drill-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Dunning <ted.dunn...@gmail.com>
Subject Re: Drill fails to query pcap files
Date Thu, 07 Feb 2019 16:45:24 GMT
Giovanni,

A critical thing to help progress here is sample corrupted data. Even just
information about what kind of corruption you are seeing is important.

Packet corruption is a key technique of malware so handling bad records
well is of great importance.



On Thu, Feb 7, 2019 at 3:54 PM GiovanniC <gio.cnt@gmail.com> wrote:

> Unfortunately I don’t have more of them at the moment.
>
> > Il giorno 7 feb 2019, alle ore 14:33, Charles Givre <cgivre@gmail.com>
> ha scritto:
> >
> > Hi Giovanni,
> > Can you post additional PCAP files that don’t work?  Basically, I’m
> going to add some code that will let you set a tolerance level of how many
> errors Drill will tolerate before throwing an exception.
> > — C
> >
> >> On Feb 7, 2019, at 07:33, GiovanniC <gio.cnt@gmail.com> wrote:
> >>
> >> I can help you by doing some test.
> >>
> >>> Il giorno 6 feb 2019, alle ore 18:46, Charles Givre <cgivre@gmail.com>
> ha scritto:
> >>>
> >>> Just create a ticket and I will work on it.
> >>>
> >>> Sent from my iPhone
> >>>
> >>>> On Feb 6, 2019, at 12:35, Giovanni Conte <gio.cnt@gmail.com> wrote:
> >>>>
> >>>> I would like to, but I am not a java dev :(
> >>>>
> >>>> Il giorno mer 6 feb 2019 alle ore 18:31 Arina Yelchiyeva <
> >>>> arina.yelchiyeva@gmail.com> ha scritto:
> >>>>
> >>>>> Contributions are always welcome :)
> >>>>>
> >>>>> Kind regards,
> >>>>> Arina
> >>>>>
> >>>>>> On Wed, Feb 6, 2019 at 7:19 PM Charles Givre <cgivre@gmail.com>
> wrote:
> >>>>>>
> >>>>>> Hi Giovanni
> >>>>>> I think it would be useful for Drill to have some ability to
ignore
> >>>>>> corrupt rows in a PCAP file.  Can you open a JIRA ticket for
this?
> >>>>>>
> >>>>>> Sent from my iPhone
> >>>>>>
> >>>>>>> On Feb 6, 2019, at 12:15, Arina Yelchiyeva <
> arina.yelchiyeva@gmail.com
> >>>>>>
> >>>>>> wrote:
> >>>>>>>
> >>>>>>> Hi Giovanni,
> >>>>>>>
> >>>>>>> I don't think Drill pcap format reader has such functionality.
> >>>>>>>
> >>>>>>> Kind regards,
> >>>>>>> Arina
> >>>>>>>
> >>>>>>>> On Wed, Feb 6, 2019 at 6:39 PM Giovanni Conte <gio.cnt@gmail.com>
> >>>>>> wrote:
> >>>>>>>>
> >>>>>>>> Hi,
> >>>>>>>> I'm trying to query a pcap file and I know that there
are
> corrupted
> >>>>> rows
> >>>>>>>> (precisely line 6407),
> >>>>>>>> I need a command to skip this rows to avoid the following
error:
> >>>>>>>>
> >>>>>>>> Error: INTERNAL_ERROR ERROR: null
> >>>>>>>> Fragment 0:0
> >>>>>>>> Please, refer to logs for more information.
> >>>>>>>> [Error Id: fe17f64d-4ac8-453f-b442-9bcf68c69c61 on ubuntu:31010]
> >>>>>>>> (state=,code=0)
> >>>>>>>>
> >>>>>>>> [...]
> >>>>>>>>
> >>>>>>>> the complete error is attached in the txt file ()for
java
> exceptions,
> >>>>>>>> along with the pcap file used for testing this issue.
I would
> like to
> >>>>>> avoid
> >>>>>>>> a pre-parsing of the pcap when a corrupted row is found.
> >>>>>>>> Is there a way to avoid this problem?
> >>>>>>>> Thanks,
> >>>>>>>>
> >>>>>>>> Giovanni
> >>>>>>>>
> >>>>>>>> OS: Ubuntu 18.4
> >>>>>>>> Drill version: 1.15.0
> >>>>>>>> Java(TM) SE Runtime Environment (build 1.8.0_191-b12)
> >>>>>>>>
> >>>>>>
> >>>>>
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message