[Snort-users] Snort capturing ARP packets
sgt_b at ...11733...
Fri May 28 11:52:05 EDT 2004
Under what circumstances would Snort capture (or alert on) ARP packets?
Is the arpspoof preprocessor the only thing that would trigger an alert
based on an ARP packet?
"To make use of this preprocessor you must specify the IP and hardware
address of hosts on the same layer 2 segment as you."
Does this mean that in order for arpsoof to work, one has to statically
map all IP-MAC pairs? Seems like a lot of work for little return. ;)
More information about the Snort-users