netbsd-help: Re: ARP queries; what do they mean?

Subject: Re: ARP queries; what do they mean?
To: None <netbsd-help@netbsd.org>
From: Wolfgang Rupprecht <wolfgang+gnus20021212T180120@wsrcc.com>
List: netbsd-help
Date: 12/12/2002 18:07:32

rauch@rice.edu (Richard Rauch) writes:
> I guess, then, there's no way to determine the origin of these packets
> just by watching the wire?

tcpdump?

    tcpdump -s 1500 -i <externalinterface> -w /tmp/external.tcpdump &

    <wait for it to occur>

    ethereal -r /tmp/external.tcpdump &

Then read the ether MAC address and compare to the MAC's that you
know.  It may help to do an "arp -a" and fill in /etc/ethers with the
info.  You will at least be able to tell if it is your isp gateway or
someone else on your network sending the packets.

        arp -a | awk '{ print $4 " " $1 }' >> /etc/ethers 

-wolfgang
-- 
Wolfgang Rupprecht 		     http://www.wsrcc.com/wolfgang/

spider food: http://www.wsrcc.com/baddream/usenet/
(NOTE: The email address above is valid.  Edit it at your own peril.)