All, I am currently a computer engineering senior in college and I am working on my senior design project. Our project is to allocate bandwidth to users that require it the most based on application priority. The two main applications that we need to get our project working are our database and a network sniffer. I originally was looking at ethereal because it gave us all the information that we wanted (source/destination ip and MAC address, port number, protocol, time, date, frame number, etc). But i spent 2-3 weeks trying to figure out the code enough to figure out where the informaiton was so i could push it to our database. Finally i sent the developers mailing list some questions and they told me to use tcpdump because ethereal was probably overkill for what i was trying to collect. So here i am now asking you guys for some help. I need to get this packet information into our database as soon as possible because the main part of our project is the analysis on the data in the database.
I would like to try and push the network information to the database as close to real-time as possible. Here is the call i am presently using: tcpdump -l -n -x - v | tcpdfilter -d Now here is the part that i hope you guys can give me some direction with. The developers at ethereal told me that i can pipe the tcpdump data and then write a small program to open it and read the data to the database. Can you give me any insight on how to do this? I am not an experienced programmer so i am having many issues.. what programming language should i read the program to open the pipe? Perl, java?? I also have to be able to make SQL calls within that program. Also when i pipe this tcpdump data do i have to save it and then open the pipe and read it or can this be done continuously so the information continues to be pushed to the database as new packets come in. I will probably filter the tcpdump for each source mac address and then create a table in our database for each host to be analyzed. I will probably filter just TCP and UDP protocols as well. Sorry this is so long but my group is in desperate need of assistance. Any help or insight that you can provided us would be much appreciated. thanks, Evan - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]
