Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
howtos:software:arpwatch [2018/04/11 03:01 (UTC)]
mralk3 [Sources]
howtos:software:arpwatch [2018/11/15 00:34 (UTC)]
mralk3 [Update MAC Address Database] fix url to mac database
Line 1: Line 1:
 <!-- Add your text below. We strongly advise to start with a Headline (see button bar above). --> <!-- Add your text below. We strongly advise to start with a Headline (see button bar above). -->
-====== Arpwatch ======+====== ​Network Monitoring with Arpwatch ======
  
 Arpwatch allows a system to track [[https://​en.wikipedia.org/​wiki/​IP_address|IP]] address pairings. ​ It maps the [[https://​en.wikipedia.org/​wiki/​MAC_address|MAC Addresses]] on a network by tracking [[https://​en.wikipedia.org/​wiki/​Address_Resolution_Protocol|ARP]] requests to each device on the [[https://​en.wikipedia.org/​wiki/​LAN|LAN]] and recording the response in a database. ​ All network cards are manufactured with a unique MAC address and this allows Arpwatch to identify each device. ​ The main purpose of mapping a network like this is so the system administrator can keep track of the devices on a network and identify when there are networking issues. ​ Arpwatch is commonly used to identify when an [[https://​en.wikipedia.org/​wiki/​ARP_spoofing|ARP Man in the Middle attack]] is being conducted by notifying the system administrator when a duplicate MAC address is being used on the network. ​ Arpwatch is most commonly ran on routers, but it can also useful on a managed network switch. Arpwatch allows a system to track [[https://​en.wikipedia.org/​wiki/​IP_address|IP]] address pairings. ​ It maps the [[https://​en.wikipedia.org/​wiki/​MAC_address|MAC Addresses]] on a network by tracking [[https://​en.wikipedia.org/​wiki/​Address_Resolution_Protocol|ARP]] requests to each device on the [[https://​en.wikipedia.org/​wiki/​LAN|LAN]] and recording the response in a database. ​ All network cards are manufactured with a unique MAC address and this allows Arpwatch to identify each device. ​ The main purpose of mapping a network like this is so the system administrator can keep track of the devices on a network and identify when there are networking issues. ​ Arpwatch is commonly used to identify when an [[https://​en.wikipedia.org/​wiki/​ARP_spoofing|ARP Man in the Middle attack]] is being conducted by notifying the system administrator when a duplicate MAC address is being used on the network. ​ Arpwatch is most commonly ran on routers, but it can also useful on a managed network switch.
Line 31: Line 31:
 su - su -
 cd /​var/​lib/​arpwatch cd /​var/​lib/​arpwatch
-wget http://​standards.ieee.org/​regauth/​oui/oui.txt+wget http://​standards-oui.ieee.org/​oui.txt
 ./​massagevendor oui.txt > ethercodes.dat ./​massagevendor oui.txt > ethercodes.dat
 rm -f oui.txt rm -f oui.txt

In Other Languages
QR Code
QR Code howtos:software:arpwatch (generated for current page)