If you have linux box you can also try this simple perl script #!/usr/bin/perl
$pid=fork();
if($pid>0){die "Forked";}
else
{
while (1)
{
open(FileHND,"/proc/net/arp");
open(LogHND,">>$ARGV[0]") if $ARGV[0];
open(LogHND,">>&STDOUT") if !$ARGV[0];
while(<FileHND>)
{
@array = split(/\s+/);
if($array[0] =~ /^\d/){
if($list{$array[0]} && ($list{$array[0]} ne $array[3]))
{
print LogHND ("ARP Address $array[0] changed from $list{$array[0]} to
$array[3]\n") ;
}
elsif($list{$array[0]} ne $array[3])
{
print LogHND "Adding $array[0]\n" if $ARGV[1] ne silent;
$list{$array[0]} = $array[3];
}}
}
close(FileHND);
sleep 3;
}
}
----- Original Message -----
From: "Burton M. Strauss III" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: "Johan Denoyer" <[EMAIL PROTECTED]>
Sent: Friday, November 22, 2002 6:19 PM
Subject: RE: IP to MAC mapping
> Understand that most OSes (perhaps not windows, but I wouldn't put it past
> having a registry key somewhere) allow you to set the MAC address to
> anything you want it to be... So all you would find would be casual
> crashers...
>
> Set up a small Linux or *nix box and use arpwatch - it's a daemon that
> monitors the network and can email you with changes.
>
> -----Burton
>
> -----Original Message-----
> From: Johan Denoyer [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, November 20, 2002 11:50 AM
> To: [EMAIL PROTECTED]
> Subject: IP to MAC mapping
>
>
> Hi,
>
> we are currently looking into illegal usage of a protected network. We are
> managing a class C network, and we would like to be able to detect illegal
> usage of the network by finding the MAC address of the ip address used and
> then checking it against a database.
>
> Now I would like to find a software or a perl scrip that would do the
work.
> (The budget that we have is 0$, so freeware is likely to be the solution)
>
> I have tried doing searches using google without any luck. If anyone uses
> such software, please tell me which one, and where I can find it.
>
> Thanks,
>
>
> Salutations,
>
> Johan Denoyer
> [EMAIL PROTECTED]
> Digital Connexion
> http://www.digital-connexion.info
> PGP : 0x57A6727B
>
arp.pl
Description: Binary data
