Snort mailing list archives
Snort and DHCP Request
From: "Leonard Miller" <Leonard_Miller () udlp com>
Date: Fri, 03 Jan 2003 12:42:22 -0600
Hello, I started using Snort a few months ago, so I am failry new to it and have a question. Snort is currently running in daemon mode, Snort -D. I am beginning to implement IP phones here at work, but the phones that were ordered were not the ones that were requested and need to be sent back. But I think the person that ordered them may connect one to the network anyway. I know the first digits of the MAC addresses are 00-60-B9 and they will request DHCP when they connect. My question is this: Can I use snort to look for packets using just the 00-60-B9 of the MAC? Would it be better to stop the daemon and start snort on the command line to look for DHCP broadcasts from 0.0.0.0 addresses? I looked at some documentation and it looks like I could start it like this: snort ip broadcast If I am completely off track, please let me know. Thanks Leonard ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort and DHCP Request Leonard Miller (Jan 03)
- RE: new user Don Weber (Jan 03)