Hi Basically I'm doing my degree project to decode sctp protocol. so i'm not really concerned with the size of data right now.
On Sat, Jul 26, 2008 at 7:35 AM, Nathan Jennings <[EMAIL PROTECTED]> wrote: > On 7/25/2008 4:02 AM, Saeed Akhtar wrote: > > Is there any tool for offline scripting ........ > > > > You may want to have a look at CoMo: > > http://como.sourceforge.net/ > > From the "Publications" section: > > http://como.sourceforge.net/pubs/fastproto.pam2006.pdf > > I suppose it depends on your requirements and how much/little code you > want to write. > > What application layer protocols are you interested in (i.e. decodes)? > Or is it just basic IP/TCP/UDP info enough? Are you firmly set on using > the decodes/logic (data) Wireshark supplies (if so, then you'd need to > write some code to extract that and then import it somehow (tshark -T > pdml?))? > > It'd be interesting to hear your requirements/use case and your > estimated data set size. > > FWIW, a while back I wrote a couple of "off-the-cuff" (quick and dirty) > scripts that did a simple nightly export from a firewall log that had > about 2GB of data. I then stripped it to just IP/port address pairs and > timestamps and maybe a small proprietary firewall tag (varchar) field or > two. The other script deleted any existing indexes and then did a bulk > data load into a PostgreSQL table and then re-created the indexes. > > What surprised me was how slow this process was... with a 2-way Xeon 2.6 > GHz box, SCSI disks and 2GB RAM (I wish I could remember some queries I > did and the load/import times, sorry). Depending on your queries and the > amount of data you actually load into the tables, and obviously your > hardware, you may be in for a rough/slow ride. > > I don't intend to discourage you, just to pass along some very basic > info from an admittedly simple test/trial I did. > > Like most things, it just depends on your requirements/data sets and > whether the performance/load is acceptable. > > The paper I referenced above had some references to other projects that > you might find useful. > > Hope this helps, -Nathan > > > > On Tue, Jul 22, 2008 at 7:03 PM, Abhik Sarkar <[EMAIL PROTECTED]> > > wrote: > > > >> Hi Saeed, > >> > >> This has been discussed before... > >> http://www.wireshark.org/lists/wireshark-dev/200708/msg00041.html > >> > >> You can search the wireshark mailing list archives to see if there are > >> more discussions. > >> > >> HTH > >> Abhik. > >> > >> On Tue, Jul 22, 2008 at 4:49 PM, Saeed Akhtar < > [EMAIL PROTECTED]> > >> wrote: > >>> Hi, > >>> I am trying to dump information retrieved from wireshark to sql. is > >> there > >>> any option in wireshark or is it already done by someone. > >>> > >>> _______________________________________________ > >>> Wireshark-dev mailing list > >>> Wireshark-dev@wireshark.org > >>> https://wireshark.org/mailman/listinfo/wireshark-dev > >>> > >>> > >> _______________________________________________ > >> Wireshark-dev mailing list > >> Wireshark-dev@wireshark.org > >> https://wireshark.org/mailman/listinfo/wireshark-dev > >> > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Wireshark-dev mailing list > > Wireshark-dev@wireshark.org > > https://wireshark.org/mailman/listinfo/wireshark-dev > _______________________________________________ > Wireshark-dev mailing list > Wireshark-dev@wireshark.org > https://wireshark.org/mailman/listinfo/wireshark-dev >
_______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org https://wireshark.org/mailman/listinfo/wireshark-dev
