This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

[closed] TShark C5 Sigma not extracting all data types

0

Hi,

I am trying to extract the data out of a number of PCAP files in to a MySQL database using C5 SIGMA. I have managed to get it to create a range of tables such as frame/IP/TCP/UDP but it only creates some of the tables relating to the propriety datatypes that are decoded in wireshark using a plugin. C5 SIGMA uses TShark so it should decode anything that wireshark itself can decode and create the necessary tables in MySQL, a separate table for each layer in wireshark..

I was wondering whether anyone has had experience in C5 SIGMA and who can give me some advice as to how I can fault find this issue

Additional After looking further into this it seems that the extraction from PCAPs to XML is capturing all the PCAP data correctly, the issue is that C5 SIGMA is not then transferring all this data in the XML files and creating the necessary MySQL tables. I am not sure how to log what is going on. Any ideas?

asked 26 Jan '12, 00:23

Degsy's gravatar image

Degsy
1223
accept rate: 0%

closed 13 Apr '15, 07:21

grahamb's gravatar image

grahamb ♦
19.8k330206

hi degsy, could you send me some cmd code used for creating database using C5sigma.exe

i could not able to connect with my database

please its an urgent need

(12 Apr '15, 23:52) Nikhil Rajen...

@nikhil rajendran

I think Degsy is long gone, last seen on the site in May 2012.

(13 Apr '15, 03:05) grahamb ♦

Dear Grahamb can you help me in solving the problem

(13 Apr '15, 06:52) Nikhil Rajen...

C5 Sigma not connecting to your db is not a Wireshark issue, you'll have to look for C5 Sigma support at whatever support offerings they have.

(13 Apr '15, 07:01) grahamb ♦

how to use the c5sigma

i have following doubts

   **do we have to create a database ourself and create tables with different columns and names**

**do we need to save pcap file as input **


is it possible to use xammp for creating a mysql server as localhost
(13 Apr ‘15, 07:01) Nikhil Rajen…

You questions (that you keep posting as “answers”) are all related to C5 Sigma, not Wireshark (or tshark even). As can be seen by the tumble-weeds blowing around this question since it was originally asked, it doesn’t seem likely that anyone here has had any experience of C5 Sigma.

Please use whatever support facilities they provide to resolve your issue.

(13 Apr ‘15, 07:20) grahamb ♦
showing 5 of 6 show 1 more comments

The question has been closed for the following reason “Question is off-topic or not relevant” by grahamb 13 Apr ‘15, 07:21

One Answer:

0

Hi Degsy,
Can you please post some of the PDML that you're having problems with and confirm whether you're using any data filters (i.e. "-pre" or "-fil" command line options) that might be preventing tables from being created. Are you receiving any error messages in the trace (which you should be able to pipe from stdout/stderr to a file)?

answered 02 Feb '12, 18:34

valve's gravatar image

valve
1
accept rate: 0%