[Snort-users] Sid ?

Warrick FitzGerald wfitzgerald at ...4613...
Sat Feb 9 12:03:08 EST 2002


Ahh, thanks for the help. One more though :)

The ip_src and ip_dst addresses are often "0" which is the default. Is this
a bug / problem or am I not understanding the data model ?

Select looks like this :

SELECT `iphdr`.`ip_src`,
       `iphdr`.`ip_dst`,
       `tcphdr`.`tcp_sport`,
       `tcphdr`.`tcp_dport`,
       `tcphdr`.`tcp_seq`,
       `tcphdr`.`tcp_ack`,
       `data`.`data_payload`
FROM `data`
   INNER JOIN `tcphdr` ON (`data`.`cid` = `tcphdr`.`cid`)
   INNER JOIN `iphdr` ON (`tcphdr`.`cid` = `iphdr`.`cid`)

However looking at the iphdr table only reveals exactly the same thing ?

Thanks
Warrick FitzGerald
LiveTechnology Inc.






More information about the Snort-users mailing list