
Installation
------------

Queryparse requires libpcap and both the dnspython and btk python modules.

Ensure dnspython has been installed.  If not, please download and install the 
latest version from http://www.dnspython.org/ .

Download libpcap from http://sourceforge.net/projects/libpcap/ .
Download btk from http://home.student.utwente.nl/g.v.berg/btk/ .

Unpack both the libpcap and btk archives and follow the instructions in each
for building and installing the pcap library and the btk python module.
libpcap must be built and installed before btk can be built, as btk is a
wrapper around most of the pcap library.

Ensure queryparse is somewhere in your path.


Usage
-----
queryparse -i <input file> -o <output file>

  -i <input file>: the tcpdump file that will be parsed to locate DNS
                   queries.  

  -o <output file>: the file to which you wish to save the queries parsed
                    from <input file>.  When complete, this file is suitable
                    for use as input to dnsperf.

Queryparse takes as input a packet capture file as created by tcpdump (or any
other program that can save data in pcap format).  It parses every UDP packet,
looking for DNS queries.  When it finds a potential query, it makes every
effort to parse it as a valid query.

Once queryparse has finished, it will print a set of statistics regarding
the capture file to STDOUT.

