2017-12-17 09:50 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0004387Kali Linux[All Projects] New Tool Requestspublic2017-12-15 23:00
Reporterj_jito 
Assigned To 
PrioritynormalSeverityfeatureReproducibilityhave not tried
StatusnewResolutionopen 
Product Version2017.3 
Target VersionFixed in Version 
Summary0004387: Addrwatch: This is used to monitor network and log discovered ethernet/ip pairings.
DescriptionMain features of addrwatch:

- IPv4 and IPv6 address monitoring
- Monitoring multiple network interfaces with one daemon
- Monitoring of VLAN tagged (802.1Q) packets.
- Output to stdout, plain text file, syslog, sqlite3 db, MySQL db
- IP address usage history preserving output/logging

Addrwatch is extremely useful in networks with IPv6 autoconfiguration (RFC4862) enabled. It allows to track IPv6 addresses of hosts using IPv6 privacy extensions (RFC4941).

Addrwatch do not keep persistent network pairings state but instead logs all the events that allow ethernet/ip pairing discovery. For IPv4 it is ARP requests, ARP replies and ARP ACD (Address Conflict Detection) packets. For IPv6 it uses ICMPv6 Neighbor Discovery and (DAD) Duplicate Address Detection packets (Neighbor Solicitations, Neighbor Advertisements).
Steps To Reproducegit clone https://github.com/fln/addrwatch.git
./configure
make
make install
addrwatch --help
Additional Informationlibpcap , libevent , mysqlclient

apt-get install libpcap libevent mysqlclient
Attached Files

-Relationships
+Relationships

-Notes

~0007702

dookie (administrator)

This works very well and would make a good addition to the distro.
+Notes

-Issue History
Date Modified Username Field Change
2017-12-05 11:23 j_jito New Issue
2017-12-15 23:00 dookie Note Added: 0007702
+Issue History