[lug] tcpdump output
John Starkey
jstarkey at advancecreations.com
Wed Oct 4 14:11:17 MDT 2000
Sean and Kevin, thanks for the reply.
This is an eth0 connection to cable modem. the output also states "eth0 B
arp".
The request is for various addy's within the @home domain ( my ISP ). The
who-has is specifying several addys repetitively.
This has happened several times over the past few days.
The tell is 24.19.58.1 which I can't nslookup (non-existant)
Service has really been slow also, think it's connected??
Thanks again,
John
On Thu, 5 Oct 2000, Kevin Fenzi wrote:
> >>>>> "John" == John Starkey <jstarkey at advancecreations.com> writes:
>
> John> I'm getting some crazy lights on my modem. So I did a tcpdump
> John> and I keep seeing:
>
> John> who-has x.x.x.x tell x.x.x.x
>
> John> Is this a DHCP request?? Any idea how to cut it off?
>
> nope. This is an "ARP" request...(address resolution protocol).
>
> Basically when a machine tries to talk to another one, it sends an arp
> asking for what ethernet address it should send packets to when it's
> trying to talk to that host.
>
> it should be something like:
>
> arp who-has 10.1.50.254 tell 10.1.50.1
> arp reply 10.1.50.254 is-at 0:60:1d:23:99:a9 (0:2:2d:c:77:8c)
>
> If you are getting tons of these you might have a router or server
> machine that the others talk to down...ie, they are sending arps and
> no one is answering.
>
> machines typically send out arp requests every 30seconds or so...
>
> John> Thanks,
> John> John
>
> kevin
> --
> Kevin Fenzi
> MTS, tummy.com, ltd.
> http://www.tummy.com/ KRUD - Kevin's Red Hat Uber Distribution
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>
More information about the LUG
mailing list