xarpi_schema = library_schema:new( 1, ["time", "eth", "ip", "eth", "int" ],  
                                        scope() );

filter extarp packet ( )  {

     if (eth.type == 0x806){ # it's an ARP request
       $sender_ip = host( byte(packet.blob, 28),
                          byte(packet.blob, 29),
                          byte(packet.blob, 30),
                          byte(packet.blob, 31));

        if ( !( $sender_ip inside values:my_networks )) {
           record system.time, eth.src, $sender_ip, eth.dst, eth.len
               to xarpi_recorder;
             return;
        }
     }
}

xarpi_recorder=recorder( "bin/histogram packages/test/ext_arp_inside.cfg",
	"xarpi_schema"  );