Wireshark-users: Re: [Wireshark-users] Odd packets

From: Ove Fagerheim <ove.fagerheim@xxxxxxxxxxxxxxxxxx>
Date: Fri, 11 Aug 2006 14:46:04 +0200
I've tried the access list:

Access-list 110 deny ip host 127.0.0.1 172.30.1.0 0.0.0.255
Access-list 110 permit ip any any

applied to the inner interface on the router.

Ip access-group 110 out

Didn't help, the packets in question still arrives. The funny part is, I
have WireShark installed on both hosts, and whatever host I'm sniffing from,
that host's packets shows up correctly while packets to/from the other host
generates packets from 127.0.0.1 *with the same DEC MAC addresses*

Probably a simple explanation, but...


Way beyon me
Ove

-----Opprinnelig melding-----
Fra: Joerg Mayer [mailto:jmayer@xxxxxxxxx] 
Sendt: 11. august 2006 13:50
Til: Community support list for Wireshark
Emne: Re: [Wireshark-users] Odd packets

On Fri, Aug 11, 2006 at 08:16:03AM +0200, Ove Fagerheim wrote:
> Telnet from this other host works like charm. Telnet, ping/traceroute,
ftp,
> tftp and citrix/rdp all works fine from both hosts. The problem is the
> ip-phone. After finished the tftp download from the PBX/call manager it
just
> don't connect. That's the reason for the ethereal trouble.
> 
> All MAC adresses are unique:
> 
> Host1: 00:40:33:e1:85:46
> Host2: 00:08:02:69:1f:e4
> Ip-phone: 00:80:9f:56:ef:09
> Cisco: 00:17:0e:b0:ea:70
> 
> Packets from 127.0.0.1 has:
> Src: 08:00:2b:00:dc:dc
> Dst: 08:00:2b:00:01:02
> 
> I've installed ethereal on the other host too. The packets here too show
up
> with the abowe src and dst.

Do these packets (127.0.0.1) arrive via the router or are they from a
machine
on the local subnet? To find out, just put an access-list on the router,
denying packets with source 127.0.0.1 (don't forget a "log-input") and check
whether the counter increases (and log messages).

 Ciao
    Joerg

-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users