[Snort-users] Snort and DHCP Request
Leonard_Miller at ...7710...
Fri Jan 3 13:09:04 EST 2003
I started using Snort a few months ago, so I am failry new to it
and have a question.
Snort is currently running in daemon mode, Snort -D.
I am beginning to implement IP phones here at work,
but the phones that were ordered were not the ones
that were requested and need to be sent back. But
I think the person that ordered them may connect one
to the network anyway. I know the first digits of the
MAC addresses are 00-60-B9 and they will request DHCP
when they connect.
My question is this:
Can I use snort to look for packets using just the 00-60-B9 of
the MAC? Would it be better to stop the daemon and start snort
on the command line to look for DHCP broadcasts from 0.0.0.0
addresses? I looked at some documentation and it looks like
I could start it like this: snort ip broadcast
If I am completely off track, please let me know.
More information about the Snort-users