Snort mailing list archives
Re: How to log an IP address in dpx.c ?
From: Emiliano Fausto <emiliano.fausto () gmail com>
Date: Thu, 24 Jul 2014 13:49:14 -0300
Hello Luc,
I've tried this testing and it works fine:
iphdt = iphd.ip_src;unsigned char* ipsrcp_test = (unsigned char*)
&iphdt.ip;unsigned int src_ip_test = (*ipsrcp_test << 24) +
(*(ipsrcp_test+1) << 16) + (*(ipsrcp_test+2) << 8) +
*(ipsrcp_test+3);unsigned short int src_port_test = p->src_port;
iphdt = iphd.ip_dst;unsigned char* ipdstp_test = (unsigned char*)
&iphdt.ip;unsigned int dst_ip_test = (*ipdstp_test << 24) +
(*(ipdstp_test+1) << 16) + (*(ipdstp_test+2) << 8) +
*(ipdstp_test+3);unsigned short int dst_port_test = p->dst_port;
_dpd.logMsg("\tTest: ipsrc%u portsrc%u ipdst%u
portDst%u\n",src_ip_test,src_port_test, dst_ip_test,dst_port_test);
Hope it helps,
Emiliano.
2014-07-24 10:35 GMT-03:00 Zeeuw, L.V. de <l.v.de.zeeuw () hr nl>:
Hi,
i am experimenting with the dpx. Its working. Now i started adding some
statements to view the content ip4/tcp headers. I am able log things like
src/dst, TCP payload size, etc.
*SFSnortPacket* p = (SFSnortPacket*)pkt;*
*_dpd.logMsg("Source port: %i, Destination port: %i\n",p->src_port,
p->dst_port);_dpd.logMsg("Payload size %i\n",p->payload_size); *
but from sf_snort_packet.h and sf_ip.h (??) i do not know how to log an
ip-address ...
I should like to ...
*_dpd.logMsg("Source ip %?? \n", ?????);*BTW: Are there any recent
books/tutorials for these kind of questions you would recommend? What about
Snort development documentation for the most recent Snort version?
Any help is appreciated.
Regards,
Luc
the Netherlands
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- How to log an IP address in dpx.c ? Zeeuw, L.V. de (Jul 24)
- Re: How to log an IP address in dpx.c ? Emiliano Fausto (Jul 24)
- Re: How to log an IP address in dpx.c ? Zeeuw, L.V. de (Jul 25)
- <Possible follow-ups>
- Re: How to log an IP address in dpx.c ? Zeeuw, L.V. de (Sep 15)
- Re: How to log an IP address in dpx.c ? Emiliano Fausto (Sep 15)
- Re: How to log an IP address in dpx.c ? Zeeuw, L.V. de (Sep 15)
- Re: How to log an IP address in dpx.c ? Steven Sturges (Sep 15)
- Re: How to log an IP address in dpx.c ? Zeeuw, L.V. de (Sep 16)
- Re: How to log an IP address in dpx.c ? Emiliano Fausto (Sep 16)
- Re: How to log an IP address in dpx.c ? Emiliano Fausto (Sep 15)
- Re: How to log an IP address in dpx.c ? Emiliano Fausto (Jul 24)