[Bro] Using bro to track MAC addresses instead of IPs
M P
mpselab at gmail.com
Fri Jul 31 13:47:22 PDT 2015
On Friday, July 31, 2015, Earl Eiland <earl.eiland at root9b.com> wrote:
> The connection record includes the IP/port pair. Is there a way to
> include MAC addresses?
>
>
>
> Best Regards,
>
>
>
> Earl Eiland,
>
> Sr. Cyber Security Engineer,
>
> Emerging Technologies, root9B,
>
> San Antonio, Texas
>
>
Wouldn't MAC addresses be of less value, since Bro would see the MAC
address of the last device the packet been through before reaching Bro?
Or May be your attempting to achieve something else.
MP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150731/b28fabb0/attachment.html
More information about the Bro
mailing list