Date: Mon, 1 Jan 2001 23:43:24 -0800 From: Alfred Perlstein <bright@wintelcom.net> To: =?iso-8859-1?Q?F=E9lix-Antoine_Paradis?= <reel@sympatico.ca> Cc: hackers@FreeBSD.ORG Subject: Re: ARP question. Message-ID: <20010101234324.Z19572@fw.wintelcom.net> In-Reply-To: <5.0.2.1.0.20010102023010.00a101f0@pop6.sympatico.ca>; from reel@sympatico.ca on Tue, Jan 02, 2001 at 02:30:16AM -0500 References: <5.0.2.1.0.20010102023010.00a101f0@pop6.sympatico.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
* Félix-Antoine Paradis <reel@sympatico.ca> [010101 23:28] wrote: > Hi, > When we do a "dmesg" on a 4.2-STABLE box, we get: > > arp: 200.42.126.18 moved from 00:e0:7d:7b:53:f0 to 00:c0:df:f4:ac:05 on ed0 > > and, in ifconfig, it says: > > ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet 200.42.126.20 netmask 0xffffff00 broadcast 200.42.126.255 > inet6 fe80::2e0:7dff:fe7b:548a%ed0 prefixlen 64 scopeid 0x1 > ether 00:e0:7d:7b:54:8a > > ed0 is connected to a switch. we want to know what the "arp: " message > means. on the linux box, we have: > > eth0 Link encap:Ethernet HWaddr 00:C0:DF:F4:AC:05 > inet addr:200.42.126.18 Bcast:200.42.126.23 Mask:255.255.255.248 > UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 > RX packets:12738748 errors:0 dropped:0 overruns:0 frame:556 > TX packets:4014499 errors:0 dropped:0 overruns:0 carrier:0 > collisions:172394 txqueuelen:100 > Interrupt:10 Base address:0xe800 > eth1 Link encap:Ethernet HWaddr 00:E0:7D:7B:53:F0 > inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:3634104 errors:0 dropped:0 overruns:0 frame:4 > TX packets:3842298 errors:0 dropped:0 overruns:0 carrier:0 > collisions:197818 txqueuelen:100 > Interrupt:12 Base address:0xec00 > inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 > > Both eth0 and eth1 are connected to that same switch. You should check /var/log/messages for the datestamp. Basically it means someone took someone's arp address either by 1) taking the IP from a different machine. 2) telling a machine to change its hardware address. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010101234324.Z19572>