Snort mailing list archives
Re: Sid ?
From: "Warrick FitzGerald" <wfitzgerald () livetechnology com>
Date: Sat, 9 Feb 2002 16:03:49 -0500
My Apologies, It turns out my "0" ip address is caused by the GUI client I am using to access MySQL. The integer value seems to be to high for it to deal with. THanks Warrick ----- Original Message ----- From: "Warrick FitzGerald" <wfitzgerald () livetechnology com> To: <Snort-users () lists sourceforge net> Sent: Saturday, February 09, 2002 2:58 PM Subject: Re: [Snort-users] Sid ?
Ahh, thanks for the help. One more though :) The ip_src and ip_dst addresses are often "0" which is the default. Is
this
a bug / problem or am I not understanding the data model ?
Select looks like this :
SELECT `iphdr`.`ip_src`,
`iphdr`.`ip_dst`,
`tcphdr`.`tcp_sport`,
`tcphdr`.`tcp_dport`,
`tcphdr`.`tcp_seq`,
`tcphdr`.`tcp_ack`,
`data`.`data_payload`
FROM `data`
INNER JOIN `tcphdr` ON (`data`.`cid` = `tcphdr`.`cid`)
INNER JOIN `iphdr` ON (`tcphdr`.`cid` = `iphdr`.`cid`)
However looking at the iphdr table only reveals exactly the same thing ?
Thanks
Warrick FitzGerald
LiveTechnology Inc.
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Eliminating rulesets Jeff Elkins (Feb 09)
- Re: Eliminating rulesets Jeff Elkins (Feb 09)
- Re: Eliminating rulesets Phil Wood (Feb 09)
- Re: Eliminating rulesets Jeff Elkins (Feb 09)