[Snort-users] Snort and DHCP Request

Leonard Miller Leonard_Miller at ...7710...
Fri Jan 3 13:09:04 EST 2003

I started using Snort a few months ago, so I am failry new to it
and have a question.

Snort is currently running in daemon mode, Snort -D.
I am beginning to implement IP phones here at work, 
but the phones that were ordered were not the ones 
that were requested and need to be sent back.  But
I think the person that ordered them may connect one
to the network anyway.  I know the first digits of the
MAC addresses are 00-60-B9 and they will request DHCP
when they connect.
My question  is this:
Can I use snort to look for packets using just the 00-60-B9 of 
the MAC?  Would it be better to stop the daemon and start snort
on the command line to look for DHCP broadcasts from
addresses?  I looked at some documentation and it looks like
I could start it like this:    snort ip broadcast

If I am completely off track, please let me know.


More information about the Snort-users mailing list