[netsa-tools-discuss] rw* Etymology?

[Richard Graham]

Hi Mark,

Thanks for the background info - much appreciated.

I still like {r}ecord {w}restler.  :-)

Regards,
R

On Thu, Jan 6, 2022 at 9:44 PM Mark Thomas <mthomas at cert.org> wrote:

> Richard-
>
> The short answer is that the file prefix came first, and it meant "raw"
> network flow data.  We began to use the ".rw" suffix to denote flow files
> created by the rw-tools.
>
> The longer answer:
>
> When the project that would become SiLK began, the researchers
> experimented with storing three types of data: tcpdump (pcap) data,
> protocol-specific (http, dns) data referred to as gateway data, and raw
> NetFlow v5 data.
>
> Tools that dealt with packed tcpdump data used a "td" prefix (tdfilter,
> tdcut), those for packed gateway data used a "gw" prefix (gwfilter, gwcut),
> and those for packed raw netflow used an "rw" prefix (rwfilter, rwcut).
>
> The netflow approach was a success and the other approaches were abandoned.
>
> Initially only the tools that supported the network flow records used the
> "rw" prefix.  For example, initial versions of the IPset manipulation tools
> were named "setintersect" and "setunion".  Eventually we decided to use the
> "rw" prefix for all tools as a way of identifying them as part of the same
> suite.
>
> Cheers,
>
> -Mark
>
>
> -----Original Message-----
> From: Richard Graham <rickhg12hs at gmail.com>
> Date: Wed, 5 Jan 2022 19:33:39 +0100
> To: netsa-tools-discuss at cert.org
> Subject: [netsa-tools-discuss] rw* Etymology?
>
> I'm wondering about the command prefix and file suffix "rw" - what it
> means, where it came from, etc.
>
> {r}ecords {w}ith ?
>           {w}ithout ?
>           {w}ho ?
>           {w}hat ?
>           {w}hen ?
>           {w}here ?
>           {w}restling ?  :-)
> {r}ead {w}rite ?
>
> Regards,
> R
>
-------------- next part --------------
HTML attachment scrubbed and removed