Arpwatch
Arpwatch is a security monitoring tool designed to observe potential ARP spoofing in a network. This section guides you on setting up Arpwatch.
Install Arpwatch
Install Arpwatch
To install arpwatch
, simply:
$ apt install arpwatch -y
IMPORTANT NOTE: arpwatch
depends on a local email facility to send its reports to the root account which in turns send to all administrators. Take a look at Setup Exim4 with Gmail Send-Only as one of the option.
Start Arpwatch
Start Arpwatch
To start the monitoring, you need to execute the following commands in pattern:
$ systemctl enable arpwatch@<networkName>
$ systemctl start arpwatch@<networkName>
If you're on a bonded interface, you can use its name (e.g. bond0
). Here are some examples:
# bonded interface
$ systemctl enable arpwatch@bond0
$ systemctl start arpwatch@bond0
# un-bonded interface (Ethernet)
$ systemctl enable arpwatch@enp2s0
$ systemctl start arpwatch@enp2s0
# un-bonded interface (Wifi)
$ systemctl enable arpwatch@wlp3s0
$ systemctl start arpwatch@wlp3s0
That's all for apt package manager.