[Snort-users] -B option
jsage at ...2022...
Sat May 18 20:57:01 EDT 2002
No words of wisdom, but...
Are you doing this to a previously-captured binary log file, being
read back with -r, or to a binary log file at the moment of its capture?
(hmm.. Guess it wouldn't make any difference..)
Convert all IP addresses in home-net to addresses specified by
address-conversion-mask. Used to obfuscate IP addresses within
binary logs. Specify home-net with the '-h' switch. Note this is
not the same as $HOME_NET.
Seems like it might be some part of:
-h 172.16.1.0/24 -B 10.1.1.0/24
or somesuch on the command line?
As you might guess, I haven't tried it myself :-/
"I am called Strider. I came out of the North. I am hunting Orcs."
PGP key http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
On Sat, May 18, 2002 at 12:40:38PM -0500, Lance Spitzner wrote:
> Okay, playing with the -B option. What is the proper command line
> syntax to permanenly change the IP addresses in a Snort binary log
> For example, I want to convert all IP addresses of 172.16.1.0/24 to
> 10.1.1.0/24 within a specific binary log.
> Words of wisdom?
> Lance Spitzner
More information about the Snort-users