Hardware address misuse
 

Im in a university where in , we are required to register our hardware addresses for our internet connection , however someone seems to be misusing the system by using the address to which ive been registered to. He comes online for only for a limited period of time in the day and i need to sniff the person out ,How do i do it??

Call them and explain them the problem because there is no easy solution.
Try arpwatch
If he does a mistake, you will get his real mac adress
I have no other legal idea ;)

Hmm.. Interestng.
I wonder, if you could supply them with your hardware address (MAC address) you'll probably need to work with the system admins of your university and suggest to them to peruse/monitor the server logs looking for your address and where it is connecting from (should be very easy for them to insert a rule into their firewall to react to any specific address), and meanwhile check into overriding your actual hardware address with a software one until the culprit is located, at which point you can switch back to your default HWaddress.
I am not certain, I think as far as overriding your HWaddress you need to use IPtables or something to do with Inetd.. Sorry I can't remember where I just recently came across it on my system, but I'll have a peek around and if you like, post the info.
Best of luck! Darned address thieves Grr :P

Ahhh, here it is, from etc/rc.inet1.conf

Not sure what the [4] is for (no pun intended, lol), but there is one on every line of my file.
If stealing an address is (and it likely is) against university policy :) you could change yours and leave the culprit-finding up to the sysadmins.. just remember to register your new address with the system.