uniq_dns.sh

#!/usr/bin/env bash


dir="$1"
output_dir="$2"
if [[ ! -d "$dir" ]] || [[ ! -d "$output_dir" ]] ; then
     printf "Usage: `basename $0` location of pcaps location to output logfiles\n "
     echo "Searches a pcap file for uniq dns and generates a count"
     exit 0
fi



function unique_dnsoutput {
    while read -r; do
    	printf '%s %s %s %s\n' 'Reading network traffic from' "$REPLY" 'Time Started:' "$(date +'%D %T')"
    	printf '%s\n\n' '#############################'
    	tshark -r "$REPLY" -Y "dns.flags.response eq 0" -T fields -e dns.qry.name
    done < <(find "$dir" -type f -iname '*.pcap') | tee -a ${output_dir}/uniq_dns_fulloutput.txt
        printf '%s\n\n' '###########################'
        printf '%s %s\n' 'Time Finished:' "$(date +'%D %T')"
}

function unique_dns {
    cat ${output_dir}/uniq_dns_fulloutput.txt|sort -u |sed -r 's/^(.*\.|)([^\.]+)(\.[^\.]+)(\.[^\.]+)$/\2\3\4/g'|sort |uniq -c |sort -n|tee -a ${output_dir}/uniq_dns.txt
    #awk '{print $1}' ${output_dir}/uniq_ips_fulloutput.txt|sort -n |sort -u|grep -v "Reading"|tee -a ${output_dir}/uniq_ips.txt
}

function main {
   unique_dnsoutput "$dir" "$output_dir"
   unique_dns "$output_dir" 
}

main