[Snort-users] arpspoof preprocessor
morganm at ...6655...
Mon Aug 19 15:45:04 EDT 2002
Does anyone know how to get more verbose logging from the arpspoof
detection? My conf file is as follows:
preprocessor arpspoof_detect_host: <localhost> <MAC address>
preprocessor arpspoof_detect_host: <gateway> <MAC address>
and the alerts I get read as follows.
08/20-10:02:01.671517 [**] [112:3:1] Ethernet destination/ARP target
address mismatch [**]
I would like to be able to get the ip address of the host whose MAC has
changed in the alert.
More information about the Snort-users