This tutorial intends to teach you to Install and Use Arpwatch on AlmaLinux 9.
Arpwatch is an open-source computer software that is used for monitoring Address Resolution Protocol traffic on a computer network. With Arpwatch, you can easily keep a log or database of all Ethernet and IP address pairings. That is a list of all identified IP and MAC address pairings and their corresponding timestamps.
Arpwatch uses pcap to listen to arp packets on a local network to monitor ARP activity to detect ARP spoofing, network flip-flops, changed and new stations, and address reuse. It also has the option of reporting these changes via email.
Steps To Install and Use Arpwatch on AlmaLinux 9
To complete this guide, you must log in to your server as a non-root user with sudo privileges. To do this, you can follow our guide on Initial Server Setup with AlmaLinux 9.
Install Arpwatch on AlmaLinux 9
Arpwatch packages can be installed on AlmaLinux 9 by using the Epel Repository. First, update your local package index with the following command:
sudo dnf update -yThen, use the following command to install the Epel repo:
sudo dnf install epel-release -yRun the system update again:
sudo dnf update -yNow you can easily use the command below to install Arpwatch:
sudo dnf install arpwatch -yYou can verify your Arpwatch installation on AlmaLinux 9 by checking its version:
arpwatch -VOutput
Version 3.3
How To Use Arpwatch
At this point, you can start to monitor any particular ethernet network interface using Arptwatch on Almalinux 9. The syntax that you can use, is shown below:
arpwatch -i <interface-name>For example, to monitor the eth0 network interface, you can use the command below:
sudo arpwatch -i eth0The above command will not show any output instead it sits in the background silently to monitor some changes happening on the network interface. It will save the information as logs at /var/log/messages
You can see the information, by using the command below:
sudo tail -f /var/log/messagesFor more information, you can visit the Arpwatch Man page.
Important files location of Arpwatch:
/etc/sysconfig/arpwatch : Key system configuration file for this tool./usr/sbin/arpwatch: The main folder of ArptWatch where its binary is located./var/lib/arpwatch/arp.dat : ARP Dat is a file to store the database of Ethernet MAC addresses seen on the network./var/log/messages : File that logs the details of changes that happen over Ip or mac-address.
Uninstall Arpwatch From AlmaLinux 9
If you no longer want to use Arpwatch, you can easily remove it by using the command below:
sudo dnf remove arpwatch -yConclusion
At this point, you have learned to Install and Use Arpwatch on AlmaLinux 9.
Hope you enjoy it. You may be like these guides on the Orcacore website: