Ngwa Arpwatch iji nyochaa Ọrụ Ethernet na Linux
Arpwatch bụ mmemme sọftụwia kọmputa mepere emepe nke na-enyere gị aka inyocha ọrụ okporo ụzọ Ethernet (dị ka Ịgbanwe IP na Adreesị MAC) na netwọkụ gị ma na-edobe nchekwa data nke njikọ ethernet/ip adreesị. Ọ na-ewepụta ndekọ nke njikọ IP na ozi adreesị MAC achọpụtara yana akara oge, yabụ ị nwere ike lelee nke ọma mgbe ọrụ njikọta pụtara na netwọkụ. Ọ nwekwara nhọrọ izipu akụkọ site na email na onye nchịkwa netwọk mgbe agbakwunyere ma ọ bụ gbanwee njikọ.
Ngwá ọrụ a bara uru karịsịa maka ndị nchịkwa netwọk ka ha na-eleba anya na ọrụ ARP iji chọpụta nhụta ARP ma ọ bụ mgbanwe adreesị IP/MA na-atụghị anya ya.
Ịwụnye Arpwatch na Linux
Site na ndabara, anaghị etinye ngwa Arpwatch na nkesa Linux ọ bụla. Anyị ga-eji aka tinye ya site na iji iwu 'yum' na RHEL, CentOS, Fedora na 'apt-get' na Ubuntu, Linux Mint na Debian .
# yum install arpwatch
$ sudo apt-get install arpwatch
Ka anyị lekwasị anya na faịlụ arpwatch kachasị mkpa, ebe faịlụ dị ntakịrị dị iche dabere na sistemụ arụmọrụ gị.
- /etc/rc.d/init.d/arpwatch: Ọrụ arpwatch maka mmalite ma ọ bụ kwụsị daemon.
- /etc/sysconfig/arpwatch: Nke a bụ faịlụ nhazi isi…
- /usr/sbin/arpwatch: Iwu ọnụọgụ abụọ ka ịmalite na ịkwụsị ngwa site na ọdụ.
- /var/arpwatch/arp.dat : Nke a bụ isi faịlụ nchekwa data ebe a na-edekọ adreesị IP/MA.
- /var/log/messages: faịlụ ndekọ, ebe arpwatch na-ede mgbanwe ọ bụla ma ọ bụ ihe omume pụrụ iche na IP/MAC.
Pịnye iwu a ka ịmalite ọrụ arpwatch.
# chkconfig --level 35 arpwatch on # /etc/init.d/arpwatch start
$ sudo chkconfig --level 35 arpwatch on $ sudo /etc/init.d/arpwatch start
Ka ilele otu interface, pịnye iwu na-esonụ na '-i' na aha ngwaọrụ.
# arpwatch -i eth0
Yabụ, mgbe ọ bụla a na-agbanye MAC ọhụrụ ma ọ bụ otu IP na-agbanwe adreesị MAC ya na netwọkụ, ị ga-ahụ ntinye syslog na '/ var/log/syslog' ma ọ bụ '/ var/log/message' faịlụ.
# tail -f /var/log/messages
Apr 15 12:45:17 tecmint arpwatch: new station 172.16.16.64 d0:67:e5:c:9:67 Apr 15 12:45:19 tecmint arpwatch: new station 172.16.25.86 0:d0:b7:23:72:45 Apr 15 12:45:19 tecmint arpwatch: new station 172.16.25.86 0:d0:b7:23:72:45 Apr 15 12:45:19 tecmint arpwatch: new station 172.16.25.86 0:d0:b7:23:72:45 Apr 15 12:45:19 tecmint arpwatch: new station 172.16.25.86 0:d0:b7:23:72:45
Ihe mmepụta dị n'elu na-egosiputa ebe ọrụ ọhụrụ. Ọ bụrụ na emegharịrị mgbanwe ọ bụla, ị ga-enweta nsonaazụ na-esote.
Apr 15 12:45:17 tecmint arpwatch: changed station 172.16.16.64 0:f0:b8:26:82:56 (d0:67:e5:c:9:67) Apr 15 12:45:19 tecmint arpwatch: changed station 172.16.25.86 0:f0:b8:26:82:56 (0:d0:b7:23:72:45) Apr 15 12:45:19 tecmint arpwatch: changed station 172.16.25.86 0:f0:b8:26:82:56 (0:d0:b7:23:72:45) Apr 15 12:45:19 tecmint arpwatch: changed station 172.16.25.86 0:f0:b8:26:82:56 (0:d0:b7:23:72:45) Apr 15 12:45:19 tecmint arpwatch: changed station 172.16.25.86 0:f0:b8:26:82:56 (0:d0:b7:23:72:45)
Ị nwekwara ike ịlele tebụl ARP dị ugbu a, site na iji iwu na-esonụ.
# arp -a
linux-console.net (172.16.16.94) at 00:14:5e:67:26:1d [ether] on eth0 ? (172.16.25.125) at b8:ac:6f:2e:57:b3 [ether] on eth0
Ọ bụrụ na ịchọrọ izipu ọkwa na id email omenala gị, wee mepee faịlụ nhazi isi '/etc/sysconfig/arpwatch'ma tinye email dị ka egosiri n'okpuru.
# -u <username> : defines with what user id arpwatch should run # -e <email> : the <email> where to send the reports # -s <from> : the <from>-address OPTIONS="-u arpwatch -e [email -s 'root (Arpwatch)'"
Nke a bụ ọmụmaatụ nke akụkọ ozi-e, mgbe ejikọrọ MAC ọhụrụ.
hostname: centos
ip address: 172.16.16.25
interface: eth0
ethernet address: 00:24:1d:76:e4:1d
ethernet vendor: GIGA-BYTE TECHNOLOGY CO.,LTD.
timestamp: Monday, April 15, 2012 15:32:29Nke a bụ ọmụmaatụ nke akụkọ ozi-e, mgbe IP na-agbanwe adreesị MAC ya.
hostname: centos
ip address: 172.16.16.25
interface: eth0
ethernet address: 00:56:1d:36:e6:fd
ethernet vendor: GIGA-BYTE TECHNOLOGY CO.,LTD.
old ethernet address: 00:24:1d:76:e4:1d
timestamp: Monday, April 15, 2012 15:43:45
previous timestamp: Monday, April 15, 2012 15:32:29
delta: 9 minutesDị ka ị pụrụ ịhụ n'elu, ọ na-edekọ, Hostname, adreesị IP, Mac adreesị, Vendor aha na timestamps. Maka ozi ndị ọzọ, lee ibe mmadụ arpwatch site na ịpị 'man arpwatch' na ọnụ.