Hey Tom. I’ve always really appreciated how straight to the point you are. By 0:10 you’ve already introduced yourself and stated the main topic of the video. Amazing. So many YT creators have 30-60 seconds if not minutes of fluff at the beginning of the video before getting to the point. Thanks Tom!
I love Arpwatch! I've always used it, both at home and work, just to keep an eye on the devices. It makes it really easy to connect to and setup new devices like printers or video cameras or anything else that expects you to know the IP and connect to configure. It's also fun to show up next to a person who plugged a computer into your network when they weren't supposed to and ask them what they are up to. "Whatcha doing? Yeah, that network wont work, you need to see the secretary for guest access..." :)
I remember one of the first times I encountered ARP spoofing was from a Disney circle device. I always hated the idea of how that worked from a network security perspective and wanted to know how to prevent it. This is good tool for that.
This is pretty awesome. I do the same thing on a few servers. A script writes the arp table to a database and every X minutes compares the current arp table to what's in the database. If something has changed I get an email notification. These servers also run Overlook Fing so they're constantly scanning the entire network keeping that arp table up to date even on those devices that don't touch the servers.
Hi Tom. Great video. Just wanted to let you know that I was able to get notifications through Pushover, which I use on my pfsense setup. I did not have to use the email notification. Thanks.
I'm looking for a good option to do precence detection. Is Arpwatch a good option to detect my iPhone on my home network? Are there other options to get a message out of Arpwatch than email? Maybe MQTT or SNMP?
Hey Tom, great video as always. Do you have any recommendations on a guide to setup SMTP with DuoCircle together with cloudflare, or would you have any more information in how I would go through this process?
Hey Tom, thanks for getting back to me. Following your video guide I got stuck in how I would go about setting up DuoCircle with CloudFlare. My goal is to be able to send outbound emails from my domain with Arpwatch just like you showed. Though I can't seem to figure out DuoCircle and how that relates to my CloudFlare domain/email settings.
We've abandoned negate and pfsense after major reliability issues. HA is not reliable and upgrades have caused required serious issues including required reflashes
what happens in a scenario where a good device with a combination of (MAC + IP) address is offline and somebody spoofs both of them to attach their own malacious device ?
It would be very hard to tell, if both were spoofed to match a legitimate device. There probably wouldn't be an alert unless the legitimate device had been offline for quite a while.
@@pivot3india all the alerts from arpwatch are real time. Alerts happen as a change is detected by arpwatch. I'm not sure what you are referring to as time based. If you mean that you want alerts only during certain hours, you would want to use the script trigger options to hand the alert off to some other program, which handles the rest of your needs.
I’ve been looking for something to email notifications after hours. We have 14 acres in the middle of the woods. All covered with UniFi. So, if someone walks in range with a smartphone, this would be a layer of protection better than the rest!
Got it! Appreciate your videos. You've helped a guy with 0 networking knowledge install pfsense on a Protectli with functioning packages like pfblocker instead of some simp setup with the average cable provider networking equipment or whatever is at Best Buy
I believe it can also call scripts as part of the alerts as well. I used to run it at the ISPs where I worked. I started using it to help track down who plugged in their routers backwards, or to locate anyone trying to scan from spoofed IPs.
Hey Tom. I’ve always really appreciated how straight to the point you are.
By 0:10 you’ve already introduced yourself and stated the main topic of the video. Amazing.
So many YT creators have 30-60 seconds if not minutes of fluff at the beginning of the video before getting to the point.
Thanks Tom!
and a bunch of video clips or stills completely unrelated to the video you are about to watch...
I love Arpwatch! I've always used it, both at home and work, just to keep an eye on the devices. It makes it really easy to connect to and setup new devices like printers or video cameras or anything else that expects you to know the IP and connect to configure. It's also fun to show up next to a person who plugged a computer into your network when they weren't supposed to and ask them what they are up to. "Whatcha doing? Yeah, that network wont work, you need to see the secretary for guest access..." :)
Good feature for those "IT" guys that want to see new devices connecting :) Thanks TOm !!
