CCS user
|
| Posted: 05/01/2003, 8:11 PM |
|
I have a snort database in mysql. Snort logs IP addresses like this --> "3232235876".
If I'm pulling a grid of IP addresses, how do I format that number to show the actual IP? Just curious if there is any way in codecharge. I must be missing something easy here.
|
|
|
 |
CCS user
|
| Posted: 05/02/2003, 7:22 AM |
|
I found some more information. The IP is stored as a 32bit integer. So if I use this in codecharge...
SELECT ip_src, inet_ntoa(ip_src) FROM iphdr;
MySQL provides a native function, inet_ntoa(), which will convert an unsigned 32-bit integer into a 4-octet IP address.
Mysql will convert the IP src.....but is there any way to search on that value in the DB? For instance, if I want to search on and IP address %like% 152.162.x.x, how can I do that? Convert before the search? Any help appreciated
|
|
|
|
RonB
|
| Posted: 05/03/2003, 6:31 AM |
|
I think converting the ip you enter in search is the way to go.
RonB
|
|
|
|
DaveRexel
|
| Posted: 05/04/2003, 5:28 PM |
|
:found this on the net for you:
Here is a sample PHP function to convert a dotted IP Address to its corresponding IP Number:
function IPAddress2IPNumber($dotted) {
$dotted = preg_split( "/[.]+/", $dotted);
$ip = (double) ($dotted[0] * 16777216) + ($dotted[1] * 65536) + ($dotted[2] * 256) + ($dotted[3]);
return $ip;
}
and the corresponding PHP function to convert IP Number to its corresponding dotted IP Address:
function IPNumber2IPAddress($number) {
$a = ($number / 16777216) % 256;
$b = ($number / 65536) % 256;
$c = ($number / 256) % 256;
$d = ($number) % 256;
$dotted = $a.".".$b.".".$c.".".$d;
return $dotted;
}
Greetings
Dave
|
|
|
|
billy
|
| Posted: 05/06/2003, 11:37 PM |
|
SELECT * from iphdr where ip_src=inet_aton("64.128.0.1)
would retrive all rows where ip=64.128.0.1
|
|
|
|
|
