1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
.\" Copyright 2019-2021 OARC, Inc.
.\" Copyright 2017-2018 Akamai Technologies
.\" Copyright 2006-2016 Nominum, Inc.
.\" All rights reserved.
.\"
.\" Licensed under the Apache License, Version 2.0 (the "License");
.\" you may not use this file except in compliance with the License.
.\" You may obtain a copy of the License at
.\"
.\" http://www.apache.org/licenses/LICENSE-2.0
.\"
.\" Unless required by applicable law or agreed to in writing, software
.\" distributed under the License is distributed on an "AS IS" BASIS,
.\" WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
.\" See the License for the specific language governing permissions and
.\" limitations under the License.
.TH "queryparse" 1
.SH NAME
queryparse \- extract DNS queries from pcap capture files.
.SH SYNOPSIS
.B queryparse [-i
.I input file
.B ] [-o
.I output file
.B ] [-r
.I recursion only
.B ] [-R
.I parse responses
.B ]
.SH DESCRIPTION
.B queryparse
is a tool designed to extract DNS queries from pcap-formatted packet
capture files and save them in a form suitable for input to Nominum's
dnsperf or resperf benchmarking tools.
.B queryparse
will only examine UDP packets, and currently supports Ethernet and Cisco HDLC frame types.
.SH OPTIONS
.IP "\-i filename"
Attempt to extract DNS queries from
.I filename,
which should be a pcap-formatted packet capture session (e.g., a file created
by tcpdump or ethereal).
.IP "\-o filename"
Write queries to
.I filename
in a format suitable for input to Nominum's dnsperf or resperf benchmarking tools.
.IP "\-r"
Keep queries that do not have the RD (recursion desired) flag set. This is useful when parsing packet captures from authoritative nameservers. When parsing captures from caching nameservers, do not use it unless you also want to parse the outgoing queries from the nameserver. Defaults to discarding queries with RD=0.
.IP "\-R"
Parse responses (QR=1) instead of queries (QR=0).
.SH FILES
None
.SH ENVIRONMENT
None
.SH DIAGNOSTICS
None
.SH BUGS
None
.SH AUTHOR
Nominum, Inc.
.SH "SEE ALSO"
.BR dnsperf (1),
.BR resperf (1),
.BR pcap (3),
.BR tcpdump (8)
|