I know this may not answer your question, in regards to using
(t)ethereal, but I have done something along the lines of such
requirements, customizing snort (http://www.snort.org/), with my own
rules, alerting for "almost" (my own rules - the equivalent of what I
would have used in (t)ethereal as BPFs filters, or display ones)
anything, then dumping the whole payload, and organizing the alerts in
MySql - then viewing & searching for stuff (i.e. queries, etc.) in
ACID (now some people advise the utilization of BASE) or (I am trying
it now - not ready, yet) barnyard + sguil.
Once you get such an assembly going, it is pretty easy to write a
rule(or more) to capture, or to run a capture file through a rule (or
more) , while snort is populating a MySql fully searchable database
...
HTH,
Stef
On Wed, 22 Dec 2004 09:04:57 -0600, Finley, Francis
<FFinley@xxxxxxxxxxxxxx> wrote:
>
> Hello,
>
> I was wondering if anyone out there had used tethereal to output directly to
> an SQL database of some type. I am getting the data I want out, and going
> through several transformations of libpcap, TCPTrace, and CSV files to get
> in to an SQL database currently, however I have a few issues. Too much of
> the process is manual, and if the machine running the capture shuts down
> during a capture I have no way of adding to the text dump where I left off
> at. Searching around on past messages I could only find info about someone
> wanting to try almost 2 years ago, but no solution.
>
> Any help would be appreciated,
>
> Thanks
>
> Frank Finley
