diff --git a/arpwatch.8 b/arpwatch.8
index 4b15d3b..2685801 100644
--- a/arpwatch.8
+++ b/arpwatch.8
@@ -36,13 +36,16 @@ arpwatch - keep track of ethernet/ip address pairings
 .I interface
 ]
 .br
-.ti +8
+.ti +9
 [
 .B -n
 .IR net [/ width
 ]] [
 .B -r
 .I file
+] [
+.B -u
+.I username
 ]
 .ad
 .SH DESCRIPTION
@@ -94,10 +97,26 @@ of reading from the network. In this case,
 .B arpwatch
 does not fork.
 .LP
+If 
+.B -u 
+flag is used, 
+.B arpwatch
+drops root privileges and changes user ID to
+.I username
+and group ID to that of the primary group of 
+.IR username .
+This is recommended for security reasons.
+.LP
 Note that an empty
 .I arp.dat
 file must be created before the first time you run
-.BR arpwatch .
+.BR arpwatch . 
+Also, the default directory (where arp.dat is stored) must be owned
+by 
+.I username
+if 
+.BR -u
+flag is used.
 .LP
 .SH "REPORT MESSAGES"
 Here's a quick list of the report messages generated by