#!/usr/bin/env python

# 1230, Mon 19 Jan 15 (NZDT)
# p11_dns_find_our_servers.py:  Count nameservers in home network

import plt, pldns

fn = "pcapfile:1kp-dns-anon.pcap.gz"  # Data file name
t = plt.trace(fn);  t.start()

home = ipp.from_s("82.166/16")  # 'Home' IP prefix for data file
print "home = %s" % home

n = 0;  nameservers = {}
for pkt in t:
    n += 1  # Wireshark uses 1-org packet numbers
#    if n == 20:
#        break  # # Terminate the loop

    ip = pkt.ip
    if not ip:
        continue  # Not IP
    if ip.frag_offset != 0:
        continue  # Non-first fragment
    udp = pkt.udp
    if not udp:
        continue  # Not UDP

    ldns_obj = pldns.ldns(udp.payload)
    if ldns_obj.is_response:  # Only look at Queries
        continue

    dst = ip.dst_prefix
    dst.length = 32
    if home.is_prefix(dst):  # Is dest in home prefix?
        ds = str(dst)
        if ds in nameservers:
            nameservers[ds] += 1   # Count it
        else:
            nameservers[ds] = 1    # New nameserver
            print "%5d  %s -> %s" % (n, ip.src_prefix, ip.dst_prefix)

t.close()

print "%d packets read" % n
for ns in sorted(nameservers, key=nameservers.get, reverse=True):
    print "  %20s  %d" % (ns, nameservers[ns])