Github user tdunning commented on the issue:
https://github.com/apache/drill/pull/1080
To follow sequences, group by session id, order by time or sequence number.
This assumes ports are not reused to the same host very often. Will break
occasionally under odd conditions such as super high connection rate behind
a broken proxy with no keep alive.
On Jan 2, 2018 7:41 PM, "Charles S. Givre" <[email protected]> wrote:
> Hi Ted,
> Thanks for doing this. This looks really great! The PCAP files came from
> here: https://github.com/chrissanders/packets. The author said that they
> are free to use, but asks for retribution.
>
> When I started poking at this, and my original thought was to add a
> boolean column for each TCP flag which would facilitate analysis, as well
> as a field which contains all the flags. My original thought was that
would
> enable you to quickly detect things like SYN scans and the like. I've been
> going through Practical Packet Analysis by Chris Sanders and trying to do
> some of the same things he does in Wireshark with Drill. The next thing I
> was going to try to do was figure out a way of getting Drill to follow
> sequences.
>
> â
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub
> <https://github.com/apache/drill/pull/1080#issuecomment-354932156>, or
mute
> the thread
>
<https://github.com/notifications/unsubscribe-auth/AAPSer4NlGCG2NVsDPLLmmNzAwBy88Knks5tGvbjgaJpZM4RRO_1>
> .
>
---
