Alastair,
I was looking into tcpdump and have a few questions. I looked at
tcpdump and was a little confused on how it worked. If it is run
through a command line how would this work if i wanted to continually
monitor my network interface? I just want to make sure that i will be
able to continually monitor the interface and push that data to my
database. Once i start pushing to this pipe would information continue
to be pushed to it? Also i looked around but didn't find any
information on pushing the packets into a pipe. Sorry for so many
questions but the semester is halfway over and as of right now my group
isnt much help to me with this part of our project. Any information on
how to create the pipe and how to use tcodump to push the relevant
information that i want would be appreciated. Also do you know of any
good sites to look at to try and find an example of code that opens the
pipe? Like i said before i am not the best programmer and need to look
at something to get an idea of what i need to do to get the information
in the pipe into my db
thanks in advance,
Evan
On Mar 11, 2004, at 7:26 PM, Alastair Maw wrote:
On 11/03/2004 23:38, Evan J. Burrows wrote:
I want to push the following information to my database:
source and destination ip and mac address, protocol, port number,
packet size, Frame number, arrival time, etc.
If this is all you want to do, you'd probably be better off looking at
tcpdump rather than Ethereal.
You could push the packets from tcpdump into a pipe, and then write a
small program that opened that pipe and pushed the relevant info into
the database. This would be quite trivial - maybe two hours work at
most.
Regards,
Alastair
