fbs/gist:62103a3c03ad4c231f43a82db90e2d8b

## gistfile1.txt
#include <linux/skbuff.h>
#include <uapi/linux/if_ether.h>
#include <uapi/linux/if_arp.h>
#include <net/neighbour.h>

// lacking a nice macaddress printer :(
struct mac {
  char common[3];
  char h1;
  char h2;
  char h3;
};

kprobe:arp_create {
  $sip = arg4;
  $dip = arg2;
  $smac = (struct mac*) sarg0;
  $dmac = (struct mac*)sarg1;
  time("%H:%M:%S ");
  printf("\033[32mSEND:\033[0m   SRC: %16s %hhX:%hhX:%hhX", ntop($sip), $smac->h1, $smac->h2, $smac->h3);
  printf(" -> DST: %16s %hhX:%hhX:%hhX\n", ntop($dip), $dmac->h1, $dmac->h2, $dmac->h3);
}

k:neigh_update {
  $n = (struct neighbour *) arg0;
  $m = (struct mac*) arg1;

  time("%H:%M:%S ");
  printf("\033[31mUPDATE\033[0m: DST: %16s %hhX:%hhX:%hhX\n", ntop(*(int32*)$n->primary_key), $m->h1, $m->h2, $m->h3);
}
	#include <linux/skbuff.h>
	#include <uapi/linux/if_ether.h>
	#include <uapi/linux/if_arp.h>
	#include <net/neighbour.h>

	// lacking a nice macaddress printer :(
	struct mac {
	char common[3];
	char h1;
	char h2;
	char h3;
	};

	kprobe:arp_create {
	$sip = arg4;
	$dip = arg2;
	$smac = (struct mac*) sarg0;
	$dmac = (struct mac*)sarg1;
	time("%H:%M:%S ");
	printf("\033[32mSEND:\033[0m SRC: %16s %hhX:%hhX:%hhX", ntop($sip), $smac->h1, $smac->h2, $smac->h3);
	printf(" -> DST: %16s %hhX:%hhX:%hhX\n", ntop($dip), $dmac->h1, $dmac->h2, $dmac->h3);
	}

	k:neigh_update {
	$n = (struct neighbour *) arg0;
	$m = (struct mac*) arg1;

	time("%H:%M:%S ");
	printf("\033[31mUPDATE\033[0m: DST: %16s %hhX:%hhX:%hhX\n", ntop((int32)$n->primary_key), $m->h1, $m->h2, $m->h3);
	}