Snort mailing list archives

RE: ip address format of iphdr in mysql

From: "Mike Arrison" <arrison () gnostech com>
Date: Fri, 22 Mar 2002 12:59:23 -0500

I got half way through this before Jeff replied with a smarter answer.  But
here's a perl script to decode them for you if you prefer that:

#!/usr/bin/perl
# Call this script like this: "./test.pl 2130706433"
# And never mind the extra period at the end of the output
# And forgive my perl style please.

use strict;
use POSIX;

my $tmp;
my $ip = shift;
print "$ip: ";
for (3,2,1,0) {
        $tmp = $ip/(256**$_);
        print floor($tmp).".";
        $ip -= (floor($tmp)*(256**$_));
}
print "\n";


     -Mike Arrison


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Luo, Feng
(Exchange)
Sent: Friday, March 22, 2002 11:52 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] ip address format of iphdr in mysql


I am searching the ip address from mysql.
**********************************************************************
mysql> select * from iphdr;
+-----+-----+------------+------------+--------+---------+--------+--------+
----
---+----------+--------+--------+----------+---------+
| sid | cid | ip_src     | ip_dst     | ip_ver | ip_hlen | ip_tos | ip_len |
ip_
id | ip_flags | ip_off | ip_ttl | ip_proto | ip_csum |
+-----+-----+------------+------------+--------+---------+--------+--------+
----
---+----------+--------+--------+----------+---------+
|   1 | 417 | 2473322920 | 2473281217 |      4 |       5 |      0 |  33361 |
247
46 |        0 |      0 |     28 |        1 |   25793 |
|   1 | 416 | 2473322920 | 2473281217 |      4 |       5 |      0 |  33361 |
244
90 |        0 |      0 |     28 |        1 |   26049 |
|   1 | 419 | 2473322920 | 2473281217 |      4 |       5 |      0 |  33361 |
255
14 |        0 |      0 |     28 |        1 |   25025 |
|   1 | 418 | 2473322920 | 2473281217 |      4 |       5 |      0 |  33361 |
250
02 |        0 |      0 |     28 |        1 |   25537 |
+-----+-----+------------+------------+--------+---------+--------+--------+
----
---+----------+--------+--------+----------+---------+
4 rows in set (0.01 sec)
**********************************************************************

How can I translate 10 integer 2473322920 and 2473281217 to the regular ip
address?

Feng



****************************************************************
Bear Stearns is not responsible for any recommendation, solicitation,
offer or agreement or any information about any transaction, customer
account or account activity contained in this communication.
***********************************************************************


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ip address format of iphdr in mysql Luo, Feng (Exchange) (Mar 22)
- RE: ip address format of iphdr in mysql Mike Arrison (Mar 22)
- Re: ip address format of iphdr in mysql Andrew Hutchinson (Mar 27)
- <Possible follow-ups>
- RE: ip address format of iphdr in mysql Wirth, Jeff (Mar 22)
  - Re: ip address format of iphdr in mysql John Sage (Mar 27)
- RE: ip address format of iphdr in mysql Luo, Feng (Exchange) (Mar 22)