Snort mailing list archives
RE: Mac Adresses in Acid Screens
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Fri, 10 Oct 2003 10:26:08 -0500
-----Original Message----- From: Demetri Mouratis [mailto:dmourati () cm math uiuc edu] Sent: Friday, October 10, 2003 3:16 AM To: Juan M. Rivera Cc: Snort Users List Subject: Re: [Snort-users] Mac Adresses in Acid Screens On Thu, 9 Oct 2003, Juan M. Rivera wrote:Does anyone know how you can see the Mac Address with theIP addressin the Acid screen (acid_stat_ipaddr.php)?
For some reason I missed Juan's original post, so I'm using Demetri's followup to respond to the original question. Demetri, hope you don't mind. You'd have to modify the snort source code to get the MAC from the packet headers. Then you'd have to modify the ACID source code to display them. And it wouldn't do you much good unless you were in a broadcast network rather than switched. In a switched network all you would get would be the last router's MAC. We (not me - our wireless guy) have actually modified snort here to extract MACs from a snort box that is watching the wireless cloud. We then have a custom php page that displays the MAC along with the IP and other info. (No, we won't make it available. It wouldn't be worth much anyway.) But the wireless cloud will soon be authenticated VLANs and then it won't do us any good there either. We just did it to make it easier to deal with the rpc worm infections in our student residences. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Mac Adresses in Acid Screens Juan M. Rivera (Oct 09)
- Re: Mac Adresses in Acid Screens Demetri Mouratis (Oct 10)
- Re: Mac Adresses in Acid Screens Milo Velimirovic (Oct 10)
- Re: Mac Adresses in Acid Screens Jeff Nathan (Oct 10)
- <Possible follow-ups>
- RE: Mac Adresses in Acid Screens Schmehl, Paul L (Oct 10)
- RE: Mac Adresses in Acid Screens Demetri Mouratis (Oct 10)
- Re: Mac Adresses in Acid Screens Stephen W. Thompson (Oct 10)
- RE: Mac Adresses in Acid Screens Demetri Mouratis (Oct 10)
- RE: Mac Adresses in Acid Screens Schmehl, Paul L (Oct 10)
- Re: Mac Adresses in Acid Screens Demetri Mouratis (Oct 10)