Ethereal-dev: Re: [Ethereal-dev] SQL help (Out of the office)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Greg Morris" <GMORRIS@xxxxxxxxxx>
Date: Fri, 12 Mar 2004 00:47:05 -0700
I'm sorry but I am not available Mar 12th. If you need assistance please
call 1-800-858-4000 and ask to have someone else help you. I will be
returning back to the office on Mar 15th.

>>> ethereal-dev 03/12/04 00:46 >>>

Hi List,

  There is more current version of flag called pyflag available on
sourceforge:
  http://sourceforge.net/projects/pyflag/

  The file released there is a patch to ethereal 0.9.16, but the cvs
contains a patch to 0.10.2. The newer patch includes a knowledge base
feature, where ethereal remembers relationships on the network (who is
talking to whom etc) and writes out a summary SQL. This features can be
operated in real time (i.e. is fast enough to keep up). Flag uses this
to draw a network diagram of the network from the deduced knowledge.

The new patch might prove to be more workable re the SQL formatting.

Michael.

On Fri, 2004-03-12 at 13:39, Ober Heim wrote:
> Check out the Flag project.
> It is located at
> http://www.dsd.gov.au/library/software/flag/index.html
> It uses patches to ethereal, although based on an older version that
works
> with mysql.
> The problem using other db's is the way in which Flag patch puts the
info 
> out.
> It does multiline set calls that are not standard sql.
> (e.g.)
> insert into sometable set 
> field1 = 'lala'
> field2 = 'othervar'
> ..
> 
> Although it does handle frame already, as well as the base 
> tcp, udp, dns, http, pop items.
> Worth giving a look at.
> 
> The other way, the method I took, 
> was to write an awk parser to format it for sql format.
> Using the -z "proto,colinfo,frame_num,frame_num" type format you can
> print out most internal vars on the colinfo field.
> This method also allows you to stick with generic ethereal binaries,
and 
> not need your own customer versions.
> 
> My 2 cents.
> On Thu, 11 Mar 2004, Evan J. Burrows wrote:
> 
> > Be patient with me this is my first post,
> > 
> > I m currently a senior in college and i am working on my senior
design 
> > project. Part of my project includes pushing network info to a SQL
2000 
> > Server database. I need this information so i can do real-time
analysis 
> > on the database (hopefully). I looked into various other programs
but 
> > ethereal provided the best performance for the price since it is
free. 
> > 
> > I have installed and compiled the ethereal source on Redhat 9 and
have 
> > been looking at the source files the last 2 weeks trying to get a
feel 
> > of how ethereal works. Unfortunately i am not a very experienced 
> > programmer and i am quite overwhelmed with the Ethereal source code.
I 
> > know pushing the network information to database was on the wishlist

> > and since i need it for my project i figured i would post here and
see 
> > if anyone could help me out or point me in the right direction. 
> > 
> > I want to push the following information to my database:
> > source and destination ip and mac address, protocol, port number, 
> > packet size, Frame number, arrival time, etc.
> > 
> > I have looked through the code and the Readme files but i am still
kind 
> > of confused with which source files contain this information. I have

> > looked through the epan folder and think i found some of the stuff i

> > need but i am not really sure. All the information that i want is 
> > printed to the ethereal gui but i just don't know where to find the 
> > actual source so i can throw in some SQL calls. i looked at 
> > print_packets and thought that possibly might have something to do
with 
> > it. I appologize if this topic has been covered already, but like i 
> > said i just subscribed today. If anyone has any information that
might 
> > help me please post back; whether it be to try and help me out or
point 
> > me in the right direction. 
> > 
> > thanks,
> > Evan 
> > 
> > _______________________________________________
> > Ethereal-dev mailing list
> > Ethereal-dev@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-dev
> > 
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
> 

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev