Ben's notes

Linux, Unix, network, radio...

Trace: • raspberry_pi_arp_watcher

raspberry_pi_arp_watcher

Table of Contents

Raspberry Pi - ARP watcher
- Raspbian
- Mail
- Arpwatch

Raspberry Pi - ARP watcher

Keep track of ethernet/ip address pairings. It syslogs activity and reports certain changes via email.

Raspbian

Install Raspbian, connect the Pi to your network, the broadcast domain (subnet) you want to monitor.
Configure the Pi as you would normally.
- Disable HDMI, WLAN, Bluetooth
- Configure firewall
- Remove pi user
- enable ipv6 privacy addressing
- Disable unnecessary services

Mail

Configure outgoing mail. For example with a simple to use tool like ssmtp.
```
apt install ssmtp mailutils
```
Test outgoing mail.

Arpwatch

Install arpwatch

apt install arpwatch
systemctl stop arpwatch
rm /var/lib/arpwatch/*     # remove already found hosts

Update the ethercodes

cd /usr/share/arpwatch/
mv ethercodes.dat ethercodes.old
curl -O https://linuxnet.ca/ieee/oui/ethercodes.dat

Script / crontab to update the file every month or so.
Configure arpwatch /etc/arpwatch.conf
```
eth0    -m <mail recipient>
```

Enable and start arpwatch

systemctl enable arpwatch
systemctl start arpwatch

[hardware, raspberry, pi, linux, network, arp, watch, mac]

raspberry_pi_arp_watcher.txt · Last modified: 2019/03/10 05:13 by admin