FreeBSD Port: arpwatch-2.1.a14
thomas at goodking.ca
Wed Jul 12 02:42:17 UTC 2006
Don't worry, I won't shoot the messenger :-)
You raise some very good questions, to which you deserve some really answers! At this time, I don't have them, but you have certainly given me some food for thought on the matter!
Allow me to counter challenge you, pull the source code apart, see what you can reveal. I would be most happy to accept some feedback to expedite the next update.
At the very least, I will investigate, and see what I can turn up.
----- Original Message -----
From: Daniel Dvořák
To: thomas at goodking.ca
Cc: ports at FreeBSD.org
Sent: Tuesday, July 11, 2006 10:31 PM
Subject: FreeBSD Port: arpwatch-2.1.a14
let me ask you about arpwatch. The port under FreeBSD does not support the important switch -p, which we can find for example in Debian Linux. This switch is about "don´t put to promisccuous mode", which is really needed for example wireless cards, where promisc kills usually the traffic on wi-fi.
I am sorry I do not imagine how much work it is, I simple ask, is it possible to implement this switch (flag) ?
In the Debian Linux, there are anothers useful flags, but of course -p is the most important one, here they are:
(Debian) The -s flag is used to specify the path to the sendmail program. Any program that takes the option -odi and then text from stdin can be
substituted. This is useful for redirecting reports to log files instead of mail.
(Debian) The -p flag disables promiscuous operation. ARP broadcasts get through hubs without having the interface in promiscuous mode, while sav-
ing considerable resources that would be wasted on processing gigabytes of non-broadcast traffic. OTOH, setting promiscuous mode does not mean
getting 100% traffic that would concern arpwatch . YMMV.
(Debian) -a By default, arpwatch reports bogons (unless -N is given) for IP addresses that are in the same subnet than the first IP address of the
default interface. If this option is specified, arpwatch will report bogons about every IP addresses.
(Debian) The -m option is used to specify the e-mail address to which reports will be sent. By default, reports are sent to root on the local
(Debian) The -u flag instructs arpwatch to drop root privileges and change the UID to username and GID to the primary group of username . This is
recommended for security reasons, but username has to have write access to the default directory.
(Debian) The -R flag instructs arpwatch to restart in seconds seconds after the interface went down. By default, in such cases arpwatch would
print an error message and exit. This option is ignored if either the -r or -u flags are used.
(Debian) The -Q flags prevents arpwatch from sending reports by mail.
(Debian) The -z flag is used to set a range of ip addresses to ignore (such as a DHCP range). Netmask is specified as 255.255.128.0.
Please, I just ask, do not shoot me, thanks :)
More information about the freebsd-ports