Date: Fri, 4 Aug 2000 15:53:28 -0400 From: Pierre Chiu <pccb@yahoo.com> To: cjclark@alum.mit.edu Cc: freebsd-questions@FreeBSD.ORG Subject: Re[2]: Problem: arp: unknown hardware address format (0x0800 Message-ID: <14840252309.20000804155328@yahoo.com> In-Reply-To: <20000804005528.F66052@184.215.6.64.reflexcom.com> References: <59125816885.20000803223510@yahoo.com> <20000803234318.D66052@184.215.6.64.reflexcom.com> <171142514454.20000804031328@yahoo.com> <20000804005528.F66052@184.215.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I should had run the raw dump :( http://www.pchiu.com/arp.dump.raw I am reading the tcpdump now. Hopefully, I can find out what that arp packet mean. I agree that nothing I can do to stop other computers emitting strange packet into the network. But for educational purpose, I would like to find out the cause of the problem. Does he has a bad NIC or running strange programs, etc...? Anyway, thank a lot for your help CJ. Friday, August 04, 2000, 3:55:28 AM, you wrote: > On Fri, Aug 04, 2000 at 03:13:28AM -0400, Pierre Chiu wrote: >> I ran tcpdump -en arp > arp.dump.txt for one minute. >> >> and this is the output http://www.pchiu.com/arp.dump.txt >> >> I suspect this is the offencing packet. >> >> 03:10:24.404368 0:5:2:50:91:7d ff:ff:ff:ff:ff:ff 0806 60: arp who-has 24.112.76.60 (ff:ff:ff:ff:ff:ff) tell 24.112.75.77 >> >> Comment pls? > Looks like a valid ARP to me. > Looking at the URL you give, I suspect these are your bad boys, > 03:10:20.224371 0:e0:29:20:86:e3 ff:ff:ff:ff:ff:ff 0806 60: arp-#2 for proto #2048 (4) hardware #2048 (0) > Note that 2048 = 0x0800 like in your kernel messages, >> >> Aug 3 21:48:01 zeus /kernel: arp: unknown hardware address format (0x0800) > Off the top of my head, I'm not sure what those are. Some other ARP > replies reveal that the machine generating those is 24.112.151.96. I > originally had hoped you were going to dump raw packets. Maybe if you > have a look at those, you can figure it out. However, unless you > control that hardware, it looks like it is out of your hands... Unless > those really are valid ARPs and your machine is freaking out because > it does not know what to do. It shouldn't be so verbose (or the > verbosity controllable) if that traffic is actually OK. -- Pierre \\|// (o o) +-------------------------oOOo-(_)-oOOo-----------------------------+ EMail : mailto:pccb(at)yahoo(dot)com PGPkey : http://www.pchiu.com/pgpkey.txt PGP fingerprint: 949E 0F39 422D 53EA F463 8C06 9E07 5078 838B 4D20 +-------------------------------------------------------------------+ terrorist activities To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14840252309.20000804155328>