protected] to include in a future release.
** NOTE **
As there are thousands of various switches, routers, etc from hundreds of vendors, it's impossible to include the LLDP information every one advertises.
If you run "LLDP-CDPMon.exe /detail" and you see "Unknown" values reported, e.g. "Unknown TLV" , run "LLDP-CDPMon.exe /capture LLDP-CDPMon.pcap" (you can choose your own file name ending in ".pcap").
This will write the LLDP or CDP packet to file. You can then send this in an email to [email protected] and I will try and include the missing TLVs in the next release. I will prioritise major vendors.
Download from MajorGeeks