Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools


Raspberry Pi - ARP watcher

Keep track of ethernet/ip address pairings. It syslogs activity and reports certain changes via email.


  • Install Raspbian, connect the Pi to your network, the broadcast domain (subnet) you want to monitor.
  • Configure the Pi as you would normally.
    • Disable HDMI, WLAN, Bluetooth
    • Configure firewall
    • Remove pi user
    • enable ipv6 privacy addressing
    • Disable unnecessary services


  • Configure outgoing mail. For example with a simple to use tool like ssmtp.
    apt install ssmtp mailutils
  • Test outgoing mail.


  • Install arpwatch
    apt install arpwatch
    systemctl stop arpwatch
    rm /var/lib/arpwatch/*     # remove already found hosts
  • Update the ethercodes
    cd /usr/share/arpwatch/
    mv ethercodes.dat ethercodes.old
    curl -O
  • Script / crontab to update the file every month or so.
  • Configure arpwatch /etc/arpwatch.conf
    eth0    -m <mail recipient>
  • Enable and start arpwatch
    systemctl enable arpwatch
    systemctl start arpwatch
raspberry_pi_arp_watcher.txt · Last modified: 2019/03/10 05:13 by admin