You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@drill.apache.org by Ted Dunning <td...@mapr.com> on 2018/01/02 07:00:38 UTC
Re: PCAP Issues
I was also interested in adding the TCP Sequence and Ack numbers as well.
tcp_sequence is already there. Copy that and modify with a different offset for the ack number.
And then do the same for flags.
I will have a test patch sometime this week, I think. We can compare gists and such.
________________________________
From: Charles Givre <cg...@gmail.com>
Sent: Monday, January 1, 2018 12:28:17 PM
To: dev@drill.apache.org
Cc: Ted Dunning
Subject: PCAP Issues
Hello all,
I was playing with the PCAP functionality in Drill and I wanted to add the TCP flags to the data that Drill is returning. I was also interested in adding the TCP Sequence and Ack numbers as well. I noticed that the code as written currently has a function in Packet.java which returns the TCP Sequence number, however this was never added to the schema, so I added that and rebuilt Drill, however, it doesn’t seem to be returning the correct result. The file I was querying is attached to this email, and should in all cases return a sequence number of zero.
Questions:
1. Could someone please take a look at the code for the tcp_sequence and see if I did something wrong, or if the offset is not being calculated correctly
2. I’m trying to figure out the offsets for the various TCP flags. I would think that the offset should be PacketConstants.ETHER_HEADER_LENGTH + getIPHeaderLength() +13 to get the word that has the flags and then from there, access the individual bits. However, this doesn’t seem to work. What am I missing?
Thanks and Happy New Year!
- C
Re: PCAP Issues
Posted by Charles Givre <cg...@gmail.com>.
Hi Ted,
The file was from this repo: https://github.com/chrissanders/packets <https://github.com/chrissanders/packets>
I converted the file from PCAPNG format to PCAP then to JSON for comparison—all using Wireshark. Which brings up another point, I think once we get the PCAP functionality nailed down, I’d like to see what would be involved in getting Drill to read PCAPNG as well. But one thing at a time…
— C
> On Jan 2, 2018, at 02:00, Ted Dunning <td...@mapr.com> wrote:
>
>
> I was also interested in adding the TCP Sequence and Ack numbers as well.
>
> tcp_sequence is already there. Copy that and modify with a different offset for the ack number.
>
> And then do the same for flags.
>
> I will have a test patch sometime this week, I think. We can compare gists and such.
>
>
> From: Charles Givre <cg...@gmail.com>
> Sent: Monday, January 1, 2018 12:28:17 PM
> To: dev@drill.apache.org
> Cc: Ted Dunning
> Subject: PCAP Issues
>
> Hello all,
> I was playing with the PCAP functionality in Drill and I wanted to add the TCP flags to the data that Drill is returning. I was also interested in adding the TCP Sequence and Ack numbers as well. I noticed that the code as written currently has a function in Packet.java which returns the TCP Sequence number, however this was never added to the schema, so I added that and rebuilt Drill, however, it doesn’t seem to be returning the correct result. The file I was querying is attached to this email, and should in all cases return a sequence number of zero.
>
> Questions:
> 1. Could someone please take a look at the code for the tcp_sequence and see if I did something wrong, or if the offset is not being calculated correctly
> 2. I’m trying to figure out the offsets for the various TCP flags. I would think that the offset should be PacketConstants.ETHER_HEADER_LENGTH + getIPHeaderLength() +13 to get the word that has the flags and then from there, access the individual bits. However, this doesn’t seem to work. What am I missing?
> Thanks and Happy New Year!
> - C