Packages and Binaries:

arpwatch

Arpwatch maintains a database of Ethernet MAC addresses seen on the network, with their associated IP pairs. Alerts the system administrator via e-mail if any change happens, such as new station/activity, flip-flops, changed and re-used old addresses.

If you want to maintain a list authorized MAC addresses manually, take a look at the arpalert package which may fit your needs better.

Installed size: 157 KB
How to install: sudo apt install arpwatch

  • adduser
  • gawk
  • init-system-helpers
  • libc6
  • libpcap0.8
  • lsb-base
arp2ethers

Convert arpwatch address database to ethers file format

root@kali:~# man arp2ethers
ARP2ETHERS(8)               System Manager's Manual              ARP2ETHERS(8)

NAME
       arp2ethers - convert arpwatch address database to ethers file format

SYNOPSIS
       arp2ethers [ arp.dat file ]

DESCRIPTION
       arp2ethers  converts  the  file  /var/lib/arpwatch/arp.dat (or the file
       specified on the command line) into ethers(5) format on  stdout.   Usu-
       ally  arp.dat is an ethernet/ip database file generated by arpwatch(8).
       The arpwatch daemon in Debian will create different  arp.dat  depending
       on  its  configuration.  All of them will be available at /var/lib/arp-
       watch/.

FILES
       /var/lib/arpwatch - default directory for arp.dat
       arp.dat - ethernet/ip address database

SEE ALSO
       arpwatch(8), ethers(5), rarp(8), arp(8),

BUGS
       Please send bug reports to arpwatch@ee.lbl.gov.

AUTHORS
       Original version by Craig Leres of the Lawrence Berkeley National Labo-
       ratory Network Research Group, University of California, Berkeley, CA.

       Modified  for  the Debian Project by Peter Kelemen, with additions from
       Erik Warmelink.

       The current version is available via anonymous ftp:

              ftp://ftp.ee.lbl.gov/arpwatch.tar.gz

       This manual page was contributed by Hugo Graumann.

                                                                 ARP2ETHERS(8)

arpfetch

Obtain ethernet/ip address pairings via snmp

root@kali:~# arpfetch -h
usage: arpfetch host cname

arpsnmp

Keep track of ethernet/ip address pairings

root@kali:~# arpsnmp -h
Version 2.1a15
usage: arpsnmp [-d] [-m addr ] [-f datafile] [-s sendmail_path] file [...]

arpwatch

Keep track of ethernet/ip address pairings

root@kali:~# arpwatch -h
Version 2.1a15
usage: arpwatch [-dN] [-f datafile] [-F "filter" ][-i interface] [-n net[/width]] [-r file] [-s sendmail_path] [-p] [-a] [-m addr] [-u username] [-Q] [-z ignorenet/ignoremask] 

bihourly

Track ethernet/ip address pairs

root@kali:~# bihourly -h
cat: list: No such file or directory
cat: cname: No such file or directory
WARNING: tempfile is deprecated; consider using mktemp instead.
Version 2.1a15
usage: arpsnmp [-d] [-m addr ] [-f datafile] [-s sendmail_path] file [...]

massagevendor

Convert the ethernet vendor codes master list to arpwatch format

root@kali:~# massagevendor -h
sed: invalid option -- 'h'
Usage: sed [OPTION]... {script-only-if-no-other-script} [input-file]...

  -n, --quiet, --silent
                 suppress automatic printing of pattern space
      --debug
                 annotate program execution
  -e script, --expression=script
                 add the script to the commands to be executed
  -f script-file, --file=script-file
                 add the contents of script-file to the commands to be executed
  --follow-symlinks
                 follow symlinks when processing in place
  -i[SUFFIX], --in-place[=SUFFIX]
                 edit files in place (makes backup if SUFFIX supplied)
  -l N, --line-length=N
                 specify the desired line-wrap length for the `l' command
  --posix
                 disable all GNU extensions.
  -E, -r, --regexp-extended
                 use extended regular expressions in the script
                 (for portability use POSIX -E).
  -s, --separate
                 consider files as separate rather than as a single,
                 continuous long stream.
      --sandbox
                 operate in sandbox mode (disable e/r/w commands).
  -u, --unbuffered
                 load minimal amounts of data from the input files and flush
                 the output buffers more often
  -z, --null-data
                 separate lines by NUL characters
      --help     display this help and exit
      --version  output version information and exit

If no -e, --expression, -f, or --file option is given, then the first
non-option argument is taken as the sed script to interpret.  All
remaining arguments are names of input files; if no input files are
specified, then the standard input is read.

GNU sed home page: <https://www.gnu.org/software/sed/>.
General help using GNU software: <https://www.gnu.org/gethelp/>.

Updated on: 2021-Nov-26