Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort &postgresql (possibly stupid question department)

From: robe () alfa21 com (Roberto Suarez Soto)
Date: Mon, 22 Oct 2001 10:44:34 +0200
On Oct/22/2001, Mark Forsyth wrote:


Hiya,
     Maybe I've lost the plot completely but.. Snort stores IP addresses ( 
Ip_src & ip_dst ) in the iphdr table as a bigint so a select of that table 
returns ...:-


        As I parse the data from the DB with Perl, I made a quick dirty
function to parse a bigint into a "normal" IP address. Maybe it's useful :-)

sub bigint2ip ($)
{
        my $bigint = shift;
        my $ip = "";
        my $tmp = $bigint;

        for (my $i=32; $i > 0; $i-=8) {
                $ip = ($tmp & 255) . ".$ip";
                $tmp = $tmp >> 8;
        }

        chop($ip);
        return $ip;
}

        I guess it's trivial to "port" it to any another language. But I'm
also sure that there are better ways to do it :-)

-- 
Roberto Suarez Soto                                     Alfa21 Outsourcing
    robe () alfa21 com                               http://www.alfa21.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: