You can track them..or restrict them with expesive technologies.. like intelligent switches etc. However.. if you want the easier way.. you can do the following..... Assuming all node are windows PCs .... goto each pc on your lan.. (assuming it is wired ) C:\>ipconfig -all | findstr "Physical" > 1.txt It will list the Mac Address of the PC. The mac address in windows will look like .. 00-01-00-33-00-01 You can block the host using too much traffic with iptables.. # iptables -A INPUT -m mac --mac-source 00:01:00:33:00:01 -j DROP notice the : (colon) instead of - (minus symbol ) in mac address representation On Nov 25, 2007 8:09 PM, desant1@xxxxxx <desant1@xxxxxx> wrote: > Hi everybody > I'm using RH ES4 with iptables as gateway/firewall for my > LAN. > In the last week i notice in the iptables logs that a host within > my lan is doing a lot of traffic. > The destination/source address of the > packets and the used port suggest that this host is using peerToPeer > application (emule or similar). > The problem is that i'm not able to > identify this host within my LAN: > I can see his IP address (192.168.x. > y) and i can find his mac address througth ARP, but i can't ping it and > there is no host within my lan with this Mac address. > I can't > traceroute it. > Can someone help me to find this hidden host? > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
