RE: arpwatch
From: Tony Kava (securityfocus_at_pottcounty.com)
Date: 09/11/03
- Previous message: ja5150_at_optonline.net: "Re: how to sniffer the packages from one computer to another?"
- Maybe in reply to: zidan: "arpwatch"
- Next in thread: Tony Kava: "RE: arpwatch"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'security-basics@securityfocus.com'" <security-basics@securityfocus.com> Date: Thu, 11 Sep 2003 14:16:33 -0500
Arpwatch does not require that you use a monitoring port or even that you
have a managed switch in your network. It builds its tables from broadcast
traffic that you will see anywhere on an unmanaged network. If you network
uses VLANs this will of course change the situation, but otherwise you can
run it anywhere even in a switched environment.
-- Tony Kava Network Administrator Pottawattamie County, Iowa -----Original Message----- From: Zachary Mutrux [mailto:zmutrux@compumentor.org] Sent: Thursday, 11 September, 2003 10:59 To: Security-Basics Subject: RE: arpwatch I think zidan's question is not "what does arpwatch do?", but "how can I intercept arp traffic when my network is switched?" Read more carefully before unleashing the rant, J. zidan, find the documentation for your switch and see if it has a monitoring port that receives all traffic. On better switches you can even define which port is the monitoring port. Zac > -----Original Message----- > From: zidan [mailto:zidan00@fastmail.fm] > Sent: Wednesday, September 10, 2003 10:33 AM > To: security-basics@securityfocus.com > Subject: arpwatch > > > hello, > > I have recently installed arpwatch on one of our servers. I understood > arpwatch "learns" arp replies, but since arp replies are destined to a > specific MAC and > this is a switched network, how can arpwatch see all arp replies ? > > > -Z > --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
- Previous message: ja5150_at_optonline.net: "Re: how to sniffer the packages from one computer to another?"
- Maybe in reply to: zidan: "arpwatch"
- Next in thread: Tony Kava: "RE: arpwatch"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
