Snort mailing list archives
RE: ip_src in iphder?
From: "Kreimendahl, Chad J" <Chad.Kreimendahl () umb com>
Date: Tue, 4 Mar 2003 13:34:50 -0600
or inet_ntoa(<ip>) using your socket lib... if you don't wanna do it in SQL. -----Original Message----- From: Bamm Visscher [mailto:bamm () satx rr com] Sent: Tuesday, March 04, 2003 11:23 AM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] ip_src in iphder? I assume you are using mysql where you should be able to do something like: SELECT INET_NTOA(iphdr.src_ip) FROM iphdr WHERE iphdr.src_ip=INET_ATON('192.168.4.4'); Add your own JOINS/etc to that. Bammkkkk On Tue, Mar 04, 2003 at 10:50:12AM -0600, Paul Schmehl wrote:
Can someone tell me what the secret code is to find IP addresses in ip_src of iphdr? I'm trying to find all the activity for one IP address, and using ACID just doesn't cut it. -- Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/~pauls/ AVIEN Founding Member
------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ip_src in iphder? Paul Schmehl (Mar 04)
- Re: ip_src in iphder? Bamm Visscher (Mar 04)
- <Possible follow-ups>
- RE: ip_src in iphder? Kreimendahl, Chad J (Mar 04)