Monitoring devices connected to a network
Charles Steinkuehler
charles at steinkuehler.net
Fri Feb 10 16:38:05 CST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I manage a small business network, and would like to put some simple
monitoring in place (to avoid things like rogue wireless APs), but don't
want to deny access by default, which is the way most of the stuff I've
seen works.
Ideally, I'm thinking something that keeps track of MAC addresses seen
by the firewall/router (running linux, of course!), compares the MAC
address with a list of 'known' addresses, and e-mails me when a new MAC
shows up would work pretty well. Sniffing ARP packets should be a good
way to collect MAC addresses without requiring excessive CPU resources,
sniffer ports on my switch, etc.
Does this sound reasonable to anyone else?
Does anyone know of a pre-existing program that would do this, or is it
something I'm going to have to roll on my own?
Any better ideas for keeping track of what's actually plugged in and
talking on a network while still 'playing nice' and generally trusting
the user base?
- --
Charles Steinkuehler
charles at steinkuehler.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFD7RXNLywbqEHdNFwRAqkCAKC04XbDyNY3/tsidoq6FX3HkIm63QCggwbR
QvFeVsmr4XQgB0MeWZlwS58=
=R+s5
-----END PGP SIGNATURE-----
More information about the Kclug
mailing list