Results 1 to 6 of 6

Thread: Snort log

  1. #1
    Senior Member
    Join Date
    Dec 2002
    Posts
    144

    Snort log

    what is the log no. 2 and no. 3?
    can someone explain

  2. #2
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    2. I assume MAC 00:00:86:54:41:23. Sent out a workgroup name request. Check the MAC addresses of your computers, it was a broadcast on your network...pretty ordinary traffic as far as I can tell from what you have. The NIC is from the Megahertz Corporation.

    3. An IPX Routing request from MAC 00:01:03:9c:0b:ba. Not unusual if you have IPX enabled on your Windows platform...Although you probably don't need it. This system is using a 3COM NIC.

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  3. #3
    Senior Member
    Join Date
    Dec 2002
    Posts
    144
    Originally posted here by nebulus200
    2. I assume MAC 00:00:86:54:41:23. Sent out a workgroup name request. Check the MAC addresses of your computers, it was a broadcast on your network...pretty ordinary traffic as far as I can tell from what you have. The NIC is from the Megahertz Corporation.

    3. An IPX Routing request from MAC 00:01:03:9c:0b:ba. Not unusual if you have IPX enabled on your Windows platform...Although you probably don't need it. This system is using a 3COM NIC.

    /nebulus
    but how can u know the MAC addr by seeing e picture? and how u can see the NIC is a 3COM brand thru the picture?

  4. #4
    u can search about it on www.google.com

  5. #5
    Once you know the mac address of a network card, you can figure out the manufacturer just by looking it up.

    The best list(most updated) is from ieee.org as they maintain the list.

    http://standards.ieee.org/regauth/oui/oui.txt

  6. #6
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Originally posted here by Penguin
    but how can u know the MAC addr by seeing e picture? and how u can see the NIC is a 3COM brand thru the picture?
    See how it lists the column as source?

    See the AAAAAA65AA.xxxxxxxxxxxx ? That xxxxxxxxxxxx is the MAC address. It gave you the MAC probably because it was either an etherframe (or some other non-IP protocol) on the local network. Then you can go to one of numerous websites that will look up the manufacturer of the NIC based on the first 3 octets of the MAC.

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •