![snort logo](/images/snort-logo.png)
Snort mailing list archives
Re: Mac Address in alert
From: Alberto Colosi <alcol () hotmail com>
Date: Thu, 8 Jun 2017 10:00:26 +0000
what you do with mac ? if routed you lose source mac and even it , mac can be forged as who admin the pc want even IP can be used outside reservations and dhcp use to account IP use , you have to use something like a NAC (hardware and software) IP and mac does not give to you an identification if someone want to hide ________________________________ From: Paul Li <paul () scybersecurity com> Sent: Thursday, June 8, 2017 12:29 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Mac Address in alert Seems someone already asked this question, but Google doesn't give me a confirmed answer. So bring this question to the attention to this group: Is there a way I can get the MacAddress of the src and dst in a Snort alert? Thanks, Paul ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users Info Page - SourceForge - Download, Develop ...<https://lists.sourceforge.net/lists/listinfo/snort-users> lists.sourceforge.net This list is for general discussion of Snort usage, problems, design, etc. Do not use this list, or the members of this list to market your or any other products to. Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Snort Blog<http://blog.snort.org/> blog.snort.org The Official Blog of the World Leading Open-Source IDS/IPS Snort. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Mac Address in alert Paul Li (Jun 07)
- Re: Mac Address in alert Al Lewis (allewi) (Jun 07)
- Re: Mac Address in alert Paul Li (Jun 07)
- Re: Mac Address in alert Al Lewis (allewi) (Jun 07)
- Re: Mac Address in alert Paul Li (Jun 08)
- Re: Mac Address in alert Paul Li (Jun 07)
- Re: Mac Address in alert Al Lewis (allewi) (Jun 07)
- Re: Mac Address in alert Alberto Colosi (Jun 08)