In this article I am just trying to explain all steps needed to load tcp dump file into SQL Server 2005. This article is mainly for those who like to do projects like intrusion detection in .net.
As usual people would download the tcp dump file from mit lincoln laboratory website. It would be a .tcp file.runs in gb in space.
First step is to convert the .tcp file into .csv file format. For this we have to use wireshark tool which is freely downloadable. Wireshark is basically a packet sniffer tool. So as u open fireshark select file-->open--> ur .tcp file. Wait untill all tcp files gets loaded. Then select file-->export-->and save it as .csv file....So u are ready with the .csv file...
Next thing is to upload this .csv file into sqlserver 2005. For this use the following code
using System.Data;
using System.Data.SqlClient;
using System;
public class adoSQLClient
{
public static void Main()
{
String strconnect = "server=CHANDRA-0D36D74;database=snort;uid=snort;pwd=test";
try
{
SqlConnection con = new SqlConnection(strconnect);
con.Open();
/*-----------------------Loading the dataset---------------------*/
SqlCommand command = new SqlCommand();
command.Connection = con;
command.CommandText = "BULK INSERT snort.dbo.[Dataset]" + @" FROM 'c:\tuesday'" + "WITH" + "(" + "FIELDTERMINATOR = ','," + "ROWTERMINATOR='\n'" + ")";
command.CommandTimeout = 300;
command.ExecuteNonQuery();
Console.WriteLine("--------Dataset loaded sucessfully-------\n\n");
con.close()
}
catch(Exception objError)
{
Console.WriteLine(objError);
Console.ReadLine();
}
}
}
In this code snort is name of the database I have given with fields no, Source, Destination, Protocol, Info etc.
So you have succesfully added the dump file into the SQL Server 2005 database.
Any doubts feel free to ask. Hope this helps people working on network projects in .net.