NDPWatch is a daemon that monitors ipv6 activity and keeps a database of ethernet/ipv6 address pairings. It reports abnormal changes via mail. It has pretty the same features of its IPv4 analog ARPWatch developped at the Lawrence Berkeley National Laboratory.
NDPWatch uses libpcap, a system-independent interface for user-level packet capture.
$ tar xzvf ndpwatch-0.01.tgz
$ cd ndpwatch
$ vi addresses.h
$ ./configure && make
# make install
You must then create an empty file that will be used as database, ndp.db is used by default (w/ -f argument).
If you run NDPWatch for the first time I advise you to launch NDPWatch with debbuging argument -d. That will force NDPWatch to print out on stdout instead of mail any address changes or new station added to the database. When you guess your database is OK, you can launch NDPWatch normally. NDPWatch will warn you via mail and syslog if it finds a new station or detects any address changes. More informations can be reached on the ndpwatch(8) manpage.
Clement Lecigne <clem1@FreeBSD.org> is the primary author.