Linux arpwatch command
Linux arpwatch command recorded on the network listens for ARP.
ARP (Address Resolution Protocol) is used to resolve the IP protocol and network device hardware address.
arpwatch can monitor the LAN ARP packets and record while listening to the changes reported by E-mail.
grammar
arpwatch [-d][-f<记录文件>][-i<接口>][-r<记录文件>]
Parameters:
- -d start debugging mode.
- -f <log file> settings are stored ARP record file, by default /var/arpwatch/arp.dat.
- -i <Interface> Specifies the listener ARP interface, the default interface is eth0.
- -r <log file> Read ARP records from the specified file, instead of listening from the network.
- -n specify additional local network
- -u to specify users and user groups
- -e-mail to a specified user, a non-default root user
- -s Specifies the user name as a return address, instead of the default user root
Examples
ARP monitor card information for eth0
arpwatch -i eth0
Monitor ARP information that will record relevant information to the appropriate file
# arpwatch -i eth0 -f a.log //将信息记录到a.log中