Bug 58189 - RFE: MAC-centric arpwatch instead of IP-centric
Summary: RFE: MAC-centric arpwatch instead of IP-centric
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: tcpdump
Version: 7.2
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Harald Hoyer
QA Contact:
Keywords: FutureFeature
Depends On:
TreeView+ depends on / blocked
Reported: 2002-01-10 19:55 UTC by kenneth_porter
Modified: 2008-05-01 15:38 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2003-03-10 15:39:18 UTC

Attachments (Terms of Use)

Description kenneth_porter 2002-01-10 19:55:52 UTC
Arpwatch messages currently report changes in Ethernet address, assuming that a
host's IP address remains stable. In a network where the MAC remains stable and
the IP address changes (eg. DHCP), it would be more useful to receive reports
that use the MAC as the key and report changes in the associated IP address.
This should be a runtime option.

Comment 1 Gilbert E. Detillieux 2002-07-31 20:34:06 UTC
Perhaps this could be useful, but only as an option, and not enabled by default!

However, be prepared for a lot of noise if you have any virtual hosts on your
net, where it's common and perfectly fine to have multiple IP addresses for a
given MAC address.  Also, depending on DHCP configuration, you may have a lot of
changes in IP address for a given MAC address, which wouldn't necessarily be
very interesting.

Comment 2 Harald Hoyer 2003-03-10 15:39:18 UTC
please report such things rfe's upstream...

Note You need to log in before you can comment on or make changes to this bug.