Snort mailing list archives

Re: ip_src & ip_dst

From: roman () danyliw com
Date: Thu, 19 Jul 2001 21:37:36 US/Eastern

"ip_src, ip_dst": the 32-bit unsigned integer representation
of the IP address

Use bit operations to extract an IP address in dotted notation

Assume: a.b.c.d

a = (ip_src AND FF000000) >> 24
b = (ip_src AND 00FF0000) >> 16
c = (ip_src AND 0000FF00) >> 8
d = (ip_src AND 000000FF)

cheers,
Roman

Hi,

i've recently upgraded to snort 1.8 and also 
also recreated the database using the create_mysql script.


i saw some discussion going on about changing to log format of src_ip &
dst_ip.ansd it seems to be done now.
I was wondering what the new format is ? is it packed ? 

sorry for the lame question

thx in advance anyway

-Jan

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ip_src & ip_dst janvrt (Jul 19)
- Re: ip_src & ip_dst Mark Rowlands (Jul 20)
- <Possible follow-ups>
- Re: ip_src & ip_dst roman (Jul 19)