[Snort-devel] ARPSpoof plugin and more

Chris Green cmg at ...402...
Fri Apr 5 08:12:59 EST 2002


Fabrice Devaux <fab at ...1233...> writes:

> So the first thing I looked into was off course the ARPspoof
> preprocessor included with snort.
> So basicly what I would like my preproc. to do is :
>
> - Look at all packets and not only arp traffic
> - Report changes in mac - ip couples
> - Report unseen mac / ip addresses
>
> Now what I would like to know is :
>
> - What do you think of it ?
> - Has anyone tried something like this before or is anyone working on
> such a thing ?

Thats what arpwatch does.  It's a stand alone program and it does what
it does very well.  Doing this type of thing in snort wouldn't be bad
as it's been requested a lot but for wishing to do "research" type
activities, its reinventing the wheel.
--
Chris Green <cmg at ...402...>
"Yeah, but you're taking the universe out of context."





More information about the Snort-devel mailing list