[lug] tcpdump output

John Starkey jstarkey at advancecreations.com
Wed Oct 4 14:25:13 MDT 2000 

Ooops. Hence the x.x.x.1. :}

I'm sure there's nothing I can do except em tech support. Or do you know
of something??

John

On Thu, 5 Oct 2000, Jarosko, Bill wrote:

> It's a router.. traceroute to it or even telnet to it ....
> 
> 
> 
> -----Original Message-----
> From: John Starkey [mailto:jstarkey at advancecreations.com]
> Sent: Wednesday, October 04, 2000 2:11 PM
> To: lug at lug.boulder.co.us
> Subject: Re: [lug] tcpdump output
> 
> 
> Sean and Kevin, thanks for the reply. 
> 
> This is an eth0 connection to cable modem. the output also states "eth0 B
> arp".
> 
> The request is for various addy's within the @home domain ( my ISP ). The
> who-has is specifying several addys repetitively.
> 
> This has happened several times over the past few days.
> 
> The tell is 24.19.58.1 which I can't nslookup (non-existant)
> 
> Service has really been slow also, think it's connected??
> 
> Thanks again,
> 
> John
> 
> On Thu, 5 Oct 2000, Kevin Fenzi wrote:
> 
> > >>>>> "John" == John Starkey <jstarkey at advancecreations.com> writes:
> > 
> > John> I'm getting some crazy lights on my modem. So I did a tcpdump
> > John> and I keep seeing:
> > 
> > John> who-has x.x.x.x tell x.x.x.x
> > 
> > John> Is this a DHCP request?? Any idea how to cut it off?
> > 
> > nope. This is an "ARP" request...(address resolution protocol). 
> > 
> > Basically when a machine tries to talk to another one, it sends an arp
> > asking for what ethernet address it should send packets to when it's
> > trying to talk to that host. 
> > 
> > it should be something like:
> > 
> > arp who-has 10.1.50.254 tell 10.1.50.1
> > arp reply 10.1.50.254 is-at 0:60:1d:23:99:a9 (0:2:2d:c:77:8c)
> > 
> > If you are getting tons of these you might have a router or server
> > machine that the others talk to down...ie, they are sending arps and
> > no one is answering. 
> > 
> > machines typically send out arp requests every 30seconds or so...
> > 
> > John> Thanks,
> > John> John
> > 
> > kevin
> > -- 
> > Kevin Fenzi
> > MTS, tummy.com, ltd.
> > http://www.tummy.com/  KRUD - Kevin's Red Hat Uber Distribution
> > 
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > 
> 
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>

More information about the LUG mailing list