Ethernet monitoring/tracing question
Bart Silverstrim
bsilver at chrononomicon.com
Sat Nov 29 17:24:07 UTC 2008
I was pondering this question regarding tracking a machine on a network.
I was looking at a traffic dump from Wireshark on a network of roughly
800 systems.
I saw traffic labeled SMTP, destined for a legit mail gateway, but
originating from IP's outside our network and the traffic being
broadcast was obvious spam content.
I'm thinking that since a workstation should not be able to *see*
network traffic in a 10.xxx network originating from 63.xxx and 83.xxx
networks and such, these are spoofed.
Is there a way without playing with the switches and their ports to
trace what machines sending these email messages? I figure it had to
have traffic of the actual IP somewhere or the SMTP conversation would
fail, and I didn't see a MAC address in there.
More information about the ubuntu-users
mailing list