> tcpdump -nei eth0 ip and not src net 192.168.0.0/24
i had something like that running, but without the 'e' switch, so i was
able to isolate the offending packets but not the MAC address...
adding the 'e' switch should do what i want... :)
> But thats assuming they aren't also forging their mac addresses.
if they are doing that, i should have been running arpwatch to catch the
change... :P
later
marty
"I can't buy what I want because it's free. Can't be what they want
because I'm me." - Corduroy, Pearl Jam
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug