17 Sep
1996
17 Sep
'96
12:42 a.m.
Paul A Vixie writes:
looks like the cisco access-list debugger doesn't show enough detail. as soon as the path to the attacker crosses a MAE, you need to know the source MAC level address of the router that's splattering you.
The ability to record a couple of minutes of packets, complete with MAC layer data, and examine the packets post mortem, is really important for this kind of work. tcpdump lets you do that and more. Cisco stuff isn't really in that league, though as I said its better than nothing. Perry