[Snort-users] Snort log: Source MAC address record

Y M snort at ...15979...
Mon Mar 11 15:59:08 EDT 2013

You may use the -e switch when running Snort. I haven't used it personally, but it may be worth a shot.

"-e   Display the second layer header info"

Also see this conversation titled "Snorting the MAC address", good information:


From: Ayodele Okeowo<mailto:aymacro at ...11827...>
Sent: ‎3/‎11/‎2013 9:29 PM
To: snort-users at lists.sourceforge.net<mailto:snort-users at ...3783...net>
Subject: [Snort-users] Snort log: Source MAC address record


Can Snort also record the MAC address of a machine sourcing from my
network? If not, is there any snort module that can help Snort?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130311/7c068219/attachment.html>
-------------- next part --------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to 
tackle endpoint security challenges, access the full report. 
-------------- next part --------------
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

More information about the Snort-users mailing list