RE: Snorting the MAC address

["Turner Ryan S CONT KPWA" <TurnerRS () kpt nuwc navy mil>]

yeah, there is a good reason. Routers don't pass MAC addresses along with
the packet. And hackers are usually more than a few routers away from you.
So logging MAC addresses would only work within your network. I think
Switches don't even pass MAC information, not positive though. So in that
case getting the MAC would only work for computers on the same switch(or
hub) as snort, which is relatively pointless unless your troubleshooting
something.  There might be some way to enable it in Snort, but it would
serve very limited purposes.

-----Original Message-----
From: Nate Haggard [mailto:nate () wordplace com]
Sent: Thursday, April 11, 2002 3:02 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snorting the MAC address


Snort grabs IPs, and that is great until someone tries to spoof their 
IP.  Is there anyway to get snort to log both the IP and MAC address. 

Does anyone know what part of the code to look at for this feature? 

Maybe there is a good reason snort doesn't log the MAC and I'm just 
clueless.


Thanks
-- 
Nate Haggard, nate () wordplace com on 04/11/2002



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users