Home page logo

snort logo Snort mailing list archives

Improving Arpspoof Preprocessor
From: "Mohamed Makthum" <makthum () gmail com>
Date: Mon, 13 May 2013 11:19:39 -0700

Hello Everybody,

                                 At the moment arpspoof preprocessor is in
experimental condition. I want to include some extra features in it and
extend the preprocessor. I am looking for documents or books which can help
me to write or extend snort preprocessor. Currently arpspoof detects
discrepancies based on static list and mac address mismatch. I want to
improve it using ICMP protocol. 

                                    Till now I was able to setup snort with
barnyard2  and snort is triggering alerts and logging events to db. In next
step I would like to get started with the coding. Kindly direct me to links
or books which can help me in extending the preprocessor.  I would be
thankful to everyone .




Mohamed Makthum Mohamed Ikbal 

Graduate student 


AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
  • Improving Arpspoof Preprocessor Mohamed Makthum (May 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]