arpsnitch
This tool is similar to arpwatch, but much simpler. It purpose is to monitor the network and log and keep track of discovered machines using arp pings.
Installation
arpsnitch is not yet on pypi, so you have to install it manually.
$ git clone git@github.com:redimp/arpsnitch.git
$ cd arpsnitch
$ python setup.py installUsage
To start simply run it with the network to discover and the config file to write as arguments:
$ arpsnitch.py -n 192.168.0.1/24 -c /tmp/arpsnitch.ymlIt will discover the network and write the found hosts to the given file:
192.168.0.1/24:
00:12:34:12:34:56:
alias: []
comment: ''
first_seen: '2017-12-04T15:48:55'
hostname: router.local
ignore: false
ip: 192.168.0.1
last_seen: '2017-12-04T15:48:55'
status: alive
98:76:54:32:1f:aa:
alias: []
comment: ''
first_seen: '2017-12-04T15:48:55'
hostname: workstation.local
ignore: false
ip: 192.168.0.2
last_seen: '2017-12-04T15:48:55'
status: aliveIf a new mac address appears, the output looks like:
$ arpsnitch.py -n 192.168.0.1/24 -c /tmp/arpsnitch.yml
aa:bb:cc:dd:ee:ff (notebook.vmdgrid): newIf a machine is not discoverable the output looks like:
$ arpsnitch.py -n 192.168.0.1/24 -c /tmp/arpsnitch.yml
aa:bb:cc:dd:ee:ff (notebook.vmdgrid): missing. last seen: 2017-12-04T16:30:02To prevent to get flooded with notifications you can ignore hosts, by setting ignore: true in the
config file:
192.168.0.1/24:
# [...]
00:12:34:12:34:56:
alias: []
comment: ''
first_seen: '2017-12-04T15:48:55'
hostname: notebook.local
ignore: true
ip: 192.168.0.3
last_seen: '2017-12-04T16:30:02'
status: aliveSetup
My suggestion is to set this up as cron job e.g.
# /etc/cron.d/arpsnitch
*/5 * * * * root [ -x /usr/local/bin/arpsnitch.py ] && /usr/local/bin/arpsnitch.py -c /tmp/arpsnitch.yml
