Monitoring LAN devices with Perl

LIGHT INTO THE DARKNESS

Author(s):

They say darkness is the friend of thieves, but the Perl daemon in this month’s column illuminates dastardly deeds, exposing hidden activities and alerting the admin when things seem to be going awry.

Users normally don’t get to see what’s going on under the covers of a LAN. One hidden activity is packet addressing on the last hop of a route, which includes discovering a device’s unique MAC address to match an IP address. This activity is the domain of the ARP protocol. Watching all MAC addresses currently in use can lead to interesting conclusions about who is using or abusing a local network.