Snort mailing list archives
arpspoof preprocessor
From: Morgan Marquis-Boire <morganm () datacom co nz>
Date: Tue, 20 Aug 2002 10:37:30 +1200
Hey,Does anyone know how to get more verbose logging from the arpspoof detection? My conf file is as follows:
preprocessor arpspoof preprocessor arpspoof_detect_host: <localhost> <MAC address> preprocessor arpspoof_detect_host: <gateway> <MAC address> and the alerts I get read as follows.08/20-10:02:01.671517 [**] [112:3:1] Ethernet destination/ARP target address mismatch [**]
I would like to be able to get the ip address of the host whose MAC has changed in the alert.
Cheers, Morgan ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- arpspoof preprocessor Morgan Marquis-Boire (Aug 19)
- Re: arpspoof preprocessor Matt Kettler (Aug 19)
- Re: arpspoof preprocessor Morgan Marquis-Boire (Aug 19)
- Re: arpspoof preprocessor Andreas Östling (Aug 19)
- Re: arpspoof preprocessor Matt Kettler (Aug 19)