[lug] tcpdump output
Bill_Jarosko at adc.com
Thu Oct 5 14:17:52 MDT 2000
It's a router.. traceroute to it or even telnet to it ....
From: John Starkey [mailto:jstarkey at advancecreations.com]
Sent: Wednesday, October 04, 2000 2:11 PM
To: lug at lug.boulder.co.us
Subject: Re: [lug] tcpdump output
Sean and Kevin, thanks for the reply.
This is an eth0 connection to cable modem. the output also states "eth0 B
The request is for various addy's within the @home domain ( my ISP ). The
who-has is specifying several addys repetitively.
This has happened several times over the past few days.
The tell is 220.127.116.11 which I can't nslookup (non-existant)
Service has really been slow also, think it's connected??
On Thu, 5 Oct 2000, Kevin Fenzi wrote:
> >>>>> "John" == John Starkey <jstarkey at advancecreations.com> writes:
> John> I'm getting some crazy lights on my modem. So I did a tcpdump
> John> and I keep seeing:
> John> who-has x.x.x.x tell x.x.x.x
> John> Is this a DHCP request?? Any idea how to cut it off?
> nope. This is an "ARP" request...(address resolution protocol).
> Basically when a machine tries to talk to another one, it sends an arp
> asking for what ethernet address it should send packets to when it's
> trying to talk to that host.
> it should be something like:
> arp who-has 10.1.50.254 tell 10.1.50.1
> arp reply 10.1.50.254 is-at 0:60:1d:23:99:a9 (0:2:2d:c:77:8c)
> If you are getting tons of these you might have a router or server
> machine that the others talk to down...ie, they are sending arps and
> no one is answering.
> machines typically send out arp requests every 30seconds or so...
> John> Thanks,
> John> John
> Kevin Fenzi
> MTS, tummy.com, ltd.
> http://www.tummy.com/ KRUD - Kevin's Red Hat Uber Distribution
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
Web Page: http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG