[Snort-users] mystery arp message
jeff at ...950...
Sun Oct 6 19:58:01 EDT 2002
-----BEGIN PGP SIGNED MESSAGE-----
all this knocking of spp_arpspoof.
So I'm happy to FIX it or even update it to do new things if people would
like it to things within the context of snort (I've thought about plugging
it into spp_conversation for just that purpose).
For the purposes of logging, snort uses fixed messages for everything so
the actual log output will never show the addresses in question. (This is
true for all similar messages at this point).
With regard to 1.9 the necessary change of passing the offending packet to
the alert functions. So, just like all other alerts in snort, you'll now
have the packet that set off the alert to get all the little goodies out of.
- --On Sunday, October 06, 2002 21:32:21 -0500 Chris Reining
<creining at ...6890...> wrote:
> There has been no significant changes in spp_arpspoof from 1.8.7 to 1.9.
> It is *usable* but probably is not going to generate the data you are
> looking for. I would recommend using arpwatch standalone.
> go badgers
> On Thu, 03 Oct 2002 19:02:58 -0500
> robin <mstubbs at ...842...> wrote:
>> I got several messages from snort like this:
>> [112:3:1] Ethernet destination/ARP target address mismatch [**]
>> The problem being that I would like to know something about the
>> packet such as what address it
>> came from. Is there a version of snort where this issue has been
>> fixed? I think I'm using 1.87
>> Otherwise can someone recommend another program that could detect the
>> same kind of issue?
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
http://www.snort.org/~jeff (pgp key available)
"Great spirits have always encountered violent opposition from mediocre
- - Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (OpenBSD)
-----END PGP SIGNATURE-----
More information about the Snort-users