arpwatch

NOTE: this add-on to be distributed in Core Update 197.

Monitoring tool for ARP traffic on a network

Arpwatch monitors network traffic activity, including IP/MAC address changes. It maintains a database of address pairings. Arpwatch logs IP/MAC address pairings with timestamps, allowing you to track network activity. Arpwatch can be configured to send email reports to network administrators when IP/MAC address pairings are added or changed.

Installation

arpwatch is installed with the Pakfire web interface or via the console:

pakfire install arpwatch

Configuration

The configuration file is located at /etc/sysconfig/arpwatch. Example of items in config file:

# Interface to monitor
DEVICE=green0

# Email address to send alerts to
#EMAIL_ADDRESS=root

# File to store ARP database
#ARP_FILE=/var/lib/arpwatch/arp.dat

# Run as daemon
#RUN_DAEMON=yes

Usage

There is no web interface for this add-on. To run this add-on open the client console or terminal.

Example output:

Aug 08 14:32:01 myhost arpwatch[12345]: new station 192.168.1.100 0:11:22:33:44:55
Aug 08 14:33:15 myhost arpwatch[12345]: changed ethernet address 192.168.1.101 0:66:77:88:99:aa -> 0:aa:bb:cc:dd:ee

https://linux.die.net/man/8/arpwatch

Edit Page ‐ Yes, you can edit!
Last changed by Jon, August 12 View Older Revisions