Date: Fri, 4 Aug 2000 03:13:28 -0400 From: Pierre Chiu <pccb@yahoo.com> To: cjclark@alum.mit.edu Cc: freebsd-questions@FreeBSD.ORG Subject: Re[2]: Problem: arp: unknown hardware address format (0x0800 Message-ID: <171142514454.20000804031328@yahoo.com> In-Reply-To: <20000803234318.D66052@184.215.6.64.reflexcom.com> References: <59125816885.20000803223510@yahoo.com> <20000803234318.D66052@184.215.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I ran tcpdump -en arp > arp.dump.txt for one minute. and this is the output http://www.pchiu.com/arp.dump.txt I suspect this is the offencing packet. 03:10:24.404368 0:5:2:50:91:7d ff:ff:ff:ff:ff:ff 0806 60: arp who-has 24.112.76.60 (ff:ff:ff:ff:ff:ff) tell 24.112.75.77 Comment pls? Friday, August 04, 2000, 2:43:18 AM, you wrote: > On Thu, Aug 03, 2000 at 10:35:10PM -0400, Pierre Chiu wrote: >> This log is from /var/log/messages >> >> Aug 3 21:48:01 zeus /kernel: arp: unknown hardware address format (0x0800) >> Aug 3 21:48:33 zeus last message repeated 4 times >> Aug 3 21:50:39 zeus last message repeated 16 times >> Aug 3 22:00:46 zeus last message repeated 75 times >> Aug 3 22:09:03 zeus last message repeated 63 times >> Aug 3 22:09:16 zeus /kernel: arp: unknown hardware address format (0x0800) >> Aug 3 22:09:48 zeus last message repeated 4 times >> Aug 3 22:11:55 zeus last message repeated 16 times >> Aug 3 22:21:48 zeus last message repeated 75 times >> >> I just upgrade my freebsd 3.5 to freebsd 4.1-release on my machine and >> keep on getting this error message. >> >> I don't see this error message in my 3.5 version. It only happena >> after I upgraded. It is on a cable connection but I am >> not sure if there is anything to do with it. >> >> >> Question: >> #1. Where are these ARP coming from? > Probably over your coax cable connection. To make sure, try to capture > them, > # tpcdump -enw arp.dump arp > And have a look. That will print info about the packets and also dump > them to the file 'arp.dump.' See if you can make any sense of or > return to the list if you have more questions. >> #2. Is there anything wrong with my setup? > Probably not if these are coming in from the outside. Try to verify > they are with the above results. >> #3. How do I disable it if there is no danger to security? > Not a lot you can do there without hacking kernel, raising the level > of message logged from the kernel, or running the messages through a > filter. If it's someone's machine spewing junk on to the network, you > can try your ISP... but good luck. -- Pierre \\|// (o o) +-------------------------oOOo-(_)-oOOo-----------------------------+ EMail : mailto:pccb(at)yahoo(dot)com PGPkey : http://www.pchiu.com/pgpkey.txt PGP fingerprint: 949E 0F39 422D 53EA F463 8C06 9E07 5078 838B 4D20 +-------------------------------------------------------------------+ working as designed To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?171142514454.20000804031328>