spot-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vinoth S <>
Subject Queries in DNS table values.
Date Wed, 24 Jan 2018 05:07:38 GMT
Hi Team,

Please refer below link for my issue.

I am executing spot-ml alone for my exploration. Need help or few
understanding in DNS table values.

Here my queries/Issues:

*(Issue 1) I need to know what fields need to be placed in ml_feedbck.csv.
Please share some sample file for dns-feedback.csv.*

I have found 18 parameters required in ml_feedbck.csv. Is it correct?
What value need to put in dns_sev field/column?

*(Issue 2) What fields can be empty in DNS table?*

*(Issue 2.1) what will happen if I keep dns_a column value is empty? *
When I was loading data in DNS table, sometime dns_a would be empty. If any
null or empty values in this field, then my ML has been failed.
So I have followed below t-shark command.

tshark.exe -r traffic_spot_00000_20180123100402.pcap -E separator=, -E
header=y -E occurrence=f -T fields -e frame.time -e frame.time_epoch -e
frame.len -e ip.src -e ip.dst -e -e dns.resp.type -e
dns.resp.class -e dns.flags.rcode -e dns.a "(dns.flags.response==1) and
(dns.a)" > traffic_spot_windows.csv

Problem with above command is ‘it has been executed in windows’.
Is it anyone give me equivalent Tshark command for Linux/cent-os?

*(Issue 2.2) what is the expected value in frame_time column?*
My actual value from pcap file is 23-Jan 2018 15:34:16.242978980 India
Standard Time. While executing it has been failed.
Then I have modified manually from 23-Jan 2018 15:34:16.242978980 India
Standard Time to Jan 23 2018 15:34:16.242978980 IST.
Then ML executed successful. Is it any bug?



View raw message