[Snort-users] Sid ?

Warrick FitzGerald wfitzgerald at ...4613...
Sat Feb 9 12:03:08 EST 2002

Ahh, thanks for the help. One more though :)

The ip_src and ip_dst addresses are often "0" which is the default. Is this
a bug / problem or am I not understanding the data model ?

Select looks like this :

SELECT `iphdr`.`ip_src`,
FROM `data`
   INNER JOIN `tcphdr` ON (`data`.`cid` = `tcphdr`.`cid`)
   INNER JOIN `iphdr` ON (`tcphdr`.`cid` = `iphdr`.`cid`)

However looking at the iphdr table only reveals exactly the same thing ?

Warrick FitzGerald
LiveTechnology Inc.

More information about the Snort-users mailing list