[Snort-users] Barnyard2 loads src IP and dst IP as digital in MySQL

wkitty42 at ...14940... wkitty42 at ...14940...
Tue Feb 7 20:22:51 EST 2017


On 02/07/2017 04:52 PM, Paul Li wrote:
> I'm using Barnyard2 to load Snort alerts to MySQL database. In the iphdr table,
> src IP and dstIP are showing as a long number, such as the following
[...]
> Not sure what encoding/values they are. Just wondering how should I get the
> original values, which are in the case 192.168.0.183 and 192.168.0.155?

my eWAG is that they are likely simply decimal representations of the IPs...


http://www.silisoftware.com/tools/ipconverter.php?convert_from=3232235693
http://www.silisoftware.com/tools/ipconverter.php?convert_from=3232235675

seems that eWAG is right, too...

the decimal value of an IPv4 address can be found by converting it to base256... 
this page explains how to convert from the 32bit decimal numbers you are seeing 
to the dotted-quad IPv4 numbers you seek...

http://consciousvibes.com/computers/networking/conversions.html

-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.




More information about the Snort-users mailing list