Is there any service that keeps running and checks the mac address and IP address, when it detects two IP address on different macs it writes on a log, or sends a warning?
It would be useful to detect ip duplication on a network.
Wireshark can be used to detect duplicate IP addresses.
I've setup arpwatch. http://manpages.ubuntu.com/manpages/precise/man8/arpwatch.8.html
maybe ipwatchd[ http://ipwatchd.sourceforge.net/ ] can help you. I have this in one server and works ok for me. Don't send any advises but i think it can be do.
We suffer from DNS lookups with a response IP address which is not existing. Can Iptables check on this?
We will identify each tunnel using combination of source-TEID , dest-TEID and source IP address, dest IP address. How often the IP address and the TEID are repeated? is this just unique for each tunnel of UE or unique within the cell?
