Links and various documentation page

Documentation

• Jouer avec le protocole ARP
• Wikipédia: Address Resolution Protocol
• Une présentacio molt rapid
• Detectar conexiones no autorizadas en una red local con Linux
• Una mirada a ARP - [cache]
• ARP WATCH - [cache]

In press:

• hakin9

  international press: article - Summary (article not free, but, look here) http://en.hakin9.org

• Linux magazin

  german press: summary http://www.linux-magazin.de/

• Linux magazine

  english press: summary Article in PDF format (english) artículo en PDF (castellano) http://www.linux-magazine.com/

Products using Arpalert

• Exceliance

  
  LANDefender appliance
  http://www.exceliance.fr/en/ldapercu.htm

Other solutions:

• Arpwatch NG

  arpwatch monitors mac adresses on your network and writes them into a file. last know timestamp and change notification is included. use it to monitor for unknown (and as such, likely to be intruder's) mac adresses or somebody messing around with your arp_/dns_tables.
  http://freequaos.host.sk/arpwatch/

• Darpwatch (Distributed Arpwatch)

  Darpwatch is a solution for monitoring ethernet activity across many different ethernet networks. Darpwatch is based on the original arpwatch source from UCB.
  http://sourceforge.net/projects/darpwatch/

• XArp

  XARp is a graphical tool to watch the ARP cache of your local computer. It remembers all IP to MAC adress mappings and periodically compares them against new ones. Thus it can detect changes in the mapping of IP to MAC adresses and reports them. XArp 0.1.5 can also detect MACs that are set to the broadcast or a multicast MAC address. Further XArp versions will have more monitoring like 'dublicate MAC', 'is the IP in the subet', 'has the default route changed'.
  http://www.chrismc.de/developing/xarp/

• arphound

  Arphound is a tools that listens to all traffic on an ethernet network interface, and reports IP/MAC address pair, as well as events such as IP conflict, IP changes, IP addresses with no RDNS, various ARP spoofing, and packets not using the expected gateway. Reporting is done to stdout, to a specified file and/or to syslog.
  http://www.nottale.net/index.php?project=arphound

Various links

• Package Maintenance with Mezzanine (exemple with arpalert)