On Wed, Feb 20, 2019 at 10:36:16AM -0700, j...@bitminer.ca wrote: > > I would like to keep tabs on the MAC/IP addresses in my secure net. > > I do know how to do this, but keeping track of ethernet MAC addresses > > seems > > quite cumbersome in OpenBSD, not that it is more convenient in any other > > general purpose operating system but many interfaces for ex. routers > > make it > > easy to manage, especially MAC filtering. > > > > At the moment we have: > > > > /etc/ethers file #not the same as arp -s and arp -f !! > > arp -a output > > arp -s and arp -f input # not the same as /etc/ethers!! > > The apps in ports don't seem to do what you (or I) want. After looking them > over, > in the end I wrote a sh script to compare `arp -an` output with a list > of "known" MACs, and it would notice when a new MAC appeared or an existing > MAC disappeared (most everything is on a wireless DHCP so lots of transient > behaviour). > > When a new one appears, or an existing one disappears, it logs to syslog. > > Previously unseen MACs are logged slightly differently, so the network > management > app can issue an alert. > > In general I think the average home network is approximately similar or even > more > complex than a simple small business network. So lots of management > features > are worthwhile: segmentation, MAC and IP surveillance, and a network > management > app. > > > --J >
did you take a look at net/arpwatch?
