Ethernet monitoring/tracing question

Bart Silverstrim bsilver at
Sat Nov 29 17:24:07 UTC 2008

I was pondering this question regarding tracking a machine on a network.

I was looking at a traffic dump from Wireshark on a network of roughly 
800 systems.

I saw traffic labeled SMTP, destined for a legit mail gateway, but 
originating from IP's outside our network and the traffic being 
broadcast was obvious spam content.

I'm thinking that since a workstation should not be able to *see* 
network traffic in a network originating from and 
networks and such, these are spoofed.

Is there a way without playing with the switches and their ports to 
trace what machines sending these email messages? I figure it had to 
have traffic of the actual IP somewhere or the SMTP conversation would 
fail, and I didn't see a MAC address in there.

More information about the ubuntu-users mailing list