Snort mailing list archives

Re: MySQL logs wrong IP - Addresses ( caution - NEWBIE ! )

From: Jens Krabbenhoeft <tschenz-snort-users () noris net>
Date: Thu, 21 Nov 2002 22:17:58 +0100

Hi,

- ip - addresses without dots : "176689530"


There are several notations for IP addresses. The IP address notation
all of us are used to is called dotted quad decimal, e.g.: 192.168.0.1
(see http://techweb.com/encyclopedia/defineterm?term=dotaddress). 

The way snort stores the IP address in the database is the decimal
representation of that IP address. 

You can have a look at the conversions at
http://www.telusplanet.net/public/sparkman/netcalc.htm (scroll down to
IP address converter).

So, if you don't want to use some of the ready to use analyse tools, you
can use something like "SELECT INET_NTOA(ip_src) FROM iphdr".

HTH,
        Jens


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

MySQL logs wrong IP - Addresses ( caution - NEWBIE ! ) verwiebe (Nov 21)
- Re: MySQL logs wrong IP - Addresses ( caution - NEWBIE ! ) twig les (Nov 21)
- Re: MySQL logs wrong IP - Addresses ( caution - NEWBIE ! ) Jens Krabbenhoeft (Nov 21)
- <Possible follow-ups>
- Re: MySQL logs wrong IP - Addresses ( caution - NEWBIE ! ) Roman Danyliw (Nov 21)