Arpwatch Tool to Monitor Ethernet Activity in Linux

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Ravi Saive

I am Ravi Saive, creator of TecMint. A Computer Geek and Linux Guru who loves to share tricks and tips on Internet. Most Of My Servers runs on Open Source Platform called Linux. Follow Me: Twitter, Facebook and Google+

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

14 Responses

  1. Ryan says:

    Thank you for the tutorial!

    Is there a way to tell arpwatch not to notify on multiple IP Addresses in different subnets? Right now, it looks like we can only tell it to skip a single IP or network range. I am attempting to do this on the interface in the /etc/arpwatch.conf file.

  2. Ant says:

    Is there a way to look up each address like MAC address so I know whose device it is?

  3. techboyz says:

    i m using fedora 20
    arpwatch -i eno1
    arpwatch: lookup_device: no suitable interface found

  4. kaleem says:

    when I install the arpwatch in centos 6.5 , it installed successfully, but when i used this command:/etc/init.d/arpwatch start. It generated the error: aprwatch: lookup_device : can’nt open the netlink socket 13: Permission denied

    service failed to start:

  5. Kevin says:

    Great tutorial.


    Installing using Yum on CentOS 6.5, it put the ARPwatch DB file in “/var/lib/arpwatch/”. Your instructions showed “/var/arpwatch/”


  6. jagadeesh says:

    thank you verymuch bro you are giving the very useful information to linux learners.

  7. Wynman says:

    I tried to install arpwatch an Untangle box via ssh but was returning error “Couldn’t find package arpwatch” is there a workaround to this?

  8. John says:

    Arpwatch has problems with VLANs.
    It always sends:
    arpwatch: xx:xx:xx:xx:xx:xx sent bad hardware format 0x3e7
    to the log.
    So at present it is unusable in those networks.

  9. Alex says:


    I got this problem.

    [[email protected] init.d]# chkconfig –level 35 arpwatch on
    Note: Forwarding request to ‘systemctl enable arpwatch.service’.

    [[email protected] init.d]# /etc/init.d/arpwatch start
    -bash: /etc/init.d/arpwatch: No such file or directory

  10. Wilson Silva says:

    I have been searching for a tutorial like this for the past week and I didn’t found it. They were always incomplete or outdated. I finally got this to work. Thank you! :)

    If I don’t specify an interface, arpwatch watches all interfaces?

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.