Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: arpwatch

From: "Zachary Mutrux" <zmutrux () compumentor org>
Date: Thu, 11 Sep 2003 08:59:18 -0700
I think zidan's question is not "what does arpwatch do?", but "how can I
intercept arp traffic when my network is switched?" Read more carefully
before unleashing the rant, J.

zidan, find the documentation for your switch and see if it has a monitoring
port that receives all traffic. On better switches you can even define which
port is the monitoring port.

Zac



-----Original Message-----
From: zidan [mailto:zidan00 () fastmail fm]
Sent: Wednesday, September 10, 2003 10:33 AM
To: security-basics () securityfocus com
Subject: arpwatch


hello,

I have recently installed arpwatch on one of our servers. I understood
arpwatch "learns" arp replies, but since arp replies are destined to a
specific MAC and
this is a switched network, how can arpwatch see all arp replies ?


-Z




---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: