Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Mac-Address

From: waldo kitty <wkitty42 () windstream net>
Date: Thu, 22 Aug 2013 07:32:50 -0400
On 8/22/2013 05:08, Abid Ayoub wrote:

Hi,

So, i am listening to the traffic from a mirror port in a cisco switch (ethernet
port)
I have added to the snort.conf "config decode_data_link" in order to see the Mac
Address printed on the screen when snort will sniff the traffic.

I have used u2boat tool then read the file with tcpdump, but what i get from the
snort.u2.xxxx file  is :

08/22-10:42:43.593477 x.x.x.x -> x.x.x.x
ICMP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:84 DF
Type:8  Code:0  ID:4531   Seq:1  ECHO

So , what is  wrong?  solution ?


what is your exact tcpdump command line?? i suspect you are missing an 
additional v or several of them...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: