[Snort-users] detect on specific MAC address
WilliamsJonathan at ...2134...
Thu Oct 21 07:58:13 EDT 2004
Internally, snort doesn't have visibility to the MAC address
information; snort only looks at IP and higher in the stack. You can,
however, run short with a BPF on the command line to get more
flexibility. So, if you want to limit snort to only the one dst MAC,
you'd do something like:
snort <normal snort arguments> ether dst host <dst mac address>
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Jericho
Sent: Thursday, October 21, 2004 8:31 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] detect on specific MAC address
We all know that snort can be in NIDS mode to detect all the
packets in the network, but can snort just detect some specific
I have a computer with 2 NIC, and I want snort to detect some
packets send to the second NIC only,
So other packets without the MAC address in the header the same with the
2nd NIC MAC address will not be captured by snort,
Can snort do this?
Thanks for your Help in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users