[Snort-users] -B option

John Sage jsage at ...2022...
Sat May 18 20:57:01 EDT 2002


Lance:

No words of wisdom, but...

Are you doing this to a previously-captured binary log file, being
read back with -r, or to a binary log file at the moment of its capture?

(hmm.. Guess it wouldn't make any difference..)

man snort:

-B address-conversion-mask

Convert  all  IP  addresses  in  home-net to addresses specified by
address-conversion-mask.  Used to  obfuscate  IP  addresses  within
binary  logs.  Specify home-net with the '-h' switch.  Note this is
not the same as $HOME_NET.


Seems like it might be some part of:

-h 172.16.1.0/24 -B 10.1.1.0/24

or somesuch on the command line?

As you might guess, I haven't tried it myself :-/


- John
-- 
"I am called Strider. I came out of the North. I am hunting Orcs."

PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 



On Sat, May 18, 2002 at 12:40:38PM -0500, Lance Spitzner wrote:
> Okay, playing with the -B option.  What is the proper command line
> syntax to permanenly change the IP addresses in a Snort binary log
> file?
> 
> For example, I want to convert all IP addresses of 172.16.1.0/24 to
> 10.1.1.0/24 within a specific binary log.
> 
> Words of wisdom?
> 
> Thanks!
> 
> -- 
> Lance Spitzner
> http://project.honeynet.org




More information about the Snort-users mailing list