Flytrap is a simple network scan detection and mitigation tool developed at the University of Oslo as a replacement for LaBrea.
Flytrap listens on a network interface for unanswered ARP requests and assumes the identities of the requested hosts. It then logs all traffic to that address, and optionally responds to TCP connection attempts in order to slow down the scanner.
Compiling and installing
Flytrap uses the GNU autotools and should build cleanly on most up-to-date Linux and FreeBSD systems:
git clone https://github.com/unioslo/flytrap && cd flytrap
sudo make install