raspberry_pi_arp_watcher
This is an old revision of the document!
Table of Contents
Raspberry Pi - ARP watcher
Keep track of ethernet/ip address pairings. It syslogs activity and reports certain changes via email.
Raspbian
- Install Raspbian, and connect the Pi to your network, the broadcast domain (subnet) you want to monitor.
- Configure the Pi as you would normally.
- Disable HDMI, WLAN, Bluetooth
- Configure firewall
- Remove pi user
- enable ipv6 privacy addressing
- Disable unnecessary services
- Configure outgoing mail. For example with a simple to use tool like
ssmtp
.apt install ssmtp mailtutils
- Test outgoing mail.
Arpwatch
- Install arpwatch
apt install arpwatch systemctl stop arpwatch rm /var/lib/arpwatch/* # remove already found hosts
- Update the ethercodes
cd /usr/share/arpwatch/ mv ethercodes.dat ethercodes.old curl -O https://linuxnet.ca/ieee/oui/ethercodes.dat
- Script / crontab to update the file every month or so.
- Configure arpwatch
/etc/arpwatch.conf
eth0 -m <mail recipient>
- Enable and start arpwatch
systemctl enable arpwatch systemctl start arpwatch
raspberry_pi_arp_watcher.1549010113.txt.gz ยท Last modified: 2019/02/01 08:35 by admin