arpd - Linux


arpd is a network monitoring tool that displays active network connections and their corresponding MAC addresses using Address Resolution Protocol (ARP). It runs as a daemon and provides real-time information about devices connected to a network.


arpd [options] <interface>


  • -i, --interval: Update interval (seconds); Default: 1
  • -c, --cache: Cache ARP entries in seconds; Default: 300
  • -f, --file: Write ARP entries to a specified file
  • -w, --web: Start a simple web interface on the specified port; Default: 8080
  • -d, --debug: Enable debugging output
  • -h, --help: Display help and usage information


Display ARP entries for the eth0 interface:

arpd eth0

Specify an update interval of 5 seconds:

arpd -i 5 eth0

Cache ARP entries for 600 seconds:

arpd -c 600 eth0

Write ARP entries to a file:

arpd -f arpentries.txt eth0

Start a web interface on port 9000:

arpd -w 9000 eth0

Common Issues

  • Ensure the specified interface is up and running.
  • Check if arpd is running as root or with appropriate permissions.
  • If ARP entries are not displayed, try increasing the cache time or interval.


Integrate with Wireshark: Export ARP entries to a file and import them into Wireshark for further analysis.

arpd -f arpentries.txt eth0
wireshark -r arpentries.txt

Related Commands

  • arp: Display or modify ARP cache entries
  • ifconfig: Configure and view network interface parameters