I am trying to extract the data out of a number of PCAP files in to a MySQL database using C5 SIGMA. I have managed to get it to create a range of tables such as frame/IP/TCP/UDP but it only creates some of the tables relating to the propriety datatypes that are decoded in wireshark using a plugin. C5 SIGMA uses TShark so it should decode anything that wireshark itself can decode and create the necessary tables in MySQL, a separate table for each layer in wireshark..
I was wondering whether anyone has had experience in C5 SIGMA and who can give me some advice as to how I can fault find this issue
Additional After looking further into this it seems that the extraction from PCAPs to XML is capturing all the PCAP data correctly, the issue is that C5 SIGMA is not then transferring all this data in the XML files and creating the necessary MySQL tables. I am not sure how to log what is going on. Any ideas?
asked 26 Jan '12, 00:23
closed 13 Apr '15, 07:21
The question has been closed for the following reason “Question is off-topic or not relevant” by grahamb 13 Apr ‘15, 07:21
answered 02 Feb '12, 18:34