Snort mailing list archives

RE: mysql iphdr ip addressing scheme?

From: Mark Forsyth <forsythm () optushome com au>
Date: Thu, 1 Nov 2001 20:54:48 +1100

G'day

I asked the same question with the difference being that I use postgres. The answer will work just the same though.

Thanks again Roberto, it's now in daily use...:-)

Ooroo
Mark F...

On Oct/22/2001, Mark Forsyth wrote:

Hiya,
     Maybe I've lost the plot completely but.. Snort stores IP addresses ( 
Ip_src & ip_dst ) in the iphdr table as a bigint so a select of that table 
returns ...:-


        As I parse the data from the DB with Perl, I made a quick dirty
function to parse a bigint into a "normal" IP address. Maybe it's useful :-)

sub bigint2ip ($)
{
        my $bigint = shift;
        my $ip = "";
        my $tmp = $bigint;

        for (my $i=32; $i > 0; $i-=8) {
                $ip = ($tmp & 255) . ".$ip";
                $tmp = $tmp >> 8;
        }

        chop($ip);
        return $ip;
}

        I guess it's trivial to "port" it to any another language. But I'm
also sure that there are better ways to do it :-)

-- 
Roberto Suarez Soto                                     Alfa21 Outsourcing
    robe () alfa21 com                               http://www.alfa21.com



On Thursday, November 01, 2001 3:36 PM, Jason Straight [SMTP:jason () blazeconnect net] wrote:

I'm confused. Snort on mysql has an ip addy that's nothing more than an 
integer. How do I get a dotted quad IP# from:

208436227 ?

Thanks in advance.


-- 
Jeet Kune Do does not beat around the bush. It does not take winding detours. 
It follows a straight line to the objective. Simplicity is the shortest 
distance between two points.
Bruce Lee - Tao of Jeet Kune Do


Jason Straight -- President
BlazeConnect -- Cheboygan Michigan
ISP: www.blazeconnect.net
Products: www.blazeconnect.com
Phone: 231-597-0376 -- Fax: 231-597-0393

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

mysql iphdr ip addressing scheme? Jason Straight (Oct 31)
- Re: mysql iphdr ip addressing scheme? Phil Wood (Nov 01)
  - Re: mysql iphdr ip addressing scheme? Jason Straight (Nov 01)
    - Re: mysql iphdr ip addressing scheme? Greg Sarsons (Nov 01)
- Message not available
  - Re: mysql iphdr ip addressing scheme? Jason Straight (Nov 01)
- <Possible follow-ups>
- RE: mysql iphdr ip addressing scheme? Mark Forsyth (Nov 01)
- Re: mysql iphdr ip addressing scheme? roman (Nov 01)