Arpwatch not downloading vendor ID's
-
-
@michmoor said in Arpwatch not downloading vendor ID's:
I can try out the FreeBSD package.
Thanks. I've included the package below. Please let me know if you have any issues.
Here is the notification script if you want it:
#!/usr/bin/env php <?php require_once("notices.inc"); $timestamp=$argv[1]; $ifname=convert_real_interface_to_friendly_descr($argv[2]); $ipaddr=$argv[3]; $old_hwaddr=$argv[4]; $old_hwaddr_org=$argv[5]; $new_hwaddr=$argv[6]; $new_hwaddr_org=$argv[7]; $hostname = gethostbyaddr($ipaddr); $msg = "ANDwatch notificaton\n\n"; $msg .= sprintf("%22s: %s\n", "timestamp", $timestamp); $msg .= sprintf("%22s: %s\n", "interface", $ifname); $msg .= sprintf("%22s: %s\n", "hostname", $hostname); $msg .= sprintf("%22s: %s\n", "ip address", $ipaddr); $msg .= sprintf("%22s: %s %s\n", "old ethernet address", $old_hwaddr, $old_hwaddr_org); $msg .= sprintf("%22s: %s %s\n", "new ethernet address", $new_hwaddr, $new_hwaddr_org); notify_all_remote($msg); ?>I don't have anything to display a status page yet, but you can do a query via the command line like so:
andwatch-query <ifname>That will give you a report of all the latest IP mappings.
[Edit: Updated pkg to v1.0.1 to fix query bug with MAC addresses beginning with '0']
[Edit: Updated pkg to v1.1.0 to change record update / age behavior. Details on GitHub.] -
Just because I hate packing...
Here are a couple of files that will get you going for a database query UI. Note that since there is no configuration you will need to hand edit the list of interfaces you are running ANDwatch on. The list is near the bottom of andwatch.inc.
/usr/local/pkg/andwatch.inc:
<?php /* * andwatch.inc * * part of pfSense (https://www.pfsense.org) * Copyright (c) 2025 Denny Page * All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ require_once("config.inc"); require_once("functions.inc"); require_once("util.inc"); require_once("service-utils.inc"); function andwatch_query_interfaces($ifnames) { $entries = array(); foreach($ifnames as $ifname) { $real_ifname = get_real_interface($ifname); $friendly_ifname = convert_friendly_interface_to_friendly_descr($ifname); $pipe = popen("/usr/local/bin/andwatch-query $real_ifname", 'r'); if ($pipe) { while ($line = fgets($pipe)) { list($date, $time, $age, $ipaddr, $hwaddr, $org) = sscanf(trim($line), '%s %s %s %s %s %[^$]s'); $hostname = gethostbyaddr($ipaddr); if ($hostname == $ipaddr) { $hostname = ""; } $entry = [ 'ifdesc' => $friendly_ifname, 'datetime' => "$date $time", 'age' => $age, 'hostname' => $hostname, 'ipaddr' => $ipaddr, 'hwaddr' => $hwaddr, 'org' => $org ]; $entries[] = $entry; } pclose($pipe); } } return $entries; } function andwatch_query_all() { $ifnames = array("lan"); //$ifnames = array("lan", "opt2", "opt3"); return andwatch_query_interfaces($ifnames); } ?>/usr/local/www/andwatch_database.php:
<?php /* * andwatch_database.php * * Copyright (c) 2025, Denny Page * All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ require_once("guiconfig.inc"); require_once("andwatch.inc"); $pgtitle = array(gettext('Status'), gettext('ANDwatch'), gettext('Database')); include("head.inc"); $entries = andwatch_query_all(); ?> <div class="panel panel-default"> <div class="panel-heading"><h2 class="panel-title"><?=gettext('Database')?></h2></div> <div class="panel-body table-responsive"> <table class="table table-striped table-hover table-condensed sortable-theme-bootstrap" data-sortable> <thead> <tr class="text-nowrap"> <th><?=gettext("Interface")?></th> <th><?=gettext("DateTime")?></th> <th><?=gettext("Hostname")?></th> <th><?=gettext("IP Address")?></th> <th><?=gettext("MAC Address")?></th> <th><?=gettext("MAC Organization")?></th> </tr> </thead> <tbody> <?php if (count($entries)) : ?> <?php foreach ($entries as $entry): ?> <tr class="text-nowrap"> <td><?=htmlspecialchars($entry['ifdesc'])?></td> <td><?=htmlspecialchars($entry['datetime'])?></td> <td><?=htmlspecialchars($entry['hostname'])?></td> <td><?=htmlspecialchars($entry['ipaddr'])?></td> <td><?=htmlspecialchars($entry['hwaddr'])?></td> <td><?=htmlspecialchars($entry['org'])?></td> </tr> <?php endforeach; ?> <?php else: ?> <tr> <td colspan="6"><?=gettext("No entries to display")?></td> </tr> <?php endif; ?> </tbody> </table> </div> <?php include("foot.inc"); ?> -
FYI, I've edited the original post to update the version of the package to 1.1.0. If you've pulled a prior version, please see the post containing the package to get an update.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.