OrcacoreLinux TutorialsAdvanced Linux

Install and Use Arpwatch on AlmaLinux 9

By daniel
0
271
Install and Use Arpwatch on AlmaLinux 9

This tutorial intends to teach you to Install and Use Arpwatch on AlmaLinux 9.

Arpwatch is an open-source computer software that is used for monitoring Address Resolution Protocol traffic on a computer network. With Arpwatch, you can easily keep a log or database of all Ethernet and IP address pairings. That is a list of all identified IP and MAC address pairings and their corresponding timestamps.

Arpwatch uses pcap to listen to arp packets on a local network to monitor ARP activity to detect ARP spoofing, network flip-flops, changed and new stations, and address reuse. It also has the option of reporting these changes via email.  

what you read in this post?

Steps To Install and Use Arpwatch on AlmaLinux 9

To complete this guide, you must log in to your server as a non-root user with sudo privileges. To do this, you can follow our guide on Initial Server Setup with AlmaLinux 9.

Install Arpwatch on AlmaLinux 9

Arpwatch packages can be installed on AlmaLinux 9 by using the Epel Repository. First, update your local package index with the following command:

sudo dnf update -y

Then, use the following command to install the Epel repo:

sudo dnf install epel-release -y

Run the system update again:

sudo dnf update -y

Now you can easily use the command below to install Arpwatch:

sudo dnf install arpwatch -y

You can verify your Arpwatch installation on AlmaLinux 9 by checking its version:

arpwatch -V
Output
Version 3.3

How To Use Arpwatch

At this point, you can start to monitor any particular ethernet network interface using Arptwatch on Almalinux 9. The syntax that you can use, is shown below:

arpwatch -i <interface-name>

For example, to monitor the eth0 network interface, you can use the command below:

sudo arpwatch -i eth0

The above command will not show any output instead it sits in the background silently to monitor some changes happening on the network interface. It will save the information as logs at /var/log/messages

You can see the information, by using the command below:

sudo tail -f /var/log/messages

For more information, you can visit the Arpwatch Man page.

Important files location of Arpwatch:

/etc/sysconfig/arpwatch : Key system configuration file for this tool.
/usr/sbin/arpwatch: The main folder of ArptWatch where its binary is located.
/var/lib/arpwatch/arp.dat : ARP Dat is a file to store the database of Ethernet MAC addresses seen on the network.
/var/log/messages : File that logs the details of changes that happen over Ip or mac-address.

Uninstall Arpwatch From AlmaLinux 9

If you no longer want to use Arpwatch, you can easily remove it by using the command below:

sudo dnf remove arpwatch -y

Conclusion

At this point, you have learned to Install and Use Arpwatch on AlmaLinux 9.

Hope you enjoy it. You may be like these guides on the Orcacore website:

Set up Siege Stress Tester on AlmaLinux 9

How To Add Swap Space on AlmaLinux 9

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Captcha verification failed!
CAPTCHA user score failed. Please contact us!
Latest Articles

POPULAR TAGS

AlmaLinux TutorialsUbuntu 22.04 TutorialsLinux Commands TutorialsRocky Linux tutorialsDebian 11 TutorialsUbuntu 20.04 TutorialsCentOS 7 TutorialsMonitoring
Most Popular

OrcaCore is a website which tries to provide useful IT Pro Tutorials in various fields of technology and different operating systems to its users such as Linux, Windows, Security, Network and etc. Since Technology is growing so fast and it is getting more complicated every day, sometimes it is kind of hard to be along with this fast growing Technology. So for those who are interested in IT skills OrcaCore is here to response to your needs as a learning platform.

Follow us on social networks

© Copyright - OrcaCore Team