[Snort-devel] Problem: Snort Logging to database, problem with ip and port number formats

Brian bmc at ...835...
Wed Aug 4 14:31:25 EDT 2004


On Tue, Jul 27, 2004 at 12:18:44PM +0100, Thomas Murtagh wrote:
> +-----+------+------------+------------+--------+
> ----+----------+--------+--------+----------+----
> | sid | cid  | ip_src     | ip_dst     | ip_ver |
> +-----+------+------------+------------+--------+
> ----+----------+--------+--------+----------+----
> |   1 | 1000 | 3232245761 | 3232245900 |      4 |
> 
> AS YOU CAN SEE THE ABOVE ip_src and ip_dest are values
> not valid IP addresses:

Uh, yes those are valid IP addresses.  The IP is stored as a uint32.  

inet_ntoa is your friend.

> | sid | cid  | tcp_sport | tcp_dport | tcp_seq |
> |   1 | 1000 |     59832 |       116 |       0 |
>
> AS YOU CAN SEE THE ABOVE tcp_sport and tcp_dport
> values are not valid port numbers

How are 116 or 59832 not a valid port numbers?

-b




More information about the Snort-devel mailing list