Snort and DHCP Request

["Leonard Miller" <Leonard_Miller () udlp com>]

Hello,
I started using Snort a few months ago, so I am failry new to it
and have a question.

Snort is currently running in daemon mode, Snort -D.
I am beginning to implement IP phones here at work, 
but the phones that were ordered were not the ones 
that were requested and need to be sent back.  But
I think the person that ordered them may connect one
to the network anyway.  I know the first digits of the
MAC addresses are 00-60-B9 and they will request DHCP
when they connect.
My question  is this:
Can I use snort to look for packets using just the 00-60-B9 of 
the MAC?  Would it be better to stop the daemon and start snort
on the command line to look for DHCP broadcasts from 0.0.0.0
addresses?  I looked at some documentation and it looks like
I could start it like this:    snort ip broadcast

If I am completely off track, please let me know.

Thanks
Leonard


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users