Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Arpwatch not downloading vendor ID's

    Traffic Monitoring
    10
    46
    2.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dennypageD
      dennypage
      last edited by

      Hey all, here is a version of the pfSense ANDwatch package for testing.

      You'll need to have the andwatch package itself installed (posted a few days ago here) before installing the pfSense package.

      Note that you can remove /usr/local/www/andwatch_database.php as it is no longer used.

      Feedback welcome. Bonus points for finding bugs. 🤠

      pfSense-pkg-ANDwatch-2.0.pkg.zip

      patient0P 1 Reply Last reply Reply Quote 1
      • M
        michmoor LAYER 8 Rebel Alliance @dennypage
        last edited by

        @dennypage
        Yes I mean interface.
        So it should say “igc3” or if using vlans “igc3.14”

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        dennypageD 1 Reply Last reply Reply Quote 0
        • dennypageD
          dennypage @michmoor
          last edited by dennypage

          @michmoor said in Arpwatch not downloading vendor ID's:

          So it should say “igc3” or if using vlans “igc3.14”

          There are three levels of interface names in pfSense:

          Friendly interface name -> Internal interface name -> Real interface name.
          

          Some examples:

          LAN -> lan -> ix0
          GUEST -> opt2 -> igc0.2
          DEVICE -> opt3 -> igc0.3
          

          You can see the mapping in Status / Interfaces. The Internal and Real names are shown in parens following the Friendly name.

          Pretty much everywhere in the GUI the Friendly name is the one used. If you go to Service / DHCP Server for instance, you will see "LAN", GUEST", "DEVICE", etc. Unless you are defining an interface you generally don't see/use the Internal or Real names. Friendly names are what administrators are most familiar with.

          ANDwatch uses the Friendly name in the notification for this reason.

          M 1 Reply Last reply Reply Quote 1
          • M
            michmoor LAYER 8 Rebel Alliance @dennypage
            last edited by

            @dennypage nice!
            Thanks for the quick response Denny

            Firewall: NetGate,Palo Alto-VM,Juniper SRX
            Routing: Juniper, Arista, Cisco
            Switching: Juniper, Arista, Cisco
            Wireless: Unifi, Aruba IAP
            JNCIP,CCNP Enterprise

            1 Reply Last reply Reply Quote 1
            • patient0P
              patient0 @dennypage
              last edited by

              @dennypage I installed the two pkg on a 2.7.2 CE (on Proxmox), not sure that's supported at all.

              Great work! Looks cool to me :o) ... some feedback:

              • there is no menu entry in the 'Status' menu, the status can only be access through the service 'ANDwatch'
              • there are two interface in my installation, LAN and TEST. On the LAN interface it shows a client and pfSense itself, all with the correct IP, MAC and hostname.
                For the TEST network the connected client shows up correct but for the pfSense interface for network TEST the hostname is displayed as "(unknown)" (IP 200.1 in the picture). The other client with name "(unknown)" is disconnected.
              • maybe the icons search and clear icons are taller then they have to be :)

              TEST with pfSense name as "unkown"
              Screenshot 2025-02-24 at 17.14.42.png

              Missing Status menu entry
              Screenshot 2025-02-24 at 17.17.48.jpeg

              dennypageD 1 Reply Last reply Reply Quote 0
              • dennypageD
                dennypage @patient0
                last edited by

                @patient0 said in Arpwatch not downloading vendor ID's:

                there is no menu entry in the 'Status' menu, the status can only be access through the service 'ANDwatch'

                Something is really wrong. Did you refresh the pages after the install? There is no way to access Status from the Services / ANDwatch page--did you type in the URL by hand?

                If refresh doesn't bring it up, check your config please. Look for the following:

                                <menu>
                                        <name>ANDwatch</name>
                                        <tooltiptext>ANDwatch Settings</tooltiptext>
                                        <section>Services</section>
                                        <url>/andwatch.php</url>
                                </menu>
                                <menu>
                                        <name>ANDwatch</name>
                                        <tooltiptext>ANDwatch Status</tooltiptext>
                                        <section>Status</section>
                                        <url>/andwatch_status.php</url>
                                </menu>
                

                For the TEST network the connected client shows up correct but for the pfSense interface for network TEST the hostname is displayed as "(unknown)" (IP 200.1 in the picture). The other client with name "(unknown)" is disconnected.

