# Install arpoison with Homebrew, Nix

UNIX arp cache update utility. Version 0.7 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:arpoison
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install arpoison
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#arpoison
```

  Evidence: nixpkgs package indexes: pkgs/by-name/ar/arpoison/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:arpoison
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/arpoison>
- **Version:** 0.7
- **Source summary:** UNIX arp cache update utility
- **Homepage:** <http://www.arpoison.net/>
- **Upstream docs:** <http://www.arpoison.net/>
- **License:** GPL-2.0-only
- **Source archive:** <https://dev.gentoo.org/~jsmolic/distfiles/arpoison-0.7.tar.gz>
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- arpoison (cli)
- arpoison (alias)

## Dependencies

- libnet

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_big_sur, arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, big_sur, catalina, monterey, sonoma, ventura

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 0.7
- Local data: ok
- Upstream repository: http://www.arpoison.net/
- info: No package-manager update timestamp was available.
- info: Release/tag comparison is only available for GitHub repositories.
## Project history and usage

arpoison is Steve Buer's small Unix ARP cache update utility. Its official site describes it tersely as a Unix ARP cache update utility and distributes a 0.7 source archive; the bundled manual page describes a command that constructs ARP request or reply packets with user-specified hardware and protocol addresses.

### Project history

The official upstream surface is old-school: a static homepage, a tarball, a dependency note for libnet, and contact information. The 0.7 archive includes source, a README, a Makefile, a GPL license file, and an arpoison.8 manual page dated January 2003. No official HTTP source-control repository was found on the project homepage.

arpoison belongs to the early-2000s packet-construction utility era, when small C programs built on libnet were common tools for network labs and security testing. Its source and manual are focused on one task: generating custom ARP traffic rather than providing a broader scanning, discovery, or intrusion framework.

### Adoption history

arpoison's adoption is necessarily narrow. It is useful to administrators, students, and security testers who need controlled ARP cache manipulation on a local network, but it is not a general-purpose network inventory tool or a modern maintained platform.

The package's continued value is mostly archival and practical: when a user needs a tiny utility that emits hand-crafted ARP packets, the package manager can still provide it without requiring a checkout from a live development project.

### How it is used

The bundled README says the program sends a custom ARP reply packet with chosen hardware and protocol address information, relying on ARP's stateless behavior. The manual page documents options for interface, destination IP, source IP, target MAC, source MAC, ARP request mode, packet count, and delay between packets.

In practice, arpoison is used for controlled ARP cache updates and ARP poisoning experiments on local networks. Because it sends forged link-layer traffic, it is a privileged and security-sensitive command rather than a normal user productivity tool.

### Why package nerds care

arpoison is significant mostly as a compact preservation package: one executable, one C source tree, one man page, and an official tarball. It is the sort of security utility where a package database should preserve the real upstream homepage and avoid promoting unrelated mirrors as official repositories.

Its metadata is also a reminder that old security tools often predate today's expectation of GitHub, release feeds, CI, and signed source releases. For this package, the conservative answer is source-backed history plus a null repository.

### Timeline

- 2003-01: The bundled manual page is dated January 2003.
- 0.7: The official homepage distributes arpoison-0.7.tar.gz.

### Related projects

- libnet is the packet-construction library required by the official homepage and README.
- arping and arp-scan live in the same ARP-tool neighborhood, but arpoison is specifically about crafted ARP cache update packets.

### Sources

- <http://www.arpoison.net/>
- <http://www.arpoison.net/arpoison-0.7.tar.gz>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** arpoison
- **Version Scheme:** 0
- **Revision:** 1
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Nix - arpoison: normalized package name match | nixpkgs package indexes: pkgs/by-name/ar/arpoison/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1


## Related links

- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [Web development packages](https://www.automicvault.com/pkg/web-dev-tools/) - Matched web development metadata.
- [libnet](https://www.automicvault.com/pkg/brew/libnet/) - Runtime dependency declared by Homebrew.
- [ettercap](https://www.automicvault.com/pkg/brew/ettercap/) - Shares av.db curated category or tags: cli, network-security, security.
- [fragroute](https://www.automicvault.com/pkg/brew/fragroute/) - Shares av.db curated category or tags: cli, network-security, security.
- [rshijack](https://www.automicvault.com/pkg/brew/rshijack/) - Shares av.db curated category or tags: cli, network-security, security.
- [suricata](https://www.automicvault.com/pkg/brew/suricata/) - Shares av.db curated category or tags: cli, network-security, security.
- [fwknop](https://www.automicvault.com/pkg/brew/fwknop/) - Shares av.db curated category or tags: cli, network-security, security.
- [bettercap](https://www.automicvault.com/pkg/brew/bettercap/) - Shares av.db curated category or tags: cli, network-security, security.
- [daq](https://www.automicvault.com/pkg/brew/daq/) - Shares av.db curated category or tags: cli, intrusion-detection, security.
- [killswitch](https://www.automicvault.com/pkg/brew/killswitch/) - Shares av.db curated category or tags: cli, network-security, security.

## Combined YAML source

View the package source record on GitHub. [combined/arpoison.yml](https://github.com/automic-vault/db/blob/main/combined/arpoison.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
