Installation - required software

You need to have a python interpreter installed. If you don't have one and your target system is Microsoft Windows, have a look at Activestate Python.

Installation - parpwatch

1. Download the most recent version of parpwatch from the sourceforge download page.
2. Unzip the downloaded file into a directory of choice.
3. Open a command line (cmd.exe) and switch to the chosen directory with the cd command.
4. type python arpwatch.py --startup auto install and afterwards
5. python arpwatch.py start

A new service named parpwatch will be installed and started. At the moment there is nothing adjustable without rewriting code but that should not be a problem, the source is all yours :-).

Warning: the default setting is to log almost everything that happens including arp cache learning and forgetting IPs. This is probably not what you intend since it kills your log with uninformational stuff. You should setup a logging host in your net and mirror your eventlog to that host and you may also reduce the amount of logging in the source. Just change the standard setting in this line self.loglevel=7 to something like self.loglevel=2. See the source for more information.

Also be warned about the current way parpwatch works: It learns new IP-MAC pairs by their first appearance in the computer's arp cache. Make sure that these values are correct. If parpwatch is started while an arp cache poisoning is already running you will only see its end. This is room for further development.

Another note to the algorithm: Once an IP-MAC pair is learned it is never forgotten until parpwatch restarts, so it may not be suitable to dhcp driven networks with short lease times at the moment. This is also something for further improvements.

If you take a look at it you may see there is everything in there if you don't like running it as a service. You might want to type python arpwatch.py debug then.

last update: 16-07-2007