[Snort-users] Snort &postgresql (possibly stupid question department)

Roberto Suarez Soto robe at ...3881...
Mon Oct 22 01:45:06 EDT 2001

On Oct/22/2001, Mark Forsyth wrote:

> Hiya,
>      Maybe I've lost the plot completely but.. Snort stores IP addresses ( 
> Ip_src & ip_dst ) in the iphdr table as a bigint so a select of that table 
> returns ...:-

	As I parse the data from the DB with Perl, I made a quick dirty
function to parse a bigint into a "normal" IP address. Maybe it's useful :-)

sub bigint2ip ($)
        my $bigint = shift;
        my $ip = "";
        my $tmp = $bigint;

        for (my $i=32; $i > 0; $i-=8) {
                $ip = ($tmp & 255) . ".$ip";
                $tmp = $tmp >> 8;

        return $ip;

	I guess it's trivial to "port" it to any another language. But I'm
also sure that there are better ways to do it :-)

Roberto Suarez Soto					Alfa21 Outsourcing
    robe at ...3881...				     http://www.alfa21.com

