Monitoring LAN devices with Perl

LIGHT INTO THE DARKNESS

Article from Issue 76/2007
Author(s):

They say darkness is the friend of thieves, but the Perl daemon in this month’s column illuminates dastardly deeds, exposing hidden activities and alerting the admin when things seem to be going awry.

Users normally don’t get to see what’s going on under the covers of a LAN. One hidden activity is packet addressing on the last hop of a route, which includes discovering a device’s unique MAC address to match an IP address. This activity is the domain of the ARP protocol. Watching all MAC addresses currently in use can lead to interesting conclusions about who is using or abusing a local network.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • ARP Spoofing

    Any user on a LAN can sniff and manipulate local traffic. ARP spoofing and poisoning techniques give an attacker an easy way in.

  • Bridgewall

    Firewalls are typically implemented as routers,but it doesn’t have to be that way. Bridging packet filters have a number of advantages,and you can add them to your network at a later stage without changing the configuration of your network components.

  • Capture File Filtering with Wireshark

    Wireshark doesn’t just work in real time. If you save a history of network activity in a pcap file using a tool such as tcpdump, you can filter the data with Wireshark to search for evidence.

  • Table of Contents: 143

    New vulnerabilities appear every day. To keep your network safe, you need to think like an attacker.

  • Multicast IP

    We show you the practical side of multicasting, including a sample configuration that uses the free XORP routing protocol suite.

comments powered by Disqus

Direct Download

Read full article as PDF:

Perl_Monitoring_MAC_Addresses.pdf  (246.52 kB)

News