Snort mailing list archives
Re: -B option
From: John Sage <jsage () finchhaven com>
Date: Sat, 18 May 2002 20:56:04 -0700
Lance: No words of wisdom, but... Are you doing this to a previously-captured binary log file, being read back with -r, or to a binary log file at the moment of its capture? (hmm.. Guess it wouldn't make any difference..) man snort: -B address-conversion-mask Convert all IP addresses in home-net to addresses specified by address-conversion-mask. Used to obfuscate IP addresses within binary logs. Specify home-net with the '-h' switch. Note this is not the same as $HOME_NET. Seems like it might be some part of: -h 172.16.1.0/24 -B 10.1.1.0/24 or somesuch on the command line? As you might guess, I haven't tried it myself :-/ - John -- "I am called Strider. I came out of the North. I am hunting Orcs." PGP key http://www.finchhaven.com/pages/gpg_pubkey.html Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 On Sat, May 18, 2002 at 12:40:38PM -0500, Lance Spitzner wrote:
Okay, playing with the -B option. What is the proper command line syntax to permanenly change the IP addresses in a Snort binary log file? For example, I want to convert all IP addresses of 172.16.1.0/24 to 10.1.1.0/24 within a specific binary log. Words of wisdom? Thanks! -- Lance Spitzner http://project.honeynet.org
_______________________________________________________________ Hundreds of nodes, one monster rendering program. Now that's a super model! Visit http://clustering.foundries.sf.net/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- -B option Lance Spitzner (May 18)
- Re: -B option John Sage (May 18)