[c-nsp] report duplicate ips on lan

Fred Reimer freimer at ctiusa.com
Wed Oct 31 14:18:46 EDT 2007


Dynamic ARP Inspection.

Fred Reimer, CISSP
Senior Network Engineer
Coleman Technologies, Inc.
954-298-1697




-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ed Ravin
Sent: Wednesday, October 31, 2007 12:59 PM
To: Tassos Chatzithomaoglou
Cc: cisco-nsp
Subject: Re: [c-nsp] report duplicate ips on lan

On Wed, Oct 31, 2007 at 06:17:04PM +0200, Tassos Chatzithomaoglou
wrote:
> So, I'm looking for something that "snoops" the arp/ip packets,
> creates an ip-mac table and if an ip stored in this table
appears
> with a new mac, then report an error. Is there such a feature
on
> a switch (or router)?

I don't know if the Cisco can do it, but you run arpwatch on any
computer connected to the LAN:

   http://www-nrg.ee.lbl.gov/

I've hacked it to query the ARP tables from all the routers in my
network, and I save the results in what is basically a list of
ARP/IP
mappings for the entire organization, so I can get notices of
duplicate
IPs whenever they happen.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5188 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20071031/ad4b407b/attachment.bin 


More information about the cisco-nsp mailing list