[Snort-users] Mac Address in alert

Alberto Colosi alcol at ...125...
Thu Jun 8 06:00:26 EDT 2017

what you do with mac ?

if routed you lose source mac and even it , mac can be forged as who admin the pc want

even IP can be used outside reservations and dhcp use

to account IP use , you have to use something like a NAC (hardware and software)

IP and mac does not give to you an identification if someone want to hide

From: Paul Li <paul at ...17768...>
Sent: Thursday, June 8, 2017 12:29 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Mac Address in alert

Seems someone already asked this question, but Google doesn't give me a
confirmed answer. So bring this question to the attention to this group:

Is there a way I can get the MacAddress of the src and dst in a Snort alert?

Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users Info Page - SourceForge - Download, Develop ...<https://lists.sourceforge.net/lists/listinfo/snort-users>
This list is for general discussion of Snort usage, problems, design, etc. Do not use this list, or the members of this list to market your or any other products to.

Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Snort Blog<http://blog.snort.org/>
The Official Blog of the World Leading Open-Source IDS/IPS Snort.

More information about the Snort-users mailing list