[c-nsp] report duplicate ips on lan
Ed Ravin
eravin at panix.com
Wed Oct 31 12:58:31 EDT 2007
On Wed, Oct 31, 2007 at 06:17:04PM +0200, Tassos Chatzithomaoglou wrote:
> So, I'm looking for something that "snoops" the arp/ip packets,
> creates an ip-mac table and if an ip stored in this table appears
> with a new mac, then report an error. Is there such a feature on
> a switch (or router)?
I don't know if the Cisco can do it, but you run arpwatch on any
computer connected to the LAN:
http://www-nrg.ee.lbl.gov/
I've hacked it to query the ARP tables from all the routers in my
network, and I save the results in what is basically a list of ARP/IP
mappings for the entire organization, so I can get notices of duplicate
IPs whenever they happen.
More information about the cisco-nsp
mailing list