[lug] tcpdump output
Kevin Fenzi
kevin at scrye.com
Thu Oct 5 13:51:59 MDT 2000
>>>>> "John" == John Starkey <jstarkey at advancecreations.com> writes:
John> I'm getting some crazy lights on my modem. So I did a tcpdump
John> and I keep seeing:
John> who-has x.x.x.x tell x.x.x.x
John> Is this a DHCP request?? Any idea how to cut it off?
nope. This is an "ARP" request...(address resolution protocol).
Basically when a machine tries to talk to another one, it sends an arp
asking for what ethernet address it should send packets to when it's
trying to talk to that host.
it should be something like:
arp who-has 10.1.50.254 tell 10.1.50.1
arp reply 10.1.50.254 is-at 0:60:1d:23:99:a9 (0:2:2d:c:77:8c)
If you are getting tons of these you might have a router or server
machine that the others talk to down...ie, they are sending arps and
no one is answering.
machines typically send out arp requests every 30seconds or so...
John> Thanks,
John> John
kevin
--
Kevin Fenzi
MTS, tummy.com, ltd.
http://www.tummy.com/ KRUD - Kevin's Red Hat Uber Distribution
More information about the LUG
mailing list