Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-6179

Added pcapng-format support

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.13.0
    • 1.15.0
    • None

    Description

      The PCAP Next Generation Dump File Format (or pcapng for short) [1] is an attempt to overcome the limitations of the currently widely used (but limited) libpcap format.

      At a first level, it is desirable to query and filter by source and destination IP and port, and src/dest mac addreses or by protocol. Beyond that, however, it would be very useful to be able to group packets by TCP session and eventually to look at packet contents.

      Initial work is available at  https://github.com/mapr-demos/drill/tree/pcapng_dev

      [1] https://pcapng.github.io/pcapng/

       

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. DRILL-7852 Handle PCAP/PCAPNG Better

          • Major - Major loss of function.
          • Closed
          links to

          Web Link GitHub Pull Request #1126

          Web Link GitHub Pull Request #1126

          Activity

            People

              vstorona Vlad
              vstorona Vlad
              Paul Rogers Paul Rogers
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: