Packages and Binaries:
arpwatch
Ethernet/FDDI station activity monitor
Arpwatch maintains a database of Ethernet MAC addresses seen on the
network, with their associated IP pairs. Alerts the system administrator
via e-mail if any change happens, such as new station/activity,
flip-flops, changed and re-used old addresses.
If you want to maintain a list authorized MAC addresses manually, take a look at the arpalert package which may fit your needs better.
Installed size: 153 KB
How to install: sudo apt install arpwatch
Dependencies:
- adduser
- gawk
- init-system-helpers
- libc6
- libpcap0.8t64
arp2ethers
Convert arpwatch address database to ethers file format
root@kali:~# man arp2ethers
ARP2ETHERS(8) System Manager's Manual ARP2ETHERS(8)
NAME
arp2ethers - convert arpwatch address database to ethers file format
SYNOPSIS
arp2ethers [ arp.dat file ]
DESCRIPTION
arp2ethers converts the file /var/lib/arpwatch/arp.dat (or the file
specified on the command line) into ethers(5) format on stdout. Usually
arp.dat is an ethernet/ip database file generated by arpwatch(8). The
arpwatch daemon in Debian will create different arp.dat depending on its
configuration. All of them will be available at /var/lib/arpwatch/.
FILES
/var/lib/arpwatch - default directory for arp.dat
arp.dat - ethernet/ip address database
SEE ALSO
arpwatch(8), ethers(5), rarp(8), arp(8),
BUGS
Please send bug reports to [email protected].
AUTHORS
Original version by Craig Leres of the Lawrence Berkeley National Labo-
ratory Network Research Group, University of California, Berkeley, CA.
Modified for the Debian Project by Peter Kelemen, with additions from
Erik Warmelink.
The current version is available via anonymous ftp:
ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
This manual page was contributed by Hugo Graumann.
ARP2ETHERS(8)
arpfetch
Obtain ethernet/ip address pairings via snmp
root@kali:~# arpfetch -h
usage: arpfetch host cname
arpsnmp
Keep track of ethernet/ip address pairings
root@kali:~# arpsnmp -h
Version 2.1a15
usage: arpsnmp [-d] [-m addr ] [-f datafile] [-s sendmail_path] file [...]
arpwatch
Keep track of ethernet/ip address pairings
root@kali:~# arpwatch -h
Version 2.1a15
usage: arpwatch [-dN] [-f datafile] [-F "filter" ][-i interface] [-n net[/width]] [-r file] [-s sendmail_path] [-p] [-a] [-m addr] [-u username] [-Q] [-z ignorenet/ignoremask]
bihourly
Track ethernet/ip address pairs
root@kali:~# man bihourly
BIHOURLY(8) System Manager's Manual BIHOURLY(8)
NAME
bihourly - track ethernet/ip address pairs
SYNOPSIS
bihourly
DESCRIPTION
bihourly is a script that automates the operation of arpsnmp(8) by exe-
cuting arpfetch(8) on a series of hostnames and then sending the results
to arpsnmp(8) for analysis.
The result is a report of the current pairings between ip addresses and
the corresponding ethernet address of the network hardware as reported
by snmpwalk(8). Activity is logged and noted changes are reported by
email.
In its working directory bihourly expects a file named list which con-
tains a space separated list of hostnames to be queried and a file named
cname which holds the SNMP community name by which to query these hosts.
Contrary to the name, bihourly does not run twice every hour. It runs
once each time it is invoked. For repeated operation bihourly must be
invoked on a periodic basis by a program like cron(1).
FILES
/var/lib/arpwatch - default working directory
list - file containing names of hosts to query
cname - file containing the SNMP community name by which to query
SEE ALSO
arpsnmp(8), arpfetch(8), snmpwalk(8), cron(8)
BUGS
Please send bug reports to [email protected].
AUTHORS
Craig Leres of the Lawrence Berkeley National Laboratory Network Re-
search Group, University of California, Berkeley, CA.
The current version is available via anonymous ftp:
ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
This manual page was contributed by Hugo Graumann.
BIHOURLY(8)
massagevendor
Convert the ethernet vendor codes master list to arpwatch format
root@kali:~# massagevendor -h
sed: invalid option -- 'h'
Usage: sed [OPTION]... {script-only-if-no-other-script} [input-file]...
-n, --quiet, --silent
suppress automatic printing of pattern space
--debug
annotate program execution
-e script, --expression=script
add the script to the commands to be executed
-f script-file, --file=script-file
add the contents of script-file to the commands to be executed
--follow-symlinks
follow symlinks when processing in place
-i[SUFFIX], --in-place[=SUFFIX]
edit files in place (makes backup if SUFFIX supplied)
-l N, --line-length=N
specify the desired line-wrap length for the `l' command
--posix
disable all GNU extensions.
-E, -r, --regexp-extended
use extended regular expressions in the script
(for portability use POSIX -E).
-s, --separate
consider files as separate rather than as a single,
continuous long stream.
--sandbox
operate in sandbox mode (disable e/r/w commands).
-u, --unbuffered
load minimal amounts of data from the input files and flush
the output buffers more often
-z, --null-data
separate lines by NUL characters
--help display this help and exit
--version output version information and exit
If no -e, --expression, -f, or --file option is given, then the first
non-option argument is taken as the sed script to interpret. All
remaining arguments are names of input files; if no input files are
specified, then the standard input is read.
GNU sed home page: <https://www.gnu.org/software/sed/>.
General help using GNU software: <https://www.gnu.org/gethelp/>.
Updated on: 2026-Mar-13