Hi
Arpwatch will not help in many network designs. It does not span switches so
you need to open the port to promiscuious mode. In larger switches this
requires a faster port to be used (ie 1gb when the network is generally 100mb).
Also a connection is needed for each switch and segment. In large and
geographically distributed networks this become prohibitive very quickly.
In small hub based collision domains this is a good product, but this situation
is becoming rare even in home networks.
Next it is possible to configure a "sniffer" host to watch a collision domain
without having been assigned a MAC address and arp watch is useless in this
senario.
Regards
Craig
-----Original Message-----
From: Mircea MITU [mailto:[EMAIL PROTECTED]
Sent: Mon 6/03/2006 9:15 PM
To: [EMAIL PROTECTED]; [email protected]
Cc:
Subject: Re: Scan for "outsider" Pcs on network
On Thu, 2006-03-02 at 23:47 +0000, [EMAIL PROTECTED] wrote:
> Is there a way to setup a scan and be notified of an intruding pc that
> is physically plugged into the network?
Sure, use arpwatch.
--
This message was scanned for spam and viruses by BitDefender.
For more information please visit http://www.bitdefender.com/
Liability limited by a scheme approved under Professional Standards Legislation
in respect of matters arising within those States and Territories of Australia
where such legislation exists.
DISCLAIMER
The information contained in this email and any attachments is confidential. If
you are not the intended recipient, you must not use or disclose the
information. If you have received this email in error, please inform us
promptly by reply email or by telephoning +61 2 9286 5555. Please delete the
email and destroy any printed copy.
Any views expressed in this message are those of the individual sender. You may
not rely on this message as advice unless it has been electronically signed by
a Partner of BDO or it is subsequently confirmed by letter or fax signed by a
Partner of BDO.
BDO accepts no liability for any damage caused by this email or its attachments
due to viruses, interference, interception, corruption or unauthorised access.
