Logging MAC address with snort, barnyard2 & MySQL

[Guillaume Blanc <guillaume.b.blanc () gmail com>]

Hello everyone,

I’m actually trying to get the MAC address of the IP showed in snort alert,
but when I download the pcap packet from BASE the only mac address that i’ve
got are 11:22:33:44:55:66 and de:ad:ca:fe:ba:be (dead:cafe:babe)…

I’ve searched around and found the option -e to activate in snort. But no
more result. I also use barnyard2 and i tried to activate the same option.

I’ve found this post who was really interesting
"
http://www.infosecramblings.com/2008/12/02/snort-base-mysql-and-a-deadcafebabe/
"

And in the comment someone said it was possible with barnyard2 apparently.
Do you have any clue on i can have those MAC addresses ?

Thank You

------------------------------------------------------------------------------
This SF.net email is sponsored by 

Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users