Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: Re: Export ethereal cap file to SQL database with all details

Re: Export ethereal cap file to SQL database with all details

From: Hugo Francisco González Robledo <hugo.gonzalez_at_itslp.edu.mx>
Date: Thu, 17 Aug 2006 11:43:31 -0500

Hi

i have a PoC on perl to send the results of TCPCUMP to MySQL, i know
it's not perfect, but it works for me.

regards

<perl code> -------------------------------

#!/usr/bin/perl

use DBI;

print "\n\n";
print "Programa para pasar los registros de tcpdump a mysql\n";
print "hfgr Agosto 2005\n\n\n";

#preprando la conexión con el servidor MySQL
my $dns = "DBI:mysql:dumplog;localhost";
my $dbh = DBI->connect($dns,"root","");

my $src, my $dst;

#mientras existan registros ....
while (<STDIN>) {
    chomp($data = <STDIN>);
# print $data . "\n";
    ($mdate, $timestamp, $proto, $src,$si, $dst ) = split " ",$data;

    $src =~ s/\./-/g;

    @tp1 = split "-",$src;
    $srcc = "$tp1[0].$tp1[1].$tp1[2].$tp1[3]";
    $ps = $tp1[4];

    $dst =~ s/\./-/g;
    @tp1 = split "-",$dst;
    $dstt = "$tp1[0].$tp1[1].$tp1[2].$tp1[3]";
    ($pd) = split ":",$tp1[4];
# print "$timestamp, $srcc, $ps , $dstt, $pd \n";
# print ".";

    if($proto eq 'IP') {
    # Insertando los datos a la tabla
      my $sth = $dbh-> prepare("
      INSERT INTO tip VALUES
('$mdate','$timestamp','$srcc',$ps,'$dstt',$pd)" );
      $sth->execute;
    }
}

#Terminando la conexión con el servidor MySQL
$dbh->disconnect;

</perl code>

and i use like that :

# tcpdump -nn | tcp2my.pl

the sql code to mysql is :

<myslq code>

create database dumplog;
use dumplog;

create table tip (
 mdate varchar(12),
 timestamp varchar(24),
 hsrc varchar(15),
 psrc integer,
 hdst varchar(15),
 pdst integer
);

</mysql code>

On Thu, Aug 10, 2006 at 09:20:13AM -0000, nksdata_at_gmail.com wrote:
> Hi All,
>
> I want to export ethereal cap file to SQL database with all details.
>
> Please suggest any method for it.
>
> Regards,
> Nagesh Lad
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------ 

-- 
Hugo Francisco González Robledo
Instituto Tecnológico de San Luis Potosí
Llave pública en http://www.honeynet.org.mx
Llave pública en http://ardilla.zapto.org
Preguntale a Google-Earth donde estoy :
http://ardilla.zapto.org/ubicaHugo.kml
-------------------------------------------
Educación es lo que queda después de olvidar
lo que se ha aprendido en la escuela.
		Albert Einstein
-------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
Received on Aug 17 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos