IDS mailing list archives
Re: Export ethereal cap file to SQL database with all details
From: Hugo Francisco González Robledo <hugo.gonzalez () itslp edu mx>
Date: Thu, 17 Aug 2006 11:43:31 -0500
Hi
i have a PoC on perl to send the results of TCPCUMP to MySQL, i know
it's not perfect, but it works for me.
regards
<perl code> -------------------------------
#!/usr/bin/perl
use DBI;
print "\n\n";
print "Programa para pasar los registros de tcpdump a mysql\n";
print "hfgr Agosto 2005\n\n\n";
#preprando la conexión con el servidor MySQL
my $dns = "DBI:mysql:dumplog;localhost";
my $dbh = DBI->connect($dns,"root","");
my $src, my $dst;
#mientras existan registros ....
while (<STDIN>) {
chomp($data = <STDIN>);
# print $data . "\n";
($mdate, $timestamp, $proto, $src,$si, $dst ) = split " ",$data;
$src =~ s/\./-/g;
@tp1 = split "-",$src;
$srcc = "$tp1[0].$tp1[1].$tp1[2].$tp1[3]";
$ps = $tp1[4];
$dst =~ s/\./-/g;
@tp1 = split "-",$dst;
$dstt = "$tp1[0].$tp1[1].$tp1[2].$tp1[3]";
($pd) = split ":",$tp1[4];
# print "$timestamp, $srcc, $ps , $dstt, $pd \n";
# print ".";
if($proto eq 'IP') {
# Insertando los datos a la tabla
my $sth = $dbh-> prepare("
INSERT INTO tip VALUES
('$mdate','$timestamp','$srcc',$ps,'$dstt',$pd)" );
$sth->execute;
}
}
#Terminando la conexión con el servidor MySQL
$dbh->disconnect;
</perl code>
and i use like that :
# tcpdump -nn | tcp2my.pl
the sql code to mysql is :
<myslq code>
create database dumplog;
use dumplog;
create table tip (
mdate varchar(12),
timestamp varchar(24),
hsrc varchar(15),
psrc integer,
hdst varchar(15),
pdst integer
);
</mysql code>
On Thu, Aug 10, 2006 at 09:20:13AM -0000, nksdata () gmail com wrote:
Hi All, I want to export ethereal cap file to SQL database with all details. Please suggest any method for it. Regards, Nagesh Lad ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
-- Hugo Francisco González Robledo Instituto Tecnológico de San Luis Potosí Llave pública en http://www.honeynet.org.mx Llave pública en http://ardilla.zapto.org Preguntale a Google-Earth donde estoy : http://ardilla.zapto.org/ubicaHugo.kml ------------------------------------------- Educación es lo que queda después de olvidar lo que se ha aprendido en la escuela. Albert Einstein ------------------------------------------- ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Export ethereal cap file to SQL database with all details nksdata (Aug 14)
- Re: Export ethereal cap file to SQL database with all details Hugo Francisco González Robledo (Aug 17)
- Re: Export ethereal cap file to SQL database with all details Raffael Marty (Aug 21)
- <Possible follow-ups>
- RE: Export ethereal cap file to SQL database with all details MARTIN Benoni (Aug 16)
- Re: Export ethereal cap file to SQL database with all details Jason Brvenik (Aug 17)
- Re: Export ethereal cap file to SQL database with all details Hugo Francisco González Robledo (Aug 17)