Snort mailing list archives

Re: Mac Address in alert

From: Alberto Colosi <alcol () hotmail com>
Date: Thu, 8 Jun 2017 10:00:26 +0000

what you do with mac ?


if routed you lose source mac and even it , mac can be forged as who admin the pc want


even IP can be used outside reservations and dhcp use


to account IP use , you have to use something like a NAC (hardware and software)


IP and mac does not give to you an identification if someone want to hide



________________________________
From: Paul Li <paul () scybersecurity com>
Sent: Thursday, June 8, 2017 12:29 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Mac Address in alert

Seems someone already asked this question, but Google doesn't give me a
confirmed answer. So bring this question to the attention to this group:

Is there a way I can get the MacAddress of the src and dst in a Snort alert?

Thanks,
Paul
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users Info Page - SourceForge - Download, Develop ...<https://lists.sourceforge.net/lists/listinfo/snort-users>
lists.sourceforge.net
This list is for general discussion of Snort usage, problems, design, etc. Do not use this list, or the members of this 
list to market your or any other products to.


Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Snort Blog<http://blog.snort.org/>
blog.snort.org
The Official Blog of the World Leading Open-Source IDS/IPS Snort.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Mac Address in alert Paul Li (Jun 07)
- Re: Mac Address in alert Al Lewis (allewi) (Jun 07)
  - Re: Mac Address in alert Paul Li (Jun 07)
    - Re: Mac Address in alert Al Lewis (allewi) (Jun 07)
    - Re: Mac Address in alert Paul Li (Jun 08)
- Re: Mac Address in alert Alberto Colosi (Jun 08)