[lug] tcpdump output
Sean Reifschneider
jafo at tummy.com
Thu Oct 5 13:48:58 MDT 2000
On Wed, Oct 04, 2000 at 01:33:40PM -0600, John Starkey wrote:
>I'm getting some crazy lights on my modem. So I did a tcpdump and I keep
>seeing:
>
>who-has x.x.x.x tell x.x.x.x
>
>Is this a DHCP request?? Any idea how to cut it off?
This is an ARP (Address Resolution Protocol) request. ARP is used to map
from IP addresses to MAC hardware addresses (which are how machines on a local
network segment communicate). I don't know why these requests would be
going across your modem line, the terminal server on the remote side
should be doing proxy-ARP for you. I'd guess it's a misconfiguration
issue, but without know the IP addresses above, and what addresses you
have configured I can't really tell.
If the "tell" address is your interface, your machine is requesting
them. If the "who-has" address is yours, it's that the remote terminal
server isn't properly proxying ARP for you.
You *ARE* doing tcpdump on your modem interface and not the ethernet
interface (where you'd expect to see ARPs)? "tcpdump -i ppp0" will
force it.
Sean
--
Thieves broke into Scotland Yard yesterday and stole all the toilets.
Detectives say they have nothing to go on.
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
More information about the LUG
mailing list