Scribd
Upload
29 views3 pages

Install and Configure ARPWatch on Linux

The document outlines a practical experiment for installing and configuring ARPWatch on a Linux machine to monitor network traffic on a specified interface. It details the steps for installation, configuration, and log checking, demonstrating how ARPWatch can track ARP activity and enhance network security. The conclusion emphasizes the tool's effectiveness in identifying ARP spoofing and unauthorized devices.

Uploaded by

Arpita Sundaray
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
29 views3 pages

Install and Configure ARPWatch on Linux

The document outlines a practical experiment for installing and configuring ARPWatch on a Linux machine to monitor network traffic on a specified interface. It details the steps for installation, configuration, and log checking, demonstrating how ARPWatch can track ARP activity and enhance network security. The conclusion emphasizes the tool's effectiveness in identifying ARP spoofing and unauthorized devices.

Uploaded by

Arpita Sundaray
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

School of Engineering and Technology Bhubaneswar

Bhubaneswar 2025-26 Information Security CUTM1027

7th [Link] CSE CT/MERN

20-09-2025

Name of the Experiment: Monitoring with ARPWatch


Install and configure ARPWatch on a Linux machine to monitor a specific network interface (e.g., ens33). Demonstrate
how to view logs (/var/log/syslog) for changes in IP-MAC mappings

* Coding Phase: Pseudo Code / Flow Chart / Algorithm


Step 1: Install ARPWatch
sudo apt update
sudo apt install arpwatch -y

Step 2: Identify Network Interfaces


ip link show
• Note the interface you want to monitor (e.g., ens33, eth0, or wlan0).

Step 3: Configure ARPWatch


1. Create the database directory and file:
sudo mkdir -p /var/lib/arpwatch
sudo touch /var/lib/arpwatch/[Link]
sudo chown root:root /var/lib/arpwatch/[Link]
sudo chmod 600 /var/lib/arpwatch/[Link]
2. Run ARPWatch to monitor the interface and network:
sudo arpwatch -i ens33 -f /var/lib/arpwatch/[Link] -n [Link]/24
Options:
• -i → Interface to monitor
• -f → Database file to track IP-MAC changes
• -n → Network range to watch

Step 4: Check Logs


sudo tail -f /var/log/syslog | grep arpwatch
Example log output:
new station [Link] [Link] ens33
new station [Link] [Link] ens33
new station [Link] [Link] ens33
• new station → A new device appeared on the network.
• changed ethernet address → A device’s MAC changed (not shown here).
Note: The messages about /usr/lib/sendmail: No such file or directory appear because email notifications are
not configured. They do not affect ARPWatch logging.

No Error Found
Implementation Phase: Final Output
Step 1: Install ARPWatch

Step 2: Identify Network Interfaces

Step 3: Configure ARPWatch

1. Create the database directory and file:

2. Run ARPWatch to monitor the interface and network:


Step 4: Check Logs

Step 5: Testing ARPWatch

Conclusion

In this practical, ARPWatch was successfully installed and configured to monitor network traffic on a specific
interface. The tool effectively tracked ARP activity, logged new stations, and detected changes in IP-MAC
mappings. This demonstrates its usefulness in identifying ARP spoofing, duplicate IPs, and unauthorized
devices, thereby enhancing network security and monitoring.

You might also like