Ethereal-users: Re: [Ethereal-users] (no subject)
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "John E. Mayorga" <jmayorga5@xxxxxxxxx>
Date: Sun, 21 Apr 2002 16:43:03 -0700 (PDT)
Rick, Guy, Sorry. I have no router. My box is directly connected to the cablemodem. Before, I was only trying to imply that I was the only user connected to a hub, which was connected to a router to which another hub was connected to which other users were connected, something like this: MyBox->Cablemodem->tvCable->Hub->Router ...and from that same Router: Router->Hub->tvCable->OtherCableModemsInMySubnet ...so, if it is true that I am the only one in my area (on the local cablemodem "hub", wherever it is), and that hub was connected to a Router, which was connected to other hubs, each of which was connected to zero or more Cablemodems, would that explain the results I sent in my original email? John --- Rick Farina <farinard@xxxxxxxxxx> wrote: > Okay, here is how it breaks down...all of those > addresses on your subnet > look different to me. What that tells me is that > there is no router between > you and the rest of the people on your subnet. > However what you said in your first email implies > that you have a router. > I'm with Guy, do you have a router in your house? > What is the EXACT > internal network configuration? > > Cablemodem -> Cisco XXX router -> RH7.2 box? > > Second of all, type this right now. > > "rpm -ev `rpm -qa | grep ethereal`" > > Then go to www.ethereal.com > and download the newest version (rpm if you > like...I'd acctually suggest it) > > Then try this all again....could be a bug in the > ANCIENT ethereal you are > running. > > -Rick Farina > > > > ----- Original Message ----- > From: "John E. Mayorga" <jmayorga5@xxxxxxxxx> > To: "Rick Farina" <farinard@xxxxxxxxxx> > Cc: <ethereal-users@xxxxxxxxxxxx> > Sent: Sunday, April 21, 2002 18:58 > Subject: Re: [Ethereal-users] (no subject) > > > Rick, > > I installed arping and created a little script to > run > through the subnet. Here is the output: > > ARPING 24.127.52.1 from 24.127.52.10 eth0 > Unicast reply from 24.127.52.1 [00:B0:8E:F7:3C:54] > 8.803ms > Sent 1 probes (1 broadcast(s)) > Received 1 response(s) > ARPING 24.127.52.2 from 24.127.52.10 eth0 > Unicast reply from 24.127.52.2 [00:D0:09:61:D7:2F] > 9.601ms > Sent 1 probes (1 broadcast(s)) > Received 1 response(s) > ARPING 24.127.52.3 from 24.127.52.10 eth0 > Unicast reply from 24.127.52.3 [00:04:5A:41:2C:F3] > 51.540ms > Sent 1 probes (1 broadcast(s)) > Received 1 response(s) > ARPING 24.127.52.4 from 24.127.52.10 eth0 > Unicast reply from 24.127.52.4 [00:02:E3:03:C4:E0] > 9.096ms > Sent 1 probes (1 broadcast(s)) > Received 1 response(s) > ARPING 24.127.52.5 from 24.127.52.10 eth0 > Unicast reply from 24.127.52.5 [00:10:4C:12:30:1E] > 9.515ms > Sent 1 probes (1 broadcast(s)) > Received 1 response(s) > ARPING 24.127.52.6 from 24.127.52.10 eth0 > Unicast reply from 24.127.52.6 [00:03:47:DB:D7:13] > 31.087ms > Sent 1 probes (1 broadcast(s)) > Received 1 response(s) > ARPING 24.127.52.7 from 24.127.52.10 eth0 > Unicast reply from 24.127.52.7 [00:00:C5:3C:9A:32] > 12.555ms > Sent 1 probes (1 broadcast(s)) > Received 1 response(s) > ARPING 24.127.52.8 from 24.127.52.10 eth0 > Sent 1 probes (1 broadcast(s)) > Received 0 response(s) > > ... > > These MACs are different than the ones reported > before > by hunt and ethereal. Is it that all my traffic is > coming through the router, even that of the other > members of my subnet, so other programs are > reporting > the router's MAC? > > John > > > --- Rick Farina <farinard@xxxxxxxxxx> wrote: > > A good way to properly search for MAC's is > "arping" > > http://freshmeat.net/projects/arping/?topic_id=150 > > I suggest you use that to find MAC's.....however, > an > > important fact is that > > anything outside of your router will have the