Describes changes made to NetWatch and catwatch to get information from MAC-locked ports.
See also:
AANTS - physaddrwatch, mactrapper, catwatch, banaddrwatch and other NetWatch Foundation Tools
AANTS - Everything You Ever Wanted To Know About the NetWatch Tool
In NetWatch or any other tool that uses its database tables, such as PortUseAudit, the MAC "seen" date now means either:
1) for dynamically learned MAC addresses, it is the date/time when the given address was seen as active in the mac-address table. This is what it has meant in the past.
2) for statically "locked" MAC addresses, it is the date/time when the given address was found to be configured statically, and the given interface was up - presumably because one of the locked addresses was using it. The assumption being that it is not a shared port.
This involved a substantial change to catwatch: To get some sort of guarantee that at least one of the locked MAC addresses is actually in use, catwatch now checks the port's interface status. If the port's status is not "up(1)" then catwatch won't record the MAC address even if its in the learning table (such static entries always are.)
For static/locked MAC addresses, it will record them as long as the port is "up(1)". Note that this means that some static/locked MAC addresses will appear in NetWatch even if they might not actually be in use.
Written by Dave Plonka