pom-ng:analyzer:arp
Table of Contents
Analyzer arp
This analyzer listens to ARP packets and generates events out of them. Its main goal is to monitor ARP activity and provide useful information if the pair IP/MAC changes.
Events
| Name | Payload associated | Description |
|---|---|---|
| arp_new_sta | no | New station found. |
| arp_sta_changed | no | Station MAC address changed. |
arp_new_sta
This event is generated when a new station is found.
| Field | Type | Description |
|---|---|---|
| mac_addr | mac | MAC address of the station. |
| ip_addr | ipv4 | IPv4 address of the station. |
| vlan | uint16 | VLAN id where the station was observed. 0 means the native VLAN. |
| input | string | Input name from which the event was observed. |
arp_sta_changed
This event is generated the MAC address of a station changed.
| Field | Type | Description |
|---|---|---|
| old_mac_addr | mac | Old known MAC address of this station. |
| new_mac_addr | mac | New MAC address observed for this station. |
| ip_addr | ipv4 | IPv4 address of the station. |
| vlan | uint16 | VLAN id where the station resides. 0 means the native VLAN. |
| input | string | Input name from which the event was observed. |
pom-ng/analyzer/arp.txt · Last modified: 2020/05/26 21:59 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
