GNU.WIKI: The GNU/Linux Knowledge Base

  [HOME] [PHP Manual] [HowTo] [ABS] [MAN1] [MAN2] [MAN3] [MAN4] [MAN5] [MAN6] [MAN7] [MAN8] [MAN9]

  [0-9] [Aa] [Bb] [Cc] [Dd] [Ee] [Ff] [Gg] [Hh] [Ii] [Jj] [Kk] [Ll] [Mm] [Nn] [Oo] [Pp] [Qq] [Rr] [Ss] [Tt] [Uu] [Vv] [Ww] [Xx] [Yy] [Zz]


NAME

       ndpmon - Neighbor Discovery Protocol Monitor

SYNOPSIS

       ndpmon [ -i interfacename ] [ -f configfile ] [ -d dtd_file ] [ -F
       filter ]
              [ -n number ] [ -L ] [ -v ] [ -h ] [ -d dtd_file ]
              [ -g neighbor_file ]

DESCRIPTION

       NDPMon is  a  monitoring  software  for  ipv6  Neighbor  Discovery.  It
       syslogs  activity  and  reports  by email malicious ND message.  NDPMon
       uses  libpcap  to  listen  for  icmp6  packets  and  libxml2   to   use
       configuration and neighbor cache files.

       The -i flag is used to change the default interface eth0.

       The  -f flag is used to change the path of the configuration file.  The
       default is /etc/ndpmon/config_ndpmon.xml

       The -e flag is used to  change  the  path  to  the  DTD  file  for  the
       configuration file. The default is /etc/ndpmon/config_ndpmon.dtd

       The  -n  flag  uses  libpcap  to  specify a limited number of packet to
       capture.

       The -F flag allows one to change the default icmp6 filter.

       The -L flag is used to disable syslog and mail reports. This is used to
       do a learning phase and constitue the neighbor cache.

       The -v is used to enable the DEBUG mode.

       The -d flag is used to change the path to the DTD file for the neighbor
       cache. The default is /var/lib/ndpmon/neighbor_list.dtd

       The -g flag is used to change the  path  to  the  neighbor  cache.  The
       default is /var/lib/ndpmon/neighbor_list.xml

       Note  that  an empty neighbor_cache.xml file must be created before the
       first time you run ndpmon.

       NDPMon must be run with root rights to work.

REPORT MESSAGES

       Here's the list of the report messages generated by ndpmon:

       wrong couple MAC/IP
              Separately, the MAC and IP addresses are valid,  but  not  as  a
              couple.

       wrong router mac
              The  ethernet  address of the RA message is not specified in the
              configuration file.

       wrong router ip
              The ip address of  the  RA  message  is  not  specified  in  the
              configuration file.

       wrong prefix
              The  prefix  announced in the RA message is not specified in the
              configuration file.

       wrong router redirect
              The RD message does'nt come  from  a  router  specified  in  the
              configuration file.

       NA router flag
              The  NA  specifies  a  router  but  isn't  one  according to the
              configuration file.

       DAD DOS
              The NA answer to NS to avoid it to get an ip address.

       changed ethernet address
              The host switched to a new ethernet address.

       flip flop
              The ethernet address has changed from  the  most  recently  seen
              address to the second most recently seen address.

       reused old ethernet address
              The  ethernet  address  has  changed from the most recently seen
              address to the third (or greater) least recently seen address.

SYSLOG MESSAGES

       Here are some of the syslog  messages;  note  that  messages  that  are
       reported are also sysloged.

       new activity
              This  ethernet/ip6 address pair has been announced for last time
              two months or more.

       new station
              The ethernet address has not been seen before on the link.

       ethernet broadcast
              The mac ethernet address of the host is a broadcast address.

       ip broadcast
              The ip address of the host is a broadcast address.

       bogon  The source ip address is not local to the local subnet.

       ethernet mismatch
              The  source  mac  ethernet  address  didn't  match  the  address
              announced in option of the ND message.

FILES

       config_ndpmon.xml - contains settings which must be fill by the administrator
       neighbor_list.xml - neighbor cache: all neighbors known to be on the link

SEE ALSO

       arpwatch(8) ipv6(7), pcap(3), libxml(3).

AUTHOR

       Thibault Cholez and Frederic Beck for MADYNES Project, Loria, Fr.

BUGS

       Please send bug reports to frederic.beck@loria.fr
              or thibault.cholez@esial.uhp-nancy.fr

                                 November 2006                       NDPMON(8)



  All copyrights belong to their respective owners. Other content (c) 2014-2018, GNU.WIKI. Please report site errors to webmaster@gnu.wiki.
Page load time: 0.158 seconds. Last modified: November 04 2018 12:49:43.