> (1) Create basically the same filter you are using on your outbound router
> already (the router that you have that is filtering source spoof attempts
> already) on each one of your PMs but in reverse--e.g. change the permits
> to denys (you'll see why next) and visa-versa.
>
> (2) Using that filter do a "ptrace <filter_name> extended" which will show
> you the interface the packet came in on.
Thanks Josh - this is exactly what I want. I guess I should learn to
pay more attention to release notes - grepping old ones shows the
ptrace "extended" turned up more than a year ago.
-- Dick St.Peters, stpeters@NetHeaven.com Gatekeeper, NetHeaven, Saratoga Springs, NY, 1-800-910-6671 (voice) Saratoga/Albany/Amsterdam/BlueMountain/BoltonLanding/Cobleskill/ Greenwich/GlensFalls/LakePlacid/NorthCreek/Plattsburgh/... Oldest Internet service based in the 518 area code - To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message. Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>