FreeBSD Port: arpwatch-2.1.a14

Thomas Abthorpe thomas at goodking.ca
Wed Jul 12 02:42:17 UTC 2006 

Hi Daniel

Don't worry, I won't shoot the messenger :-)

You raise some very good questions, to which you deserve some really answers! At this time, I don't have them, but you have certainly given me some food for thought on the matter!

Allow me to counter challenge you, pull the source code apart, see what you can reveal. I would be most happy to accept some feedback to expedite the next update.

At the very least, I will investigate, and see what I can turn up.


Thomas
  ----- Original Message ----- 
  From: Daniel Dvořák 
  To: thomas at goodking.ca 
  Cc: ports at FreeBSD.org 
  Sent: Tuesday, July 11, 2006 10:31 PM
  Subject: FreeBSD Port: arpwatch-2.1.a14


  Hi all,

  let me ask you about arpwatch. The port under FreeBSD does not support the important switch -p, which we can find for example in Debian Linux. This switch is about "don´t put to promisccuous mode", which is really needed for example wireless cards, where promisc kills usually the traffic on wi-fi.

  I am sorry I do not imagine how much work it is, I simple ask, is it possible to implement this switch (flag) ?

  In the Debian Linux, there are anothers useful flags, but of course -p is the most important one, here they are:

          
          (Debian) The -s flag is used to specify the path to the sendmail program.  Any program that takes the option -odi and then text from stdin can  be
         substituted. This is useful for redirecting reports to log files instead of mail.

         (Debian) The -p flag disables promiscuous operation.  ARP broadcasts get through hubs without having the interface in promiscuous mode, while sav-
         ing considerable resources that would be wasted on processing gigabytes of non-broadcast traffic.  OTOH, setting promiscuous mode  does  not  mean
         getting 100% traffic that would concern arpwatch .  YMMV.

         (Debian) -a By default, arpwatch reports bogons (unless -N is given) for IP addresses that are in the same subnet than the first IP address of the
         default interface.  If this option is specified, arpwatch will report bogons about every IP addresses.

         (Debian) The -m option is used to specify the e-mail address to which reports will be sent.  By default, reports are sent to  root  on  the  local
         machine.

         (Debian) The -u flag instructs arpwatch to drop root privileges and change the UID to username and GID to the primary group of username .  This is
         recommended for security reasons, but username has to have write access to the default directory.

         (Debian) The -R flag instructs arpwatch to restart in seconds seconds after the interface went down.  By default, in  such  cases  arpwatch  would
         print an error message and exit.  This option is ignored if either the -r or -u flags are used.

         (Debian) The -Q flags prevents arpwatch from sending reports by mail.

         (Debian) The -z flag is used to set a range of ip addresses to ignore (such as a DHCP range). Netmask is specified as 255.255.128.0.


  Please, I just ask, do not shoot me, thanks :)

  Bye
  Daniel

More information about the freebsd-ports mailing list