Snort mailing list archives
RE: Mac Address
From: "Graham, Robert (ISS Atlanta)" <rgraham () iss net>
Date: Mon, 16 Sep 2002 14:56:43 -0400
NBNS (NetBIOS Name Service) has a field for the remote MAC address. However, while Windows fills in this field, SAMBA (Linux NetBIOS) leaves it empty. Using Windows, you can remotely query this by doing a "NetBIOS NodeStatus Query" using the "nbtstat.exe" command-line program. Example: nbtstat -A 192.0.2.111 Also, if a remote target has SNMP enabled, you can often retrieve the remote MAC address with suitable queries. More importantly, you can also get the remote MAC address by querying a nearby machine's ARP cache. -----Original Message----- From: Glenn Forbes Fleming Larratt [mailto:glratt () rice edu] Sent: Friday, September 13, 2002 8:54 AM To: snort-users () lists sourceforge net Cc: focus-ids () securityfocus com Subject: Re: [Snort-users] Mac Address On Fri, 13 Sep 2002, jai wrote:
Hi, Is it possible to get the MAC address for remote machine( which is in different network). ??
In some circumstances: - if you have administrative control over the different network to which the remote machine is connected; - if the the remote machine is running a protocol that would include the MAC address in the packet data (I'm aware of protocols - IPSec, NBNS - that include the remote IP in some way, but none that include the MAC). Both circumstances are unlikely. -g
J
Glenn Forbes Fleming Larratt Rice University Network Management glratt () rice edu ------------------------------------------------------- Sponsored by: AMD - Your access to the experts on Hammer Technology! Open Source & Linux Developers, register now for the AMD Developer Symposium. Code: EX8664 http://www.developwithamd.com/developerlab _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Mac Address jai (Sep 13)
- Re: Mac Address Glenn Forbes Fleming Larratt (Sep 13)
- Re: Mac Address Bennett Todd (Sep 13)
- <Possible follow-ups>
- RE: Mac Address Graham, Robert (ISS Atlanta) (Sep 16)