Arpwatch

Arpwatch is a security monitoring tool designed to observe potential ARP spoofing in a network. This section guides you on setting up Arpwatch.

Install Arpwatch

Start Arpwatch

Install Arpwatch

To install arpwatch, simply:

$ apt install arpwatch -y

IMPORTANT NOTE: arpwatch depends on a local email facility to send its reports to the root account which in turns send to all administrators. Take a look at Setup Exim4 with Gmail Send-Only as one of the option.

Start Arpwatch

To start the monitoring, you need to execute the following commands in pattern:

$ systemctl enable arpwatch@<networkName>

$ systemctl start arpwatch@<networkName>

If you're on a bonded interface, you can use its name (e.g. bond0). Here are some examples:

# bonded interface

$  systemctl enable arpwatch@bond0

$  systemctl start arpwatch@bond0

# un-bonded interface (Ethernet)

$  systemctl enable arpwatch@enp2s0

$  systemctl start arpwatch@enp2s0

# un-bonded interface (Wifi)

$  systemctl enable arpwatch@wlp3s0

$  systemctl start arpwatch@wlp3s0

That's all for apt package manager.

Back to GNU/Linux Operating System