The Sysadmin’s Daily Grind: Arpalert

ARP WATCH

Author(s):

Corporate policies prohibit the unauthorized connection of hardware to the company network, threatening dire consequences in the case of non-compliance. Fair enough, but how do you actually go about catching somebody trying to plug an illegal laptop into your Ethernet?

My choice for a faithful watchdog is Arpalert [1]. Arpalert creator Thierry Fournier recommends the following incantation to send the beast off into the wild: ./configure --prefix=/usr/local make make install This series of commands puts the C program in /usr/local/sbin and the arpalert.conf configuration file in /usr/local/etc/arpalert. No Place Like Home For my initial experiments, I decided to use a network that gives me excellent visibility, such as the network in my home office. It’s the weekend, and my wife has gone down to the local library, so I shouldn’t have more than four of five computers on the network. I did the following to launch Arpalert: /usr/local/sbin/arpalert