Re: database IP attribute logging format

[Ramin Alidousti <ramin () cannon eng us uu net>]

You can use either of these two, depending on whether your machine
is a big/little-endian:

Little-endian:
$ perl -e 'print join(".", reverse unpack("C4", pack("L", $ARGV[0]))), "\n";' 2159537049
128.183.235.153


Big-endian:
$ perl -e 'print join(".", unpack("C4", pack("L", $ARGV[0]))), "\n";' 2159537049
128.183.235.153


Ramin

On Wed, Aug 22, 2001 at 05:40:34PM -0700, Jamil Farshchi wrote:

> Hello,
>
> I am using the mysql 3.23.40 logging feature on snort 1.8.1 and I am having 
> some trouble with the format that the IP addresses are stored. I looked at 
> the table definitions and they are stored in an int(10) unsigned, but how 
> do I convert the 10 digit number into a four octet ip address?
>
> For example:
> mysql> select distinct ip_src from iphdr;
> -----------
> |ip_src    |
> -----------|
> |2159537049|
> |----------
>
> what format is that number in? How do I convert it into an ip address?
>
> Any help would be greatly appreciated.
>
> -jamil
> ----------------------------------------------------------------------------------------------------
> Jamil D. Farshchi
> Computer Specialist, Inspections and Assessments
> NASA Office of Inspector General
> Washington, DC  20546
> Phone: (202) 358-1897 
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users