Arpwatch: how to interpret data?

Arpwatch: how to interpret data?

Post by Oxyge » Wed, 19 Jun 2002 21:43:09



Hello there...

Is there somebody who can tell me how to "read" the data I receive from
arpwatch?

I would like to know how to ...

1) resolve machine names (I only get names from local IPs, IPs on my Linux
box)...
2) detect when somebody changes its IP address..

Thank you in advance...

 
 
 

1. interpreting binary?/hex?/cryptic? socket data

Thanks to Greg, Erik and Andrew for the answer to my child pid question.

My perl script plays man-in-the-middle between some networking devices,
listens to socket data coming from one device, tweaks it, and send it to
a socket on another networking device.  When I go to "look" at the data
recieved on the socket with:

 while (defined ($buf = <$new_sock>))    {
                        #$buf=~s/2222/5555/;
                        print $sock "$buf";
                        print "Sent: $buf to otherside";
                }

It looks something like this --->
(cb?le?+1111pe?+2222~|?J`a%3~?&c\Tb?o~xtermxterm term

What seems even more strange (to me) is that the above is different in
the xterm that I pasted it from !  I'm sure it's a clue to what is going
on, but right now, I'm CLUELESS.

Anybody know what's going on here?  I just want to know how to code so
when I see "le?", I can say, "oh, that  was 00011010110101, or
whateever it really was when it came in on the socket before my xfont
map or whatever got a hold of it...

Any advice is muchly appreciated.

  BTW, I'm using linux and perl 5.004_04

--
Keith Kaple x25759 -----------------------
| New distribution, $40.  Linux compatible
| sound card, $89.  Three button mouse, $18.
| Nuking windows partitions....priceless.

2. Multiple ppp i/f - routing not working

3. Interpreting etherfind data

4. X windows will set up but not run

5. Charting/interpreting sar data

6. Security Vulnerability with Ignite on Trusted systems

7. Interpreting Sun ship rate data

8. Anyone know how to make WABI network wise

9. data data data

10. temporarily blocking an IP: dhcp users & arpwatch

11. help! arpwatch flip flop

12. arpwatch -> reboot

13. arpwatch help needed