[Snort-users] ARPspoof Question
michael.esposito at ...5338...
Wed Sep 24 05:58:08 EDT 2003
I'm trying to get the arpspoof preprocessor to work properly.
I've been using Snort 1.83 on W2K.
I have the following in my snort.conf:
preprocessor arpspoof: -unicast
preprocessor arpspoof_detect_host: 192.168.0.1 00:00:d4:7d:3a:58
unicast ARP request alerts show up in ACID but they do not appear in the
ARP file under c:\snort\logs
Partial output from my ARP file:
09/21-23:56:06.589086 ARP reply 0.0.0.0 is-at 0:B B:99:F:95
09/21-23:56:07.545926 ARP who-has 0.0.0.0 tell 0.0.0.0
09/21-23:56:08.598975 ARP reply 0.0.0.0 is-at 0:B B:99:F:95
It was working for a while, but now I can't get it to log to this file
The best thing to hit the internet in years - Juno SpeedBand!
Surf the web up to FIVE TIMES FASTER!
Only $14.95/ month - visit www.juno.com to sign up today!
More information about the Snort-users