To use queryparse, you need one or more files containing pcap-formatted packet
captures, such as those generated by tcpdump via the -w switch.

Once you have such a file, call queryparse as follows:

queryparse -i tcpdump.raw -o outputfile

where "tcpdump.raw" is the name of the pcap-formatted packet capture file, and
"outputfile" is the name you wish to call the saved output of queryparse.

When queryparse finishes, it will print to STDOUT a count of each type of query
encountered during its run.  For example:

Statistics:
             A: 1175140
           SOA: 23639
         NAPTR: 113
            NS: 1329
         CNAME: 1667
          NONE: 38
           PTR: 186053
          AAAA: 50858
           ANY: 2117
           SRV: 49470
           KEY: 218
            A6: 245
           TXT: 24243
            MX: 517510
-------------------------
         TOTAL: 2032640



The resulting output is in a format suitable as input to resperf or dnsperf.
For example:

example.biz. A
example.net. MX
foo.example.tv. A
example.enc. MX
example[2].txt. MX
foo.]. MX


Note that there are both valid and invalid host names in the output:  Neither
queryparse nor resperf or dnsperf discriminate on the basis of a host name's
adherence to RFCs.  If the query was put on the wire and can be recognized as a
properly-formed query, it will be saved.  If this does not meet your needs, you
may wish to parse the resulting output file to eliminate nonconforming host
names.