Github user cgivre commented on the issue:
https://github.com/apache/drill/pull/1080
Hi Ted,
Thanks for doing this. This looks really great! The PCAP files came from
here: https://github.com/chrissanders/packets. The author said that they are
free to use, but asks for retribution.
When I started poking at this, and my original thought was to add a boolean
column for each TCP flag which would facilitate analysis, as well as a field
which contains all the flags. My original thought was that would enable you to
quickly detect things like SYN scans and the like. I've been going through
`Practical Packet Analysis` by Chris Sanders and trying to do some of the same
things he does in Wireshark with Drill. The next thing I was going to try to
do was figure out a way of getting Drill to follow sequences.
---
