Re: Export ethereal cap file to SQL database with all details
- From: Hugo Francisco González Robledo <hugo.gonzalez@xxxxxxxxxxxx>
- Date: Thu, 17 Aug 2006 11:43:31 -0500
Hi
i have a PoC on perl to send the results of TCPCUMP to MySQL, i know
it's not perfect, but it works for me.
regards
<perl code> -------------------------------
#!/usr/bin/perl
use DBI;
print "\n\n";
print "Programa para pasar los registros de tcpdump a mysql\n";
print "hfgr Agosto 2005\n\n\n";
#preprando la conexión con el servidor MySQL
my $dns = "DBI:mysql:dumplog;localhost";
my $dbh = DBI->connect($dns,"root","");
my $src, my $dst;
#mientras existan registros ....
while (<STDIN>) {
chomp($data = <STDIN>);
# print $data . "\n";
($mdate, $timestamp, $proto, $src,$si, $dst ) = split " ",$data;
$src =~ s/\./-/g;
@tp1 = split "-",$src;
$srcc = "$tp1[0].$tp1[1].$tp1[2].$tp1[3]";
$ps = $tp1[4];
$dst =~ s/\./-/g;
@tp1 = split "-",$dst;
$dstt = "$tp1[0].$tp1[1].$tp1[2].$tp1[3]";
($pd) = split ":",$tp1[4];
# print "$timestamp, $srcc, $ps , $dstt, $pd \n";
# print ".";
if($proto eq 'IP') {
# Insertando los datos a la tabla
my $sth = $dbh-> prepare("
INSERT INTO tip VALUES
('$mdate','$timestamp','$srcc',$ps,'$dstt',$pd)" );
$sth->execute;
}
}
#Terminando la conexión con el servidor MySQL
$dbh->disconnect;
</perl code>
and i use like that :
# tcpdump -nn | tcp2my.pl
the sql code to mysql is :
<myslq code>
create database dumplog;
use dumplog;
create table tip (
mdate varchar(12),
timestamp varchar(24),
hsrc varchar(15),
psrc integer,
hdst varchar(15),
pdst integer
);
</mysql code>
On Thu, Aug 10, 2006 at 09:20:13AM -0000, nksdata@xxxxxxxxx wrote:
Hi All,
I want to export ethereal cap file to SQL database with all details.
Please suggest any method for it.
Regards,
Nagesh Lad
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
--
Hugo Francisco González Robledo
Instituto Tecnológico de San Luis Potosí
Llave pública en http://www.honeynet.org.mx
Llave pública en http://ardilla.zapto.org
Preguntale a Google-Earth donde estoy :
http://ardilla.zapto.org/ubicaHugo.kml
-------------------------------------------
Educación es lo que queda después de olvidar
lo que se ha aprendido en la escuela.
Albert Einstein
-------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
- Follow-Ups:
- Re: Export ethereal cap file to SQL database with all details
- From: Raffael Marty
- Re: Export ethereal cap file to SQL database with all details
- References:
- Prev by Date: Re: A Neural Network to detect polymorphic shellcodes
- Next by Date: Re: Worm attack generation tools
- Previous by thread: Export ethereal cap file to SQL database with all details
- Next by thread: Re: Export ethereal cap file to SQL database with all details
- Index(es):
