Couldn't really tell you how useful this is, but it's interesting anyway.
Specifically, the article over at everythingsysadmin.com shows how you can use tcpdump to analyse what's happening over a network and potentially suss out any infected machines making too many arp who-has requests..
tcpdump -l -n arp | egrep 'arp who-has' | head -100 | awk '{ print $NF }' |sort | uniq -c | sort -nThis site is archived. mig5 is taking a break from writing.