[Dshield] FW: OT MAC question

Johannes B. Ullrich jullrich at sans.org
Fri Mar 17 23:46:32 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160



Sounds like all you need is to run tcpdump on a wireless system close to
the AP (so it sees the same packets?)



Paul Marsh wrote:
>  This is a first, I didn't receive any response on this.  Anyone have
> any ideas where I should look?
> 
> Thanx, Paul
> 
> -----Original Message-----
> From: Paul Marsh
> Sent: Wednesday, March 15, 2006 12:19 PM
> To: 'General DShield Discussion List'
> Subject: OT MAC question
> 
> Once again and as always please excuse the OT question but I know the
> list will answer my question ;)
> 
> I've rolled out a Linksys WRT54Gx2. I'm having issues with it (I won't
> go in to it) but part of troubleshooting the problems has revealed
> outside connection attempts.  Multiples for the same two MACs every
> second, so many I'm thinking that it could be a piece of the pie eating
> up CPU cycles. 
> 
> I've ping the broadcast address of the LAN and checked arp cache but
> can't find the MACs in question.  Linksys's admin interface for the WRT
> is limited at best, I can't find any place in the interface to show arp
> cache.  I know I'll eventually end up at OpenWRT but I'm not ready for
> that just yet.
> 
> The question is, is there a tool out there that I could use to identify
> these connection attempts?
> 
> Thanx, Paul  
> 
> 
> 
> The information in this transmittal (including attachments, if any) is privileged and confidential and is intended only for the recipient(s) listed above. Any review, use, disclosure, distribution or copying of this transmittal is prohibited except by or on behalf of the intended recipient. If you have received this transmittal in error, please notify me immediately by reply email and destroy all copies of the transmittal. Thank you.
> 
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> 


- --

- -------------------
Johannes B. Ullrich, Ph.D
Chief Research Officer
SANS Institute
http://isc.sans.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEG0pXPNuXYcm/v/0RAwAOAJ97/w1BgRIm27hX6Lsxlz6X4tC9NwCcCnGY
jgSvXRT4FvSEeubKkXe/qNc=
=yuiF
-----END PGP SIGNATURE-----


More information about the list mailing list