                If you log into your pfSense box, and run the command "host 10.99.200.104". This should respond with "Host 104.200.99.10.in-addr.arpa not found: 3(NXDOMAIN)"

                maybe the icons search and clear icons are taller then they have to be :)

                Very strange. You also don't have the icons. It should look identical to the Search panel on the DHCP Status page. Mine (24.11 & 25.03 beta) look like this:

                ForScreenshot 2025-02-24 at 12.31.15.png

                Two questions:

                • What browser are you using?
                • I don't have a 2.7.2 CE system. Can you run the following command on your system and send me the result please?
                grep -i btn /usr/local/www/status_dhcp_leases.php
                

                Thanks.

                patient0P 1 Reply Last reply Reply Quote 0
                • patient0P
                  patient0 @dennypage
                  last edited by

                  @dennypage if it's too much work to support 2.7.2 CE just tell me, yes? Maybe it's easier to wait for 2.8.0 CE? Can only be a few months away.

                  Did you refresh the pages after the install? There is no way to access Status from the Services / ANDwatch page-

                  I did log out and in again, yes. The icon to access the status is in the service page, next to the "?":
                  Screenshot 2025-02-24 at 20.54.46.png

                  check your config please. Look for the following

                  That section appears exactly like that in /usr/local/pkg/andwatch.xml. I assume Netgate made changes to the GUI framework in the newer versions.

                  If you log into your pfSense box, and run the command "host 10.99.200.104". This should respond with "Host 104.200.99.10.in-addr.arpa not found: 3(NXDOMAIN)"

                  You are right - although I was talking about 10.99.200.1 - pfSense itself on the TEST interface is not getting resolved. That way ANDwatch can't know the name, of course.

                  It should look identical to the Search panel on the DHCP Status page

                  I see, again probably changes to the GUI framework. I'll compare it with other package configs and see if I can see a difference.

                  What browser are you using?

                  Firefox 128.7.0esr on Debian 12

                  grep -i btn /usr/local/.../status_dhcp_leases.php

                  Below is output of the call:

                  [2.7.2-RELEASE][root@pfsense.home.arpa]/root: grep -i btn /usr/local/www/status_dhcp_leases.php
                                                  <a id="btnsearch" title="<?=gettext("Search")?>" class="btn btn-primary btn-sm"><i class="fa fa-search icon-embed-btn"></i><?=gettext("Search")?></a>
                                                  <a id="btnclear" title="<?=gettext("Clear")?>" class="btn btn-info btn-sm"><i class="fa fa-undo icon-embed-btn"></i><?=gettext("Clear")?></a>
                          <a class="btn btn-info" href="status_dhcp_leases.php?all=0"><i class="fa fa-minus-circle icon-embed-btn"></i><?=gettext("Show Active and Static Leases Only")?></a>
                          <a class="btn btn-info" href="status_dhcp_leases.php?all=1"><i class="fa fa-plus-circle icon-embed-btn"></i><?=gettext("Show All Configured Leases")?></a>
                          <a class="btn btn-danger no-confirm" id="cleardhcp"><i class="fa fa-trash icon-embed-btn"></i><?=gettext("Clear All DHCP Leases")?></a>
                          $("#btnsearch").prop('type', 'button');
                          $("#btnclear").prop('type', 'button');
                          $("#btnsearch").click(function() {
                          $("#btnclear").click(function() {
                                          $("#btnsearch").get(0).click();
                  

                  Thanks you for taking the time!

                  dennypageD 1 Reply Last reply Reply Quote 0
                  • dennypageD
                    dennypage @patient0
                    last edited by

                    @patient0 said in Arpwatch not downloading vendor ID's:

                    That section appears exactly like that in /usr/local/pkg/andwatch.xml.

                    Can you check in your actual running config please? Like download it via Backup and see if both sections are in there?

                    @patient0 said in Arpwatch not downloading vendor ID's:

                    The icon to access the status is in the service page, next to the "?":

                    Ah, my bad. I forgot about the shortcuts.

                    @patient0 said in Arpwatch not downloading vendor ID's:

                    Below is output of the call:

                    Yep, that's got it. They changed from "fa" to "fa-solid" a couple of releases ago. Not sure why.

                    Anyway, if you edit andwatch_status.php and change occurrences of "fa-solid" to just "fa" it should look like it's supposed to.

                    patient0P 1 Reply Last reply Reply Quote 0
                    • patient0P
                      patient0 @dennypage
                      last edited by

                      @dennypage said in Arpwatch not downloading vendor ID's:

                      Can you check in your actual running config please? Like download it via Backup and see if both sections are in there?

