Arpwatch keeps track for ethernet/ip address pairings. It syslogs activity and reports certain changes via email. Arpwatch uses pcap(3) to listen for arp packets on a local ethernet interface.
Note: you must have exim4 or postfix setup with SMTP, be it local or external if you wish to send out ?alerts? to external email address.
Run the following commands from terminal. sudo apt-get install arpwatch Create empty file for storing host information: sudo touch /var/lib/arpwatch/arp.dat Edit the config file: sudo nano /etc/arpwatch.conf insert line like this: eth0 -a -n 192.168.1.0/24 -m snipped-for-privacy@mydomain.com Restart arpwatch: sudo /etc/init.d/arpwatch restart Check if the process is running: ps ?ef | grep arpwatch root 218 1 0 11:38 ? 00:00:00 /usr/sbin/arpwatch ...
I changed the IP address line to this because I wanted to sniff the wlan: wlan0 -a -n 192.168.1.1/24 -m snipped-for-privacy@domain.com