@(#) $Id: README 1535 2023-09-05 16:44:51Z leres $ (LBL)

ARPWATCH 3.0
Lawrence Berkeley National Laboratory
arpwatch@ee.lbl.gov
https://ee.lbl.gov/downloads/arpwatch/

This directory contains source code for arpwatch and arpsnmp, tools
that monitors ethernet or fddi activity and maintain a database of
ethernet/ip address pairings. It also reports certain changes via
email.

Arpwatch uses libpcap, a system-independent interface for user-level
packet capture developed at LBL. Before building arpwatch, you must
first install libpcap now available from tcpdump.org:
build libpcap, also from LBL, in:

	https://www.tcpdump.org/

Once libpcap is installed, you can build arpwatch using the procedure
in the INSTALL file.

Arpsnmp has the same database features of arpwatch but relies on
an external agent to collect the arp data. This distribution contains
a script, arpfetch, that uses snmpwalk from the Net-SNMP package,
originally from CMU. This package is available here:

	https://net-snmp.sourceforge.io/

It should be trivial to adapt the output of any snmp query program
for use with arpsnmp.

The ethernet vendor codes in ethercodes.dat is only current at the
time the last arpwatch release was assembled. The data it contains
come from the IEEE's website:

    https://standards-oui.ieee.org/oui/oui.csv

This is the IEEE's public Organizationally Unique Identifier (OUI)
listing. If you run across an OUI that isn't in ethercodes.dat (or
find any other deficiency) get a new copy from the IEEE website.

Under FreeBSD you can do this using use fetch(1). Next convert the
file to ethercodes.dat format using the massagevendor script.

If you still have a problem with ethercodes.dat, contact the IEEE
website (after all, they're the ones who assign OUIs...)

Please send bugs and comments to arpwatch@ee.lbl.gov.
