Both sides previous revisionPrevious revisionNext revision | Previous revision |
howtos:software:arpwatch [2018/04/11 03:01 (UTC)] – [Sources] mralk3 | howtos:software:arpwatch [2021/03/28 12:51 (UTC)] (current) – [Sources] mralk3 |
---|
<!-- Add your text below. We strongly advise to start with a Headline (see button bar above). --> | <!-- Add your text below. We strongly advise to start with a Headline (see button bar above). --> |
====== Arpwatch ====== | ====== Network Monitoring with Arpwatch ====== |
| |
Arpwatch allows a system to track [[https://en.wikipedia.org/wiki/IP_address|IP]] address pairings. It maps the [[https://en.wikipedia.org/wiki/MAC_address|MAC Addresses]] on a network by tracking [[https://en.wikipedia.org/wiki/Address_Resolution_Protocol|ARP]] requests to each device on the [[https://en.wikipedia.org/wiki/LAN|LAN]] and recording the response in a database. All network cards are manufactured with a unique MAC address and this allows Arpwatch to identify each device. The main purpose of mapping a network like this is so the system administrator can keep track of the devices on a network and identify when there are networking issues. Arpwatch is commonly used to identify when an [[https://en.wikipedia.org/wiki/ARP_spoofing|ARP Man in the Middle attack]] is being conducted by notifying the system administrator when a duplicate MAC address is being used on the network. Arpwatch is most commonly ran on routers, but it can also useful on a managed network switch. | Arpwatch allows a system to track [[https://en.wikipedia.org/wiki/IP_address|IP]] address pairings. It maps the [[https://en.wikipedia.org/wiki/MAC_address|MAC Addresses]] on a network by tracking [[https://en.wikipedia.org/wiki/Address_Resolution_Protocol|ARP]] requests to each device on the [[https://en.wikipedia.org/wiki/LAN|LAN]] and recording the response in a database. All network cards are manufactured with a unique MAC address and this allows Arpwatch to identify each device. The main purpose of mapping a network like this is so the system administrator can keep track of the devices on a network and identify when there are networking issues. Arpwatch is commonly used to identify when an [[https://en.wikipedia.org/wiki/ARP_spoofing|ARP Man in the Middle attack]] is being conducted by notifying the system administrator when a duplicate MAC address is being used on the network. Arpwatch is most commonly ran on routers, but it can also useful on a managed network switch. |
su - | su - |
cd /var/lib/arpwatch | cd /var/lib/arpwatch |
wget http://standards.ieee.org/regauth/oui/oui.txt | wget http://standards-oui.ieee.org/oui.txt |
./massagevendor oui.txt > ethercodes.dat | ./massagevendor oui.txt > ethercodes.dat |
rm -f oui.txt | rm -f oui.txt |
* [[https://ee.lbl.gov/|Arpwatch Home]] | * [[https://ee.lbl.gov/|Arpwatch Home]] |
| |
* Originally written by [[wiki:user:mralk3 | Brenton Earl]] | * Originally written by [[wiki:user:mralk3 | mralk3]] |
<!-- If you are copying information from another source, then specify that source --> | <!-- If you are copying information from another source, then specify that source --> |
<!-- * Original source: [[http://some.website.org/some/page.html]] --> | <!-- * Original source: [[http://some.website.org/some/page.html]] --> |
<!-- Authors are allowed to give credit to themselves! --> | <!-- Authors are allowed to give credit to themselves! --> |
<!-- * Originally written by [[wiki:user:xxx | User X]] --> | <!-- * Originaly written by [[wiki:user:xxx | User X]] --> |
<!-- * Contributions by [[wiki:user:yyy | User Y]] --> | <!-- * Contributions by [[wiki:user:yyy | User Y]] --> |
| |
<!-- Please do not modify anything below, except adding new tags.--> | <!-- Please do not modify anything below, except adding new tags.--> |
<!-- You must remove the tag-word "template" below before saving your new page --> | <!-- You must remove the tag-word "template" below before saving your new page --> |
{{tag>howtos network monitoring arpwatch}} | {{tag>howtos network monitoring arpwatch user_mralk3}} |