On Sat, Apr 28, 2001 at 09:43:33PM +1000, getadog wrote:
> tcpdump -eni eth0 ip
I hit send then had a thought.
tcpdump -nei eth0 ip and not src net 192.168.0.0/24
change 192.168.0.0 with your network address
Then you will only record packets with forged
source ip addresses.
Then if you run arpwatch, or record mac addresses by
some other means you can match them up.
But thats assuming they aren't also forging their mac addresses.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
