Ethernet Layer 2 checking tool
arpcheck checks /proc/net/arp for MAC/IP combinations and compares them to a static or dynamic MAC list. If something does not fit, you'll get an alarm which will also be logged. You can also run custom scripts. This is useful, if you're a router with multiple interfaces (e.g. WAN, LAN, DMZ) and want to check if anyone from your clients is evil and does some arpspoofing (mitm) or changes his IP.