Bug 58189 - RFE: MAC-centric arpwatch instead of IP-centric
RFE: MAC-centric arpwatch instead of IP-centric
Status: CLOSED UPSTREAM
Product: Red Hat Linux
Classification: Retired
Component: tcpdump (Show other bugs)
7.2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Harald Hoyer
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-01-10 14:55 EST by kenneth_porter
Modified: 2008-05-01 11:38 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-03-10 10:39:18 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description kenneth_porter 2002-01-10 14:55:52 EST
Arpwatch messages currently report changes in Ethernet address, assuming that a
host's IP address remains stable. In a network where the MAC remains stable and
the IP address changes (eg. DHCP), it would be more useful to receive reports
that use the MAC as the key and report changes in the associated IP address.
This should be a runtime option.
Comment 1 Gilbert E. Detillieux 2002-07-31 16:34:06 EDT
Perhaps this could be useful, but only as an option, and not enabled by default!

However, be prepared for a lot of noise if you have any virtual hosts on your
net, where it's common and perfectly fine to have multiple IP addresses for a
given MAC address.  Also, depending on DHCP configuration, you may have a lot of
changes in IP address for a given MAC address, which wouldn't necessarily be
very interesting.
Comment 2 Harald Hoyer 2003-03-10 10:39:18 EST
please report such things rfe's upstream...

Note You need to log in before you can comment on or make changes to this bug.