Arpwatch don't work on my Debian VM

Kernels & Hardware, configuring network, installing services

Arpwatch don't work on my Debian VM

Postby coppolino97 » 2020-12-31 08:38

Hi all,
I have installed a Debian10 VM on my Synology NAS at home.
After VM deployment I installed qemu integration tools too.
I would use this small VM as my Network Monitoring (arpwatch and smokeping).
I installed arpwatch using this command:
Code: Select all
apt-get install arpwatch

but it doesn't seem to work properly.

I can see arpwatch demon running and I can see arp record using "arp -a" command
Code: Select all
root@monitoring:/etc# arp -a
? (192.168.1.254) at 00:90:8f:83:e8:26 [ether] on ens3
? (192.168.1.115) at 44:85:00:b2:cd:d4 [ether] on ens3
? (192.168.1.1) at 74:4d:28:d5:af:80 [ether] on ens3
? (192.168.1.121) at ac:5f:3e:28:f7:cb [ether] on ens3


I have followed this guide: https://guide.debianizzati.org/index.ph ... n_Arpwatch

I do not found any logs about arpwatch on this VM.
How can I solve it?
HP Elitebook 840 G3 | 8Gbyte of RAM | Intel core i5 | SSD 250GB | Debian 10
coppolino97
 
Posts: 78
Joined: 2018-06-05 15:23

Re: Arpwatch don't work on my Debian VM

Postby Pakos » 2020-12-31 09:13

define "but it doesn't seem to work properly."

as for logs check /var/log/messages, by default it writes there
User avatar
Pakos
 
Posts: 101
Joined: 2008-03-08 17:36

Re: Arpwatch don't work on my Debian VM

Postby coppolino97 » 2020-12-31 10:10

Hi,

Services seems to be ok
Code: Select all
root@copponetwork:/var/lib/arpwatch# service arpwatch status
● arpwatch.service - arpwatch service
   Loaded: loaded (/lib/systemd/system/arpwatch.service; enabled; vendor preset: enabled)
   Active: active (exited) since Thu 2020-12-31 11:51:48 CET; 3min 53s ago
     Docs: man:arpwatch(8)
  Process: 886 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
 Main PID: 886 (code=exited, status=0/SUCCESS)

Dec 31 11:51:48 copponetwork systemd[1]: Starting arpwatch service...
Dec 31 11:51:48 copponetwork systemd[1]: Started arpwatch service.
root@copponetwork:/var/lib/arpwatch#


But arpwatch not detect device in my LAN.

I have installed arp-scan package on this Debian VM and it detects devices inside LAN using
Code: Select all
arp-scan 192.168.1.0/24



Inside /var/log/messages I have this now
Code: Select all
root@copponetwork:/var/lib/arpwatch# tail -f /var/log/messages
Dec 31 11:47:07 copponetwork kernel: [  210.760298] Bluetooth: L2CAP socket layer initialized
Dec 31 11:47:07 copponetwork kernel: [  210.760306] Bluetooth: SCO socket layer initialized
Dec 31 11:47:07 copponetwork kernel: [  210.793143] device ens3 entered promiscuous mode
Dec 31 11:47:07 copponetwork kernel: [  210.797058] device ens3 left promiscuous mode
Dec 31 11:47:14 copponetwork kernel: [  217.650424] device ens3 entered promiscuous mode
Dec 31 11:47:16 copponetwork kernel: [  219.613550] device ens3 left promiscuous mode
Dec 31 11:53:39 copponetwork kernel: [  602.763049] device ens3 entered promiscuous mode
Dec 31 11:53:39 copponetwork kernel: [  602.767474] device ens3 left promiscuous mode
Dec 31 11:53:44 copponetwork kernel: [  607.622401] device ens3 entered promiscuous mode
Dec 31 11:53:45 copponetwork kernel: [  609.551223] device ens3 left promiscuous mode


"ens3" is the name of NIC. Messages device ens3 entered promiscuous mode could be generated using arp-scan software.
HP Elitebook 840 G3 | 8Gbyte of RAM | Intel core i5 | SSD 250GB | Debian 10
coppolino97
 
Posts: 78
Joined: 2018-06-05 15:23

Re: Arpwatch don't work on my Debian VM

Postby coppolino97 » 2020-12-31 12:44

Hi,
I have found this acticle..
There are bugs between Debian10 and arpwatch
https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1692512.html
:(
HP Elitebook 840 G3 | 8Gbyte of RAM | Intel core i5 | SSD 250GB | Debian 10
coppolino97
 
Posts: 78
Joined: 2018-06-05 15:23


Return to System configuration

Who is online

Users browsing this forum: No registered users and 11 guests

fashionable