| DNS Monitor (Beta Version) |
Back to Home Page |
DNS Monitor is a utility program that allows you to monitor and log DNS requests transiting your network. What does this mean to the average family? Any access to an outside resource requires the name of the domain to be translated into a number. It doesn't tell you the name of the actual resource, but simply the name of the server that it is stored on. For example, when http://www.google.ca/index.html is requested, the first step is to find out where the server is. This is accomplished by requesting www.google.ca to be translated into an IP address. It doesn't tell us what kind of service is being requested (http), or what resource is being requested (index.html). The advantage of monitoring DNS requests rather than Web GET requests is that these requests are very small and cover services over and above just the World Wide Web. Additionally, most operating systems will cache these requests, so that all you see is the first request. The program utilises the Windows Packet Filter Kit from NT Kernel Resources. This high performance packet filtering framework hooks the NDIS (Network Driver Interface Specification) driver in your Windows Operating System. Because NDIS is a layer 2 network driver, the Ethernet headers have already been stripped from the packets. DNS Monitor has the ability to operate the NIC (Network Interface Card) in promiscuous mode. If your network is using a hub (rather than a switch), you can capture and examine all DNS requests made from your network. This gives you a fairly concise picture of Internet usage.DNS Monitor is written in VB6, and is being made available in ZIP format. Installation is usually straight forward, using "setup.exe" to install files extracted from "DNSmon.cab" as laid out in "setup.lst". It can be installed anywhere the user has authority, but the default location is "\Program Files\DNSmon\". Executing the program:  There are 2 components for DNS Monitor. The main program is interactive, and allows you to monitor and capture current DNS activity. The only setup required is for the user to confirm which IP Adapter is being utilized. DNS Monitor currently supports IPv4 (not IPv6) over ethernet (not WiFi). Once set up, you can activate the server by clicking on the "Start Server" button.  The captured data is logged to file. Those files are stored in the "%windir%\System32\LogFiles\DNS\" directory by date. You can examine the log files at any time, but it makes more sense to stop the server first. Clicking on the "Read Log File" button produces a drop down list of files to choose from:  Choosing a file (yymmdd.log) produces a list of the logged requests:  DNS Monitor also has a service component. This service operates in the background with no user interaction required. Even when the user is logged off, the service continues to operate. At the present time however, it will not persist through a type 3 Sleep mode. To install the service, simply click on the "Install" button. Once successfully installed, the "Start" button will become active and you can start the service, providing that the active server is "OFFLINE". You can also use the Service Manager (services.msc) to stop/start/pause/resume. The service is installed in "Manual" mode, and if you want the service to start automatically on boot up, use the Service Manager to change the Startup Type to "Automatic".  To install DNS Monitor, you must first install WinpkFilter! There is no charge for personal use. DOWNLOAD DNS Monitor! The service component of DNS Monitor would stop functioning after being woken from an S3 sleep. The code has been modified to recognize the lack of traffic and restart the service. |
|