I remember one of the first times I encountered ARP spoofing was from a Disney circle device. I always hated the idea of how that worked from a network security perspective and wanted to know how to prevent it. This is good tool for that.
5:45 How do you add interfaces to the database and is it important?
This is pretty awesome. I do the same thing on a few servers. A script writes the arp table to a database and every X minutes compares the current arp table to what's in the database. If something has changed I get an email notification. These servers also run Overlook Fing so they're constantly scanning the entire network keeping that arp table up to date even on those devices that don't touch the servers.
I was using arpscan to check for devices. Just had to keep it below the trigger for blocking arp floods in our switches.
Hi Tom. Great video. Just wanted to let you know that I was able to get notifications through Pushover, which I use on my pfsense setup. I did not have to use the email notification. Thanks.
I love the idea of using this when setting up IP cameras.
Hollywood script running in the background. 🤣🤦♂️
I’ve been wanting to get a pfsense, thanks for the vid! 👍
Makes it look like I'm doing something cool 😎😂
@@LAWRENCESYSTEMS where can one find this screensaver?
Great video! Thanks, Tom!
I need that background screen Animation you have there on our left! 😍 where can I get this?
I'm looking for a good option to do precence detection. Is Arpwatch a good option to detect my iPhone on my home network? Are there other options to get a message out of Arpwatch than email? Maybe MQTT or SNMP?
ARP notifications also are sent over Telegram if you have that enabled.
Good stuff as always. Thanks
Is there a simple way to block new devices till it can be approved? My old Netgear could do it and I like the idea
Hey Tom, great video as always. Do you have any recommendations on a guide to setup SMTP with DuoCircle together with cloudflare, or would you have any more information in how I would go through this process?
I don't understand the goal.
Hey Tom, thanks for getting back to me. Following your video guide I got stuck in how I would go about setting up DuoCircle with CloudFlare. My goal is to be able to send outbound emails from my domain with Arpwatch just like you showed. Though I can't seem to figure out DuoCircle and how that relates to my CloudFlare domain/email settings.
Follow Duocircles instructions on how to verify your domain.
What is running on the widescreen in the background. I would love to have something like that running as a screen saver
We've abandoned negate and pfsense after major reliability issues. HA is not reliable and upgrades have caused required serious issues including required reflashes
what happens in a scenario where a good device with a combination of (MAC + IP) address is offline and somebody spoofs both of them to attach their own malacious device ?
It would be very hard to tell, if both were spoofed to match a legitimate device. There probably wouldn't be an alert unless the legitimate device had been offline for quite a while.
@@javabeanz8549 are there any time based alerts available ?
@@pivot3india all the alerts from arpwatch are real time. Alerts happen as a change is detected by arpwatch. I'm not sure what you are referring to as time based. If you mean that you want alerts only during certain hours, you would want to use the script trigger options to hand the alert off to some other program, which handles the rest of your needs.
I just use a small VM with PiAlert installed on it - no pfSense required. Does email alerts too.
I’ve been looking for something to email notifications after hours. We have 14 acres in the middle of the woods. All covered with UniFi. So, if someone walks in range with a smartphone, this would be a layer of protection better than the rest!
But they have to connect to your network first. So if your wifi is locked nothing will happen
Im still trying to figure out how you have 3 columns on your dashboard and I have 2
Got it! Appreciate your videos. You've helped a guy with 0 networking knowledge install pfsense on a Protectli with functioning packages like pfblocker instead of some simp setup with the average cable provider networking equipment or whatever is at Best Buy
Nice feature.
Can arpwatch utilize syslog instead of email?
It's also sending to syslog
I believe it can also call scripts as part of the alerts as well. I used to run it at the ISPs where I worked. I started using it to help track down who plugged in their routers backwards, or to locate anyone trying to scan from spoofed IPs.
Does this require that I use pfsense as DHCP server?
Should work fine as it's looking at ARP requests.
@@LAWRENCESYSTEMS I believe it watches ARP requests and ARP replies both, but it has been a few years since I used it regularly.