Mina sina wrote:
Hi Harris,
I am very thankful for your replies to my messages.
Here is the plan what I want to do as my course
project.
Goal: To have a platform where i can read 3 files from
different nodes/interfaces at the same time. These
files are tcpdump files.
How I am thinking to do it:
A. To transfer all the information(from each file/per
node) whatever we have in a libpcap files to a
database one by one.
B. After I have all the information from 3 different
files in tabular form in a database, I will run
different quiries on it.
Details about A: I have one approach of Printing files
to a plain text format. Then run C code on it to
extract info line by line and put them in columns for
each and every frame and protocol.
Then to import these .txt files let say in ACCESS.
and then run quiries on it per part B.
Another approach for part A: I was going through
Ethereal mailing list and got this idea of extracting
data from a libpcap file using Tethereal. But what i
guess one might need PERL for it which i dont know at
all. Is there any way such that i get all the info
(whatever i can see once i open it in Ethereal) of a
libpcap file in tabular form for my own use such that
I could transfer those to a database.
By "all the info" do you mean all the information in the summary pane
(packet number, source address, destination address, time stamp,
protocol, etc.), or do you mean all the information in the detail pane
for every packet?
If it's the summary pane, you could use Tethereal to read the file and
write it out as text, which will show the columns.
If it's the detail pane, I'm not sure what a tabular form for that would
be, as, for example, you might have more than one instance of the same
field.
Now i m waiting for your guidance. My goal is to see
the behaviour of the same traffic at three different
points. Such that to analyse traffic losses, delays
etc of different frames.
BR,
Minä
Finland