MAC > > address of your router > > (ARP is not routed). Are all of those addresses > on > > your side of the router? > > or are they on the other side. That is the most > > obvious conclusion that I > > have (besides foul play). Let me know if that's > > it....otherwise, we can try > > to diagnose possible foul play. ;-) > > > > -Rick Farina > > ----- Original Message ----- > > From: "John E. Mayorga" <jmayorga5@xxxxxxxxx> > > To: <ethereal-users@xxxxxxxxxxxx> > > Sent: Sunday, April 21, 2002 16:35 > > Subject: [Ethereal-users] (no subject) > > > > > > I'm on at&t @home service, and I've noticed some > > strangeness in my subnet that I can't explain. I'm > > sure someone here will know an obvious reason, so > > here > > it goes. > > > > I'm running on Red Hat 7.2 with an updated kernal > > from > > Red Hat. Here is the output from "uname -a": > > > > Linux ldap.athlon.com 2.4.9-31 #1 Tue Feb 26 > > 06:23:51 > > EST 2002 i686 unknown > > > > The results were gathered from three tools: > > hunt 1.5 - for gathering MAC addresses > > nmap V. 2.54BETA22 - for getting a response from > > members of my subnet > > ethereal 0.8.18 - general sniffing > > > > OK, so here's the "thing" - everybody on my subnet > > has > > the same MAC address, including my router. Yow! > > Something I'm doing wrong, right? Well, let's see: > > > > First, I fire up hunt and tell it to collect MAC > > addresses. While hunt is doing its job, I run " > > nmap -sP 24.127.52.*". Hunt reports the following > > while running: > > > > ARP: MAC src != ARP src for host 24.127.52.3 > > ARP: MAC src != ARP src for host 24.127.52.4 > > ARP: MAC src != ARP src for host 24.127.52.5 > > ARP: MAC src != ARP src for host 24.127.52.6 > > ARP: MAC src != ARP src for host 24.127.52.7 > > ARP: MAC src != ARP src for host 24.127.52.8 > > ARP: MAC src != ARP src for host 24.127.52.9 > > ARP: MAC src != ARP src for host 24.127.52.11 > > ARP: MAC src != ARP src for host 24.127.52.12 > > ARP: MAC src != ARP src for host 24.127.52.16 > > ARP: MAC src != ARP src for host 24.127.52.17 > > ARP: MAC src != ARP src for host 24.127.52.20 > > ARP: MAC src != ARP src for host 24.127.52.21 > > ARP: MAC src != ARP src for host 24.127.52.22 > > ARP: MAC src != ARP src for host 24.127.52.23 > > ARP: MAC src != ARP src for host 24.127.52.24 > > ARP: MAC src != ARP src for host 24.127.52.26 > > ARP: MAC src != ARP src for host 24.127.52.29 > > ARP: MAC src != ARP src for host 24.127.52.47 > > ARP: MAC src != ARP src for host 24.127.52.48 > > ARP: MAC src != ARP src for host 24.127.52.49 > > ARP: MAC src != ARP src for host 24.127.52.51 > > ARP: MAC src != ARP src for host 24.127.52.52 > > ARP: MAC src != ARP src for host 24.127.52.53 > > ARP: MAC src != ARP src for host 24.127.52.55 > > ARP: MAC src != ARP src for host 24.127.52.57 > > ARP: MAC src != ARP src for host 24.127.52.58 > > ARP: MAC src != ARP src for host 24.127.52.60 > > ARP: MAC src != ARP src for host 24.127.52.61 > > ARP: MAC src != ARP src for host 24.127.52.62 > > ARP: MAC src != ARP src for host 24.127.52.64 > > ARP: MAC src != ARP src for host 24.127.52.65 > > ARP: MAC src != ARP src for host 24.127.52.31 > > ARP: MAC src != ARP src for host 24.127.52.33 > > ARP: MAC src != ARP src for host 24.127.52.37 > > ARP: MAC src != ARP src for host 24.127.52.38 > > ARP: MAC src != ARP src for host 24.127.52.39 > > ARP: MAC src != ARP src for host 24.127.52.67 > > ARP: MAC src != ARP src for host 24.127.52.68 > > ARP: MAC src != ARP src for host 24.127.52.69 > > ARP: MAC src != ARP src for host 24.127.52.70 > > ARP: MAC src != ARP src for host 24.127.52.72 > > ARP: MAC src != ARP src for host 24.127.52.74 > > ARP: MAC src != ARP src for host 24.127.52.75 > > ARP: MAC src != ARP src for host 24.127.52.78 > > ARP: MAC src != ARP src for host 24.127.52.41 > > ARP: MAC src != ARP src for host 24.127.52.42 > > ARP: MAC src != ARP src for host 24.127.52.44 > > ARP: MAC src != ARP src for host 24.127.52.80 > > ARP: MAC src != ARP src for host 24.127.52.82 > > ARP: MAC src != ARP src for host 24.127.52.85 > > ARP: MAC src != ARP src for host 24.127.52.86 > > ARP: MAC src != ARP src for host 24.127.52.87 > > ARP: MAC src != ARP src for host 24.127.52.88 > > ARP: MAC src != ARP src for host 24.127.52.89 > > ARP: MAC src != ARP src for host 24.127.52.90 > > ARP: MAC src != ARP src for host 24.127.52.91 > > ARP: MAC src != ARP src for host 24.127.52.92 > > ARP: MAC src != ARP src for host 24.127.52.93 > > ARP: MAC src != ARP src for host 24.127.52.95 > > ARP: MAC src != ARP src for host 24.127.52.97 > > ARP: MAC src != ARP src for host 24.127.52.98 > > ARP: MAC src != ARP src for host 24.127.52.99 > > ARP: MAC src != ARP src for host 24.127.52.100 > > ARP: MAC src != ARP src for host 24.127.52.101 > > ARP: MAC src != ARP src for host 24.127.52.103 > > ARP: MAC src != ARP src for host 24.127.52.105 > > ARP: MAC src != ARP src for host 24.127.52.107 > > ARP: MAC src != ARP src for host 24.127.52.108 > > ARP: MAC src != ARP src for host 24.127.52.109 > > ARP: MAC src != ARP src for host 24.127.52.110 > > ARP: MAC src != ARP src for host 24.127.52.111 > > ARP: MAC src != ARP src for host 24.127.52.114 > > ARP: MAC src != ARP src for host 24.127.52.115 > > ARP: MAC src != ARP src for host 24.127.52.116 > > ARP: MAC src != ARP src for host 24.127.52.117 > > ARP: MAC src != ARP src for host 24.127.52.118 > > ARP: MAC src != ARP src for host 24.127.52.119 > > ARP: MAC src != ARP src for host 24.127.52.120 > > ARP: MAC src != ARP src for host 24.127.52.121 > > ARP: MAC src != ARP src for host 24.127.52.122 > > ARP: MAC src != ARP src for host 24.127.52.123 > > ARP: MAC src != ARP src for host 24.127.52.124 > > ARP: MAC src != ARP src for host 24.127.52.125 > > ARP: MAC src != ARP src for host 24.127.52.126 > > ARP: MAC src != ARP src for host 24.127.52.130 > > ARP: MAC src != ARP src for host 24.127.52.131 > > ARP: MAC src != ARP src for host 24.127.52.133 > > ARP: MAC src != ARP src for host 24.127.52.134 > > ARP: MAC src != ARP src for host 24.127.52.136 > > ARP: MAC src != ARP src for host 24.127.52.142 > > ARP: MAC src != ARP src for host 24.127.52.146 > > ARP: MAC src != ARP src for host 24.127.52.149 > > ARP: MAC src != ARP src for host 24.127.52.151 > > ARP: MAC src != ARP src for host 24.127.52.155 > > ARP: MAC src != ARP src for host 24.127.52.156 > > ARP: MAC src != ARP src for host 24.127.52.157 > > ARP: MAC src != ARP src for host 24.127.52.158 > > ARP: MAC src != ARP src for host 24.127.52.159 > > ARP: MAC src != ARP src for host 24.127.52.160 > > ARP: MAC src != ARP src for host 24.127.52.161 > > ARP: MAC src != ARP src for host 24.127.52.163 > > ARP: MAC src != ARP src for host 24.127.52.165 > > ARP: MAC src != ARP src for host 24.127.52.166 > > ARP: MAC src != ARP src for host 24.127.52.167 > > ARP: MAC src != ARP src for host 24.127.52.168 > > ARP: MAC src != ARP src for host 24.127.52.172 > > ARP: MAC src != ARP src for host 24.127.52.173 > > ARP: MAC src != ARP src for host 24.127.52.176 > > ARP: MAC src != ARP src for host 24.127.52.177 > > ARP: MAC src != ARP src for host 24.127.52.178 > > ARP: MAC src != ARP src for host 24.127.52.179 > > ARP: MAC src != ARP src for host 24.127.52.180 > > ARP: MAC src != ARP src for host 24.127.52.181 > > ARP: MAC src != ARP src for host 24.127.52.182 > > ARP: MAC src != ARP src for host 24.127.52.183 > > ARP: MAC src != ARP src for host 24.127.52.184 > > ARP: MAC src != ARP src for host 24.127.52.185 > > ARP: MAC src != ARP src for host 24.127.52.186 > > ARP: MAC src != ARP src for host 24.127.52.187 > > ARP: MAC src != ARP src for host 24.127.52.189 > > ARP: MAC src != ARP src for host 24.127.52.190 > > ARP: MAC src != ARP src for host 24.127.52.191 > > ARP: MAC src != ARP src for host 24.127.52.192 > > ARP: MAC src != ARP src for host 24.127.52.193 > > ARP: MAC src != ARP src for host 24.127.52.196 > > ARP: MAC src != ARP src for host 24.127.52.197 > > ARP: MAC src != ARP src for host 24.127.52.199 > > ARP: MAC src != ARP src for host 24.127.52.200 > > ARP: MAC src != ARP src for host 24.127.52.203 > > ARP: MAC src != ARP src for host 24.127.52.204 > > ARP: MAC src != ARP src for host 24.127.52.205 > > ARP: MAC src != ARP src for host 24.127.52.206 > > ARP: MAC src != ARP src for host 24.127.52.208 > > ARP: MAC src != ARP src for host 24.127.52.209 > > ARP: MAC src != ARP src for host 24.127.52.211 > > ARP: MAC src != ARP src for host 24.127.52.212 > > ARP: MAC src != ARP src for host 24.127.52.215 > > ARP: MAC src != ARP src for host 24.127.52.216 > > ARP: MAC src != ARP src for host 24.127.52.217 > > ARP: MAC src != ARP src for host 24.127.52.218 > > ARP: MAC src != ARP src for host 24.127.52.219 > > ARP: MAC src != ARP src for host 24.127.52.221 > > ARP: MAC src != ARP src for host 24.127.52.224 > > ARP: MAC src != ARP src for host 24.127.52.228 > > ARP: MAC src != ARP src for host 24.127.52.232 > > ARP: MAC src != ARP src for host 24.127.52.235 > > ARP: MAC src != ARP src for host 24.127.52.236 > > ARP: MAC src != ARP src for host 24.127.52.237 > > ARP: MAC src != ARP src for host 24.127.52.239 > > ARP: MAC src != ARP src for host 24.127.52.240 > > ARP: MAC src != ARP src for host 24.127.52.241 > > ARP: MAC src != ARP src for host 24.127.52.242 > > ARP: MAC src != ARP src for host 24.127.52.249 > > ARP: MAC src != ARP src for host 24.127.52.250 > > ARP: MAC src != ARP src for host 24.127.52.252 > > ARP: MAC src != ARP src for host 24.127.52.254 > > ARP: MAC src != ARP src for host 24.127.52.255 > > > > I then tell hunt to report the collected MAC > > addresses: > > > > --- mac table --- > > 10.127.52.1 00:B0:8E:F7:3C:54 > > 24.127.52.1 00:B0:8E:F7:3C:54 > > 24.127.52.10 00:01:02:84:77:E2 > > > > If I then poke through ethereal, any responses > > (mostly > > http responses) give the "Ethernet II" source MAC > of > > the router (and it resolves to the router's IP on > > the > > same line), and gives the "Internet Protocol" > > Source: > > as the responding machine. > > > > Helpful hints: It was explained to me during the > > installation that I was the only one on my > segment, > > which is believable, considering my location. My > > network mask is: 255.255.254.0 > > > > The answer is sure to be staring me in the face, > so > > any slaps upside the head will be welcome. Can > > anyone > > tell me how to properly collect MAC addresses? > > > > Thanx, > > > > John > > > > > > > > > > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! Games - play chess, backgammon, pool and > more > > http://games.yahoo.com/ > > > > _______________________________________________ > > Ethereal-users mailing list > > Ethereal-users@xxxxxxxxxxxx > > > http://www.ethereal.com/mailman/listinfo/ethereal-users > > > > > > > > _______________________________________________ > > Ethereal-users mailing list > > Ethereal-users@xxxxxxxxxxxx > > > http://www.ethereal.com/mailman/listinfo/ethereal-users > > __________________________________________________ > Do You Yahoo!? > Yahoo! Games - play chess, backgammon, pool and more > http://games.yahoo.com/ > > _______________________________________________ > Ethereal-users mailing list > Ethereal-users@xxxxxxxxxxxx > http://www.ethereal.com/mailman/listinfo/ethereal-users > > __________________________________________________ Do You Yahoo!? Yahoo! Games - play chess, backgammon, pool and more http://games.yahoo.com/
- Prev by Date: Re: [Ethereal-users] (no subject)
- Next by Date: [Ethereal-users] unsubscribe
- Previous by thread: Re: [Ethereal-users] (no subject)
- Next by thread: [Ethereal-users] (no subject)
- Index(es):