arpwitch

A modern arpwatch replacement with JSON formatted outputs and easy options to exec commands when network changes are observed.

Includes a convenience --exec definition to invoke nmap when new network-addresses are observed.

Features

Uses the Python scapy module to watch for network ARPs
Filter ARP events based on new addresses only, or select all ARP events
Easy to define --exec actions on arp related events
Quick to use --nmap action to invoke nmap if installed, easy network device landscaping.
Lookup of hardware addresses against the OUI database for manufacturer resolution.
Logging available to STDERR
Easy installation using PyPI pip
Plenty of documentation and examples - https://arpwitch.readthedocs.io

user@computer:~$ pip install arpwitch

Use arpwitch to nmap all new hosts on the network

user@computer:~$ arpwitch --nmap --datafile /tmp/arpwitch.dat

Name		Name	Last commit message	Last commit date
Latest commit History 61 Commits
.changelog		.changelog
.github/workflows		.github/workflows
docs		docs
src		src
.gitignore		.gitignore
.pylintrc		.pylintrc
.readthedocs.yml		.readthedocs.yml
CHANGELOG.md		CHANGELOG.md
LICENSE		LICENSE
MANIFEST.in		MANIFEST.in
README.md		README.md
package.yml		package.yml
setup.py		setup.py