[Snort-users] Nice result with Snort.

Jan Hugo Prins j.h.prins at ...1226...
Mon Jan 29 16:32:47 EST 2001

On Monday 29 January 2001 22:18, you wrote:
> On Mon, 29 Jan 2001, Jan Hugo Prins wrote:
> > The HW I got from the packet is the HW of a system within my own segment
> > and they can be obtained from packets where the IP adres is not masked.
> > At least, that is what I know about it.
> But you still haven't identified the attacker.
> The only way you could identify them from the mac address is if they were
> on your same ethernet segment.
And he actually is. Atleast, I think he is. I have an IP in subnet and so has he. This should be the same segment, shouldn't it?


More information about the Snort-users mailing list