If you are paranoid about people ARP spoofing or flooding on your network you can use ARPWatch-NG, ARPWatch-NG is a continue of the popular original ARPWatch from ftp://lbl.gov/.ARPWatch monitors MAC adresses on your network and writes them into a file, last know timestamp and change notification is included.From man arpwatch Here's a quick list of the report messages generated by arpwatch(1) (and arpsnmp(1)): new activity This ethernet/ip address pair has been used for the first time six months or more.
It can be used it to monitor for unknown (and as such, likely to be intruder’s) mac adresses or somebody messing around with your ARP/DNS tables.
There have been quite a few fixes lately, so it’s recommended of course to get the latest version!
It work as a daemon, and as it registers the MAC changes in a file over time, together with the epoch time of the change.
It also is able to send messages to syslog and emails.
Sanitized bz2 We also maintain and have made available a nmap-mac-prefixes file created from the sanitized edition with abridging vendor name logic applied.