[Snort-users] Sid ?

Warrick FitzGerald wfitzgerald at ...4613...
Sat Feb 9 13:08:02 EST 2002


My Apologies,

It turns out my "0" ip address is caused by the GUI client I am using to
access MySQL. The integer value seems to be to high for it to deal with.

THanks
Warrick

----- Original Message -----
From: "Warrick FitzGerald" <wfitzgerald at ...4613...>
To: <Snort-users at lists.sourceforge.net>
Sent: Saturday, February 09, 2002 2:58 PM
Subject: Re: [Snort-users] Sid ?


> Ahh, thanks for the help. One more though :)
>
> The ip_src and ip_dst addresses are often "0" which is the default. Is
this
> a bug / problem or am I not understanding the data model ?
>
> Select looks like this :
>
> SELECT `iphdr`.`ip_src`,
>        `iphdr`.`ip_dst`,
>        `tcphdr`.`tcp_sport`,
>        `tcphdr`.`tcp_dport`,
>        `tcphdr`.`tcp_seq`,
>        `tcphdr`.`tcp_ack`,
>        `data`.`data_payload`
> FROM `data`
>    INNER JOIN `tcphdr` ON (`data`.`cid` = `tcphdr`.`cid`)
>    INNER JOIN `iphdr` ON (`tcphdr`.`cid` = `iphdr`.`cid`)
>
> However looking at the iphdr table only reveals exactly the same thing ?
>
> Thanks
> Warrick FitzGerald
> LiveTechnology Inc.
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list