Snort mailing list archives

Snort DB query question.

From: "larosa, vjay" <larosa_vjay () emc com>
Date: Thu, 24 Oct 2002 22:22:57 -0400

Hello,

I have a question that has been bugging me since I started using the
database output plugin
with snort. Why are the IP addresses stored in the DB in the 32 bit format?
What is the advantage?
I know there must be something I don't know. I know the SELECT
inet_ntoa(ip_src) ...... trick to convert 
the IP's back to human readable format, but what if I want to search for a
CDIR block like 10.10.0.0/16? 
How would this be done? Is it possible?

Thanks!

vjl



V.Jay LaRosa                           EMC Corporation
Information Security                  171 South Street
(508)249-3355 office                  Hopkinton, MA 01748
(508)498-5575 cell                     www.emc.com
(888-799-9750 pager                  larosa_vjay () emc com
(508)497-8082 fax



-------------------------------------------------------
This sf.net email is sponsored by: Influence the future 
of Java(TM) technology. Join the Java Community 
Process(SM) (JCP(SM)) program now. 
http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0003en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort DB query question. larosa, vjay (Oct 24)
- Re: Snort DB query question. Michael Boman (Oct 24)
- <Possible follow-ups>
- RE: Snort DB query question. larosa, vjay (Oct 24)
- RE: Snort DB query question. Kreimendahl, Chad J (Oct 24)
- Re: Snort DB query question. WTWork (Oct 24)