arpwatch monitors mac adresses on your network and writes them into a file.
last know timestamp and change notification is included. use it to monitor for unknown (and as such, likely to be intruder's) mac adresses or somebody messing around with your arp_/dns_tables.
based upon the well-known version from ftp://ftp.ee.lbl.gov/
keywords = { arpwatch, MAC, IP, network, change detection }
arpwatch NG 1.7:
update autoconf system to support x86_64 better [UPDATED]
arpwatch NG 1.6:
use a central report function table to ease customization [FIXED]
minor cleanups and updates [FIXED]
arpwatch NG 1.5:
try to report error on startup better _ arp.dat _ ethercodes.dat [FIXED]
arpwatch NG 1.4:
try to report _all anomalities via the report function _not syslog [FIXED]
mode 2 _ make action list parseable [FIXED]
further static'fy local functions in arpwatch.c [FIXED]
ethercodes updated from nmap-4.11 and removed old ones [UPDATED]
arpwatch NG 1.2:
on make install also install man-pages [FIXED]
ethercodes updated from nmap-4.00 [UPDATED]
arpwatch NG 1.1:
allow for attaching pcap / tcpdump_style filters [ADDED]
improve and update man-page [FIXED]
arpwatch NG 1.0:
allow getopt() to complain about unknown options [FIXED]
rework help output and send to stdout, not stderr [FIXED]
previous versions _ all changes included in NG 1.0 _
DROP1:
code was in bad and old shape [FIXED]
ethercodes were old - updated from NMAP [FIXED]
DROP2:
reporting to stdout added [ADDED]
ethercodes updated from nmap-3.81 [UPDATED]
DROP3:
report using raw mode _ so later filters can change output as they like _ [ADDED]
close stdin _ stdout _ stderr in daemon again [FIXED]
clean up reporting subsystem [FIXED]
DROP4:
compile fix for arpwatch.c [FIXED]
segfault fix for report.c -> arpwatch.c: uninitialized function pointer [FIXED]
include overflow security fix [FIXED]
DROP4.1:
compile fix for NON-GNU systems: strndup() missing [ADDED]
DROP5:
rewrite make install target [FIXED]
remove #ifdef DEBUG altogether [FIXED]
simplify initialization code in arpwatch.c [FIXED]
DROP6:
apply lots of vendor patches from debian [MERGED]
eg continue on unconfigured interface, option -p for non-promiscous mode, ... - see changelog
misc fixes [FIXED]
DROP7:
more debian patches [MERGED]
drop privileges to user _ specify sendmail-prog _ mail-to option
minor security fix for replacement strndup() [FIXED]
DROP8:
added fancy mac adress printing [ADDED]
DROP9:
ethercodes updated from nmap-3.83 [UPDATED]
add -F as mail_from option [ADDED]
shorten checkpoint time of arp db [FIXED]
also try mktemp in mkdep script [FIXED]
DROP10:
fix bug: arp.dat was not checkpointed or updated while running [FIXED]
previous versions
arpwatch-DROP1.tar.bz2
arpwatch-DROP2.tar.bz2
arpwatch-DROP3.tar.bz2
arpwatch-DROP4.1.tar.bz2
arpwatch-DROP5.tar.bz2
arpwatch-DROP6.tar.bz2
arpwatch-DROP7.tar.bz2
arpwatch-DROP8.tar.bz2
arpwatch-DROP9.tar.bz2
arpwatch-DROP10.tar.bz2