FreeBSD Port: arpwatch-2.1.a14
dandee at hellteam.net
Wed Jul 12 02:31:11 UTC 2006
let me ask you about arpwatch. The port under FreeBSD does not support the
important switch -p, which we can find for example in Debian Linux. This
switch is about "don´t put to promisccuous mode", which is really needed for
example wireless cards, where promisc kills usually the traffic on wi-fi.
I am sorry I do not imagine how much work it is, I simple ask, is it
possible to implement this switch (flag) ?
In the Debian Linux, there are anothers useful flags, but of course -p is
the most important one, here they are:
(Debian) The -s flag is used to specify the path to the sendmail
program. Any program that takes the option -odi and then text from stdin
substituted. This is useful for redirecting reports to log files
instead of mail.
(Debian) The -p flag disables promiscuous operation. ARP broadcasts
get through hubs without having the interface in promiscuous mode, while
ing considerable resources that would be wasted on processing
gigabytes of non-broadcast traffic. OTOH, setting promiscuous mode does
getting 100% traffic that would concern arpwatch . YMMV.
(Debian) -a By default, arpwatch reports bogons (unless -N is given)
for IP addresses that are in the same subnet than the first IP address of
default interface. If this option is specified, arpwatch will report
bogons about every IP addresses.
(Debian) The -m option is used to specify the e-mail address to which
reports will be sent. By default, reports are sent to root on the local
(Debian) The -u flag instructs arpwatch to drop root privileges and
change the UID to username and GID to the primary group of username . This
recommended for security reasons, but username has to have write
access to the default directory.
(Debian) The -R flag instructs arpwatch to restart in seconds seconds
after the interface went down. By default, in such cases arpwatch would
print an error message and exit. This option is ignored if either
the -r or -u flags are used.
(Debian) The -Q flags prevents arpwatch from sending reports by mail.
(Debian) The -z flag is used to set a range of ip addresses to ignore
(such as a DHCP range). Netmask is specified as 255.255.128.0.
Please, I just ask, do not shoot me, thanks :)
More information about the freebsd-ports