DNSトラフィックのネットワークキャプチャのツール dnscap

cd /usr/ports/dns/dnscap/
sudo make install clean

usage: dnscap
[-?pd1g6f] [-i <if>]+ [-r <file>]+ [-l <vlan>]+
[-u <port>] [-m [qun]] [-e [nytfsxir]]
[-h [ir]] [-s [ir]]
[-a <host>]+ [-z <host>]+ [-A <host>]+ [-Z <host>]+
[-w <base> [-k <cmd>]] [-t <lim>] [-c <lim>]
[-x <pat>]+ [-X <pat>]+
[-B <datetime>]+ [-E <datetime>]+

options:
-? or -?  print these instructions and exit
-p         do not put interface in promiscuous mode
-d         dump verbose trace information to stderr
-1         flush output on every packet
-g         dump packets dig-style on stderr
-6         compensate for PCAP/BPF IPv6 bug
-f         include fragmented packets
-i <if>    select this live interface(s)
-r <file>  read this pcap file
-l <vlan>  select only these vlan(s)
-u <port>  dns port (default: 53)
-m [qun]   select messages: query, update, notify
-s [ir]    select sides: initiations, responses
-h [ir]    hide initiators and/or responders
-e [nytfsxir] select error/response code
n = no error
y = any error
t = truncated response
f = format error (rcode 1)
s = server failure (rcode 2)
x = nxdomain (rcode 3)
i = not implemented (rcode 4)
r = refused (rcode 5)
-a <host>  want messages from these initiator(s)
-z <host>  want messages from these responder(s)
-A <host>  want messages not from these initiator(s)
-Z <host>  want messages not from these responder(s)
-w <base>  dump to <base>.<timesec>.<timeusec>
-k <cmd>   kick off <cmd> when each dump closes
-t <lim>   close dump or exit every/after <lim> secs
-c <lim>   close dump or exit every/after <lim> pkts
-x <pat>   select messages matching regex <pat>
-X <pat>   select messages not matching regex <pat>
-B <datetime> begin collecting at this date and time
-X <datetime> end collecting at this date and time