Project name: IPwatchD - IP conflict detection tool
Author: Jaroslav Imrich
Project's Home Page: IPwatchD
Introduction
When using a GNU/Linux operating system, from time to time you may come across a situation where network connectivity was interrupted due to the IP conflict. An IP conflict event occurs when two or more hosts on the same network are configured with identical IP addresses. At the present, there appears to be no code in the Linux kernel to take care of this situation by means of appropriate Gratuitous ARP response . Very often a network administrator is left in the complete ignorance by the Linux kernel and needs to troubleshoot IP conflict the hard way.
Fortunately, there is a simple daemon called IPwatchD which main purpose is to catch and evaluate packets on the network and this way is able to prevent an IP conflict occurrence. This is done by help of libpcap library. IPwatchD daemon is written in C language and can run in passive or active modes. The difference between a passive and active mode is that in the passive mode IPwatchD only logs every IP conflict event by engaging syslog daemon, and in active mode IPwatchD takes one step further and responds to Gratuitous ARP request which is the main construction block when it comes to the IP conflict prevention. This article will explore this simple daemon in terms of installation, configuration and usage.Prerequisites
Before we can install IPwatchD under the GNU/Linux operating system it is recommended to confirm that all prerequisites needed by IPwatchD are installed on the system. Here is a list of packages you would need to install on Ubuntu 8.10.* build-essential - C compiler and other development toolsOn ubuntu or debian linux you can install those packages with a following command:
* libpcap-dev - Network packet capture library
* libnet1-dev - Network packet construction library
* libnotify-dev - sends desktop notifications to a notification daemon
# apt-get install build-essential libpcap-dev libnet1-dev libnotify-dev
Installation
Now, that we have installed all required prerequisites, it is time to compile and install IPwatchD daemon. There are two types of IPwatchD installations.
- Desktop version with build-in GUI message notification
- Server version which encompasses just the IPwatchd daemon without a GUI message notification
IPwatchD Desktop version
The installation routine of IPwatchD for both Desktop and Server versions is very similar. Download IPwatchD source code tarball and enter following commands:$ bunzip2 ipwatchd-x.x.tar.bz2Once a binary is compiled, login as a superuser (root) and enter:
$ tar xvjf ipwatchd-x.x.tar
$ cd ipwatchd-x.x/src
$ make
# make install
IPwatchD Server version
To install a IPwatchD server version compile a IPwatchd source code by:$ bunzip2 ipwatchd-x.x.tar.bz2Once a binary is compiled, login a superuser (root) and enter:
$ tar xvjf ipwatchd-x.x.tar
$ cd ipwatchd-x.x/src
$ make daemon
# make install
At this point all IPwatchD executable binaries are copied into the /usr/local/sbin. The configuration file can be found in /usr/local/etc directory.
NOTE: To uninstall IPwatchD, simply as a root user issue a command:
make unistall
Configuration
As it was already mentioned above, an IPwatchD daemon can work in two modes. To instruct this daemon to listen on the eth0 in active mode amend a configuration file /usr/local/etc/ipwatchd.conf with a following line:eth0 activeIpwatchD daemon is also able to work with virtual interfaces. So feel free to add line "eth0:1 passive" if you want IPwatchD listen on eth0:1 network interface in a passive mode.
Usage
Curent version of IPwatchD 1.1.1 does not start by it self. To start IPwatchD run a following command as a root user:# /usr/local/sbin/ipwatchd -c /usr/local/etc/ipwatchd.confConfirm that IPwatchD is running on your system by ps command:
ps aux | grep ipwatchdYou should get an output similar to the one below:
root 10814 0.0 0.2 2032 572 ? Ss 19:27 0:00
/usr/local/sbin/ipwatchd -c /usr/local/etc/ipwatchd.conf
root 10818 0.0 0.3 3240 796 pts/1 R+ 19:27 0:00 grep ipwatchd
To logic here is as follows, modern operating systems are trying to avoid an IP conflict by sending a special type of ARP broadcast packets at the boot time or during a network interface reconfiguration. This type of special broadcast packet is called [http://wiki.wireshark.org/Gratuitous_ARP Gratuitous ARP]. The purpose of the Gratuitous ARP packet is to discover, if an IP address they are about to acquire is not already taken by yet another host.
An alternative to the GUI notification message is a syslog file. IPwatchD also logs all relevant IP conflict events into the syslog file. Here is a sample message generated by IPwatchD daemon:
an 11 20:50:47 linuxconfig-desktop IPwatchD[13215]: MAC address 8:0:27:b6:5a:6c causesNOTE: To stop IPwatchD daemon you can use kill command. This way IPwatchD daemon receives SIGTERM signal which will gracefully stop this process, release a used memory and stop listening on a network interface. For the long run, to make it automatic, you can also create some simple daemon init.d script and link it from an appropriate runlevel directory on your system.
IP conflict with address 10.1.1.6 set on interface eth0 - active mode - reply sent
Jan 11 20:50:47 linuxconfig-desktop avahi-daemon[3965]: Withdrawing address
record for 10.1.1.6 on eth0.