RE: [Snort-users] Mac Adresses in Acid Screens
This is a discussion on RE: [Snort-users] Mac Adresses in Acid Screens within the Snort forums, part of the System Security and Security Related category; > -----Original Message----- > From: Demetri Mouratis [mailto:dmourati@cm.math.uiuc.edu]=20 > Sent: Friday, October 10, 2003 ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-10-2003
|
|||
|
|||
RE: [Snort-users] Mac Adresses in Acid Screens
> -----Original Message-----
> From: Demetri Mouratis [mailto:dmourati@cm.math.uiuc.edu]=20 > Sent: Friday, October 10, 2003 3:16 AM > To: Juan M. Rivera > Cc: Snort Users List > Subject: Re: [Snort-users] Mac Adresses in Acid Screens >=20 > On Thu, 9 Oct 2003, Juan M. Rivera wrote: >=20 > > Does anyone know how you can see the Mac Address with the=20 > IP address=20 > > in the Acid screen (acid_stat_ipaddr.php)? > > For some reason I missed Juan's original post, so I'm using Demetri's followup to respond to the original question. Demetri, hope you don't mind. You'd have to modify the snort source code to get the MAC from the packet headers. Then you'd have to modify the ACID source code to display them. And it wouldn't do you much good unless you were in a broadcast network rather than switched. In a switched network all you would get would be the last router's MAC. We (not me - our wireless guy) have actually modified snort here to extract MACs from a snort box that is watching the wireless cloud. We then have a custom php page that displays the MAC along with the IP and other info. (No, we won't make it available. It wouldn't be worth much anyway.) But the wireless cloud will soon be authenticated VLANs and then it won't do us any good there either. We just did it to make it easier to deal with the rpc worm infections in our student residences. Paul Schmehl (pauls@utdallas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/=20 ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
