Arpwatch was developed by Lawrence Berkeley National Laboratory, Network Research Group, as open-source software and is released under the BSD license.Now you should have the "tail" command installed already so you don't have to worry about that, arpwatch probably isn't so you can install that with the "apt-get install arpwatch" command or visit the site it's hosted on for the latest releases - ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
And if you were wondering what "tail" is, it's a very useful unix command which reads the last few lines of a file or piped data and displays it for us in the terminal. Once you have everything installed, open your terminal/shell of choice - I prefer terminator, it's great - then we will fire up arpwatch on the interface we'd like to monitor and then use the tail command to monitor the syslog file for new entries.
sudo apt-get install arpwatch
arpwatch -i eth0
tail -f /var/log/syslog
Now you will have arpwatch watching for new arp entries and changes within the network which it will then proceed to log in the syslog file located in the /var/log/ directory. The log is then read by tails and displayed in your shell.
No comments:
Post a Comment