Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-6179

Added pcapng-format support

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.13.0
    • 1.15.0
    • None

    Description

      The PCAP Next Generation Dump File Format (or pcapng for short) [1] is an attempt to overcome the limitations of the currently widely used (but limited) libpcap format.

      At a first level, it is desirable to query and filter by source and destination IP and port, and src/dest mac addreses or by protocol. Beyond that, however, it would be very useful to be able to group packets by TCP session and eventually to look at packet contents.

      Initial work is available at  https://github.com/mapr-demos/drill/tree/pcapng_dev

      [1] https://pcapng.github.io/pcapng/

       

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            vstorona Vlad
            vstorona Vlad
            Paul Rogers Paul Rogers
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment