[lug] tcpdump output

John Starkey jstarkey at advancecreations.com
Wed Oct 4 14:11:17 MDT 2000


Sean and Kevin, thanks for the reply. 

This is an eth0 connection to cable modem. the output also states "eth0 B
arp".

The request is for various addy's within the @home domain ( my ISP ). The
who-has is specifying several addys repetitively.

This has happened several times over the past few days.

The tell is 24.19.58.1 which I can't nslookup (non-existant)

Service has really been slow also, think it's connected??

Thanks again,

John

On Thu, 5 Oct 2000, Kevin Fenzi wrote:

> >>>>> "John" == John Starkey <jstarkey at advancecreations.com> writes:
> 
> John> I'm getting some crazy lights on my modem. So I did a tcpdump
> John> and I keep seeing:
> 
> John> who-has x.x.x.x tell x.x.x.x
> 
> John> Is this a DHCP request?? Any idea how to cut it off?
> 
> nope. This is an "ARP" request...(address resolution protocol). 
> 
> Basically when a machine tries to talk to another one, it sends an arp
> asking for what ethernet address it should send packets to when it's
> trying to talk to that host. 
> 
> it should be something like:
> 
> arp who-has 10.1.50.254 tell 10.1.50.1
> arp reply 10.1.50.254 is-at 0:60:1d:23:99:a9 (0:2:2d:c:77:8c)
> 
> If you are getting tons of these you might have a router or server
> machine that the others talk to down...ie, they are sending arps and
> no one is answering. 
> 
> machines typically send out arp requests every 30seconds or so...
> 
> John> Thanks,
> John> John
> 
> kevin
> -- 
> Kevin Fenzi
> MTS, tummy.com, ltd.
> http://www.tummy.com/  KRUD - Kevin's Red Hat Uber Distribution
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> 





More information about the LUG mailing list