dns packet analyzer, version 1.6.17 (ldns version 1.6.17)

Usage: ldns-dpa [OPTIONS] <pcap file> Options: -c <exprlist>: Count occurrences of matching expressions -f <expression>: Filter occurrences of matching expressions -h: show this help -p: show percentage of -u and -c values (of the total of matching on the -f filter. if no filter is given, percentages are on all correct dns packets) -of <file>: Write pcap packets that match the -f flag to file -ofh <file>: Write pcap packets that match the -f flag to file in a hexadecimal format readable by drill -s: show possible match names -s <matchname>: show possible match operators and values for <name> -sf: Print packet that match -f. If no -f is given, print all dns packets -u <matchnamelist>: Count all occurrences of matchname -ua: Show average value of every -u matchname -uac: Show average count of every -u matchname -um <number>: Only show -u results that occured more than number times -v <level>: be more verbose -notip <file>: Dump pcap packets that were not recognized as IP packets to file -baddns <file>: Dump mangled dns packets to file -version: Show the version and exit The filename '-' stands for stdin or stdout, so you can use "-of -" if you want to pipe the output to another process A <list> is a comma separated list of items An expression has the following form: <expr>: (<expr>) <expr> | <expr> <expr> & <expr> <match> <match>: <matchname> <operator> <value> See the -s option for possible matchnames, operators and values.