00:0f:ea:d2:44:a4 192.168.1.1 - server MAC-IP pair 00:d0:b7:b5:ca:6b 192.168.1.10 - client MAC-IP pair 00:40:f4:53:e3:7d 192.168.1.66 - pirate MAC-IP pair de:ad:6b:a8:de:5b - ipguard fake MAC #### Log description ################################ Normal ARP who-has client -> server Ethernet 00:d0:b7:b5:ca:6b -> ff:ff:ff:ff:ff:ff ARP sender 00:d0:b7:b5:ca:6b - 192.168.1.10 ARP target 0:0:0:0:0:0 - 192.168.1.1 Log record: xxxx: 00:d0:b7:b5:ca:6b 192.168.1.10 192.168.1.1 ^^^^^ ^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^ |1 |2 |3 |4 1 - Label 2 - ARP sender MAC 3 - ARP sender IP 4 - ARP target IP Labels: bnew: New pair (none of MAC or IP listed in `ethers') Ethernet 00:40:f4:53:e3:7d -> ff:ff:ff:ff:ff:ff ARP sender 00:40:f4:53:e3:7d - 192.168.1.66 ARP target 0:0:0:0:0:0 - 192.168.1.1 bsip: Bad sender IP (not listed in `ethers') Ethernet 00:d0:b7:b5:ca:6b -> ff:ff:ff:ff:ff:ff ARP sender 00:d0:b7:b5:ca:6b - 192.168.1.66 ARP target 0:0:0:0:0:0 - 192.168.1.1 bmac: Bad sender MAC (not listed in `ethers') Ethernet 00:40:f4:53:e3:7d -> ff:ff:ff:ff:ff:ff ARP sender 00:40:f4:53:e3:7d - 192.168.1.10 ARP target 0:0:0:0:0:0 - 192.168.1.1 btip: Bad target IP (not listed in `ethers') Ethernet 00:d0:b7:b5:ca:6b -> ff:ff:ff:ff:ff:ff ARP sender 00:d0:b7:b5:ca:6b - 192.168.1.10 ARP target 0:0:0:0:0:0 - 192.168.1.66 xxxx: Finally bad ARP request. Some of previous rules matched #### Current MAC-IP table ################################ dump of current pairs table dump: MAC IP #### Bad MAC-IP buffer ################################ dump of current bad pairs buffer dump: number MAC IP count timestamp #### ARP statistics ################################ Total ARP who-has packets 0 total received ARP packets Good MAC-IP pairs 0 good packets Gratuitous MAC-IP/weird 0/0 gratuitous packets / weird gratuitous (Windows/MacOS) Zero MAC/IP 0/0 packets matched zero wildcard (00:00:00:00:00:00/0.0.0.0) New MAC-IP pairs 0 count of new MAC-IP pairs Bad MAC-IP pairs 0 all of bad ARP requests Bad MAC/IP 0/0 count of bad MACs/IPs Bad gratuitous MAC-IP 0 count of bad gratuitous packets My/Fake/PreFake MAC 0/0/0 count of packets sended by self And counts of some strange packets: Mismatch sender Ether/ARP MAC 0 Non-zero target ARP MAC 0 Non-bcast target Ether MAC 0 #### PCAP statistics ################################ Received/Dropped packets 0/0 packets that matched/not matched PCAP filter ## $Id: README.log,v 1.1.1.1 2012/02/21 21:59:41 misho Exp $