Snort mailing list archives

Re: ip_src in iphder?

From: Bamm Visscher <bamm () satx rr com>
Date: Tue, 4 Mar 2003 11:22:34 -0600

I assume you are using mysql where you should be able to do something like:

  SELECT INET_NTOA(iphdr.src_ip) FROM iphdr WHERE iphdr.src_ip=INET_ATON('192.168.4.4');

Add your own JOINS/etc to that.

Bammkkkk

On Tue, Mar 04, 2003 at 10:50:12AM -0600, Paul Schmehl wrote:

Can someone tell me what the secret code is to find IP addresses in
ip_src of iphdr?  I'm trying to find all the activity for one IP
address, and using ACID just doesn't cut it.

-- 
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member



-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

ip_src in iphder? Paul Schmehl (Mar 04)
- Re: ip_src in iphder? Bamm Visscher (Mar 04)
- <Possible follow-ups>
- RE: ip_src in iphder? Kreimendahl, Chad J (Mar 04)