pom-ng:analyzer:arp
This is an old revision of the document!
Table of Contents
Analyzer arp
This analyzer listen to ARP packets and generates events out of them.
Events
| Name | Payload associated | Description |
|---|---|---|
| arp_new_sta | no | New station found. |
| arp_sta_changed | no | Station MAC address changed. |
arp_new_sta
This event is generated when a new station is found.
| Field | Type | Description |
|---|---|---|
| mac_addr | mac | MAC address of the station. |
| ip_addr | ipv4 | IPv4 address of the station. |
| input | string | Input name from which the event was observed. |
arp_sta_changed
This event is generated the MAC address of a station changed.
| Field | Type | Description |
|---|---|---|
| old_mac_addr | mac | Old known MAC address of this station. |
| new_mac_addr | mac | New MAC address observed for this station. |
| ip_addr | ipv4 | IPv4 address of the station. |
| input | string | Input name from which the event was observed. |
pom-ng/analyzer/arp.1350049019.txt.gz · Last modified: 2020/05/26 21:59 (external edit)