Ethereal-dev: Re: [Ethereal-dev] SQL help
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Michael Cohen <michael.cohen@xxxxxxxxxxxxxxx>
Date: Fri, 12 Mar 2004 18:46:17 +1100
Hi List, There is more current version of flag called pyflag available on sourceforge: http://sourceforge.net/projects/pyflag/ The file released there is a patch to ethereal 0.9.16, but the cvs contains a patch to 0.10.2. The newer patch includes a knowledge base feature, where ethereal remembers relationships on the network (who is talking to whom etc) and writes out a summary SQL. This features can be operated in real time (i.e. is fast enough to keep up). Flag uses this to draw a network diagram of the network from the deduced knowledge. The new patch might prove to be more workable re the SQL formatting. Michael. On Fri, 2004-03-12 at 13:39, Ober Heim wrote: > Check out the Flag project. > It is located at > http://www.dsd.gov.au/library/software/flag/index.html > It uses patches to ethereal, although based on an older version that works > with mysql. > The problem using other db's is the way in which Flag patch puts the info > out. > It does multiline set calls that are not standard sql. > (e.g.) > insert into sometable set > field1 = 'lala' > field2 = 'othervar' > .. > > Although it does handle frame already, as well as the base > tcp, udp, dns, http, pop items. > Worth giving a look at. > > The other way, the method I took, > was to write an awk parser to format it for sql format. > Using the -z "proto,colinfo,frame_num,frame_num" type format you can > print out most internal vars on the colinfo field. > This method also allows you to stick with generic ethereal binaries, and > not need your own customer versions. > > My 2 cents. > On Thu, 11 Mar 2004, Evan J. Burrows wrote: > > > Be patient with me this is my first post, > > > > I m currently a senior in college and i am working on my senior design > > project. Part of my project includes pushing network info to a SQL 2000 > > Server database. I need this information so i can do real-time analysis > > on the database (hopefully). I looked into various other programs but > > ethereal provided the best performance for the price since it is free. > > > > I have installed and compiled the ethereal source on Redhat 9 and have > > been looking at the source files the last 2 weeks trying to get a feel > > of how ethereal works. Unfortunately i am not a very experienced > > programmer and i am quite overwhelmed with the Ethereal source code. I > > know pushing the network information to database was on the wishlist > > and since i need it for my project i figured i would post here and see > > if anyone could help me out or point me in the right direction. > > > > I want to push the following information to my database: > > source and destination ip and mac address, protocol, port number, > > packet size, Frame number, arrival time, etc. > > > > I have looked through the code and the Readme files but i am still kind > > of confused with which source files contain this information. I have > > looked through the epan folder and think i found some of the stuff i > > need but i am not really sure. All the information that i want is > > printed to the ethereal gui but i just don't know where to find the > > actual source so i can throw in some SQL calls. i looked at > > print_packets and thought that possibly might have something to do with > > it. I appologize if this topic has been covered already, but like i > > said i just subscribed today. If anyone has any information that might > > help me please post back; whether it be to try and help me out or point > > me in the right direction. > > > > thanks, > > Evan > > > > _______________________________________________ > > Ethereal-dev mailing list > > Ethereal-dev@xxxxxxxxxxxx > > http://www.ethereal.com/mailman/listinfo/ethereal-dev > > > > _______________________________________________ > Ethereal-dev mailing list > Ethereal-dev@xxxxxxxxxxxx > http://www.ethereal.com/mailman/listinfo/ethereal-dev >
- Follow-Ups:
- Re: [Ethereal-dev] SQL help
- From: Richard Sharpe
- Re: [Ethereal-dev] SQL help
- References:
- Re: [Ethereal-dev] SQL help
- From: Ober Heim
- Re: [Ethereal-dev] SQL help
- Prev by Date: Re: [Ethereal-dev] SQL help
- Next by Date: Re: [Ethereal-dev] SQL help (Out of the office)
- Previous by thread: Re: [Ethereal-dev] SQL help
- Next by thread: Re: [Ethereal-dev] SQL help
- Index(es):