PacketDB project's goal is to create a set of workflows that treat tcpdumps/packet captures as just another sort of data to be loaded into relational structures and manipulated using the well-established methods of relational databases.
The real fun begins after the scripts run and you get to play with that delicious data!
After that ETL phase stabilizes (hopefully), the project would ideally expand into providing tools for discovery and reporting on that data (i.e. data mining and data warehousing). The tables existing for this first phase of the project might be thought of as staging tables for a load up to a datamart or data warehouse.
Requirements:
· mysql 5.0 (developed with 5.0.22)
· python (tested with 2.3.5 and 2.5)
· MySQL-python (developed with 1.2.1.p2)
· Impacket from Core Security Technologies (developed with 0.9.6.0)
· pcapy from Core Security Technologies (developed with 0.10.4)
A note on the required software -- this is the language and database that was most convenient for this at the time. The project itself is generic enough to have version in a variety of languages against any relational database.
Getting Started
- mysql > 5.0 required
Need a user to create databases and create the schema (CREATE/DROP/INDEX).
1) create database in mysql
mysql> create database mycaptures1213
2) either create a new user
GRANT SELECT, INSERT, UPDATE, DELETE
ON mycaptures1213.*
TO 'pcapper'@'localhost'
IDENTIFIED BY 'pcapass';
GRANT FILE
ON *.*
TO 'pcapper'@'localhost';
commit;
or grant the appropriate perms to pre-existing user
GRANT SELECT, INSERT, UPDATE, DELETE
ON mycaptures1213.*
TO 'pcapper'@'localhost';
3) update conf/properties.cfg with the new user information and new database
4) create the database tables by cd'ing into the sql subdir of the project
bash$ mysql -usuperuser mycaptures1213 -p < schema.sql
Product's homepage
Find us on Google+
