queryparse - extract DNS queries from pcap capture files.

       Nominum, Inc.

       None

queryparse  is  a  tool designed to extract DNS queries from pcap-formatted packet capture files and save
       them in a form suitable for input to Nominum's dnsperf or resperf benchmarking  tools.   queryparse  will
       only examine UDP packets, and currently supports Ethernet and Cisco HDLC frame types.

       None

       None

       None

       queryparse - extract DNS queries from pcap capture files.

       -i filename
              Attempt  to  extract  DNS  queries  from filename, which should be a pcap-formatted packet capture
              session (e.g., a file created by tcpdump or ethereal).

       -o filename
              Write queries to filename in  a  format  suitable  for  input  to  Nominum's  dnsperf  or  resperf
              benchmarking tools.

       -r     Keep  queries  that  do not have the RD (recursion desired) flag set.  This is useful when parsing
              packet captures from authoritative nameservers.  When parsing captures from  caching  nameservers,
              do not use it unless you also want to parse the outgoing queries from the nameserver.  Defaults to
              discarding queries with RD=0.

       -R     Parse responses (QR=1) instead of queries (QR=0).

dnsperf(1), resperf(1), pcap(3), tcpdump(8)

                                                                                                   queryparse(1)

queryparse[-iinputfile][-ooutputfile][-rrecursiononly][-Rparseresponses]