[Bro] Obtain src/dst mac addrs from connection record

Peter Erickson redlamb19 at gmail.com
Tue Jan 31 14:47:00 PST 2012


Is there a way to obtain the source and/or destination mac address from
a connection record? I've been looking through the scripts and BIFs, but
am not seeing anything. I'm wondering it I missed something. The way
it's looking right now, I'll have to use an ARP script (which I posted
to the list in November) or use the get_current_packet() to extract the
appropriate offsets.

-- 
Peter Erickson
redlamb19 at gmail.com


More information about the Bro mailing list