@(#) $Header: README,v 1.19 97/04/06 19:10:56 leres Exp $ (LBL)

ARPWATCH 2.0
Lawrence Berkeley National Laboratory
Network Research Group
arpwatch@ee.lbl.gov
ftp://ftp.ee.lbl.gov/arpwatch.tar.Z

This directory contains source code for arpwatch and arpsnmp, tools
that monitors ethernet activity and maintain a database of ethernet/ip
address pairings. It also reports certain changes via email.

Arpwatch uses libpcap, a system-independent interface for user-level
packet capture.  Before building arpwatch, you must first retrieve and
build libpcap, also from LBL, in:

	ftp://ftp.ee.lbl.gov/libpcap.tar.Z.

Once libpcap is built (either install it or make sure arpwatch and
libpcap share the same parent directory), you can build arpwatch using
the procedure in the INSTALL file.

Arpsnmp has the same database features of arpwatch but relies on an
external agent to collect the arp data. This distribution contains a
script, arpfetch, that uses snmpwalk from the CMU SNMP package. This
package is available from:

	ftp://ftp.net.cmu.edu/pub/snmp-dist/cmu-snmp*.tar.Z

It should be trivial to adaptive the output of any snmp query program
for use with arpsnmp.

The ethernet vendor codes come from:

    http://www.cavebear.com/CaveBear/Ethernet/vendor.html

Another source of ethernet vendor code data is:

    http://standards.ieee.org/db/oui/

However that version is copyrighted.

Please send bugs and comments to arpwatch@ee.lbl.gov.