Snort mailing list archives
Re: Mac Adresses in Acid Screens
From: Milo Velimirovic <milov () uwlax edu>
Date: Fri, 10 Oct 2003 08:42:57 -0500
On Friday, October 10, 2003, at 03:16 AM, Demetri Mouratis wrote:
On Thu, 9 Oct 2003, Juan M. Rivera wrote:Does anyone know how you can see the Mac Address with the IP address in theAcid screen (acid_stat_ipaddr.php)?Is there a way one can use a local internal DNS to resolve ip addresses withhostname and Mac Addesses?
DNS doesn't know about MAC addresses. It's a service for providing mappings (in both directions) between IP addresses and Fully Qualified Domain Names. It also can and should provide some additional information like mail exchange records but that's irrelevant to this topic.
I have searched for a way to do something similar myself. It would be helpful to have the mac address shown at various points within ACID.
The biggest problem here is that the MAC address associated with an IP address is only directly available on the network segment or VLAN where the host resides.
Am I missing something here? Wouldn't it be necessary to consult a DHCP/Bootp server to glean the MAC address if one is sniffing on some network segment or VLAN other than the one where the host assigned to a particular IP address resides.
Looked at arpspoof? --------------------------------------------------------------------- Demetri Mouratis dmourati () linfactory com
[snip] Regards, Milo Milo Velimirovic <milov "at" uwlax "dot" edu> Unix Computer Network Administrator University of Wisconsin - La Crosse La Crosse, Wisconsin 54601 USA 43 48 05 N 91 14 22 W There are 10 different types of people in the world. Those who can read binary and those who can't. ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Mac Adresses in Acid Screens Juan M. Rivera (Oct 09)
- Re: Mac Adresses in Acid Screens Demetri Mouratis (Oct 10)
- Re: Mac Adresses in Acid Screens Milo Velimirovic (Oct 10)
- Re: Mac Adresses in Acid Screens Jeff Nathan (Oct 10)
- <Possible follow-ups>
- RE: Mac Adresses in Acid Screens Schmehl, Paul L (Oct 10)
- RE: Mac Adresses in Acid Screens Demetri Mouratis (Oct 10)
- Re: Mac Adresses in Acid Screens Stephen W. Thompson (Oct 10)
- RE: Mac Adresses in Acid Screens Demetri Mouratis (Oct 10)
- RE: Mac Adresses in Acid Screens Schmehl, Paul L (Oct 10)
- Re: Mac Adresses in Acid Screens Demetri Mouratis (Oct 10)