Arpalert

You are the administrator of a big LAN for which physical access is difficult to control. You know that viruses and data theft can happen due to external machines that connect to the LAN without authorization. You must to monitor these illegal connections. This is where Arpalert can help you.

Installing Arpalert


Start by downloading the Arpalert archive on the official web site. http://www.arpalert.org/index.php?page=download

You must compile the source code because packages are not provided.

  • ./configure –prefix=/usr/local/arpalert && make && make install

with root privileges will install the application on your computer. You can specify the install base directory with the parameter –prefix after the ./configure command. By default the base directory is /usr/local/arpalert.

Configure Arpalert


A default config file is located in

  • /usr/local/arpalert/etc/arpalert/arpalert.conf

These defaults parameters are usable in most configurations.

Continuing with root privileges, launch the program with the command

  • /usr/local/arpalert/sbin/arpalert -d

The option -d launches the program in daemon mode. If you always want to run Arpalert in daemon mode, you must to edit config file and replace daemon = false by daemon = true. If you watch the /var/log/messages file, you will see all the machines detected on the network. These machines are recorded in the following file.

  • /usr/local/arpalert/var/lib/arpalert/arpalert.leases

When all the local network machines are discovered, copy the file /usr/local/arpalert/var/lib/arpalert/arpalert.leases into the maclist.allow file

  • cat /usr/local/arpalert/var/lib/arpalert/arpalert.leases > /usr/local/arpalert/etc/arpalert/maclist.allow

Don’t hesitate to add new mac addresses to this file. Restart the deamon, and the program will run. Now all the new computers detected are probably intruders and they are logged. You can run Arpalert with a script to alert you by e-mail (for example). Script examples are in the directory “scripts”.

arpalert

Useful Links

TCP connection monitoring using TCPTRACK

Server Monitoring Using DSTAT

Bandwidth and Disk Monitoring using BWM-NG