Security Basics mailing list archives
RE: arpwatch
From: Tony Kava <securityfocus () pottcounty com>
Date: Thu, 11 Sep 2003 14:16:33 -0500
Arpwatch does not require that you use a monitoring port or even that you have a managed switch in your network. It builds its tables from broadcast traffic that you will see anywhere on an unmanaged network. If you network uses VLANs this will of course change the situation, but otherwise you can run it anywhere even in a switched environment. -- Tony Kava Network Administrator Pottawattamie County, Iowa -----Original Message----- From: Zachary Mutrux [mailto:zmutrux () compumentor org] Sent: Thursday, 11 September, 2003 10:59 To: Security-Basics Subject: RE: arpwatch I think zidan's question is not "what does arpwatch do?", but "how can I intercept arp traffic when my network is switched?" Read more carefully before unleashing the rant, J. zidan, find the documentation for your switch and see if it has a monitoring port that receives all traffic. On better switches you can even define which port is the monitoring port. Zac
-----Original Message----- From: zidan [mailto:zidan00 () fastmail fm] Sent: Wednesday, September 10, 2003 10:33 AM To: security-basics () securityfocus com Subject: arpwatch hello, I have recently installed arpwatch on one of our servers. I understood arpwatch "learns" arp replies, but since arp replies are destined to a specific MAC and this is a switched network, how can arpwatch see all arp replies ? -Z
--------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Re: arpwatch, (continued)
- Re: arpwatch Mikkel Christensen (Sep 12)
- Re: arpwatch Gunter Luyten (Sep 11)
- Re: arpwatch Gunter Luyten (Sep 11)
- RE: arpwatch Zachary Mutrux (Sep 11)
- Logical access controle to network segments and boxes MeaCulpa (Sep 11)
- Re: Logical access controle to network segments and boxes Tim Syratt (Sep 11)
- Logical access controle to network segments and boxes MeaCulpa (Sep 11)
- Re: arpwatch Mikkel Christensen (Sep 11)
- RE: Arpwatch J. Oquendo (Sep 11)
- RE: Arpwatch zidan (Sep 11)
- Re: arpwatch zidan (Sep 11)
- RE: arpwatch Tony Kava (Sep 11)
- RE: arpwatch Tony Kava (Sep 11)
- RE: arpwatch Kim Oppalfens (Sep 12)
- Re: arpwatch B. McAninch (Sep 15)
- RE: arpwatch zidan (Sep 15)
- RE: arpwatch David Gillett (Sep 15)