Network monitoring

[Bart Silverstrim]

Javier Palacios wrote:
> On Mon, Jul 28, 2008 at 1:49 AM, Bart Silverstrim
> <bsilver at chrononomicon.com> wrote:
>> Does anyone here have a program, preference, configuration,
>> recommendation...etc...for monitoring your own network for what machines
>> are connected to it, as in auditing for people that may have connected
>> with unauthorized hardware somewhere or at least log when machines are
>> on the wifi or wired network when that network is too small to have a
>> managed switch or managed WAP?
> 
> You are looking for SNMP. It's probably the only way to get unified
> interface for heterogeneous devices, in particular to ARP tables.
> Unfortunately that's only the protocol, I cannot recommend you any
> piece of software which uses it, although probably every piece of
> monitoring software offers you that functionality. I've not used it,
> but the one that I know that closer resemebles a network-only
> management one is opennms (http://www.opennms.org/).

To clarify...

What I have is a wireless AP on a small network (a Netgear AP), and it 
does have SNMP but I didn't see the docs on accessing it or polling it.

What I'd like to do is have a way for my Linux system to periodically 
poll the AP (or the network), get a basic list of items on the network, 
and if anything comes up as "new" or "foreign" to just alert me about it 
so I know and have a record of it.

I know there are those that would be recommending encryption methods and 
lockouts and etc. etc...but for this situation I'm mainly just looking 
for logging and auditing of activity. Is this something that can be 
accomplished easily? Arpwatch seems to bury entries in the logs that 
would have to be periodically checked manually. I would prefer some way 
to have it give a more timely alert, such as by email. SNMP can be used, 
but I still need a way to script the actions and wouldn't I also be 
broadcasting access information such as the administration password for 
the AP in the clear over the network?