1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
diff -Naru arpwatch-2.1a15.orig/arpwatch.8 arpwatch-2.1a15/arpwatch.8
--- arpwatch-2.1a15.orig/arpwatch.8 2006-09-22 19:33:49.000000000 +0400
+++ arpwatch-2.1a15/arpwatch.8 2006-09-22 19:34:52.000000000 +0400
@@ -59,6 +59,11 @@
.B -s
.I sendmail_path
]
+.br
+.ti +8
+[
+.B -p
+]
.ad
.SH DESCRIPTION
.B Arpwatch
@@ -116,6 +121,15 @@
useful for redirecting reports to log files instead of mail. (This feature
comes from Debian).
.LP
+The
+.B -p
+flag disables promiscuous operation. ARP broadcasts get through hubs without
+having the interface in promiscuous mode, while saving considerable resources
+that would be wasted on processing gigabytes of non-broadcast traffic. OTOH,
+setting promiscuous mode does not mean getting 100% traffic that would concern
+.B arpwatch.
+YMMV. (This feature comes from Debian).
+.LP
Note that an empty
.I arp.dat
file must be created before the first time you run
diff -Naru arpwatch-2.1a15.orig/arpwatch.c arpwatch-2.1a15/arpwatch.c
--- arpwatch-2.1a15.orig/arpwatch.c 2006-09-22 19:33:49.000000000 +0400
+++ arpwatch-2.1a15/arpwatch.c 2006-09-22 19:34:07.000000000 +0400
@@ -162,6 +162,7 @@
"N"
"r:"
"s:"
+ "p"
;
if (argv[0] == NULL)
@@ -216,6 +217,10 @@
path_sendmail = optarg;
break;
+ case 'p':
+ ++nopromisc;
+ break;
+
default:
usage();
}
@@ -283,7 +288,7 @@
snaplen = max(sizeof(struct ether_header),
sizeof(struct fddi_header)) + sizeof(struct ether_arp);
timeout = 1000;
- pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
+ pd = pcap_open_live(interface, snaplen, !nopromisc, timeout, errbuf);
if (pd == NULL) {
syslog(LOG_ERR, "pcap open %s: %s", interface, errbuf);
exit(1);
@@ -769,6 +774,7 @@
"[-n net[/width]] "
"[-r file] "
"[-s sendmail_path] "
+ "[-p] "
"\n"
;
diff -Naru arpwatch-2.1a15.orig/util.c arpwatch-2.1a15/util.c
--- arpwatch-2.1a15.orig/util.c 2004-01-23 01:25:39.000000000 +0300
+++ arpwatch-2.1a15/util.c 2006-09-22 19:35:15.000000000 +0400
@@ -61,6 +61,7 @@
int debug = 0;
int initializing = 1; /* true if initializing */
+int nopromisc = 0; /* don't activate promisc mode by default */
/* syslog() helper routine */
void
diff -Naru arpwatch-2.1a15.orig/util.h arpwatch-2.1a15/util.h
--- arpwatch-2.1a15.orig/util.h 1996-10-06 14:22:14.000000000 +0400
+++ arpwatch-2.1a15/util.h 2006-09-22 19:34:07.000000000 +0400
@@ -17,3 +17,4 @@
extern int debug;
extern int initializing;
+extern int nopromisc;
|
