[Snort-users] Barnyard2 output to postgreSQL

Avery Rozar Avery.Rozar at ...16118...
Fri May 23 21:42:12 EDT 2014


Is this due to HEX encoding?

On 5/23/14, 9:25 PM, "Avery Rozar" <Avery.Rozar at ...16118...> wrote:

>Is something wrong with my ip info from barnyard2? The ip address are not
>showing up as standard IPv4 as I¹d thought.
>
>csdashboard=# select * from iphdr ;
> sid | cid |   ip_src   |   ip_dst   | ip_ver | ip_hlen | ip_tos | ip_len
>| ip_id | ip_flags | ip_off | ip_ttl | ip_proto | ip_csum
>-----+-----+------------+------------+--------+---------+--------+--------
>+-------+----------+--------+--------+----------+---------
>   1 |   1 | 2886730039 | 2887777037 |      4 |       5 |      0 |    663
>|  4063 |        0 |      0 |     64 |        6 |   54285
>   1 |   2 | 2886730039 | 2887777037 |      4 |       5 |      0 |    663
>| 28735 |        0 |      0 |     64 |        6 |   29613
>   1 |   3 | 1815870597 | 2887777037 |      4 |       5 |      0 |    419
>| 51507 |        0 |      0 |     60 |        6 |   25651
>
>--------------------------------------------------------------------------
>----
>"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
>Instantly run your Selenium tests across 300+ browser/OS combos.
>Get unparalleled scalability from the best Selenium testing platform
>available
>Simple to use. Nothing to install. Get started now for free."
>http://p.sf.net/sfu/SauceLabs
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
>Please visit http://blog.snort.org to stay current on all the latest
>Snort news!





More information about the Snort-users mailing list