From owner-freebsd-questions  Wed Feb 27 14:59:15 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from topaz.mdcc.cx (topaz.mdcc.cx [212.204.230.141])
	by hub.freebsd.org (Postfix) with ESMTP id 8BF2F37B400
	for <freebsd-questions@freebsd.org>; Wed, 27 Feb 2002 14:59:10 -0800 (PST)
Received: from k7.mavetju.org (topaz.mdcc.cx [212.204.230.141])
	by topaz.mdcc.cx (Postfix) with ESMTP
	id 173782B703; Wed, 27 Feb 2002 23:58:46 +0100 (CET)
Received: by k7.mavetju.org (Postfix, from userid 1001)
	id 551154B8; Thu, 28 Feb 2002 09:33:42 +1100 (EST)
Date: Thu, 28 Feb 2002 09:33:42 +1100
From: Edwin Groothuis <edwin@mavetju.org>
To: David La Croix <dlacroix@cowpie.acm.vt.edu>
Cc: freebsd-questions@freebsd.org
Subject: Re: broadcast null in TCPDUMP output question
Message-ID: <20020228093342.C8762@k7.mavetju.org>
Mail-Followup-To: Edwin Groothuis <edwin@mavetju.org>,
	David La Croix <dlacroix@cowpie.acm.vt.edu>,
	freebsd-questions@freebsd.org
References: <200202272228.g1RMSCt04165@cowpie.acm.vt.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <200202272228.g1RMSCt04165@cowpie.acm.vt.edu>; from dlacroix@cowpie.acm.vt.edu on Wed, Feb 27, 2002 at 04:28:12PM -0600
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Wed, Feb 27, 2002 at 04:28:12PM -0600, David La Croix wrote:
> 
> Can't think of a more appropriate place for this -- since it's a generic 
> question, and both machines on the "lan" are running FreeBSD: here goes:
> 
> I have a small network:
> 486-66 router FreeBSD 4.5 (ethernet via cs (ISA nic)) (provides a NATed route to the net via a second cs nic)
>   +
>   DLink DSS8+ 10/100 switch
>   +
> K6 "workstation" FreeBSD 4.5 (ethernet via rl (PCI realtek 8139))   
> this is where the tcpdump is running.
> 
> Currently, what's listed is all that's ON on the network.
> 
> Running "tcpdump -p ether broadcast" in addition to the rwhod and samba
> noise, I'm also receiving "broadcast null" packets coming from a MAC address
> I don't recognize:
> 
> 16:13:17.101663 0:48:54:70:f4:69 > Broadcast null I (s=0,r=0,C) len=42
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000
> 16:16:08.871491 0:48:54:70:f4:69 > Broadcast null I (s=0,r=0,C) len=42
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000
> 16:19:00.641316 0:48:54:70:f4:69 > Broadcast null I (s=0,r=0,C) len=42
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000 0000 0000 0000
>                          0000 0000 0000 0000 0000
> 
> 
> These always come from the same MAC address, so I can rule out 
> interference / corrupted packets, and they seem to come in regularly 
> every 3 minutes or so.

Is the MAC address the one of the switch? It might be a keep-alive
packet to see if the ethernet is still working.

Edwin

-- 
Edwin Groothuis   |              Personal website: http://www.MavEtJu.org
edwin@mavetju.org |           Interested in MUDs? Visit Fatal Dimensions:
------------------+                       http://www.FatalDimensions.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message