Re: Mac Adresses in Acid Screens

[Jeff Nathan <jeff () snort org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Friday, October 10, 2003, at 04:16 AM, Demetri Mouratis wrote:
> I have searched for a way to do something similar myself.  It would be
> helpful to have the mac address shown at various points within ACID.
>
> Looked at arpspoof?
> ---------------------------------------------------------------------
> Demetri Mouratis
> dmourati () linfactory com

I forgot to let everyone know that with the release of Snort 2.0.2, 
spp_arpspoof now generates logs AND alerts.  Instead of just seeing a 
log entry appear in your preferred output format (database, ascii alert 
file, etc..) you now have access to the Ethernet frame that triggered 
an alert within spp_arpspoof.

I haven't looked at the database schema in some time so I'm curious how 
this will work out for users.  If you are using arpspoof and database 
logging (using the standard schema) with ACID or a similar front-end, 
please let me know how it works out for you.

- -Jeff

- --
http://cerberus.sourcefire.com/~jeff       (gpg/pgp key id 6923D3FD)
"Great spirits have always encountered violent opposition from
mediocre minds."   - Albert Einstein

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)

iD8DBQE/htEiEqr8+Gkj0/0RApc4AJ44RtJYGTEXnVy7TWHZM+IcV8r3iQCfRnq6
Ah5nquYH+Zojvxc8YUZ5+uY=
=/w8a
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users