OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Mark Forsyth (forsythmoptushome.com.au)
Date: Thu Nov 01 2001 - 03:54:48 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    G'day

    I asked the same question with the difference being that I use postgres. The answer will work just the same though.

    Thanks again Roberto, it's now in daily use...:-)

    Ooroo
    Mark F...

    On Oct/22/2001, Mark Forsyth wrote:

    > Hiya,
    > Maybe I've lost the plot completely but.. Snort stores IP addresses (
    > Ip_src & ip_dst ) in the iphdr table as a bigint so a select of that table
    > returns ...:-

            As I parse the data from the DB with Perl, I made a quick dirty
    function to parse a bigint into a "normal" IP address. Maybe it's useful :-)

    sub bigint2ip ($)
    {
            my $bigint = shift;
            my $ip = "";
            my $tmp = $bigint;

            for (my $i=32; $i > 0; $i-=8) {
                    $ip = ($tmp & 255) . ".$ip";
                    $tmp = $tmp >> 8;
            }

            chop($ip);
            return $ip;
    }

            I guess it's trivial to "port" it to any another language. But I'm
    also sure that there are better ways to do it :-) 

    -- 
Roberto Suarez Soto					Alfa21 Outsourcing
    robealfa21.com				     http://www.alfa21.com

    On Thursday, November 01, 2001 3:36 PM, Jason Straight [SMTP:jasonblazeconnect.net] wrote:
> I'm confused. Snort on mysql has an ip addy that's nothing more than an 
> integer. How do I get a dotted quad IP# from:
> 
> 208436227 ?
> 
> Thanks in advance.
> 
> 
> -- 
> Jeet Kune Do does not beat around the bush. It does not take winding detours. 
> It follows a straight line to the objective. Simplicity is the shortest 
> distance between two points.
> Bruce Lee - Tao of Jeet Kune Do
> 
> 
> Jason Straight -- President
> BlazeConnect -- Cheboygan Michigan
> ISP: www.blazeconnect.net
> Products: www.blazeconnect.com
> Phone: 231-597-0376 -- Fax: 231-597-0393
> 
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

    _______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users