docbrown
06.10.06, 11:35
Hi,
es gibt eine neue Version von arpalert:
This software is used for monitoring ethernet networks.
It listens on a network interface (without using 'promiscuous' mode) and catches all conversations of MAC address to IP request.
It then compares the mac addresses it detected with a pre-configured list of authorized MAC addresses. If the MAC is not in list, arpalert launches a pre-defined user script with the MAC address and IP address as parameters.
This software can run in deamon mode; it's very fast (low CPU and memory consumption).
It responds at signal SIGHUP (configuration reload) and at signals SIGTERM, SIGINT, SIGQUIT and SIGABRT (arpalert stops itself)
version 1.1.0: (05/10/2006)
new function: permit to lesson only ARP traffic (alert new_mac disabled)
new function: permit to call a .so extension
normalize code with use "struct in_addr" for the ip address
normalize code with use "struct ether_header" for the mac address
normalize code with use "struct arphdr" for decoding ethernet header
changing hash algoritm for homogeneously reparttion of mac adresses
normalize macro case
change test for testing bitfield
flood alert: remove parameter
mac change alert: add parameter
add api for mod alerts
clean code
es gibt eine neue Version von arpalert:
This software is used for monitoring ethernet networks.
It listens on a network interface (without using 'promiscuous' mode) and catches all conversations of MAC address to IP request.
It then compares the mac addresses it detected with a pre-configured list of authorized MAC addresses. If the MAC is not in list, arpalert launches a pre-defined user script with the MAC address and IP address as parameters.
This software can run in deamon mode; it's very fast (low CPU and memory consumption).
It responds at signal SIGHUP (configuration reload) and at signals SIGTERM, SIGINT, SIGQUIT and SIGABRT (arpalert stops itself)
version 1.1.0: (05/10/2006)
new function: permit to lesson only ARP traffic (alert new_mac disabled)
new function: permit to call a .so extension
normalize code with use "struct in_addr" for the ip address
normalize code with use "struct ether_header" for the mac address
normalize code with use "struct arphdr" for decoding ethernet header
changing hash algoritm for homogeneously reparttion of mac adresses
normalize macro case
change test for testing bitfield
flood alert: remove parameter
mac change alert: add parameter
add api for mod alerts
clean code