Snort mailing list archives
unpacking IP in ACID DB - how
From: "Don Murdoch" <djmurd () cox net>
Date: Sun, 1 Aug 2004 21:23:57 -0400
Hi there ... I am attempting to work out some PERL programs that can produce the Hee So / Less Gordon analysis format from the ACID database. In order to do that I need to extract the IP address from the "acid_event" table. Apparently the data is stored in an 8 byte field. I haven't a good idea on how to extract it. I needed through the opt_database.c code and can't quite follow how to get it out using perl (the issue is conversion). I see in the ACID PHP code that it uses a PHP function called "long2ip" and has some range checks on it. I did see the discussion on the ACID page "how IP's are stored" but don't have quite enough perl skills to figure out how to "shift and bit mask" as they discuss. I have found a bunch of articles that discuss the concept, but haven't found enough perl code to move forward. I assume that others out there have had a need to read the data from the ACID db in a non-php language, would appreciate a perl code chunk / snippet to help out. Thank you all. --------------------------------------
From the home outbox of ...
Don Murdoch, CISSP GCWN, GCUX, GCIA, GCIH, MCSD, MCSE (NT/2K) Today's Sun Tzu Quote: "To fight and conquer in all your battles is not supreme excellence; supreme excellence consists in breaking the enemy's resistance without fighting." -Sun Tzu ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- unpacking IP in ACID DB - how Don Murdoch (Aug 01)