Using pfsense Arpwatch To Get Notified of ARP Spoofing & Other Network Changes

Hey Tom. I’ve always really appreciated how straight to the point you are.
By 0:10 you’ve already introduced yourself and stated the main topic of the video. Amazing.
So many YT creators have 30-60 seconds if not minutes of fluff at the beginning of the video before getting to the point.
Thanks Tom!

I love Arpwatch! I've always used it, both at home and work, just to keep an eye on the devices. It makes it really easy to connect to and setup new devices like printers or video cameras or anything else that expects you to know the IP and connect to configure. It's also fun to show up next to a person who plugged a computer into your network when they weren't supposed to and ask them what they are up to. "Whatcha doing? Yeah, that network wont work, you need to see the secretary for guest access..." :)

Good feature for those "IT" guys that want to see new devices connecting :) Thanks TOm !!

Great video! Thanks, Tom!

Hollywood script running in the background. 🤣🤦‍♂️
I’ve been wanting to get a pfsense, thanks for the vid! 👍

Hi Tom. Great video. Just wanted to let you know that I was able to get notifications through Pushover, which I use on my pfsense setup. I did not have to use the email notification. Thanks.

Good stuff as always. Thanks

I remember one of the first times I encountered ARP spoofing was from a Disney circle device. I always hated the idea of how that worked from a network security perspective and wanted to know how to prevent it. This is good tool for that.

I love the idea of using this when setting up IP cameras.

I'm looking for a good option to do precence detection. Is Arpwatch a good option to detect my iPhone on my home network? Are there other options to get a message out of Arpwatch than email? Maybe MQTT or SNMP?

This is pretty awesome. I do the same thing on a few servers. A script writes the arp table to a database and every X minutes compares the current arp table to what's in the database. If something has changed I get an email notification. These servers also run Overlook Fing so they're constantly scanning the entire network keeping that arp table up to date even on those devices that don't touch the servers.

I need that background screen Animation you have there on our left! 😍 where can I get this?

5:45 How do you add interfaces to the database and is it important?

Is there a simple way to block new devices till it can be approved? My old Netgear could do it and I like the idea

What is running on the widescreen in the background. I would love to have something like that running as a screen saver

ARP notifications also are sent over Telegram if you have that enabled.

Hey Tom, great video as always. Do you have any recommendations on a guide to setup SMTP with DuoCircle together with cloudflare, or would you have any more information in how I would go through this process?

I just use a small VM with PiAlert installed on it - no pfSense required. Does email alerts too.

Nice feature.

We've abandoned negate and pfsense after major reliability issues. HA is not reliable and upgrades have caused required serious issues including required reflashes

what happens in a scenario where a good device with a combination of (MAC + IP) address is offline and somebody spoofs both of them to attach their own malacious device ?

Im still trying to figure out how you have 3 columns on your dashboard and I have 2

Can arpwatch utilize syslog instead of email?

I’ve been looking for something to email notifications after hours. We have 14 acres in the middle of the woods. All covered with UniFi. So, if someone walks in range with a smartphone, this would be a layer of protection better than the rest!

Does this require that I use pfsense as DHCP server?