Hi I am new to Snort and i simulated arp scan attack. I am trying to detect this attack in Snort. No preprocessors detected this attack so i wanted to write a rule for it. But i find out that snort rule does not support arp protocol.
This scan is sending arp request on all possible addresses from subnet 192.168.92.0/24 and waits for an answer which means that host is up. Is it possible to detect these attack using snort rules?
Here is the example of scan from wireshark.
