The dns_resp column curently includes only the DNS query for the pcap2pandas function. This makes the function unusable for an analyst who is looking to match the DNS queries and responses to filter the traffic they're interested in. This PR fixes that by replacing scapy's dns_response.rrname by dns_response.rdata for the response, and a None query with dns_response.rrname. This will make filtering easy for an analyst without having to match the queries and responses.
Also included a couple lines in the parser example to test this out on a sample PCAP.
The
dns_respcolumn curently includes only the DNS query for thepcap2pandasfunction. This makes the function unusable for an analyst who is looking to match the DNS queries and responses to filter the traffic they're interested in. This PR fixes that by replacing scapy'sdns_response.rrnamebydns_response.rdatafor the response, and aNonequery withdns_response.rrname. This will make filtering easy for an analyst without having to match the queries and responses.Also included a couple lines in the parser example to test this out on a sample PCAP.