naimg@xxxxxxxxxxxxxx wrote:
hello,
We are a group of sytems and networks engineering students in Antonine
university(Lebanon) trying to develop a network statistic application.
We created a connection to oracle database, now we are trying to export
data captured in wireshark to that database.
The question is can we access the database where wireshark stores its
information? or there is any functions that we can use to get the
information captured?
Wireshark saves captured packets in libpcap format; it's not really a
database, in the sense of, for example, an Oracle database.
You can write a program that uses libpcap/WinPcap to read packets from a
capture file - there are wrappers for libpcap/WinPcap in scripting
languages such as Perl, Python, and Ruby - the Wikipedia page for pcap
http://en.wikipedia.org/wiki/Pcap
has a list of wrappers for libpcap/WinPcap in various languages.
*However*, what you have in that file is, for each packet:
a time stamp for when the packet was first seen by the low-level
packet capture code in the OS (note that this could be later than when
it was first seen by the host's network adapter, due to various delays
in the OS);
the length of the packet as it was received from the network;
the number of bytes of packet data that were saved to the file (which
could be less than the length of the packet, if you requested that only
part of the packet be saved);
raw packet data.
"Raw packet data" means your code would have to parse the packet itself
to find out what type of packet it is (IPv4, IPv6, ARP, IPX, etc.), to
find out its link-layer source and destination address, its IPv4 or IPv6
address source or destination address if it's an IPv4 or IPv6 packet,
the type of protocol running atop IP if it's an IPv4 or IPv6 packet, the
{UDP, TCP} source and destination port number if it's a {UDP, TCP}
packet, etc..
If you want information of that sort, you might want to have TShark read
the file and then write it out in PSML or PDML format (they're XML-based
formats), or use the -z proto,colinfo flag to get particular fields
written out in the summary format, and then have a script read the
output of TShark and write that information to the database.
Or, if your version of Wireshark is built with Lua support, it might be
possible to write a Lua program to scan through the packets, get summary
or detail information from each packet, and add items to the database
for each packet, with something such as LuaSQL:
http://www.keplerproject.org/luasql/
(Luis, could something such as that be done?) with Wireshark or TShark.