Re: Snort and Barnyard2

[beenph <beenph () gmail com>]

On Thu, Feb 7, 2013 at 2:44 PM, Josh Bitto <jbitto () onlineschool ca> wrote:
> Would you happen to know which column would be the source port and
> destination port? Are they like the IP address as well where I have to use
> INET_NTOA as well?

Depends if its tcp or udp
if its a tcp packet then the port is in
tcphdr table (tcp_sport,tcp_dport)
if its udp its in the
udphdr table (udp_sport,udp_dport)
-elz

------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!