You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@drill.apache.org by "Vlad (JIRA)" <ji...@apache.org> on 2018/02/22 14:35:00 UTC

[jira] [Created] (DRILL-6179) Added pcapng-format support

Vlad created DRILL-6179:
---------------------------

             Summary: Added pcapng-format support
                 Key: DRILL-6179
                 URL: https://issues.apache.org/jira/browse/DRILL-6179
             Project: Apache Drill
          Issue Type: New Feature
            Reporter: Vlad
            Assignee: Vlad


The _PCAP Next Generation Dump File Format_ (or pcapng for short) [1] is an attempt to overcome the limitations of the currently widely used (but limited) libpcap format.

At a first level, it is desirable to query and filter by source and destination IP and port, and src/dest mac addreses or by protocol. Beyond that, however, it would be very useful to be able to group packets by TCP session and eventually to look at packet contents.

Initial work is available at  https://github.com/mapr-demos/drill/tree/pcapng_dev

[1] https://pcapng.github.io/pcapng/

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)