[Snort-users] ip address format of iphdr in mysql

John Sage jsage at ...2022...
Wed Mar 27 20:52:02 EST 2002


Having come late to this thread, I still want to add:

http://freshmeat.net/projects/2/

2.pl -- Copyright (c) 2001, Fred Souza <cseg at ...5420...>

It's a cool little command line proggie; here's the About:

"2.pl is a Perl script that converts things between various numeric 
bases. Those bases include decimal, hexadecimal, binary, octal, ASCII,
etc. It's useful when you need to quickly convert something into
another base or do chains of conversions. It is possible to easily add
custom conversions with just a few lines of code."


./2.pl alone on the command line yields usage:

[toot at ...2057... /usr/local/2]# ./2.pl     
usage: 2.pl operation [number|string]
operations:
    ad ao ba bd bh bo da db dh do ha hb hd ho hs nq oa ob od oh qn sh b2  

    '2' == two's complement  		'a' == ascii             
    'b' == binary            		'd' == decimal           
    'h' == hex               		'n' == network byte order
    'o' == octal             		'q' == dotted-quad       
    's' == string            		


So, for the example, below:

./2.pl nq 2473322920 yeilds:


[toot at ...2057... /usr/local/2]# ./2.pl nq 2473322920
147.107.233.168

And the reverse:

[toot at ...2057... /usr/local/2]# ./2.pl qn 147.107.233.168
2473322920


It also does all the other conversions.

I think I modified a copy of it a little so you can enter a string of
hex and it translates to ascii..

Cool for doing on-the-fly packet decoding from snort captures...


- John
-- 
In those days, you could not buy a $2000 200MHz Pentium server.




On Fri, Mar 22, 2002 at 12:23:54PM -0500, Wirth, Jeff wrote:
> 
> > How can I translate 10 integer 2473322920 and 2473281217 to the regular ip
> > address?
> 
> ACID FAQ...
> 
> http://www.andrew.cmu.edu/~rdanyliw/snort/acid_faq.html#faq_e1
> 
> 
> - Jeff






More information about the Snort-users mailing list