Snort mailing list archives
arpspoof preprocessor for offline PCAPs
From: Michael Psaila <mp971 () york ac uk>
Date: Fri, 25 Jul 2014 18:33:42 +0100
Hi all, Can the arpspoof preprocessor be used while running a PCAP file through Snort? Or does this preprocessor only work when sniffing traffic in real-time? I've gone through the SNORT Users Manual and did quite a bit of googling, but couldn't find an answer to my question. If anyone could point me to a reference where this is documented, it would be greatly appreciated. I'm asking because I have enabled the arpspoof preprocessor in the snort.conf file, and have set two IP/MAC pairs for it to monitor. I then run a PCAP through Snort, but did not obtain anything from this plug-in. Many thanks for taking the time to read this post. Regards, Michael
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- arpspoof preprocessor for offline PCAPs Michael Psaila (Jul 25)