The Vertica Forum recently got a makeover! Let us know what you think by filling out this short, anonymous survey.
Please take this survey to help us learn more about how you use third party tools. Your input is greatly appreciated!
How to load PCAP format data
Kaito
Employee
My prospect wants to load PCAP data. Could you share the tips to load the data into Vertica?
0
Comments
Hi,
pcap files have their own proprietary format:
I would just convert the pcap files to csv using tshark and load those into Vertica
Example:
[dbadmin@s18384357 pcap]$ vsql -c "create flex table pcap();" CREATE TABLE [dbadmin@s18384357 pcap]$ tshark -r ipv4frags.pcap -T fields -e frame.number -e eth.src -e eth.dst -e ip.src -e ip.dst -e frame.len -E header=y -E separator=, | vsql -c "copy pcap from stdin parser fcsvparser();" [dbadmin@s18384357 pcap]$ vsql -c "select compute_flextable_keys_and_build_view('pcap'); [dbadmin@s18384357 pcap]$ vsql -c "select compute_flextable_keys_and_build_view('pcap');" compute_flextable_keys_and_build_view ---------------------------------------------------------------------------------------------- Please see public.pcap_keys for updated keys The view public.pcap_view is ready for querying (1 row) [dbadmin@s18384357 pcap]$ vsql -c "select * from pcap_view;" eth.dst | eth.src | frame.len | frame.number | ip.dst | ip.src -------------------+-------------------+-----------+--------------+---------+--------- 08:00:27:e2:9f:a6 | 08:00:27:fc:6a:c9 | 1010 | 1 | 2.1.1.1 | 2.1.1.2 08:00:27:e2:9f:a6 | 08:00:27:fc:6a:c9 | 466 | 2 | 2.1.1.1 | 2.1.1.2 08:00:27:fc:6a:c9 | 08:00:27:e2:9f:a6 | 1442 | 3 | 2.1.1.2 | 2.1.1.1 (3 rows)Thank you, Jim!