scapy summary DNS Ans

Question

when I do

.summary()

with scapy I get the following result back

'DNS Ans "ee-in-f139.1e100.net."' 

Is there any filter within scapy that only returns

"ee-in-f139.1e100.net" 

or is my only option to strip the string?

@ RyPeck

At this moment

get hostname(ip):

    ip = x.split('.')
    ip.reverse()
    x = '.'.join(ip) + ".in-addr.arpa"

    answer = sr1(IP(dst="8.8.8.8")/UDP(dport=53)/DNS(rd=1, qd=DNSQR(qname= ip , qtype='PTR')), verbose = 0)
    filter = answer[DNS].summary()
    filter = filter.strip('DNS Ans ')
    filter = filter.strip('."')

which gives me back the hostname and I filter out the DNS Ans. I was hoping that scapy returns just the hostname without me filtering it.

Answer 1

Sure.

def gethostname(ip):
    ip = ip.split('.')
    ip.reverse()
    ip = '.'.join(ip) + ".in-addr.arpa"
    answer = sr1(IP(dst="8.8.8.8")/UDP(dport=53)/DNS(rd=1, qd=DNSQR(qname= ip , qtype='PTR')), verbose = 0)
    #answer.show()
    return answer["DNS"].an.rdata[:-1]

What I did: Instead of using .summary(), I just disassembled the answer: ["DNS"] gives the dns layer, .an gives the answer that was given, .rdata is the actual data that you want, and [:-1] strips off the final dot, because, as specified in RFC1034 a Fully Qualified Domain Name (FQDN) always ends with a trailing .. If you want to see the whole packet, you should just un-comment anser.show()