Loading Wireshark data into a SQL database (new GNU tool available)

[Thomas Richards <thomas.richards () commandfive com>]

Hi,

A number of people have asked about loading Wireshark data into a SQL database, both on this mailing list and on the 
Wireshark wiki. Command Five Pty Ltd <http://www.commandfive.com> has just released a free (GNU) tool called C5 SIGMA 
<http://www.commandfive.com/downloads/c5sigma.html> that automates the task of processing multiple capture files 
through TShark and loading the results into SQL Server. The tool could be ported to other database systems fairly 
easily (source code is available for download).

C5 SIGMA works by flattening the protocol tree into a set of tables, columns and foreign keys with a schema that is 
generated automatically from the TShark XML. Standard Wireshark field names are used where available and 
"intelligently" generated names are used for text nodes (i.e. you can query against fields that you normally can't 
write filters for). The generated names don't include any capture data (so you won't end up with tables named   
"www_google_com" or "joebloggs_at_wireshark_org" etc).

We've found C5 SIGMA invaluable as a tool for intrusion analysis and data correlation, hopefully you also find it 
useful. If you have feedback, bug reports, feature requests, or would like to contribute to the source code please let 
us know: <sigma () commandfive com>

Regards,
Thomas Richards

-- 
COMMAND FIVE PTY LTD
www.commandfive.com

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe