[]What is it?
A tiny app to count in and out-bytes from a given ethernet-device
 (to and from a given MAC-address)
It was made to enable bandwith-monitoring of spesific hosts on a lan, i.e. a HUB-lan, 
 usefull places where the ISP haven't enabled SNMP on the router; or where
 there are server with more than one IP, and you want to monitor the entire machine's
 IP-traffic.

[]Where do I look for new versions?
They should appear on http://mybox.trenger.ro

[]Limitations/missing features
* mrtg-'autoconf' when a new MAC show's up
* read a given file in tcpdump-format (like the ones tcpdump -w gives you),
   could perhaps be usefull for forrensic or similar.


[]What do I need?
A system that you can compile c-source on with libpcap on some flavour of unix.
This has been tested on:
* Linux (2.x)
* Solaris (8)
* HP-UX (10.20)
* NetBSD
- compiled, but not tested (no root) on:
* OpenBSD 2.8
* FreeBSD 4.4


Please tell me if you make it work on other platforms!

[]How to install
just `./configure; make; make install`
this will put the macwatch binary into /usr/sbin, and the macwatch.sh script to /usr/sbin


[]How to use
Just compile and start it :)
These are the valid options:
-a mac,file[,revert]	add "mac,file[,revert]". i.e. 00:0A:1B:AA:03:3D,/var/log/gw
			mac is the mac-address you want to monitor.
			file is the filename to write, to use with macwatch.sh. (mawatch.sh file in mrtg-cfg)
			Revert will reverse counters for the device (usefull if the 
			 graph seems 'backwards')
			I.e. if host pc1 downloads a file, this app will count bytes going from
			 network to pc1, i.e. it will show as outgoing traffic.
-f configfile		read a file of "mac,file[,revert]" entries
-i interface		Which interface to listen to, i.e. eth0
-u interval		How often to write file (logfile), in minutes.
			 default is 5 minutes.
-p			Turn off promiscous mode sniffing
-U username/UID		User to run as, this is for the paranoid penguins.
			 Socket will be opened before we try to setuid ourselves.
-C /path		Path we should chroot to, also for the paranoid penguins.
			 !NB! - logfile is openeded every 5 minutes, so remember to
			  specify a logfile that's relative to the jail!

!!
NB: -g,-l and -r are removed from version 0.2.7 to make room for the new config-type!
!!



If you want the daemon to start automatically when you boot your system; put this into your rc.local;
or similar script:
macwatch -a 00:0A:1B:AA:03:3D,/var/log/gw
You should be able to use the -a parameter several times to monitor more than one host.
you will ofcourse have to switch both mac-address and logfile to your proper settings.
or you can use a file:
macwatch -f /etc/macwatch.cfg
where /etc/macwatch.cfg is the a file consisting of "mac,file[,revert]" entries.

Here's the samle mrtg config, remember to change the macwatch.sh
 parameter if you have more than one device:
-------------------------------------------------------------
Target[inet]: `/usr/sbin/macwatch.sh /var/log/wan_usage.db`
WithPeak[inet]: my
MaxBytes[inet]: 1250000
Options[inet]: nopercent
Title[inet]: Internet activity in DMZ
PageTop[inet]: <H1>Traffic Analysis for Internet GW
	</H1>
	<b>Internet link</b>
	<br>
	<br>
	<TABLE>
	<TR><TD>System:</TD><TD>My internet connection</TD></TR>
	<TR><TD>Maintainer:</TD><TD>Owner <<A HREF="mail@hotmail.com">mail@hotmail.com</A>)</TD></TR>
	</TABLE>
-------------------------------------------------------------

[]Bugs
Please send bugreports and patches to torgeir@trenger.ro

[]Author
Torgeir Hansen <torgeir@trenger.ro>