9. How to disable an IP stealing machine from the network
 1) Take that IP address from a "police machine". IP aliasing is OK with this.
    If you want to use machine with stolen IP as a "police machine", IP aliasing will not be required..

 2) Now we have to force the router in the building to recognize the police machine
    as the matching part of the IP. Simply, this is done by forcing the router to keep
    the ARP record (mapping between IP and MAC). From the police machine, execute
    for example,
    > echo yes | ./arpsend -t 141.223.127.99 -T ff:ff:ff:ff:ff:ff \
       -c 600 -p 1 -s 141.223.127.250 -S 00:0E:A6:AD:49:5D -o 2
    In this example, 141.223.127.99 is the target for forcing ARP (router IP or gateway)
    141.223.127.250 is the police machine IP, and 00:0E:A6:AD:49:5D is its MAC.
    "-o 2" means ARP response, which forces to renew the ARP record on the target.
    You will probably want to put this command inside of an infinite loop like
    "while (1) ... end". (while is a command in tcsh, so please check the shell name)

 3) At this stage, the router will renew constantly, but the thief machine may send
    ARP response also from time to time. To completely disable this, we have to flood
    the router with ARP transactions. From any machine that is on a different subnet than
    the police machine, execute
    > ping 141.223.127.250 -A -s 64000
    "-A" means automatic restart (but not more frequently than every 200ms to prevent DoS
    attack. "-s 64000" means sending ~64kbyte packets.
    It is important to perform this from a different subnet -- if you use a machine
    that is on the same subnet with the police machine, they will talk to each other
    directly, and router won't care about the traffic. It is important to relay the
    packets through the router so that it can constantly map the stolen IP to the
    police machine. With this, any connection on the thief machine will get lost because
    the thief machine can't get any responses from the network. Eventually, the user
    of the thief machine will change his/her IP...

 4) Receive arp packets from the machine which has stolen IP address 
    > echo yes | ./arpsend -t 141.223.127.250 -T ff:ff:ff:ff:ff:ff -c 600 -p 1

 5) Grep stolen ip address to confirm mac address come from single machine
    > ./arp-packet.x | grep 141\.223\.127\.250