CREATE TABLE specter (	id		INT UNSIGNED AUTO_INCREMENT UNIQUE,

			raw_mac		VARCHAR(80),
			raw_pktlen	INT UNSIGNED,

			oob_time_sec	INT UNSIGNED,
			oob_time_usec	INT UNSIGNED,
			oob_prefix	VARCHAR(32),
			oob_mark	INT UNSIGNED,
			oob_in		VARCHAR(32),
			oob_out		VARCHAR(32),

			ip_saddr	INT UNSIGNED,
			ip_daddr	INT UNSIGNED,
# log IP as string (--with-mysql-log-ip-as-string)
#			ip_saddr	VARCHAR(16),
#			ip_daddr	VARCHAR(16),
			ip_protocol	TINYINT UNSIGNED,
			ip_tos		TINYINT UNSIGNED,
			ip_ttl		TINYINT UNSIGNED,
			ip_totlen	SMALLINT UNSIGNED,
			ip_ihl		TINYINT UNSIGNED,
			ip_version	TINYINT UNSIGNED,
			ip_csum		SMALLINT UNSIGNED,
			ip_id		SMALLINT UNSIGNED,
			ip_fragoff	SMALLINT UNSIGNED,
			ip_rf		TINYINT,
			ip_df		TINYINT,
			ip_mf		TINYINT,
			ip_opt		VARCHAR(64),

			tcp_sport	SMALLINT UNSIGNED,
			tcp_dport	SMALLINT UNSIGNED,
			tcp_seq		INT UNSIGNED,
			tcp_ackseq	INT UNSIGNED,
			tcp_window	SMALLINT UNSIGNED,
			tcp_csum	SMALLINT UNSIGNED,
			tcp_urg		TINYINT,
			tcp_ack		TINYINT,
			tcp_psh		TINYINT,
			tcp_rst		TINYINT,
			tcp_syn		TINYINT,
			tcp_fin		TINYINT,
			tcp_urgp	SMALLINT UNSIGNED,
			tcp_res		TINYINT UNSIGNED,
			tcp_cwr		TINYINT,
			tcp_ece		TINYINT,
			tcp_doff	TINYINT UNSIGNED,
			tcp_opt		VARCHAR(64),

			udp_sport	SMALLINT UNSIGNED,
			udp_dport	SMALLINT UNSIGNED,
			udp_len		SMALLINT UNSIGNED,
			udp_csum	SMALLINT UNSIGNED,

			icmp_type	TINYINT UNSIGNED,
			icmp_code	TINYINT UNSIGNED,
			icmp_csum	SMALLINT UNSIGNED,
			icmp_echoid	SMALLINT UNSIGNED,
			icmp_echoseq	SMALLINT UNSIGNED,
			icmp_gateway	INT UNSIGNED,
			icmp_fragmtu	SMALLINT UNSIGNED,

			ahesp_spi	INT UNSIGNED,

			local_time	INT UNSIGNED,
			local_hostname	VARCHAR(32),

			pwsniff_user	VARCHAR(30),
			pwsniff_pass	VARCHAR(30),

# HTTP keys
# there's lot of them, so I've left only these most common
# NOTE: lengths of most fields are approximate, please adjust them
			http_type	TINYINT,
			http_code	SMALLINT UNSIGNED,
			http_method	VARCHAR(9),
			http_reason	VARCHAR(32),
			http_url	VARCHAR(128),
			http_version	VARCHAR(12),

#			http_cache_control	VARCHAR(16),
			http_connection		VARCHAR(16),
			http_date		VARCHAR(34),
#			http_keep_alive		VARCHAR(8),
#			http_mime_version	VARCHAR(6),
#			http_pragma		VARCHAR(9),
#			http_trailer		VARCHAR(32),
			http_transfer_encoding	VARCHAR(8),
#			http_upgrade		VARCHAR(16),
#			http_via		VARCHAR(64),
#			http_warning		VARCHAR(64),

			http_allow		VARCHAR(32),
#			http_content_base	VARCHAR(128),
#			http_content_encoding	VARCHAR(8),
			http_content_language	VARCHAR(8),
			http_content_length	INT UNSIGNED,
#			http_content_location	VARCHAR(128),
#			http_content_md5	VARCHAR(49),
#			http_content_range	VARCHAR(32),
			http_content_type	VARCHAR(32),
#			http_content_version	VARCHAR(32),
#			http_derived_from	VARCHAR(32),
#			http_expires		VARCHAR(34),
#			http_last_modified	VARCHAR(34),
#			http_link		VARCHAR(128),
#			http_title		VARCHAR(32),
#			http_uri		VARCHAR(128),

			http_accept			VARCHAR(32),
			http_accept_charset		VARCHAR(128),
#			http_accept_encoding		VARCHAR(32),
			http_accept_language		VARCHAR(32),
#			http_authorization		VARCHAR(64),
#			http_expect			VARCHAR(32),
#			http_from			VARCHAR(32),
			http_host			VARCHAR(32),
#			http_if_match			VARCHAR(32),
#			http_if_modified_since		VARCHAR(34),
#			http_if_none_match		VARCHAR(32),
#			http_if_range			VARCHAR(64),
#			http_if_unmodified_since	VARCHAR(34),
#			http_max_forwards		INT UNSIGNED,
#			http_proxy_authorization	VARCHAR(64),
#			http_range			VARCHAR(32),
#			http_referer			VARCHAR(128),
#			http_te				VARCHAR(32),
			http_user_agent			VARCHAR(64),

#			http_accept_ranges		VARCHAR(8),
#			http_age			INT UNSIGNED,
#			http_alternates			VARCHAR(64),
#			http_content_disposition	VARCHAR(64),
#			http_etag			VARCHAR(16),
#			http_location			VARCHAR(128),
#			http_proxy_authenticate		VARCHAR(32),
#			http_public			VARCHAR(32),
#			http_retry_after		VARCHAR(34),
			http_server			VARCHAR(64),
#			http_vary			VARCHAR(32),
#			http_www_authenticate		VARCHAR(32),

			KEY index_id	(id)
		);