[Snort-users] Snort and Barnyard2
beenph at ...11827...
Thu Feb 7 14:58:24 EST 2013
On Thu, Feb 7, 2013 at 2:44 PM, Josh Bitto <jbitto at ...16055...> wrote:
> Would you happen to know which column would be the source port and
> destination port? Are they like the IP address as well where I have to use
> INET_NTOA as well?
Depends if its tcp or udp
if its a tcp packet then the port is in
tcphdr table (tcp_sport,tcp_dport)
if its udp its in the
udphdr table (udp_sport,udp_dport)
More information about the Snort-users