                      That section is not in the backup file, I'll investigate. Installed HAproxy and compared the config, looks really the same confused

                      dennypageD 1 Reply Last reply Reply Quote 0
                      • dennypageD
                        dennypage @patient0
                        last edited by

                        @patient0 You might try a re-install of the package.

                        patient0P 1 Reply Last reply Reply Quote 0
                        • patient0P
                          patient0 @dennypage
                          last edited by

                          @dennypage I dove into pkg create and tried a few things. In the end it was simple as often:

                          On 2.7.2 CE in andwatch.xml the menu item name for "Status" can't be the same as for "Services". Renaming the <name> tag value of the menu item for Status from "ANDwatch" to "ANDwatch Status" resolved it. It still works works on 25.03-BETA :)

                          Btw: the value of the <name> tag right after the </copyright> tag seems to be lower case for the other packages I checked (HAproy, Shellcmd, Avahi, LCDproc). Made no functional difference though.

                          dennypageD 2 Replies Last reply Reply Quote 0
                          • dennypageD
                            dennypage @patient0
                            last edited by dennypage

                            @patient0 said in Arpwatch not downloading vendor ID's:

                            On 2.7.2 CE in andwatch.xml the menu item name for "Status" can't be the same as for "Services". Renaming the <name> tag value of the menu item for Status from "ANDwatch" to "ANDwatch Status" resolved it. It still works works on 25.03-BETA :)

                            Excellent catch. I'll change that. Thanks.

                            @patient0 said in Arpwatch not downloading vendor ID's:

                            Btw: the value of the <name> tag right after the </copyright> tag seems to be lower case for the other packages I checked (HAproy, Shellcmd, Avahi, LCDproc). Made no functional difference though.

                            I think that one is okay. There are a few on my system that aren't all lower case:

                            • System Patches
                            • RRD Summary
                            • Netgate Firmware Upgrade
                            1 Reply Last reply Reply Quote 1
                            • dennypageD
                              dennypage @patient0
                              last edited by

                              @patient0 Here is an updated package. You should remove the prior package before installing the new version.

                              Note that it still has the "fa-solid", so you'll need to make that change again, except the file name to edit is now status_andwatch.php rather than andwatch_status.php in order to match naming convention.

                              pfSense-pkg-ANDwatch-2.0.pkg.zip

                              patient0P 1 Reply Last reply Reply Quote 1
                              • patient0P
                                patient0 @dennypage
                                last edited by

                                @dennypage Thanks a lot, you are awesome :)

                                For the fa-solid to fa conversion I have created a patch and applied via System patches.

                                It's attached for reference if someone else would need it:

                                andwatch-2.0_pfSense-CE-272-status-CSS-fix.diff

                                In System / Patches, set "Path Strip Count" set to 0, leave the other settings as they are.

                                1 Reply Last reply Reply Quote 1
                                • dennypageD
                                  dennypage
                                  last edited by

                                  Group,

                                  Here is an updated version of the base level andwatch package. This version fixes a serious issue which may trigger a kernel panic in the version of FreeBSD currently being used in pfSense. If you have v2.0.0 installed, please install v2.1.0.

                                  andwatch-2.1.0.pkg.zip

                                  1 Reply Last reply Reply Quote 0
                                  • dennypageD
                                    dennypage
                                    last edited by

                                    Below is an update to the pfSense level package. This addresses the issues with the shortcuts at the top of the pages. Also, the button at the bottom of the status page has been renamed from "Display All Records" to "Display Historical Records" which hopefully clarifies its meaning a little.

                                    I think this is ready for submission, so if anyone has any additional feedback I'd love to hear. Thanks!

                                    pfSense-pkg-ANDwatch-2.0.pkg.zip

                                    1 Reply Last reply Reply Quote 2
                                    • dennypageD
                                      dennypage
                                      last edited by

                                      And away we go...

                                      Redmine issue and GitHub PR.

                                      T 1 Reply Last reply Reply Quote 2
                                      • T
                                        tman222 @dennypage
                                        last edited by

                                        @dennypage said in Arpwatch not downloading vendor ID's:

                                        And away we go...

                                        Redmine issue and GitHub PR.

                                        Thanks for all your hard work on this @dennypage - looking forward to trying out this new package once it has been made available / merged in.

                                        dennypageD 1 Reply Last reply Reply Quote 0
                                        • dennypageD
                                          dennypage @tman222
                                          last edited by

                                          @tman222 Welcome. If you want to give it a go, it’s available for download above. If you wait for merge, you’ll probably be waiting a long time. New ports take a while. mDNS-Bridge (replacement for Avahi routing) has been hanging out for over three months.

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.