1 files changed, 52 insertions, 0 deletions

diff --git a/contrib/queryparse/USAGE b/contrib/queryparse/USAGE
new file mode 100644
index 0000000..d5672e9
--- /dev/null
+++ b/contrib/queryparse/USAGE
@@ -0,0 +1,52 @@
+
+
+To use queryparse, you need one or more files containing pcap-formatted packet
+captures, such as those generated by tcpdump via the -w switch.
+
+Once you have such a file, call queryparse as follows:
+
+queryparse -i tcpdump.raw -o outputfile
+
+where "tcpdump.raw" is the name of the pcap-formatted packet capture file, and
+"outputfile" is the name you wish to call the saved output of queryparse.
+
+When queryparse finishes, it will print to STDOUT a count of each type of query
+encountered during its run.  For example:
+
+Statistics:
+             A: 1175140
+           SOA: 23639
+         NAPTR: 113
+            NS: 1329
+         CNAME: 1667
+          NONE: 38
+           PTR: 186053
+          AAAA: 50858
+           ANY: 2117
+           SRV: 49470
+           KEY: 218
+            A6: 245
+           TXT: 24243
+            MX: 517510
+-------------------------
+         TOTAL: 2032640
+
+
+
+The resulting output is in a format suitable as input to resperf or dnsperf.
+For example:
+
+example.biz. A
+example.net. MX
+foo.example.tv. A
+example.enc. MX
+example[2].txt. MX
+foo.]. MX
+
+
+Note that there are both valid and invalid host names in the output:  Neither
+queryparse nor resperf or dnsperf discriminate on the basis of a host name's
+adherence to RFCs.  If the query was put on the wire and can be recognized as a
+properly-formed query, it will be saved.  If this does not meet your needs, you
+may wish to parse the resulting output file to eliminate nonconforming host
+names.