On Mon, 16 Sep 1996, Paul A Vixie wrote: ==>looks like the cisco access-list debugger doesn't show enough detail. ==>as soon as the path to the attacker crosses a MAE, you need to know the ==>source MAC level address of the router that's splattering you. Paul is correct; I left out the caveat that you have to go "hunting" once you get to a multi-access media network. However, a good tool at this point becomes the monitor option/port found on certain switches which will redirect traffic bound for a certain port to also appear on the monitor port for sniffing. I don't know if the GIGAswitches have such a monitoring option or port; if so, cooperation from the various IXP operators would be a great help in determining the hop. (I also think implementing a MAC-level packet debug would be very beneficial to help find culprits in this case, not to mention help troubleshoot other problems). /cah ---- Craig A. Huegen CCIE #2100 || || Network Analyst, IS-Network/Telecom || || cisco Systems, Inc., 250 West Tasman Drive |||| |||| San Jose, CA 95134, (408) 526-8104 ..:||||||:..:||||||:.. email: chuegen@cisco.com c i s c o S y s t e m s