/arpwitch

A modern arpwatch replacement with JSON formatted outputs and easy options to exec commands when network changes are observed.

Primary LanguagePythonBSD 2-Clause "Simplified" LicenseBSD-2-Clause

arpwitch

PyPi Python Versions Build Tests Read the Docs License

A modern arpwatch replacement with JSON formatted outputs and easy options to exec commands when network changes are observed.

Includes a convenience --exec definition to invoke nmap when new network-addresses are observed.

Features

  • Uses the Python scapy module to watch for network ARPs
  • Filter ARP events based on new addresses only, or select all ARP events
  • Easy to define --exec actions on arp related events
  • Quick to use --nmap action to invoke nmap if installed, easy network device landscaping.
  • Lookup of hardware addresses against the OUI database for manufacturer resolution.
  • Logging available to STDERR
  • Easy installation using PyPI pip
  • Plenty of documentation and examples - https://arpwitch.readthedocs.io

Installation

user@computer:~$ pip install arpwitch

Command line usage

Use arpwitch to nmap all new hosts on the network

user@computer:~$ arpwitch --nmap --datafile /tmp/arpwitch.dat

Project


Copyright © 2021 Nicholas de Jong