Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Export ethereal cap file to SQL database with all details

from [Raffael Marty] Network Security [Permanent Link]
Subject: Re: Export ethereal cap file to SQL database with all details
Date: Mon, 21 Aug 2006 14:33:08 -0700 
Well, AfterGlow (afterglow.sourceforge.net) has a tcpdump parser which
is fairly good... (beware, I am biased ;)

It takes tcpdump and geneates csv output:

tcpdump -vttttnneli ath0 | ./tcpdump2csv.pl "sip dip dport" 

This will for example generate output with just the sourceIP, the
destinationIP and the destinationPort. Check the source to see other
fields that the parser understands...

The nice thing is also that it takes care of the client->server pairs.
Meaning that for the responses, the source and destionation is inverted.

Hope this helps...

  -raffy


Hi 

i have a PoC on perl to send the results of TCPCUMP to MySQL, i know
it's not perfect, but it works for me.

regards 

<perl code> -------------------------------

#!/usr/bin/perl

use DBI;


print "\n\n";
print "Programa para pasar los registros de tcpdump a mysql\n";
print "hfgr  Agosto 2005\n\n\n";


#preprando la conexión con el servidor MySQL
my $dns = "DBI:mysql:dumplog;localhost";
my $dbh = DBI->connect($dns,"root","");

my $src, my $dst;

#mientras existan registros ....
while (<STDIN>) {
    chomp($data = <STDIN>);
#    print $data . "\n";
    ($mdate, $timestamp, $proto,  $src,$si, $dst ) = split " ",$data;

    $src =~ s/\./-/g;

    @tp1 = split "-",$src;
    $srcc = "$tp1[0].$tp1[1].$tp1[2].$tp1[3]";
    $ps = $tp1[4];

    $dst =~ s/\./-/g;
    @tp1 = split "-",$dst;
    $dstt = "$tp1[0].$tp1[1].$tp1[2].$tp1[3]";
    ($pd) = split ":",$tp1[4];
#    print "$timestamp, $srcc, $ps , $dstt, $pd \n";
#    print ".";

    if($proto eq 'IP') {
    # Insertando los datos a la tabla
      my $sth = $dbh-> prepare("
      INSERT INTO tip VALUES
('$mdate','$timestamp','$srcc',$ps,'$dstt',$pd)" );
      $sth->execute;
    }
}

#Terminando la conexión con el servidor MySQL
$dbh->disconnect;

</perl code>

and i use like that :

# tcpdump -nn | tcp2my.pl

the sql code to mysql is :

<myslq code>

create database dumplog;
use dumplog;

create table tip (
 mdate varchar(12),
 timestamp varchar(24),
 hsrc varchar(15),
 psrc integer,
 hdst varchar(15),
 pdst integer
);

</mysql code>


On Thu, Aug 10, 2006 at 09:20:13AM -0000, nksdata@gmail.com wrote:

Hi All,

I want to export ethereal cap file to SQL database with all details.

Please suggest any method for it.

Regards,
Nagesh Lad

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------


-- 
Hugo Francisco González Robledo
Instituto Tecnológico de San Luis Potosí

Llave pública en http://www.honeynet.org.mx
Llave pública en http://ardilla.zapto.org

Preguntale a Google-Earth donde estoy :
http://ardilla.zapto.org/ubicaHugo.kml

-------------------------------------------
Educación es lo que queda después de olvidar
lo que se ha aprendido en la escuela.
              Albert Einstein
-------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------



-- 

Raffael Marty, GCIA, CISSP                    raffael.marty@arcsight.com
Manager                                  Strategic Application Solutions
ArcSight, Inc.                                         +1 (408) 864 2662

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  IDS testing tools, jarleay
Next by Date:  RE: Worm attack generation tools, Tony Haywood
Previous by Thread:  Re: Export ethereal cap file to SQL database with all details, Hugo Francisco González Robledo
Next by Thread:  RE: Export ethereal cap file to SQL database with all details, MARTIN Benoni
Indexes:  [Date] [Thread] [Top] [All Lists]