Check out the Flag project.
It is located at
http://www.dsd.gov.au/library/software/flag/index.html
It uses patches to ethereal, although based on an older version that works
with mysql.
The problem using other db's is the way in which Flag patch puts the info
out.
It does multiline set calls that are not standard sql.
(e.g.)
insert into sometable set
field1 = 'lala'
field2 = 'othervar'
...
Although it does handle frame already, as well as the base
tcp, udp, dns, http, pop items.
Worth giving a look at.
The other way, the method I took,
was to write an awk parser to format it for sql format.
Using the -z "proto,colinfo,frame_num,frame_num" type format you can
print out most internal vars on the colinfo field.
This method also allows you to stick with generic ethereal binaries, and
not need your own customer versions.
My 2 cents.
On Thu, 11 Mar 2004, Evan J. Burrows wrote:
> Be patient with me this is my first post,
>
> I m currently a senior in college and i am working on my senior design
> project. Part of my project includes pushing network info to a SQL 2000
> Server database. I need this information so i can do real-time analysis
> on the database (hopefully). I looked into various other programs but
> ethereal provided the best performance for the price since it is free.
>
> I have installed and compiled the ethereal source on Redhat 9 and have
> been looking at the source files the last 2 weeks trying to get a feel
> of how ethereal works. Unfortunately i am not a very experienced
> programmer and i am quite overwhelmed with the Ethereal source code. I
> know pushing the network information to database was on the wishlist
> and since i need it for my project i figured i would post here and see
> if anyone could help me out or point me in the right direction.
>
> I want to push the following information to my database:
> source and destination ip and mac address, protocol, port number,
> packet size, Frame number, arrival time, etc.
>
> I have looked through the code and the Readme files but i am still kind
> of confused with which source files contain this information. I have
> looked through the epan folder and think i found some of the stuff i
> need but i am not really sure. All the information that i want is
> printed to the ethereal gui but i just don't know where to find the
> actual source so i can throw in some SQL calls. i looked at
> print_packets and thought that possibly might have something to do with
> it. I appologize if this topic has been covered already, but like i
> said i just subscribed today. If anyone has any information that might
> help me please post back; whether it be to try and help me out or point
> me in the right direction.
>
> thanks,
> Evan
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
>
