Ethereal-dev: Re: [Ethereal-dev] SQL help

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Michael Cohen <michael.cohen@xxxxxxxxxxxxxxx>
Date: Fri, 12 Mar 2004 18:46:17 +1100
Hi List,

  There is more current version of flag called pyflag available on
sourceforge:
  http://sourceforge.net/projects/pyflag/

  The file released there is a patch to ethereal 0.9.16, but the cvs
contains a patch to 0.10.2. The newer patch includes a knowledge base
feature, where ethereal remembers relationships on the network (who is
talking to whom etc) and writes out a summary SQL. This features can be
operated in real time (i.e. is fast enough to keep up). Flag uses this
to draw a network diagram of the network from the deduced knowledge.

The new patch might prove to be more workable re the SQL formatting.

Michael.

On Fri, 2004-03-12 at 13:39, Ober Heim wrote:
> Check out the Flag project.
> It is located at
> http://www.dsd.gov.au/library/software/flag/index.html
> It uses patches to ethereal, although based on an older version that works
> with mysql.
> The problem using other db's is the way in which Flag patch puts the info 
> out.
> It does multiline set calls that are not standard sql.
> (e.g.)
> insert into sometable set 
> field1 = 'lala'
> field2 = 'othervar'
> ..
> 
> Although it does handle frame already, as well as the base 
> tcp, udp, dns, http, pop items.
> Worth giving a look at.
> 
> The other way, the method I took, 
> was to write an awk parser to format it for sql format.
> Using the -z "proto,colinfo,frame_num,frame_num" type format you can
> print out most internal vars on the colinfo field.
> This method also allows you to stick with generic ethereal binaries, and 
> not need your own customer versions.
> 
> My 2 cents.
> On Thu, 11 Mar 2004, Evan J. Burrows wrote:
> 
> > Be patient with me this is my first post,
> > 
> > I m currently a senior in college and i am working on my senior design 
> > project. Part of my project includes pushing network info to a SQL 2000 
> > Server database. I need this information so i can do real-time analysis 
> > on the database (hopefully). I looked into various other programs but 
> > ethereal provided the best performance for the price since it is free. 
> > 
> > I have installed and compiled the ethereal source on Redhat 9 and have 
> > been looking at the source files the last 2 weeks trying to get a feel 
> > of how ethereal works. Unfortunately i am not a very experienced 
> > programmer and i am quite overwhelmed with the Ethereal source code. I 
> > know pushing the network information to database was on the wishlist 
> > and since i need it for my project i figured i would post here and see 
> > if anyone could help me out or point me in the right direction. 
> > 
> > I want to push the following information to my database:
> > source and destination ip and mac address, protocol, port number, 
> > packet size, Frame number, arrival time, etc.
> > 
> > I have looked through the code and the Readme files but i am still kind 
> > of confused with which source files contain this information. I have 
> > looked through the epan folder and think i found some of the stuff i 
> > need but i am not really sure. All the information that i want is 
> > printed to the ethereal gui but i just don't know where to find the 
> > actual source so i can throw in some SQL calls. i looked at 
> > print_packets and thought that possibly might have something to do with 
> > it. I appologize if this topic has been covered already, but like i 
> > said i just subscribed today. If anyone has any information that might 
> > help me please post back; whether it be to try and help me out or point 
> > me in the right direction. 
> > 
> > thanks,
> > Evan 
> > 
> > _______________________________________________
> > Ethereal-dev mailing list
> > Ethereal-dev@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-dev
> > 
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>