arpd - Linux

Overview

arpd is a network monitoring tool that displays active network connections and their corresponding MAC addresses using Address Resolution Protocol (ARP). It runs as a daemon and provides real-time information about devices connected to a network.

Syntax

arpd [options] <interface>

Options/Flags

• -i, --interval: Update interval (seconds); Default: 1
• -c, --cache: Cache ARP entries in seconds; Default: 300
• -f, --file: Write ARP entries to a specified file
• -w, --web: Start a simple web interface on the specified port; Default: 8080
• -d, --debug: Enable debugging output
• -h, --help: Display help and usage information

Examples

Display ARP entries for the eth0 interface:

arpd eth0

Specify an update interval of 5 seconds:

arpd -i 5 eth0

Cache ARP entries for 600 seconds:

arpd -c 600 eth0

Write ARP entries to a file:

arpd -f arpentries.txt eth0

Start a web interface on port 9000:

arpd -w 9000 eth0

Common Issues

• Ensure the specified interface is up and running.
• Check if arpd is running as root or with appropriate permissions.
• If ARP entries are not displayed, try increasing the cache time or interval.

Integration

Integrate with Wireshark: Export ARP entries to a file and import them into Wireshark for further analysis.

arpd -f arpentries.txt eth0
wireshark -r arpentries.txt

Related Commands

• arp: Display or modify ARP cache entries
• ifconfig: Configure and view network interface parameters