Re: -B option

[John Sage <jsage () finchhaven com>]

Lance:

No words of wisdom, but...

Are you doing this to a previously-captured binary log file, being
read back with -r, or to a binary log file at the moment of its capture?

(hmm.. Guess it wouldn't make any difference..)

man snort:

-B address-conversion-mask

Convert  all  IP  addresses  in  home-net to addresses specified by
address-conversion-mask.  Used to  obfuscate  IP  addresses  within
binary  logs.  Specify home-net with the '-h' switch.  Note this is
not the same as $HOME_NET.


Seems like it might be some part of:

-h 172.16.1.0/24 -B 10.1.1.0/24

or somesuch on the command line?

As you might guess, I haven't tried it myself :-/


- John
-- 
"I am called Strider. I came out of the North. I am hunting Orcs."

PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 



On Sat, May 18, 2002 at 12:40:38PM -0500, Lance Spitzner wrote:
> Okay, playing with the -B option.  What is the proper command line
> syntax to permanenly change the IP addresses in a Snort binary log
> file?
>
> For example, I want to convert all IP addresses of 172.16.1.0/24 to
> 10.1.1.0/24 within a specific binary log.
>
> Words of wisdom?
>
> Thanks!
>
> -- 
> Lance Spitzner
> http://project.honeynet.org

_______________________________________________________________
Hundreds of nodes, one monster rendering program.
Now that's a super model! Visit http://clustering.foundries.sf.net/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users