On Sat, Apr 28, 2001 at 08:29:15PM +1000, marty wrote:
> unless i have this totally wrong, arpwatch is no good to me...
I'm not 100% sure whether it will be. But its a nice tool
anyway.
> is there a tool that captures ethernet frames?
As john already said, tcpdump, but if arpwatch doesn't help, then
you'll need to look at all ip traffic, not just arp.
tcpdump -eni eth0 ip
Then I guess you'll need to parse the output with perl or something.
Or there's nice graphical ones like ethereal
I think iptables records the mac address in its logs, it at least has
a MAC= part to the log line.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
