Re: How do I convert a snort source IP Number to IP address in Microsoft SQL Server

[b311b-snort () theotherbell com]

> > The ACID web page has a FAQ which describes how this should theoretically
> > work:
> > http://acidlab.sourceforge.net/acid_faq.html#faq_e1
> > Let IP  = the 32-bit unsigned integer representation of the IP address
> >     ip1 = octet 1 of 4 (high-order)
> >     ip2 = octet 2 of 4
> >     ip3 = octet 3 of 4
> >     ip4 = octet 4 of 4 (low-order)
> >
> >     >>  = bitwise shift right operator; takes an operand of the number
> > bits to shift
> >     AND = bitwise AND operator
> >
> > Then,
> >    ip1 = IP >> 24
> >    ip2 = (IP AND 00000000 11111111 00000000 00000000) >> 16
> >    ip3 = (IP AND 00000000 00000000 11111111 00000000) >> 8
> >    ip4 = (IP AND 00000000 00000000 00000000 11111111)
> >
> >    IP = ip1 . ip2 . ip3 . ip4
> > ***problem*** There is no >> operator in Microsoft SQL.

I don't know MS-SQL and I'm sure there's an easier way, but basically:

    3232236087/2^24 = 192 and 3232236087 mod (192*2^24) = 11010615
    11010615/2^16 = 168 and 11010615 mod (168*2^16) = 567
    567/2^8 = 2 and 567 mod (2*2^8) = 55
    
    3232236087 = 192.168.2.55

Brenda Bell
Henniker (the only one on earth)
New Hampshire (the state with 5 seasons: black fly, tourist, foliage, ski and mud)




-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users