[Snort-devel] ARPSpoof plugin and more
cmg at ...402...
Fri Apr 5 08:12:59 EST 2002
Fabrice Devaux <fab at ...1233...> writes:
> So the first thing I looked into was off course the ARPspoof
> preprocessor included with snort.
> So basicly what I would like my preproc. to do is :
> - Look at all packets and not only arp traffic
> - Report changes in mac - ip couples
> - Report unseen mac / ip addresses
> Now what I would like to know is :
> - What do you think of it ?
> - Has anyone tried something like this before or is anyone working on
> such a thing ?
Thats what arpwatch does. It's a stand alone program and it does what
it does very well. Doing this type of thing in snort wouldn't be bad
as it's been requested a lot but for wishing to do "research" type
activities, its reinventing the wheel.
Chris Green <cmg at ...402...>
"Yeah, but you're taking the universe out of context."
More information about the Snort-devel