On 7/25/2008 4:02 AM, Saeed Akhtar wrote: > Is there any tool for offline scripting ........ >
You may want to have a look at CoMo: http://como.sourceforge.net/ From the "Publications" section: http://como.sourceforge.net/pubs/fastproto.pam2006.pdf I suppose it depends on your requirements and how much/little code you want to write. What application layer protocols are you interested in (i.e. decodes)? Or is it just basic IP/TCP/UDP info enough? Are you firmly set on using the decodes/logic (data) Wireshark supplies (if so, then you'd need to write some code to extract that and then import it somehow (tshark -T pdml?))? It'd be interesting to hear your requirements/use case and your estimated data set size. FWIW, a while back I wrote a couple of "off-the-cuff" (quick and dirty) scripts that did a simple nightly export from a firewall log that had about 2GB of data. I then stripped it to just IP/port address pairs and timestamps and maybe a small proprietary firewall tag (varchar) field or two. The other script deleted any existing indexes and then did a bulk data load into a PostgreSQL table and then re-created the indexes. What surprised me was how slow this process was... with a 2-way Xeon 2.6 GHz box, SCSI disks and 2GB RAM (I wish I could remember some queries I did and the load/import times, sorry). Depending on your queries and the amount of data you actually load into the tables, and obviously your hardware, you may be in for a rough/slow ride. I don't intend to discourage you, just to pass along some very basic info from an admittedly simple test/trial I did. Like most things, it just depends on your requirements/data sets and whether the performance/load is acceptable. The paper I referenced above had some references to other projects that you might find useful. Hope this helps, -Nathan > On Tue, Jul 22, 2008 at 7:03 PM, Abhik Sarkar <[EMAIL PROTECTED]> > wrote: > >> Hi Saeed, >> >> This has been discussed before... >> http://www.wireshark.org/lists/wireshark-dev/200708/msg00041.html >> >> You can search the wireshark mailing list archives to see if there are >> more discussions. >> >> HTH >> Abhik. >> >> On Tue, Jul 22, 2008 at 4:49 PM, Saeed Akhtar <[EMAIL PROTECTED]> >> wrote: >>> Hi, >>> I am trying to dump information retrieved from wireshark to sql. is >> there >>> any option in wireshark or is it already done by someone. >>> >>> _______________________________________________ >>> Wireshark-dev mailing list >>> [email protected] >>> https://wireshark.org/mailman/listinfo/wireshark-dev >>> >>> >> _______________________________________________ >> Wireshark-dev mailing list >> [email protected] >> https://wireshark.org/mailman/listinfo/wireshark-dev >> > > > ------------------------------------------------------------------------ > > _______________________________________________ > Wireshark-dev mailing list > [email protected] > https://wireshark.org/mailman/listinfo/wireshark-dev _______________________________________________ Wireshark-dev mailing list [email protected] https://wireshark.org/mailman/listinfo/wireshark-dev
