Snort mailing list archives

Re: Sid ?

From: "Warrick FitzGerald" <wfitzgerald () livetechnology com>
Date: Sat, 9 Feb 2002 14:58:49 -0500

Ahh, thanks for the help. One more though :)

The ip_src and ip_dst addresses are often "0" which is the default. Is this
a bug / problem or am I not understanding the data model ?

Select looks like this :

SELECT `iphdr`.`ip_src`,
       `iphdr`.`ip_dst`,
       `tcphdr`.`tcp_sport`,
       `tcphdr`.`tcp_dport`,
       `tcphdr`.`tcp_seq`,
       `tcphdr`.`tcp_ack`,
       `data`.`data_payload`
FROM `data`
   INNER JOIN `tcphdr` ON (`data`.`cid` = `tcphdr`.`cid`)
   INNER JOIN `iphdr` ON (`tcphdr`.`cid` = `iphdr`.`cid`)

However looking at the iphdr table only reveals exactly the same thing ?

Thanks
Warrick FitzGerald
LiveTechnology Inc.



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Eliminating rulesets Jeff Elkins (Feb 09)
- Sid ? Warrick FitzGerald (Feb 09)
  - Re: Sid ? Ryan Russell (Feb 09)
    - Re: Sid ? Warrick FitzGerald (Feb 09)
    - Re: Sid ? Warrick FitzGerald (Feb 09)
    - Re: Sid ? Tony Scalzitti (Feb 09)
- Re: Eliminating rulesets Phil Wood (Feb 09)
  - Re: Eliminating rulesets Jeff Elkins (Feb 09)
    - Re: Eliminating rulesets Phil Wood (Feb 09)
    - Re: Eliminating rulesets Jeff Elkins (Feb 09)