logarp.pl  ALPHA
6 June 1996  jwa@nbs.nau.edu

logarp is a small perl script which uses tcpdump to grab ethernet
and source IP addresses.  It runs on the system "learning" these
addresses, and logging ether/ip address mismatches.

This is helpful for both (a) identifying active systems on the
network and (b) determining if new machines are being put on
the network or if one machine has another machine's IP address.

When logarp first runs, it will generate a list of all the "NEW"
machines it sees.  After a while (depending on how many people
use your network), it will calm down.  If someone changes the
system's IP, a CHANGED entry will be made in the logfile,
listing the ethernet address, the "old" IP, and the "new" IP, and
a timestamp.

The log of IP/ethernet addresses is kept in the file "known-hosts.dat".
By keeping it in a file instead of in memory, one can keep tabs
on a network across crashes and reboots.

...

