Re: Export ethereal cap file to SQL database with all details

Thu, 17 Aug 2006 17:18:08 -0700 

Hi 

i have a PoC on perl to send the results of TCPCUMP to MySQL, i know
it's not perfect, but it works for me.

regards 

<perl code> -------------------------------

#!/usr/bin/perl

use DBI;


print "\n\n";
print "Programa para pasar los registros de tcpdump a mysql\n";
print "hfgr  Agosto 2005\n\n\n";


#preprando la conexión con el servidor MySQL
my $dns = "DBI:mysql:dumplog;localhost";
my $dbh = DBI->connect($dns,"root","");

my $src, my $dst;

#mientras existan registros ....
while (<STDIN>) {
    chomp($data = <STDIN>);
#    print $data . "\n";
    ($mdate, $timestamp, $proto,  $src,$si, $dst ) = split " ",$data;

    $src =~ s/\./-/g;

    @tp1 = split "-",$src;
    $srcc = "$tp1[0].$tp1[1].$tp1[2].$tp1[3]";
    $ps = $tp1[4];

    $dst =~ s/\./-/g;
    @tp1 = split "-",$dst;
    $dstt = "$tp1[0].$tp1[1].$tp1[2].$tp1[3]";
    ($pd) = split ":",$tp1[4];
#    print "$timestamp, $srcc, $ps , $dstt, $pd \n";
#    print ".";

    if($proto eq 'IP') {
    # Insertando los datos a la tabla
      my $sth = $dbh-> prepare("
      INSERT INTO tip VALUES
('$mdate','$timestamp','$srcc',$ps,'$dstt',$pd)" );
      $sth->execute;
    }
}

#Terminando la conexión con el servidor MySQL
$dbh->disconnect;

</perl code>

and i use like that :

# tcpdump -nn | tcp2my.pl

the sql code to mysql is :

<myslq code>

create database dumplog;
use dumplog;

create table tip (
 mdate varchar(12),
 timestamp varchar(24),
 hsrc varchar(15),
 psrc integer,
 hdst varchar(15),
 pdst integer
);

</mysql code>


On Thu, Aug 10, 2006 at 09:20:13AM -0000, [EMAIL PROTECTED] wrote:
> Hi All,
> 
> I want to export ethereal cap file to SQL database with all details.
> 
> Please suggest any method for it.
> 
> Regards,
> Nagesh Lad
> 
> ------------------------------------------------------------------------
> Test Your IDS
> 
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it 
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
> to learn more.
> ------------------------------------------------------------------------

-- 
Hugo Francisco González Robledo
Instituto Tecnológico de San Luis Potosí

Llave pública en http://www.honeynet.org.mx
Llave pública en http://ardilla.zapto.org

Preguntale a Google-Earth donde estoy :
http://ardilla.zapto.org/ubicaHugo.kml

-------------------------------------------
Educación es lo que queda después de olvidar
lo que se ha aprendido en la escuela.
                Albert Einstein
-------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------

Reply via email to