IPwatchD an IP conflict detection tool for Linux



Project name: IPwatchD - IP conflict detection tool

Author: Jaroslav Imrich

Project's Home Page: IPwatchD

Introduction

Prerequisites

* build-essential - C compiler and other development tools

* libpcap-dev - Network packet capture library

* libnet1-dev - Network packet construction library

* libnotify-dev - sends desktop notifications to a notification daemon

# apt-get install build-essential libpcap-dev libnet1-dev libnotify-dev

Installation

When using a GNU/Linux operating system, from time to time you may come across a situation where network connectivity was interrupted due to the IP conflict. An IP conflict event occurs when two or more hosts on the same network are configured with identical IP addresses. At the present, there appears to be no code in the Linux kernel to take care of this situation by means of appropriate Gratuitous ARP response . Very often a network administrator is left in the complete ignorance by the Linux kernel and needs to troubleshoot IP conflict the hard way.Fortunately, there is a simple daemon called IPwatchD which main purpose is to catch and evaluate packets on the network and this way is able to prevent an IP conflict occurrence. This is done by help of libpcap library . IPwatchD daemon is written in C language and can run in passive or active modes. The difference between a passive and active mode is that in the passive mode IPwatchD only logs every IP conflict event by engaging syslog daemon, and in active mode IPwatchD takes one step further and responds to Gratuitous ARP request which is the main construction block when it comes to the IP conflict prevention. This article will explore this simple daemon in terms of installation, configuration and usage.Before we can install IPwatchD under the GNU/Linux operating system it is recommended to confirm that all prerequisites needed by IPwatchD are installed on the system. Here is a list of packages you would need to install on Ubuntu 8.10.On ubuntu or debian linux you can install those packages with a following linux command

Now, that we have installed all required prerequisites, it is time to compile and install IPwatchD daemon. There are two types of IPwatchD installations.

Desktop version with build-in GUI message notification

Server version which encompasses just the IPwatchd daemon without a GUI message notification

IPwatchD Desktop version

$ bunzip2 ipwatchd-x.x.tar.bz2

$ tar xvjf ipwatchd-x.x.tar

$ cd ipwatchd-x.x/src

$ make

# make install

IPwatchD Server version

$ bunzip2 ipwatchd-x.x.tar.bz2

$ tar xvjf ipwatchd-x.x.tar

$ cd ipwatchd-x.x/src

$ make daemon

# make install

Difference between Desktop and Server version is that in Desktop version IPwatchD reacts to the IP conflict event by displaying a message on the GUI as well as to the relevant long files. In the contrary to the Desktop version, Server version only logs an IP conflict event to the relevant log files.The installation routine of IPwatchD for both Desktop and Server versions is very similar. Download IPwatchD source code tarball and enter following linux command s:Once a binary is compiled, login as a superuser (root) and enter:To install a IPwatchD server version compile a IPwatchd source code by:Once a binary is compiled, login a superuser (root) and enter:

At this point all IPwatchD executable binaries are copied into the /usr/local/sbin. The configuration file can be found in /usr/local/etc directory.

NOTE: To uninstall IPwatchD, simply as a root user issue a command:

make unistall

Configuration

eth0 active

Usage

# /usr/local/sbin/ipwatchd -c /usr/local/etc/ipwatchd.conf

ps aux | grep ipwatchd

root 10814 0.0 0.2 2032 572 ? Ss 19:27 0:00

/usr/local/sbin/ipwatchd -c /usr/local/etc/ipwatchd.conf

root 10818 0.0 0.3 3240 796 pts/1 R+ 19:27 0:00 grep ipwatchd

As it was already mentioned above, an IPwatchD daemon can work in two modes. To instruct this daemon to listen on the eth0 in active mode amend a configuration file /usr/local/etc/ipwatchd.conf with a following line:IpwatchD daemon is also able to work with virtual interfaces. So feel free to add line "eth0:1 passive" if you want IPwatchD listen on eth0:1 network interface in a passive mode.Curent version of IPwatchD 1.1.1 does not start by it self. To start IPwatchD run a following linux command as a root user:Confirm that IPwatchD is running on your system by ps command:You should get an output similar to the one below:

To logic here is as follows, modern operating systems are trying to avoid an IP conflict by sending a special type of ARP broadcast packets at the boot time or during a network interface reconfiguration. This type of special broadcast packet is called [http://wiki.wireshark.org/Gratuitous_ARP Gratuitous ARP]. The purpose of the Gratuitous ARP packet is to discover, if an IP address they are about to acquire is not already taken by yet another host.





An alternative to the GUI notification message is a syslog file. IPwatchD also logs all relevant IP conflict events into the syslog file. Here is a sample message generated by IPwatchD daemon:

an 11 20:50:47 linuxconfig-desktop IPwatchD[13215]: MAC address 8:0:27:b6:5a:6c causes

IP conflict with address 10.1.1.6 set on interface eth0 - active mode - reply sent

Jan 11 20:50:47 linuxconfig-desktop avahi-daemon[3965]: Withdrawing address

record for 10.1.1.6 on eth0.

Conclusion

To stop IPwatchD daemon you can use kill command. This way IPwatchD daemon receives SIGTERM signal which will gracefully stop this process, release a used memory and stop listening on a network interface. For the long run, to make it automatic, you can also create some simple daemon init.d script and link it from an appropriate runlevel directory on your system.IPwatchD is certainly a handy tool which can sometimes save you a day. However, there are also some limitations. Current version of IPwatchD 1.1.1 is limited to only GNOME graphical user interface. Nevertheless, it is still possible to use a Server version and refer to the syslog file in case of some unexpected connectivity problems.