[Snort-devel] Issue with filtering on MAC address
kumarm at ...2330...
Fri Jan 16 12:02:03 EST 2004
I need your help regarding one issue which I am facing right now.i want to filter on some three bytes which are present in MAC address of the packets. I have written the rules as foloow:
log ip any any <> any any (content: "|7e e1 03|";offset:0;distance:6;rawbytes;nocase;)
But,somehow,it's not applying the filter as when I look at the tcp dump file testrules,it shows me traffic with other MAC address also. Please help me out what I am doing wrong with it.
Thanks in advance
More information about the Snort-devel