[Snort-devel] On Solaris: Printed IP's reversed in spp_sfportscan.c

Jerry Litteer gll at ...189...
Thu Oct 11 12:17:10 EDT 2007


system:  Solaris 9 (sparc)
Snort 2.7.* 2.8.*

When you look at the portscan log file, the IP's listed for the Range
are printed in the wrong byte order.

Example:

Time: 10/10-10:35:23.696740
event_id: 3
*.*.*.131 -> *.*.*.24 (portscan) TCP Filtered Portsweep
Priority Count: 0
Connection Count: 30
IP Count: 10
Scanned IP Range: 193.*.*.*:193.*.*.*
Port/Proto Count: 10
Port/Proto Range: 1143:4465


If you look at the code (near 160-190) you see that the IP's (ip1 and
ip2) are printed byte 3-0 order.  For Solaris (SUN), this needs to be 0-3.
The attached context mod should fix the problem..


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Fix_spp_sfportscan_IPs.txt
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20071011/ce637e94/attachment.txt>


More information about the Snort-devel mailing list