Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Barnyard2 loads src IP and dst IP as digital in MySQL

From: wkitty42 () windstream net
Date: Tue, 7 Feb 2017 20:22:51 -0500
On 02/07/2017 04:52 PM, Paul Li wrote:

I'm using Barnyard2 to load Snort alerts to MySQL database. In the iphdr table,
src IP and dstIP are showing as a long number, such as the following

[...]

Not sure what encoding/values they are. Just wondering how should I get the
original values, which are in the case 192.168.0.183 and 192.168.0.155?


my eWAG is that they are likely simply decimal representations of the IPs...


http://www.silisoftware.com/tools/ipconverter.php?convert_from=3232235693
http://www.silisoftware.com/tools/ipconverter.php?convert_from=3232235675

seems that eWAG is right, too...

the decimal value of an IPv4 address can be found by converting it to base256... 
this page explains how to convert from the 32bit decimal numbers you are seeing 
to the dotted-quad IPv4 numbers you seek...

http://consciousvibes.com/computers/networking/conversions.html

-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: