From owner-freebsd-net@FreeBSD.ORG  Thu Jan  3 20:00:33 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 12A7AF3E
 for <freebsd-net@freebsd.org>; Thu,  3 Jan 2013 20:00:33 +0000 (UTC)
 (envelope-from kurt.buff@gmail.com)
Received: from mail-ee0-f46.google.com (mail-ee0-f46.google.com [74.125.83.46])
 by mx1.freebsd.org (Postfix) with ESMTP id A8845F3E
 for <freebsd-net@freebsd.org>; Thu,  3 Jan 2013 20:00:32 +0000 (UTC)
Received: by mail-ee0-f46.google.com with SMTP id e53so7850301eek.33
 for <freebsd-net@freebsd.org>; Thu, 03 Jan 2013 12:00:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:date:message-id:subject:from:to:content-type;
 bh=DrNd9EgSd4BNP8RWobaICo1zRdDOFQFf/93SBmd79b8=;
 b=l6elHVO1alN2n70/aoB0Y/OJmv3vUUThu/jYkMfSzgWsrKVvexBx/ZZAAkhix8G45f
 rXUfFB92RNXiBwILpodeJG9JMB00U8Nnq6KTwd3GR/2Iega2MZAyrHISmAvwJiXYzSdS
 Fz4BsJ5h0a7vIorW86hXcWDG5vKHNEKrRYUkb9sAF6tBQVI2UVhL6EACeR1/HtCpIB2Y
 TK4GhTt4w5oIbGXE8sr4DlSBV6CJMLEIcOwyfN5Iy9YPutM2y9yEtgoVu9HKt3pmOUNM
 A8JlwFTWh9GiHNkeFJTaLoV3T9E+chwCVm7LYjb3Xfxufik8Y4K6lzP5wpDPk7tGdMgl
 HtCw==
MIME-Version: 1.0
Received: by 10.14.2.196 with SMTP id 44mr136659613eef.25.1357243231559; Thu,
 03 Jan 2013 12:00:31 -0800 (PST)
Received: by 10.14.221.135 with HTTP; Thu, 3 Jan 2013 12:00:31 -0800 (PST)
Date: Thu, 3 Jan 2013 12:00:31 -0800
Message-ID: <CADy1Ce4Q3WxdsAp8Q5c6VsKX_ejL6id+e5zM08fW_wp6JD72nQ@mail.gmail.com>
Subject: arpwatch questions appropriate here?
From: Kurt Buff <kurt.buff@gmail.com>
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jan 2013 20:00:33 -0000

All,

It's been a while since I tried arpwatch on FreeBSD, and it looks as
if it still has some important limitations.

Most important to me, it doesn't seem to like to run on an unnumbered
interface - I'd like to use it to listen on a mirror port on my
switch(es), and can't see how to do that.

Also, I don't see a facility for something like an arpwatch.conf file
(in particular, I'd like to specify known networks, so I can watch for
bogons), though I am able to specify arpwatch_enable and
arpwatch_interfaces in rc.conf, which is nice.

Has anyone here been able to work through these problems?

If there's a better place I should be asking, please let me know.

Thanks,

Kurt