Monitor ARP Traffic on OS X with ArpSpyX

ArpSpyX has just been updated to version 1.2 which adds full support for Intel Macs. If you’re not familiar with ArpSpyX you should give this utility at least a quick look if you care at all about the security or contents of your local network.

The program works by either monitoring ARP (Address Resolution Protocol) traffic or issuing ARP queries. Where DNS maps names to IP addresses (e.g. has IP, ARP maps IP addresses to the vendor-assigned MAC address of the actual device (so, in the below example, maps to 00:1B:63:D9:CE:09).

ArpSpyX Active Window

Why is ArpSpyX useful? Well, with it you can:

  • Actively or passively collect all the MAC & IP addresses of the devices on your network (with the ability to export this data)
  • Quickly identify new clients on any network you’re connected to
  • See if you are falling prey to ARP Poisoning attacks

The only real downside is that it requires modifying Unix permissions of your network devices, something Allen Porter (the author of ArpSpyX) has identified as a potential improvement.

While you’re tinkering with ArpSpyX, you can learn more about ARP via this helpful page, download the source to ArpSpyX via it’s Google Code home or explore vendor MAC address prefix assignments via this helpful search utility.