oracular (1) pcap-queryparse.1.gz
NAME
queryparse - extract DNS queries from pcap capture files.
SYNOPSIS
queryparse [-i input file ] [-o output file ] [-r recursion only ] [-R parse responses ]
DESCRIPTION
queryparse is a tool designed to extract DNS queries from pcap-formatted packet capture files and save
them in a form suitable for input to Nominum's dnsperf or resperf benchmarking tools. queryparse will
only examine UDP packets, and currently supports Ethernet and Cisco HDLC frame types.
OPTIONS
-i filename
Attempt to extract DNS queries from filename, which should be a pcap-formatted packet capture
session (e.g., a file created by tcpdump or ethereal).
-o filename
Write queries to filename in a format suitable for input to Nominum's dnsperf or resperf
benchmarking tools.
-r Keep queries that do not have the RD (recursion desired) flag set. This is useful when parsing
packet captures from authoritative nameservers. When parsing captures from caching nameservers,
do not use it unless you also want to parse the outgoing queries from the nameserver. Defaults to
discarding queries with RD=0.
-R Parse responses (QR=1) instead of queries (QR=0).
FILES
None
ENVIRONMENT
None
DIAGNOSTICS
None
BUGS
None
AUTHOR
Nominum, Inc.
SEE ALSO
dnsperf(1), resperf(1), pcap(3), tcpdump(8) queryparse(1)