trackpeer is an agent program that helps network and server administrators with tracking users computers.
Version: 0.02trackpeer is an agent program that helps network and server administrators with tracking users computers.
License: MIT/X Consortium License
Operating System: Linux
It makes it possible to determine the MAC addresses of computers over a network, even when the computers are behind NATed gateways.
This agent program is intended to be used by the administrators who need to identify and locate malicious computers (users) and virus-infected computers in a network such as middle-sized Wireless LAN system, public ethernet jack system, and campus or corporate network.
The program will also be useful for a simple MAC-address-based authentication over a network.
Using MAC addresses has several advantages over other computer/user identification methods, since every ethernet interface has its unique MAC address that cannot be changed easily in many cases.
The agent program has two features, MAC address informing and MAC address logging.
`trackpeerd' and `trackpeer' are an agent program and a simple client program, respectively. The agent program should run on a gateway (or a packet capturing machine beside it) which resides in the same network segment as the client computers are. We call the router ``frontline router''. The agent listens to the communication through the router and caches packets' header information.
The client program trackpeer is used when an administrator or a server program would like to know the MAC address of a specific peer, just after a communication action is taken by the peer.
trackpeer provides the agent with the source/destination addresses of a packet, the port numbers of the packet, and the time of the packet's arrival. The agent looks into its internal cache memory, picks up the address information that matches the query, and provides the server with the information.
In other words, the server asks the agent,
`` Who's knocked the door at around HH:MM.SS? ''.
The agent will forget the address information after a certain period of time (10mins) has passed.