* Tool
BotDAD

* Link
https://github.com/mannirulz/BotDAD

* Description
Tool for Anomaly based Botnet detection using DNS traffic analysis.
Within the VARIoT project, BotDAD provides DNS fingerprints and DNS request and response logs.

* Usage
First, filter DNS traffic out of a pcap file.

user@host:~$ tshark -r input.pcap -F pcap -Y dns -t ad -w output.pcap

-r input.pcap => input pcap file
-F pcap => output format
-Y dns => filter dns traffic
-t ad => timestamp format
-w output.pcap => output pcap file

Then, execute BotDAD script to create request, response and log CSV files.

user@host:~/BotDAD-master/Src$ python2.7 main.py

Once CSV files are created, 'a' option creates dns query statistics.

* Output
- capture.pcap_log.csv : basic information about the processed capture
- capture.pcap_req.csv : requests information.
- capture.pcap_res.csv : responses information.
- DNS_FP.csv : DNS queries’ statistics
