raspberry_pi_arp_watcher
Table of Contents
Raspberry Pi - ARP watcher
Keep track of ethernet/ip address pairings. It syslogs activity and reports certain changes via email.
Raspbian
- Install Raspbian, connect the Pi to your network, the broadcast domain (subnet) you want to monitor.
- Configure the Pi as you would normally.
- Disable HDMI, WLAN, Bluetooth
- Configure firewall
- Remove pi user
- enable ipv6 privacy addressing
- Disable unnecessary services
- Configure outgoing mail. For example with a simple to use tool like
ssmtp
.apt install ssmtp mailutils
- Test outgoing mail.
Arpwatch
- Install arpwatch
apt install arpwatch systemctl stop arpwatch rm /var/lib/arpwatch/* # remove already found hosts
- Update the ethercodes
cd /usr/share/arpwatch/ mv ethercodes.dat ethercodes.old curl -O https://linuxnet.ca/ieee/oui/ethercodes.dat
- Script / crontab to update the file every month or so.
- Configure arpwatch
/etc/arpwatch.conf
eth0 -m <mail recipient>
- Enable and start arpwatch
systemctl enable arpwatch systemctl start arpwatch
raspberry_pi_arp_watcher.1633792487.txt.gz ยท Last modified: 2021/10/09 15:14 by 127.0.0.1