Snort mailing list archives
Logging MAC address with snort, barnyard2 & MySQL
From: Guillaume Blanc <guillaume.b.blanc () gmail com>
Date: Fri, 20 Aug 2010 16:11:00 +0200
Hello everyone, I’m actually trying to get the MAC address of the IP showed in snort alert, but when I download the pcap packet from BASE the only mac address that i’ve got are 11:22:33:44:55:66 and de:ad:ca:fe:ba:be (dead:cafe:babe)… I’ve searched around and found the option -e to activate in snort. But no more result. I also use barnyard2 and i tried to activate the same option. I’ve found this post who was really interesting " http://www.infosecramblings.com/2008/12/02/snort-base-mysql-and-a-deadcafebabe/ " And in the comment someone said it was possible with barnyard2 apparently. Do you have any clue on i can have those MAC addresses ? Thank You
------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Logging MAC address with snort, barnyard2 & MySQL Guillaume Blanc (Aug 20)
- Re: Logging MAC address with snort, barnyard2 & MySQL David Guimaraes (Aug 22)