queryparse - extract DNS queries from pcap capture files.
queryparse [-i input file ] [-o output
file ] [-r recursion only ] [-R parse
responses ]
queryparse is a tool designed to extract DNS queries from
pcap-formatted packet capture files and save them in a form suitable for
input to Nominum's dnsperf or resperf benchmarking tools. queryparse
will only examine UDP packets, and currently supports Ethernet and Cisco
HDLC frame types.
- -i filename
- Attempt to extract DNS queries from filename, which should be a
pcap-formatted packet capture session (e.g., a file created by tcpdump or
ethereal).
- -o filename
- Write queries to filename in a format suitable for input to
Nominum's dnsperf or resperf benchmarking tools.
- -r
- Keep queries that do not have the RD (recursion desired) flag set. This is
useful when parsing packet captures from authoritative nameservers. When
parsing captures from caching nameservers, do not use it unless you also
want to parse the outgoing queries from the nameserver. Defaults to
discarding queries with RD=0.
- -R
- Parse responses (QR=1) instead of queries (QR=0).