RE: Snort 1.7 MySQL Question

[swilcoxon () iqmarketing com]

There isn't any real encoding. The four octets of the IP are simply being
used as a single four byte integer. If you put that number through a
decimal->hex conversion you get all the hex digits. Each pair of hex digits
when converted back makes one portion of the dotted IP address. You do need
to remember to add leading Zeros until you get all eight hex digits.

S.W.

> -----Original Message-----
> From: Jason [mailto:jason () tcpipbitch net]
> Sent: Friday, August 10, 2001 4:30 PM
> To: bthaler () webstream net
> Cc: snort-users () lists sourceforge net
> Subject: Re: [Snort-users] Snort 1.7 MySQL Question
>
>
>
> Actually, funny enough, browsers will work with this as well, spammers
> like to use it to hide the web sites they are sending you to. they use
> things like www.hotmail.com@1064298128/blah/blah.html
>
> Off hand I cannot remember how to decode it, however if you goto
> www.samspade.org there are some tools there
>
> Jason
>
>  On Fri, 10 Aug  2001 bthaler () webstream net wrote:
>
> > My machine knows how to decode these.  For instance, I can 
> ping "1064298128"
> > from a command line.  But I'm not as smart as my machine, LOL.
> >
> > Appreciate any help,
> > Brad T.
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users