Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort capturing ARP packets

From: sgt_b <sgt_b () security-forums com>
Date: Fri, 28 May 2004 13:47:55 -0500
Hey everyone,
Under what circumstances would Snort capture (or alert on) ARP packets? Is the arpspoof preprocessor the only thing that would trigger an alert based on an ARP packet? 
From snort.conf:
"To make use of this preprocessor you must specify the IP and hardware address of hosts on the same layer 2 segment as you." Does this mean that in order for arpsoof to work, one has to statically map all IP-MAC pairs? Seems like a lot of work for little return. ;) 

Thanks!


-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: