[jira] [Commented] (DRILL-5432) Want a memory format for PCAP files

Thu, 11 May 2017 07:13:28 -0700 

    [ 
https://issues.apache.org/jira/browse/DRILL-5432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16006479#comment-16006479
 ] 

ASF GitHub Bot commented on DRILL-5432:
---------------------------------------

GitHub user Vlad-Storona opened a pull request:

    https://github.com/apache/drill/pull/831

    DRILL-5432: Added pcap-format support

    See DRILL-5432 for details.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/mapr-demos/drill pcap-format

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/drill/pull/831.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #831
    
----
commit 10f4caa983be7ec44e3db51de0fe760566ac2881
Author: Vlad Storona <vstor...@cybervisiontech.com>
Date:   2017-05-11T13:53:08Z

    Added pcap-format support

----


> Want a memory format for PCAP files
> -----------------------------------
>
>                 Key: DRILL-5432
>                 URL: https://issues.apache.org/jira/browse/DRILL-5432
>             Project: Apache Drill
>          Issue Type: New Feature
>            Reporter: Ted Dunning
>
> PCAP files [1] are the de facto standard for storing network capture data. In 
> security and protocol applications, it is very common to want to extract 
> particular packets from a capture for further analysis.
> At a first level, it is desirable to query and filter by source and 
> destination IP and port or by protocol. Beyond that, however, it would be 
> very useful to be able to group packets by TCP session and eventually to look 
> at packet contents. For now, however, the most critical requirement is that 
> we should be able to scan captures at very high speed.
> I previously wrote a (kind of working) proof of concept for a PCAP decoder 
> that did lazy deserialization and could traverse hundreds of MB of PCAP data 
> per second per core. This compares to roughly 2-3 MB/s for widely available 
> Apache-compatible open source PCAP decoders.
> This JIRA covers the integration and extension of that proof of concept as a 
> Drill file format.
> Initial work is available at https://github.com/mapr-demos/drill-pcap-format
> [1] https://en.wikipedia.org/wiki/Pcap



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to