Snort mailing list archives
ARPspoof Question
From: Michael Esposito <michael.esposito () juno com>
Date: Tue, 23 Sep 2003 12:45:09 -0400
I'm trying to get the arpspoof preprocessor to work properly. I've been using Snort 1.83 on W2K. I have the following in my snort.conf: preprocessor arpspoof: -unicast preprocessor arpspoof_detect_host: 192.168.0.1 00:00:d4:7d:3a:58 unicast ARP request alerts show up in ACID but they do not appear in the ARP file under c:\snort\logs Partial output from my ARP file: 09/21-23:56:06.589086 ARP reply 0.0.0.0 is-at 0:B B:99:F:95 09/21-23:56:07.545926 ARP who-has 0.0.0.0 tell 0.0.0.0 09/21-23:56:08.598975 ARP reply 0.0.0.0 is-at 0:B B:99:F:95 It was working for a while, but now I can't get it to log to this file anymore. Any suggestions? Thanks, michael ________________________________________________________________ The best thing to hit the internet in years - Juno SpeedBand! Surf the web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ARPspoof Question Michael Esposito (Sep 24)
- <Possible follow-ups>
- ARPspoof Question Michael Esposito (Sep 24)