Markus Gaugusch wrote on Tue, 7 Dec 2004 21:31:13 +0100 (CET):
00:02:7e:b0:6f:fc seems to be the offending remote network card, 00:02:7E is a cisco device 00:01:80 is AOpen, Inc. (according to http://standards.ieee.org/regauth/oui/oui.txt)
Maybe this can help you somehow, to find the offending machine.
Thanks for this tip. arp tells me that "00:02:7e:b0:6f:fc" is the router "next door" = the gateway. It seems it forwards the RPC packets with its own MAC included. Maybe that's how it is supposed to work, I don't know. But it's obviously a dead end. It seems none of the packets are faked, it's just that they are signed with the router's MAC. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org