[Snort-users] Watching MAC addresses instead of IP's

roman at ...438... roman at ...438...
Sat May 19 10:43:47 EDT 2001


There is only limited support for MAC addresses.  While MACs
can be output in text file logging via the (-e) option, one cannot
specifically include them in any rules.  However, if your 
interested in snort only watching traffic from/to a specific
MAC, use the normal rule set, but limit what Snort "sees" using
command line BPF parameters (e.g. ether)

cheers,
Roman

> Hi all,
> 
> I think this came up before, but giving a quick scan through the lists I
> didn't see anything.
> 
> Is it possible to get snort to only watch traffic going to and coming
> from specific MAC address(es)?
> 
> TIA, and best regards,
> -Emil
> 
> 
> -- 
> http://www.ecad.org/~jev/jev.gpg
> Key fingerprint = 748B 2346 1683 6384 5E8D  4EE3 0807 EADB 999E AB95
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list