queryparse (1) - Linux Manuals
queryparse: extract DNS queries from pcap capture files.
Command to display queryparse manual in Linux: $ man 1 queryparse
NAME
queryparse - extract DNS queries from pcap capture files.
SYNOPSIS
queryparse [-i
input file
] [-o
output file
] [-r
recursion only
] [-R
parse responses
]
DESCRIPTION
queryparse
is a tool designed to extract DNS queries from pcap-formatted packet
capture files and save them in a form suitable for input to Nominum's
dnsperf or resperf benchmarking tools.
queryparse
will only examine UDP packets, and currently supports Ethernet and Cisco HDLC frame types.
OPTIONS
- -i filename
-
Attempt to extract DNS queries from
filename,
which should be a pcap-formatted packet capture session (e.g., a file created
by tcpdump or ethereal).
- -o filename
-
Write queries to
filename
in a format suitable for input to Nominum's dnsperf or resperf benchmarking tools.
- -r
-
Keep queries that do not have the RD (recursion desired) flag set. This is useful when parsing packet captures from authoritative nameservers. When parsing captures from caching nameservers, do not use it unless you also want to parse the outgoing queries from the nameserver. Defaults to discarding queries with RD=0.
- -R
-
Parse responses (QR=1) instead of queries (QR=0).
FILES
None
ENVIRONMENT
None
DIAGNOSTICS
None
BUGS
None
AUTHOR
Nominum, Inc.
Pages related to queryparse
- quest (1) - Xapian command line search tool
- quickbook (1) - WikiWiki style documentation tool geared towards C++ documentation
- quilt (1) - tool to manage series of patches
- quodlibet (1) - audio library manager and player
- quota (1) - display disk usage and limits
- quotasync (1) - synchronize in-kernel file system usage and limits to disk format