[Snort-users] mysql iphdr ip addressing scheme?

Mark Forsyth forsythm at ...1704...
Thu Nov 1 01:55:02 EST 2001


G'day

I asked the same question with the difference being that I use postgres. The answer will work just the same though.

Thanks again Roberto, it's now in daily use...:-)

Ooroo
Mark F...

On Oct/22/2001, Mark Forsyth wrote:

> Hiya,
>      Maybe I've lost the plot completely but.. Snort stores IP addresses ( 
> Ip_src & ip_dst ) in the iphdr table as a bigint so a select of that table 
> returns ...:-

	As I parse the data from the DB with Perl, I made a quick dirty
function to parse a bigint into a "normal" IP address. Maybe it's useful :-)

sub bigint2ip ($)
{
        my $bigint = shift;
        my $ip = "";
        my $tmp = $bigint;

        for (my $i=32; $i > 0; $i-=8) {
                $ip = ($tmp & 255) . ".$ip";
                $tmp = $tmp >> 8;
        }

        chop($ip);
        return $ip;
}

	I guess it's trivial to "port" it to any another language. But I'm
also sure that there are better ways to do it :-)

-- 
Roberto Suarez Soto					Alfa21 Outsourcing
    robe at ...3881...				     http://www.alfa21.com



On Thursday, November 01, 2001 3:36 PM, Jason Straight [SMTP:jason at ...3965...] wrote:
> I'm confused. Snort on mysql has an ip addy that's nothing more than an 
> integer. How do I get a dotted quad IP# from:
> 
> 208436227 ?
> 
> Thanks in advance.
> 
> 
> -- 
> Jeet Kune Do does not beat around the bush. It does not take winding detours. 
> It follows a straight line to the objective. Simplicity is the shortest 
> distance between two points.
> Bruce Lee - Tao of Jeet Kune Do
> 
> 
> Jason Straight -- President
> BlazeConnect -- Cheboygan Michigan
> ISP: www.blazeconnect.net
> Products: www.blazeconnect.com
> Phone: 231-597-0376 -- Fax: 231-597-0393
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list