[Snort-users] Mac Address in alert

Alberto Colosi alcol at ...125...
Thu Jun 8 06:00:26 EDT 2017


what you do with mac ?


if routed you lose source mac and even it , mac can be forged as who admin the pc want


even IP can be used outside reservations and dhcp use


to account IP use , you have to use something like a NAC (hardware and software)


IP and mac does not give to you an identification if someone want to hide



________________________________
From: Paul Li <paul at ...17768...>
Sent: Thursday, June 8, 2017 12:29 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Mac Address in alert

Seems someone already asked this question, but Google doesn't give me a
confirmed answer. So bring this question to the attention to this group:

Is there a way I can get the MacAddress of the src and dst in a Snort alert?

Thanks,
Paul
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users Info Page - SourceForge - Download, Develop ...<https://lists.sourceforge.net/lists/listinfo/snort-users>
lists.sourceforge.net
This list is for general discussion of Snort usage, problems, design, etc. Do not use this list, or the members of this list to market your or any other products to.


Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Snort Blog<http://blog.snort.org/>
blog.snort.org
The Official Blog of the World Leading Open-Source IDS/IPS Snort.





More information about the Snort-users mailing list