NAME

drool - DNS Replay Tool

SYNOPSIS

drool command [ options ] < arguments >

DESCRIPTION

drool can replay DNS traffic from packet capture (PCAP) files and send it to a specified server, with options such as to manipulate the timing between packets, as well as loop packets infinitely or for a set number of iterations. This tool's goal is to be able to produce a high amount of UDP packets per second and TCP sessions per second on common hardware.

The purpose can be to simulate Distributed Denial of Service (DDoS) attacks on the DNS and measure normal DNS querying. For example, the tool could enable you to take a snapshot of a DDoS and be able to replay it later to test if new code or hardening techniques are useful, safe & effective. Another example is to be able to replay a packet stream for a bug that is sequence- and/or timing-related in order to validate the efficacy of subsequent bug fixes.

COMMANDS

drool is divided into various commands for different scenarios. Each command has it's own man-page, may take different arguments and may have additional options.

replay

Replay DNS from a PCAP file, see drool-replay(1).

respdiff

Replay DNS and store the responses along with the responses found in the PCAP for analysis with the respdiff tool-chain, see drool-respdiff(1).

OPTIONS

These options are generic for all drool commands.

--csv

Output statistics as CSV.

--json

Output statistics as JSON.

-v --verbose

Enable verbose logging, can be given multiple times to increase verbosity level.

-h --help

Print help and exit.

-V --version

Print version and exit.

EXIT VALUES

0 - no error
1 - generic error

SEE ALSO

drool-replay(1)

AUTHORS

Jerry Lundström, DNS-OARC

Maintained by DNS-OARC

BUGS

For issues and feature requests please use:

For question and help please use: