|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: John Sage (jsage
finchhaven.com)Date: Sat May 18 2002 - 22:56:04 CDT
Lance:
No words of wisdom, but...
Are you doing this to a previously-captured binary log file, being
read back with -r, or to a binary log file at the moment of its capture?
(hmm.. Guess it wouldn't make any difference..)
man snort:
-B address-conversion-mask
Convert all IP addresses in home-net to addresses specified by
address-conversion-mask. Used to obfuscate IP addresses within
binary logs. Specify home-net with the '-h' switch. Note this is
not the same as $HOME_NET.
Seems like it might be some part of:
-h 172.16.1.0/24 -B 10.1.1.0/24
or somesuch on the command line?
As you might guess, I haven't tried it myself :-/
- John
-- "I am called Strider. I came out of the North. I am hunting Orcs."PGP key http://www.finchhaven.com/pages/gpg_pubkey.html Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
On Sat, May 18, 2002 at 12:40:38PM -0500, Lance Spitzner wrote: > Okay, playing with the -B option. What is the proper command line > syntax to permanenly change the IP addresses in a Snort binary log > file? > > For example, I want to convert all IP addresses of 172.16.1.0/24 to > 10.1.1.0/24 within a specific binary log. > > Words of wisdom? > > Thanks! > > -- > Lance Spitzner > http://project.honeynet.org
_______________________________________________________________ Hundreds of nodes, one monster rendering program. Now that's a super model! Visit http://clustering.foundries.sf.net/
_______________________________________________ Snort-users mailing list Snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]