486518fcaa
threaded in order to better deal with the requirements of multi-interface routers. Information regarding MAC addresses and interfaces is maintained by the program, and an alert is issued should a device move between interfaces. In addition, event processing has been refactored, and some bugs have been fixed. PR: 59180 Submitted by: Matthew George <mdg@secureworks.net> Approved by: portmgr
101 lines
2 KiB
Text
101 lines
2 KiB
Text
--- ../arpwatch-2.1a11/arpwatch.8 Sun Oct 8 16:31:28 2000
|
|
+++ ./arpwatch.8 Mon Sep 15 17:30:45 2003
|
|
@@ -30,7 +30,10 @@
|
|
.B -dN
|
|
] [
|
|
.B -f
|
|
-.I datafile
|
|
+.I arpfile
|
|
+] [
|
|
+.B -e
|
|
+.I etherfile
|
|
] [
|
|
.B -i
|
|
.I interface
|
|
@@ -38,6 +41,9 @@
|
|
.br
|
|
.ti +8
|
|
[
|
|
+.B -m
|
|
+.I email
|
|
+] [
|
|
.B -n
|
|
.IR net [/ width
|
|
]] [
|
|
@@ -67,8 +73,24 @@
|
|
.IR arp.dat .
|
|
.LP
|
|
The
|
|
+.B -e
|
|
+flag is used to set the ethernet/interface database filename.
|
|
+The default is
|
|
+.IR ether.dat .
|
|
+.LP
|
|
+The
|
|
+.B -i
|
|
+flag is used to specify a single interface. By default,
|
|
+.B arpwatch
|
|
+will listen to all non-loopback interfaces. Using more than one
|
|
.B -i
|
|
-flag is used to override the default interface.
|
|
+option on the same command line is not supported.
|
|
+.LP
|
|
+The
|
|
+.B -m
|
|
+flag specifies the address that will receive the emails.
|
|
+The default is
|
|
+.IR root .
|
|
.LP
|
|
The
|
|
.B -n
|
|
@@ -81,6 +103,8 @@
|
|
The
|
|
.B -N
|
|
flag disables reporting any bogons.
|
|
+It is highly recommended that this flag be used on machines with
|
|
+multiple interfaces.
|
|
.LP
|
|
The
|
|
.B -r
|
|
@@ -96,6 +120,8 @@
|
|
.LP
|
|
Note that an empty
|
|
.I arp.dat
|
|
+and
|
|
+.I ether.dat
|
|
file must be created before the first time you run
|
|
.BR arpwatch .
|
|
.LP
|
|
@@ -105,12 +131,19 @@
|
|
(and
|
|
.BR arpsnmp (1)):
|
|
.TP
|
|
+.B "new ethernet device"
|
|
+The ethernet address has not been seen before.
|
|
+.TP
|
|
+.B "ethernet device changed interfaces"
|
|
+An ethernet address associated with one interface has moved to a
|
|
+different interface.
|
|
+.TP
|
|
.B "new activity"
|
|
This ethernet/ip address pair has been used for the first time six
|
|
months or more.
|
|
.TP
|
|
-.B "new station"
|
|
-The ethernet address has not been seen before.
|
|
+.B "new active IP address"
|
|
+The IP address has not been seen before.
|
|
.TP
|
|
.B "flip flop"
|
|
The ethernet address has changed from the most recently seen address to
|
|
@@ -152,8 +185,9 @@
|
|
.na
|
|
.nh
|
|
.nf
|
|
-/usr/operator/arpwatch - default directory
|
|
+/usr/local/arpwatch - default directory
|
|
arp.dat - ethernet/ip address database
|
|
+ether.dat - ethernet/interface address database
|
|
ethercodes.dat - vendor ethernet block list
|
|
.ad
|
|
.hy
|