Re: [Wireshark-dev] wireshark to sql
Hi Basically I'm doing my degree project to decode sctp protocol. so i'm not really concerned with the size of data right now. On Sat, Jul 26, 2008 at 7:35 AM, Nathan Jennings [EMAIL PROTECTED] wrote: On 7/25/2008 4:02 AM, Saeed Akhtar wrote: Is there any tool for offline scripting You may want to have a look at CoMo: http://como.sourceforge.net/ From the Publications section: http://como.sourceforge.net/pubs/fastproto.pam2006.pdf I suppose it depends on your requirements and how much/little code you want to write. What application layer protocols are you interested in (i.e. decodes)? Or is it just basic IP/TCP/UDP info enough? Are you firmly set on using the decodes/logic (data) Wireshark supplies (if so, then you'd need to write some code to extract that and then import it somehow (tshark -T pdml?))? It'd be interesting to hear your requirements/use case and your estimated data set size. FWIW, a while back I wrote a couple of off-the-cuff (quick and dirty) scripts that did a simple nightly export from a firewall log that had about 2GB of data. I then stripped it to just IP/port address pairs and timestamps and maybe a small proprietary firewall tag (varchar) field or two. The other script deleted any existing indexes and then did a bulk data load into a PostgreSQL table and then re-created the indexes. What surprised me was how slow this process was... with a 2-way Xeon 2.6 GHz box, SCSI disks and 2GB RAM (I wish I could remember some queries I did and the load/import times, sorry). Depending on your queries and the amount of data you actually load into the tables, and obviously your hardware, you may be in for a rough/slow ride. I don't intend to discourage you, just to pass along some very basic info from an admittedly simple test/trial I did. Like most things, it just depends on your requirements/data sets and whether the performance/load is acceptable. The paper I referenced above had some references to other projects that you might find useful. Hope this helps, -Nathan On Tue, Jul 22, 2008 at 7:03 PM, Abhik Sarkar [EMAIL PROTECTED] wrote: Hi Saeed, This has been discussed before... http://www.wireshark.org/lists/wireshark-dev/200708/msg00041.html You can search the wireshark mailing list archives to see if there are more discussions. HTH Abhik. On Tue, Jul 22, 2008 at 4:49 PM, Saeed Akhtar [EMAIL PROTECTED] wrote: Hi, I am trying to dump information retrieved from wireshark to sql. is there any option in wireshark or is it already done by someone. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] wireshark to sql
Is there any tool for offline scripting On Tue, Jul 22, 2008 at 7:03 PM, Abhik Sarkar [EMAIL PROTECTED] wrote: Hi Saeed, This has been discussed before... http://www.wireshark.org/lists/wireshark-dev/200708/msg00041.html You can search the wireshark mailing list archives to see if there are more discussions. HTH Abhik. On Tue, Jul 22, 2008 at 4:49 PM, Saeed Akhtar [EMAIL PROTECTED] wrote: Hi, I am trying to dump information retrieved from wireshark to sql. is there any option in wireshark or is it already done by someone. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] wireshark to sql
On 7/25/2008 4:02 AM, Saeed Akhtar wrote: Is there any tool for offline scripting You may want to have a look at CoMo: http://como.sourceforge.net/ From the Publications section: http://como.sourceforge.net/pubs/fastproto.pam2006.pdf I suppose it depends on your requirements and how much/little code you want to write. What application layer protocols are you interested in (i.e. decodes)? Or is it just basic IP/TCP/UDP info enough? Are you firmly set on using the decodes/logic (data) Wireshark supplies (if so, then you'd need to write some code to extract that and then import it somehow (tshark -T pdml?))? It'd be interesting to hear your requirements/use case and your estimated data set size. FWIW, a while back I wrote a couple of off-the-cuff (quick and dirty) scripts that did a simple nightly export from a firewall log that had about 2GB of data. I then stripped it to just IP/port address pairs and timestamps and maybe a small proprietary firewall tag (varchar) field or two. The other script deleted any existing indexes and then did a bulk data load into a PostgreSQL table and then re-created the indexes. What surprised me was how slow this process was... with a 2-way Xeon 2.6 GHz box, SCSI disks and 2GB RAM (I wish I could remember some queries I did and the load/import times, sorry). Depending on your queries and the amount of data you actually load into the tables, and obviously your hardware, you may be in for a rough/slow ride. I don't intend to discourage you, just to pass along some very basic info from an admittedly simple test/trial I did. Like most things, it just depends on your requirements/data sets and whether the performance/load is acceptable. The paper I referenced above had some references to other projects that you might find useful. Hope this helps, -Nathan On Tue, Jul 22, 2008 at 7:03 PM, Abhik Sarkar [EMAIL PROTECTED] wrote: Hi Saeed, This has been discussed before... http://www.wireshark.org/lists/wireshark-dev/200708/msg00041.html You can search the wireshark mailing list archives to see if there are more discussions. HTH Abhik. On Tue, Jul 22, 2008 at 4:49 PM, Saeed Akhtar [EMAIL PROTECTED] wrote: Hi, I am trying to dump information retrieved from wireshark to sql. is there any option in wireshark or is it already done by someone. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] wireshark to sql
Hi Saeed, This has been discussed before... http://www.wireshark.org/lists/wireshark-dev/200708/msg00041.html You can search the wireshark mailing list archives to see if there are more discussions. HTH Abhik. On Tue, Jul 22, 2008 at 4:49 PM, Saeed Akhtar [EMAIL PROTECTED] wrote: Hi, I am trying to dump information retrieved from wireshark to sql. is there any option in wireshark or is it already done by someone. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
