At 2003-07-28T01:00:10Z, "Joyce, Matthew" <MJoyce@ccia.org.au> writes:
> but as for scanning this list for entries not included in another list I
> am a bit stuck...
'diff' is your friend.
> ...arpwatch reads like it will do this very well.
Don't forget about the OUI database that gives you the manufacturer of an
Ethernet device based on the first three octets of a MAC address:
http://standards.ieee.org/regauth/oui/index.shtml
For example, imagine that you find a new MAC on your segment,
'00:50:F2:11:22:33'. Enter '0050F2' in the OUI search field and you'll see
that it's a Microsoft product, probably a wireless hub or such.
This has been tremendously helpful to me when trying to figure out which
misconfigured router or server was assigned the wrong IP and was causing ARP
flapping.
--
Kirk Strauser
Attachment:
pgp_DN5rcRTwh.pgp
Description: PGP signature