Details
-
Improvement
-
Status: Open
-
Trivial
-
Resolution: Unresolved
-
None
-
None
-
None
Description
FYI: I am executing spot-ml alone for my exploration. Need help or few understanding in DNS table values.
Here my queries/Issues:
(Issue 1) I need to know what fields need to be placed in ml_feedbck.csv. Please share some sample file for dns-feedback.csv.
From https://github.com/apache/incubator-spot/blob/master/spot-ml/src/main/scala/org/apache/spot/dns/model/DNSFeedback.scala
I have found 18 parameters required in ml_feedbck.csv. Is it correct?
What value need to put in dns_sev field/column?
(Issue 2) What fields can be empty in DNS table?
(Issue 2.1) what will happen if I keep dns_a column value is empty?
When I was loading data in DNS table, sometime dns_a would be empty. If any null or empty values in this field, then my ML has been failed.
So I have followed below t-shark command.
tshark.exe -r traffic_spot_00000_20180123100402.pcap -E separator=, -E header=y -E occurrence=f -T fields -e frame.time -e frame.time_epoch -e frame.len -e ip.src -e ip.dst -e dns.resp.name -e dns.resp.type -e dns.resp.class -e dns.flags.rcode -e dns.a "(dns.flags.response==1) and (dns.a)" > traffic_spot_windows.csv
Problem with above command is ‘it has been executed in windows’.
Is it anyone give me equivalent Tshark command for Linux/cent-os?
(Issue 2.2) what is the expected value in frame_time column?
My actual value from pcap file is 23-Jan 2018 15:34:16.242978980 India Standard Time. While executing it has been failed.
Then I have modified manually from 23-Jan 2018 15:34:16.242978980 India Standard Time to Jan 23 2018 15:34:16.242978980 IST.
Then ML executed successful. Is it any bug?
PFA for more information Apache Spot ML Issue.docx