[Dshield] MAC address registry?

Kenneth Porter shiva at sewingwitch.com
Wed Sep 24 00:09:45 GMT 2003

--On Tuesday, September 23, 2003 5:27 PM -0400 Jeff Godin <jeff at tcnet.org>

> A lot of software uses this information, or this combined with other
> supplemental information when telling you what manufacturer claims the MAC
> address you see on your network (Ethereal, many others).

For instance, check out the arpwatch package, which monitors arps using
libpcap and keeps a record of them in a database, emailing an admin when it
sees a new or changed entry. (I'd love to see someone patch it to treat the
MAC as fixed and IP as variable, instead of the reverse. In a DHCP-based
network, it's the MAC that's unchanging.)

