-
January 29th, 2004, 04:36 PM
#1
Senior Member
Snort log
what is the log no. 2 and no. 3?
can someone explain
-
January 29th, 2004, 04:44 PM
#2
2. I assume MAC 00:00:86:54:41:23. Sent out a workgroup name request. Check the MAC addresses of your computers, it was a broadcast on your network...pretty ordinary traffic as far as I can tell from what you have. The NIC is from the Megahertz Corporation.
3. An IPX Routing request from MAC 00:01:03:9c:0b:ba. Not unusual if you have IPX enabled on your Windows platform...Although you probably don't need it. This system is using a 3COM NIC.
/nebulus
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
January 30th, 2004, 04:22 PM
#3
Senior Member
Originally posted here by nebulus200
2. I assume MAC 00:00:86:54:41:23. Sent out a workgroup name request. Check the MAC addresses of your computers, it was a broadcast on your network...pretty ordinary traffic as far as I can tell from what you have. The NIC is from the Megahertz Corporation.
3. An IPX Routing request from MAC 00:01:03:9c:0b:ba. Not unusual if you have IPX enabled on your Windows platform...Although you probably don't need it. This system is using a 3COM NIC.
/nebulus
but how can u know the MAC addr by seeing e picture? and how u can see the NIC is a 3COM brand thru the picture?
-
January 30th, 2004, 05:16 PM
#4
Member
u can search about it on www.google.com
-
January 30th, 2004, 06:40 PM
#5
Member
Once you know the mac address of a network card, you can figure out the manufacturer just by looking it up.
The best list(most updated) is from ieee.org as they maintain the list.
http://standards.ieee.org/regauth/oui/oui.txt
-
January 30th, 2004, 08:01 PM
#6
Originally posted here by Penguin
but how can u know the MAC addr by seeing e picture? and how u can see the NIC is a 3COM brand thru the picture?
See how it lists the column as source?
See the AAAAAA65AA.xxxxxxxxxxxx ? That xxxxxxxxxxxx is the MAC address. It gave you the MAC probably because it was either an etherframe (or some other non-IP protocol) on the local network. Then you can go to one of numerous websites that will look up the manufacturer of the NIC based on the first 3 octets of the MAC.
/nebulus
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|