Wireshark-users: Re: [Wireshark-users] Odd packets

From: Joerg Mayer <jmayer@xxxxxxxxx>
Date: Fri, 11 Aug 2006 13:50:07 +0200
On Fri, Aug 11, 2006 at 08:16:03AM +0200, Ove Fagerheim wrote:
> Telnet from this other host works like charm. Telnet, ping/traceroute, ftp,
> tftp and citrix/rdp all works fine from both hosts. The problem is the
> ip-phone. After finished the tftp download from the PBX/call manager it just
> don't connect. That's the reason for the ethereal trouble.
> 
> All MAC adresses are unique:
> 
> Host1: 00:40:33:e1:85:46
> Host2: 00:08:02:69:1f:e4
> Ip-phone: 00:80:9f:56:ef:09
> Cisco: 00:17:0e:b0:ea:70
> 
> Packets from 127.0.0.1 has:
> Src: 08:00:2b:00:dc:dc
> Dst: 08:00:2b:00:01:02
> 
> I've installed ethereal on the other host too. The packets here too show up
> with the abowe src and dst.

Do these packets (127.0.0.1) arrive via the router or are they from a machine
on the local subnet? To find out, just put an access-list on the router,
denying packets with source 127.0.0.1 (don't forget a "log-input") and check
whether the counter increases (and log messages).

 Ciao
    Joerg

-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.