[Bro] Using bro to track MAC addresses instead of IPs
Earl Eiland
earl.eiland at root9b.com
Fri Jul 31 13:56:33 PDT 2015
Our intent is to monitor observed layer 2 traffic.
From: M P [mailto:mpselab at gmail.com]
Sent: Friday, July 31, 2015 3:47 PM
To: Earl Eiland <earl.eiland at root9b.com>
Cc: bro at bro.org
Subject: Re: [Bro] Using bro to track MAC addresses instead of IPs
On Friday, July 31, 2015, Earl Eiland <earl.eiland at root9b.com<mailto:earl.eiland at root9b.com>> wrote:
The connection record includes the IP/port pair. Is there a way to include MAC addresses?
Best Regards,
Earl Eiland,
Sr. Cyber Security Engineer,
Emerging Technologies, root9B,
San Antonio, Texas
Wouldn't MAC addresses be of less value, since Bro would see the MAC address of the last device the packet been through before reaching Bro? Or May be your attempting to achieve something else.
MP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150731/aa409e16/attachment.html
More information about the Bro
mailing list