Monitoring the network
Bart Silverstrim
bsilver at chrononomicon.com
Mon Jan 26 16:08:23 UTC 2009
NoOp wrote:
> On 01/26/2009 07:30 AM, Brian McKee wrote:
>> On Mon, Jan 26, 2009 at 8:20 AM, Bart Silverstrim
>> <bsilver at chrononomicon.com> wrote:
>>> Might be related to the MAC addresses thread question...but I'm hoping
>>> there are some scripting gurus that have done this.
>> Take a look at arpwatch - ftp://ftp.ee.lbl.gov/arpwatch.tar.gz -
>> http://en.wikipedia.org/wiki/Arpwatch
>>
>> Brian
>>
>
> It's in the repos:
> http://packages.ubuntu.com/search?searchon=sourcenames&keywords=arpwatch
> http://manpages.ubuntu.com/manpages/hardy/man8/arpwatch.8.html
Thanks! It put me on track for arpalert. I installed it and am puzzling
out how to work with it...I thought there's a script in
/usr/share/doc/exampled/scripts/contrib for adding discovered MACs into
the allow list, but it doesn't seem to be working as advertised (already
changed path variables in the script for what's set up in Ubuntu).
Once I can figure out how to get the allow list working and then figure
out how to get it to mail me (I added the mail program using mailutils)
then I should be set to go...I think...
More information about the ubuntu-users
mailing list