Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.18.0
-
None
-
None
Description
Currently Drill's PCAP plugin reads the binary packet data and outputs this as a string in the data column. While this is somewhat helpful, it would be considerably more useful to parse the actual packet (when possible) and map the fields to Drill vectors. Doing so would enable users to query the actual packet contents much more effectively and it would dramatically increase Drill's usefulness for network forensics.