Detect unauthorised hosts
Hello,
To improve the security of my network, I want be able to detect unauthorised host. I want also know where there are plugged (which port on which switch).
I first thought to use arpwatch to detect new hosts and check if its mac address is present in a file which contain all mac address of my network thanks to a script registered as an userparameter in an agent configuration. The problem of this means is I can not know where is plugged the unauthorised host.
Now, I think to use a low level discovery rule to detect automatically new hosts and get there mac address and on which port on which switch there are plugged. My problem is here: is it possible to do it? And if it is, how can I do it? I think I can use a snmp trap but I do not know how.
Thanks!
To improve the security of my network, I want be able to detect unauthorised host. I want also know where there are plugged (which port on which switch).
I first thought to use arpwatch to detect new hosts and check if its mac address is present in a file which contain all mac address of my network thanks to a script registered as an userparameter in an agent configuration. The problem of this means is I can not know where is plugged the unauthorised host.
Now, I think to use a low level discovery rule to detect automatically new hosts and get there mac address and on which port on which switch there are plugged. My problem is here: is it possible to do it? And if it is, how can I do it? I think I can use a snmp trap but I do not know how.
Thanks!