Layer 2 Info

Luis_Jimenez · November 3, 2016, 7:27pm

Is there any way to glean layer 2 information from bro? Or maybe a reliable means of correlating IPs to hostnames?

We are running into issues where dynamic IP addressing is severely hindering the ability to track behavior identified by analysis of bro logs.

Thanks for the help!

Luis

Jan · November 4, 2016, 1:02am

Hi Luis,

Is there any way to glean layer 2 information from bro? Or maybe a reliable
means of correlating IPs to hostnames?

Best regards,
Jan

Drew_Dixon · November 4, 2016, 4:11pm

This may not help solve the problem you’re having but just FYI Bro 2.5 also logs VLAN ID’s now, from the new functionality section at the link below:

“Bro now tracks VLAN IDs. To record them inside the connection log, load protocols/conn/vlan-logging.bro.”

-Drew

Topic		Replies	Views
Using bro to track MAC addresses instead of IPs Zeek	4	70	May 6, 2022
BRO IDS Zeek	6	110	May 6, 2022
Client identification from bro logs Zeek	1	77	May 6, 2022
Adding MAC Address Information to Connection Object and Logs Zeek	7	119	May 6, 2022
Bro Digest, Vol 109, Issue 14 Zeek	2	88	May 6, 2022