[Bro] Adding MAC Address Information to Connection Object and Logs
Robin Sommer
robin at icir.org
Thu May 26 20:44:21 PDT 2016
On Thu, May 26, 2016 at 14:54 +0000, William Baker wrote:
> Does anyone have advice for getting MAC address from a PCAP file that
> was used to generate different logs in BRO?
Right now the packet-level functions/events Jan mentioned are the only
option. But we've been kicking around the idea for a while to provide
access to MAC addresses similar to how Bro now makes the VLAN
information accessible as well. It shouldn't be too difficult
actually. If you anybody feels adventurous and wants to give it a try,
I can send some pointers. Otherwise I'm hoping to take a look at that
sometime soonish, but no guarantees. :-)
Robin
--
Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
More information about the Bro
mailing list