tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Senior design group needs some assistance

From: "Evan J. Burrows" <eburrows () stevens edu>
Date: Wed, 24 Mar 2004 14:05:13 -0500 (EST)
All,

I am currently a computer engineering senior in college and I am 
working on my senior design project. Our project is to allocate 
bandwidth to users that require it the most based on application 
priority. The two main applications that we need to get our project 
working are our database and a network sniffer. I originally was 
looking at ethereal because it gave us all the information that we 
wanted (source/destination ip and MAC address, port number, protocol, 
time, date, frame number, etc). But i spent 2-3 weeks trying to figure 
out the code enough to figure out where the informaiton was so i could 
push it to our database. Finally i sent the developers mailing list 
some questions and they told me to use tcpdump because ethereal was 
probably overkill for what i was trying to collect. So here i am now 
asking you guys for some help. I need to get this packet information 
into our database as soon as possible because the main part of our 
project is the analysis on the data in the database.

I would like to try and push the network information to the database as 
close to real-time as possible. Here is the call i am presently using:
tcpdump -l -n -x - v | tcpdfilter -d
Now here is the part that i hope you guys can give me some direction 
with. The developers at ethereal told me that i can pipe the tcpdump 
data and then write a small program to open it and read the data to the 
database. Can you give me any insight on how to do this? I am not an 
experienced programmer so i am having many issues.. what programming 
language should i read the program to open the pipe? Perl, java?? I 
also have to be able to make SQL calls within that program. Also when i 
pipe this tcpdump data do i have to save it and then open the pipe and 
read it or can this be done continuously so the information continues 
to be pushed to the database as new packets come in. I will probably 
filter the tcpdump for each source mac address and then create a table 
in our database for each host to be analyzed. I will probably filter 
just TCP and UDP protocols as well. Sorry this is so long but my group 
is in desperate need of assistance. Any help or insight that you can 
provided us would be much appreciated.

thanks,
Evan

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: