Snort mailing list archives

Re: Watching MAC addresses instead of IP's

From: roman () danyliw com
Date: Sat, 19 May 2001 10:43:47 US/Eastern

There is only limited support for MAC addresses.  While MACs
can be output in text file logging via the (-e) option, one cannot
specifically include them in any rules.  However, if your 
interested in snort only watching traffic from/to a specific
MAC, use the normal rule set, but limit what Snort "sees" using
command line BPF parameters (e.g. ether)

cheers,
Roman

Hi all,

I think this came up before, but giving a quick scan through the lists I
didn't see anything.

Is it possible to get snort to only watch traffic going to and coming
from specific MAC address(es)?

TIA, and best regards,
-Emil


-- 
http://www.ecad.org/~jev/jev.gpg
Key fingerprint = 748B 2346 1683 6384 5E8D  4EE3 0807 EADB 999E AB95

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Watching MAC addresses instead of IP's Jev (May 19)
- Re: Watching MAC addresses instead of IP's Fyodor (May 19)
- <Possible follow-ups>
- Re: Watching MAC addresses instead of IP's roman (May 19)