Snort mailing list archives

Previous By Date Next
Previous By Thread Next

arpspoof preprocessor

From: Morgan Marquis-Boire <morganm () datacom co nz>
Date: Tue, 20 Aug 2002 10:37:30 +1200
Hey,
Does anyone know how to get more verbose logging from the arpspoof detection? My conf file is as follows: 
preprocessor arpspoof
preprocessor arpspoof_detect_host: <localhost> <MAC address>
preprocessor arpspoof_detect_host: <gateway> <MAC address>

and the alerts I get read as follows.
08/20-10:02:01.671517 [**] [112:3:1] Ethernet destination/ARP target address mismatch [**]
I would like to be able to get the ip address of the host whose MAC has changed in the alert. 

Cheers,
Morgan



-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: