NetFort Advertising

DNS Traffic is always worth watching very closely

But it is not a good excuse to forget your anniversary!

While visiting a large ISP type customer here in the Bay area, we started to discuss the value he could get from network traffic analysis. The volumes of traffic on his network are at a scale that he even struggles with summary information like Netflow; he has so much of it, it is almost impossible to get a handle on it and see anything useful – a real big data problem.  During our conversation, I mentioned that we have a number of dissectors (or application decoders as we call them) for protocols like SMB, NFS, SQL, web, DNS – ’STOP, what can you tell me about my DNS traffic, as my logs are limited’.  To be honest, I would have thought LANGuardian provided too much detail for his organization, but I guess DNS is a bit different.

Anyhow, I led on to explain that LANGuardian can:

  • Monitor DNS traffic, decode DNS replies
  • Inventory of responding DNS servers
  • Alert on rogue DNS servers
  • Review what resolutions clients receiving
  • Monitor client requests, validate DNS traffic (piggybacking)

To quote a good friend, Tim of #lovemytool ‘John, show me, don’t tell me’

So, I simply showed a short demo, which in summary was something like the following screen grabs:


Overall, it was a good meeting; the visibility and context one can get off the wire on DNS activity across a network can be really useful for multiple security related use cases and forensics. Our customer thought it was very interesting and useful for a network like his; especially as he is so heavily focused on security these days while helping and educating his customers.

However, when I got back to my Airbnb and opened up my laptop, a Skype chat message popped up on my screen. Now for a moment, just think of some of the worst text or voicemail’s you could get from your wife! Let’s face it, there are only 2 big dates one should ALWAYS remember and we all know what they are!

When I looked at my Skype text box at 6:00pm PST, 2:00am GMT a day late, I saw a message there for over 8 hours, with those 3 little words we dread to hear or read before we get to send them ourselves: ‘Happy Anniversary Darling’

Damn, I blamed DNS. I told her, I tried to send a nice message but we had a DNS issue and I was off the network! Now, even she knows that without DNS, everything stops working!


John Brosnan