[Snort-users] Nice result with Snort.

Dan Hollis goemon at ...20...
Mon Jan 29 16:18:24 EST 2001

On Mon, 29 Jan 2001, Jan Hugo Prins wrote:
> The HW I got from the packet is the HW of a system within my own segment and
> they can be obtained from packets where the IP adres is not masked. At least,
> that is what I know about it.

But you still haven't identified the attacker.

The only way you could identify them from the mac address is if they were
on your same ethernet segment.


More information about the Snort-users mailing list