yum install arpwatch
cat /etc/sysconfig/arpwatch
# -u <username> : defines with what user id arpwatch should run # -e <email> : the <email> where to send the reports # -s <from> : the <from>-address #OPTIONS="-u pcap -e root -s 'root (Arpwatch)'" OPTIONS="-i eth0 -N -u pcap -e root -s 'root (Arpwatch)'"
- N : not bogon
- i : specify interface
/etc/init.d/arpwatch start chkconfig arpwatch on
head /var/arpwatch/arp.dat|pukiwiki_cat 8:0:83:ff:25:5 10.5.31.100 1219366206 0:11:d8:71:9b:3b 172.31.1.188 1219366128 8:0:83:ff:23:fe 172.31.6.16 1219366245 0:e0:18:6b:23:9f 172.31.1.160 1219366249 0:c:29:d7:79:d4 172.31.2.60 1219366078 0:10:a4:8c:98:af 172.31.2.3 1219365743 0:d:b:4b:c6:82 172.31.1.175 1219366249 8:0:20:18:6:1e 172.31.1.45 1219366249 8:0:83:ff:25:20 172.31.3.92 1219366247 8:0:27:e3:55:c3 172.31.1.128 1219363785 8:0:83:78:a2:64 172.31.2.187 1219366130 8:0:83:ff:20:f8 172.31.1.41 1219366248 0:c:29:91:ad:97 172.31.3.11 1219364796 0:e:a6:36:f1:f8 172.31.1.172 1219365783 0:c:29:b7:ae:9 172.31.3.93 1219366206 0:40:b4:11:2c:76 172.31.1.126 1219365762 0:1b:fc:43:68:ba 172.31.1.8 1219366153 0:80:92:6:29:da 172.31.1.171 1219366243 0:e0:18:8e:d6:47 172.31.1.204 1219365399 0:17:31:12:94:b0 172.31.1.89 1219366169