Arpwatch on WRT54G

While running my access point in public mode, i want to know when people log in. This can be a good way to find intruders too, but not my purpose.
I decided to run arpwatch on my linksys access point, but this is not so easy ..

1) Mail

First you need to have sendmail on the WRT. So install mini_sendmail. Add a file /usr/sbin/sendmail that contains:

#!/bin/sh
/usr/sbin/mini_sendmail -t -sIP_of_your_mail_relay

Check that it ‘s working..

2) Arpwatch

Run arpwatch on the WRT throught this script:

#!/bin/sh
IFNAME=$(nvram get wifi_ifname)

case $1 in
start)
touch /tmp/arpwatch.dat
arpwatch -f /tmp/arpwatch.dat -i $IFNAME
;;
stop)
killall arpwatch
;;
*)
echo "usage: $0 (start|stop)"
exit 1
esac

exit $?

3) Check

Wait a bit, connect to your wifi, look at your email on the gateway. (root@gw) you will see something like this:

From: root@openwrt.local.net
Subject: new station

hostname: <unknown>
ip address: 192.168.2.1
ethernet address: 0:f:66:c7:b5:b1
ethernet vendor: <unknown>
timestamp: Tuesday, January 18, 2000 14:34:01 +0000

Enjoy :)



Related Posts

3 thoughts on “Arpwatch on WRT54G

  1. Hello,

    on some firmware you have the problem that you cannot write to e.g /usr/sbin. then you have to configure arpwatch in a better way.

    Martin

  2. On what firmware ? Sveasoft ? This firmware sucks anyway …

    Perhaps some OpenWRT/squashfs has this kind of issue, but they is surely a way to install arpwatch on this too.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>