> root@kermit:~# tcpdump -eni eth0 arp
> tcpdump: listening on eth0
> 19:14:42.779881 0:d0:9:34:d2:84 ff:ff:ff:ff:ff:ff 0806 60: arp who-has
> 203.62.148.33 tell 203.62.148.37
>
> format of above is
> timestamp from-MAC to-MAC Protocol notsure: arp-packet-info
ok, but if a machine is being manipulated to generate spoofed IPs, that
surely won't affect the ARP requests (ie. i am only ever going to see
valid, assigned IPs in the ARP packet payload)
or have i got that wrong?
later
marty
"I can't buy what I want because it's free. Can't be what they want
because I'm me." - Corduroy, Pearl Jam
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug