Howto setup and configure Arpwatch on Ubuntu

Q. I would like to know – how do I detect ARP spoofing? I am using Ubuntu Linux.

A. Use arpwatch command to keeps track for ethernet/ip address pairings. It logs message or activity to syslogs and reports certain changes via email.


Arpwatch uses pcap to listen for arp packets on a local Ethernet interface.

1. Setup

apt-get install arpwatch

All files are automatically created , and the service starts

2. Configuration

Configure parameters:

vi /etc/arpwatch.conf

insert line like this:

eth0 -a -n 192.168.40.0/24 -m alerts.here@mydomain.com

Restart arpwatch for new configuration:

/etc/init.d/arpwatch restart

Check if the process is running:

ps –ef | grep arpwatch
root 3078 1 0 11:38 ? 00:00:00 /usr/sbin/arpwatch

You can check the content:

tail -f /var/log/arpwatch.log

More :

http://manpages.ubuntu.com/manpages/lucid/man8/arpwatch.8.html

Be the first to comment

Leave a Reply

Your email address will not be published.


*


*