Results 1 to 2 of 2

Thread: Tshark scan results written to SQL DB

  1. #1
    Join Date

    Tshark scan results written to SQL DB

    Hi, I'm currently running an RPI image for a simple tshark scan. I didn't put this into ARM section as its not ARM related, i just run the scan on a RPI for ease and portability.

    At the moment i run a very simple scan to capture MAC address of mobile devices which i write to a file which is then captured by a script and sent off to a server. What i would like to do is write the data captured ( MAC, RSSI and date / time ) directly to a SQL DB which is running on the RPI ( SQL Lite or something like that )

    Reason for this is i would like to use the RPI when not connected to the web so the data is stored locally and can then be sync'ed back to a main server DB when connected back to the net.

    Is it possible to write the scan results directly to a SQL DB ? and if so can some one point me in the right direction please.

    When i search for related questions all i keep getting are results presuming I am trying to scan for SQL traffic.


  2. #2
    Join Date
    Ok so this is more of a reply to workflow rather than mechanics but hopefully it helps.
    I do something similar with my firewall logs and just wanted to share a couple of thought because I'm also a big fan of the Pi. (Have many)

    Just thought you may want to consider the following:

    1. Start with the process you have now where you dump the output to a file.
    2. Create a parser for the current output file, I'm guessing you already have one on the server.
    3. Run this parser via a cron job on the Pi and write the results to the DB from the parser.
    4 Move or delete the processed files once complete by the parser.

    Benefits of this workflow:
    1. No rewrites of existing code (hopefully)
    2. No need to deal with std out via the screen or pipe
    3. Subsequent process' (after the file write) can be disabled if performance issues arise.
    4. Your current process of migrating to the server is now your fail over procedure.

    It's not exactly what you asked but you wind up in the same place, a populated db on the pi which may be synched, and you pick up some additional options on the way.

    Best of luck.

Similar Threads

  1. Replies: 0
    Last Post: 2015-10-16, 17:59
  2. My first written Wireless attack tutorial
    By strakar in forum How-To Archive
    Replies: 7
    Last Post: 2014-01-12, 19:42

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts