in Home

Install NDPMon over Fedora 17

The Neighbor Discovery Protocol Monitor (NDPMon) is a diagnostic software application used by Internet Protocol version 6 network administrators for monitoring ICMPv6 packets. NDPMon observes the local network for anomalies in the function of nodes using Neighbor Discovery Protocol (NDP) messages, especially during the Stateless Address Autoconfiguration. When an NDP message is flagged, it notifies the administrator by writing to the syslog or by sending an email report. It may also execute a user-defined script. For IPv6, NDPMon is an equivalent of Arpwatch for IPv4, and has similar basic features with added attacks detection.
NDPMon runs on Linux distributions (available in Debian repositories and in Ubuntu 12.10 and later), Mac OS X, FreeBSD (available as port), NetBSD and OpenBSD. It uses a configuration file containing the expected and valid behavior for nodes and routers on the link. This includes the routers addresses (MAC and IP) and the prefixes, flags and parameters announced.
NDPMon also maintains up-to-date a list of neighbors on the link and watches all advertisements and changes. It permits to track the usage of cryptographically generated interface identifiers or temporary global addresses when Privacy extensions are enabled (default behavior in Ubuntu and Windows for example), or Cryptographically Generated Addresses are in use. (Extracted from the official website project).

To install NDP over Fedora 17 x64 (if you have i686, change the packages suffix), you need:

Dependencies:

yum groupinstall 'Development Tools' 
yum install libpcap-devel.x86_64  libxml2-devel.x86_64 libxslt-devel.x86_64 mailx.x86_64 httpd.x86_64
Download, prepare and install
wget -c http://downloads.sourceforge.net/project/ndpmon/ndpmon/ndpmon-2.1/ndpmon_2.1.0.tar.gz
cd ndpmon_2.1.0/
autoreconf -vi
mkdir -p /var/local/lib; mkdir -p /usr/local/etc
./configure --prefix=/usr/local --with-var-datadir=/var/local/lib --with-confdir=/usr/local/etc --enable-mac-resolv --enable-webinterface --with-webdir=/var/www/html --enable-syslogfilter --enable-countermeasures
make && make install
Fix problems:
rm -f /etc/logrotate.d/ndpmon
rm -f /etc/init.d/ndpmon
Test the installation:

Automatic configuration:

ndpmon -L
Start the process:
ndpmon

To check the web interface:

apachectl start
and go with the browser to:

http://localhost/ndpmon/

Screen_shot_2012-09-20_at_4Ndpmon_-_neighbor_discovery_pr0ndpmon_-_neighbor_discovery_pr

Please check the documentation for tunning and configure it according to your needs.

Write a Comment

Comment