Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 11 Jul 2006 22:41:36 -0400
From:      "Thomas Abthorpe" <>
To:        <>
Subject:   Re: FreeBSD Port: arpwatch-2.1.a14
Message-ID:  <001301c6a55c$b56e5940$320110ac@thomaspc>
References:  <000001c6a55b$3a4d0190$6508280a@tocnet28.jspoj.czf>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hi Daniel

Don't worry, I won't shoot the messenger :-)

You raise some very good questions, to which you deserve some really =
answers! At this time, I don't have them, but you have certainly given =
me some food for thought on the matter!

Allow me to counter challenge you, pull the source code apart, see what =
you can reveal. I would be most happy to accept some feedback to =
expedite the next update.

At the very least, I will investigate, and see what I can turn up.

  ----- Original Message -----=20
  From: Daniel Dvo=F8=E1k=20
  Sent: Tuesday, July 11, 2006 10:31 PM
  Subject: FreeBSD Port: arpwatch-2.1.a14

  Hi all,

  let me ask you about arpwatch. The port under FreeBSD does not support =
the important switch -p, which we can find for example in Debian Linux. =
This switch is about "don=B4t put to promisccuous mode", which is really =
needed for example wireless cards, where promisc kills usually the =
traffic on wi-fi.

  I am sorry I do not imagine how much work it is, I simple ask, is it =
possible to implement this switch (flag) ?

  In the Debian Linux, there are anothers useful flags, but of course -p =
is the most important one, here they are:

          (Debian) The -s flag is used to specify the path to the =
sendmail program.  Any program that takes the option -odi and then text =
from stdin can  be
         substituted. This is useful for redirecting reports to log =
files instead of mail.

         (Debian) The -p flag disables promiscuous operation.  ARP =
broadcasts get through hubs without having the interface in promiscuous =
mode, while sav-
         ing considerable resources that would be wasted on processing =
gigabytes of non-broadcast traffic.  OTOH, setting promiscuous mode  =
does  not  mean
         getting 100% traffic that would concern arpwatch .  YMMV.

         (Debian) -a By default, arpwatch reports bogons (unless -N is =
given) for IP addresses that are in the same subnet than the first IP =
address of the
         default interface.  If this option is specified, arpwatch will =
report bogons about every IP addresses.

         (Debian) The -m option is used to specify the e-mail address to =
which reports will be sent.  By default, reports are sent to  root  on  =
the  local

         (Debian) The -u flag instructs arpwatch to drop root privileges =
and change the UID to username and GID to the primary group of username =
.  This is
         recommended for security reasons, but username has to have =
write access to the default directory.

         (Debian) The -R flag instructs arpwatch to restart in seconds =
seconds after the interface went down.  By default, in  such  cases  =
arpwatch  would
         print an error message and exit.  This option is ignored if =
either the -r or -u flags are used.

         (Debian) The -Q flags prevents arpwatch from sending reports by =

         (Debian) The -z flag is used to set a range of ip addresses to =
ignore (such as a DHCP range). Netmask is specified as

  Please, I just ask, do not shoot me, thanks :)


Want to link to this message? Use this URL: <$b56e5940$320110ac>