From: Tom Eastep [mailto:[email protected]] Sent: 2. august 2012 04:32 On 8/1/12 3:24 PM, Bill Shirley wrote: > If I understand this correctly, some device on your LAN is sending > packets with a source address of 127.0.0.1. I would want to see those > packets with tcpdump: > > tcpdump -n -i eth1 host 127.0.0.1 >
> I would also want to see the ethernet header on the offending packets, so I > would add the -e option: > tcpdump -nei eth1 host 127.0.0.1 munin:~# tcpdump -nei eth1 host 127.0.0.1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes 10:04:28.383784 00:19:cb:c2:20:e7 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), l ength 60: Request who-has 192.168.1.5 tell 127.0.0.1, length 46 10:05:28.384162 00:19:cb:c2:20:e7 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), l ength 60: Request who-has 192.168.1.5 tell 127.0.0.1, length 46 10:06:28.384288 00:19:cb:c2:20:e7 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), l ength 60: Request who-has 192.168.1.5 tell 127.0.0.1, length 46 10:07:28.384566 00:19:cb:c2:20:e7 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), l ength 60: Request who-has 192.168.1.5 tell 127.0.0.1, length 46 10:08:28.565055 00:19:cb:c2:20:e7 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), l ength 60: Request who-has 192.168.1.5 tell 127.0.0.1, length 46 __________ I hope you guys understand the above output. Because I don't fully understand :) Thanks. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
