Date: Thu, 28 Feb 2002 09:33:42 +1100 From: Edwin Groothuis <edwin@mavetju.org> To: David La Croix <dlacroix@cowpie.acm.vt.edu> Cc: freebsd-questions@freebsd.org Subject: Re: broadcast null in TCPDUMP output question Message-ID: <20020228093342.C8762@k7.mavetju.org> In-Reply-To: <200202272228.g1RMSCt04165@cowpie.acm.vt.edu>; from dlacroix@cowpie.acm.vt.edu on Wed, Feb 27, 2002 at 04:28:12PM -0600 References: <200202272228.g1RMSCt04165@cowpie.acm.vt.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 27, 2002 at 04:28:12PM -0600, David La Croix wrote: > > Can't think of a more appropriate place for this -- since it's a generic > question, and both machines on the "lan" are running FreeBSD: here goes: > > I have a small network: > 486-66 router FreeBSD 4.5 (ethernet via cs (ISA nic)) (provides a NATed route to the net via a second cs nic) > + > DLink DSS8+ 10/100 switch > + > K6 "workstation" FreeBSD 4.5 (ethernet via rl (PCI realtek 8139)) > this is where the tcpdump is running. > > Currently, what's listed is all that's ON on the network. > > Running "tcpdump -p ether broadcast" in addition to the rwhod and samba > noise, I'm also receiving "broadcast null" packets coming from a MAC address > I don't recognize: > > 16:13:17.101663 0:48:54:70:f4:69 > Broadcast null I (s=0,r=0,C) len=42 > 0000 0000 0000 0000 0000 0000 0000 0000 > 0000 0000 0000 0000 0000 0000 0000 0000 > 0000 0000 0000 0000 0000 > 16:16:08.871491 0:48:54:70:f4:69 > Broadcast null I (s=0,r=0,C) len=42 > 0000 0000 0000 0000 0000 0000 0000 0000 > 0000 0000 0000 0000 0000 0000 0000 0000 > 0000 0000 0000 0000 0000 > 16:19:00.641316 0:48:54:70:f4:69 > Broadcast null I (s=0,r=0,C) len=42 > 0000 0000 0000 0000 0000 0000 0000 0000 > 0000 0000 0000 0000 0000 0000 0000 0000 > 0000 0000 0000 0000 0000 > > > These always come from the same MAC address, so I can rule out > interference / corrupted packets, and they seem to come in regularly > every 3 minutes or so. Is the MAC address the one of the switch? It might be a keep-alive packet to see if the ethernet is still working. Edwin -- Edwin Groothuis | Personal website: http://www.MavEtJu.org edwin@mavetju.org | Interested in MUDs? Visit Fatal Dimensions: ------------------+ http://www.FatalDimensions.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020228093342.C8762>