Hi, if you have a redhat linux box, try downloading and running latest version of ARPWATCH downloadable from ftp://ftp.ee.lbl.gov/ which will allow you to collate MAC Address/IP address info. on a LAN segment as well as detect MAC address to IP address changes and ARP poisoning attacks. Then use another free linux based tool to help you identify the suspect machine, and do OS fingerprinting including identifying the network card, this tool is called ETTERCAP downloadable from http://ettercap.sourceforge.net/ Another technique which will work in windows based environments where snmp or messenger service is running on the desktop/server is to send a message to the IP address asking them to call you, if indeed they will.
Please note that you may have problems using these sniffers succesfully if your network is switched to the desktop. Hope this helps. Cheers Taiye.
