arpwatch - Ethernet monitor program; for keeping track of ethernet/ip address pairings
ChangeLog
| Web site: | http://www-nrg.ee.lbl.gov/ |
HOWTO
# arpwatch 2.1a15
# ===============
# According to the ChangeLog, other than 2.1a15 in June 2006, arpwatch
# hadn't been updated since 1997. If you're looking for something in
# active development (or at least something with more recent development),
# check out arpwatch-ng.
#
# I use -ng now, so any further updates to this howto will most likely just
# be updates to the tarball file name if new versions are released. I
# haven't tried my patch below since 2.1a13
# Prerequisites:
# libpcap
cd
test -f installed/arpwatch-2.1a15.tar.gz &&
mv installed/arpwatch-2.1a15.tar.gz .
test ! -f arpwatch-2.1a15.tar.gz &&
wget ftp://ftp.ee.lbl.gov/arpwatch-2.1a15.tar.gz
mkdir -p -m 0700 src
cd src
find -maxdepth 1 -type d -name "arpwatch-*" -exec rm -r {} \;
tar xzvf ~/arpwatch-2.1a15.tar.gz
cd arpwatch-2.1a15
test $UID = 0 && chown -R root:root .
chmod -R u+w .
# If you're going to run it on multiple interfaces, you might want to try
# my patch that changes the program name in syslog to something like
# arpwatch-int0 so you know which interface the logging is about
# (if not, skip this part).
wget -nc http://englanders.cc/pub/linux/patches/\
arpwatch-2.1a11-log_with_interface.patch &&
patch -p1 < ./arpwatch-2.1a11-log_with_interface.patch
./configure
# If you want the e-mails to go to an e-mail address other than root
# (like an arpwatch alias that goes to multiple people...), open up
# addresses.h and change it in there.
make
# Become root to install it
su
install -m 500 -o bin -g bin arpsnmp arpwatch /usr/local/sbin/
install -m 444 arpsnmp.8 arpwatch.8 /usr/local/man/man8/
install -d -m 700 /usr/local/arpwatch
install -m 600 ethercodes.dat /usr/local/arpwatch/
## Add something like this to /etc/rc.d/rc.local to start rc.arpwatch:
# if [ -x /etc/rc.d/rc.arpwatch ]; then
# /etc/rc.d/rc.arpwatch start
# fi
# ...and grab rc.arpwatch:
cd /etc/rc.d
test -f rc.arpwatch && mv -f rc.arpwatch rc.arpwatch.old &&
chmod 600 rc.arpwatch.old
wget http://englanders.cc/pub/linux/misc/rc.arpwatch
test -f rc.arpwatch && chmod 700 rc.arpwatch
# If you ever want to update /usr/local/arpwatch/ethercodes.dat, you can
# update it from the info in nmap's nmap-mac-prefixes file, or from
# http://standards.ieee.org/regauth/oui/oui.txt,
# though keep in mind that you'll have to convert the format to arpwatch's
# ethercodes.dat format.
# Become yourself again
exit
cd
mkdir -p -m 0700 installed
rm -f installed/arpwatch-*.tar.*
mv arpwatch-2.1a15.tar.gz installed/
List of HOWTOs
Web page itself last updated: 2023-12-20 8:06pm (EST -0500)
HOWTO last updated: 2006-11-02 11:48am
Copyright © 2001-2024 Jason Englander. All Rights reserved.
HOWTO last updated: 2006-11-02 11:48am
Copyright © 2001-2024 Jason Englander. All Rights reserved.
![[HTML5]](HTML5_Logo_64-black.png){kind=logo}
