drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Takeo Ogawara (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-5708) Add DNS decode function for PCAP storage
Date Wed, 09 Aug 2017 01:34:00 GMT

    [ https://issues.apache.org/jira/browse/DRILL-5708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16119286#comment-16119286

Takeo Ogawara commented on DRILL-5708:

Hello Givre

Thank you for the comment.
Main outputs are following in my mind.
1. Domain name, queried by user
2. Canonical names in response sequences
3. Resolved IP Address
4. TTL 

> Add DNS decode function for PCAP storage
> ----------------------------------------
>                 Key: DRILL-5708
>                 URL: https://issues.apache.org/jira/browse/DRILL-5708
>             Project: Apache Drill
>          Issue Type: Improvement
>          Components: Storage - Other
>            Reporter: Takeo Ogawara
>            Priority: Minor
> As described in DRILL-5432, it is very useful to analyze packet contents and application
layer protocols. To improve the PCAP analysis function, it's better to add a function to decode
DNS queries and responses. This enables to classify packets by FQDN and display user access

This message was sent by Atlassian JIRA

View raw message