Wireshark-users: Re: [Wireshark-users] Tons of ARP packets...?
From: IchBin <weconsultants@xxxxxxxxx>
Date: Wed, 11 Jul 2007 12:34:36 -0400
The only problem I have is this just started last week. I have had this
connection since sometime in April. Why would it just now start to rear
it's head?
I did find out that Comcast is now updating and replacing hardware for higher speeds. At least that is what one of the technical support person told me. So their are big network changes happening. Naturally I do not remember the specific details.
I am concerned with the DNS calls to dyndns.org. Well at least the half hearted attempt. Not sure why is it appending xxz0n3dxx to the front of that URL. Same goes with xxz0n3dxx.dyndns.org.hsd1.pa.comcast.net. If I remember correctly the suffix of hsd1.pa.comcast.net is part of a real comcast DNS.
I use to run my Internet server, not Comcast, off of my machine until the ISP filtered out all of the unsolicited IP packets to my PC. Naturally that shutdown my Internet web server (Apache\Tomcat) from outside access. I use to use NO-IP to give me a pseudo static IP address by maintaining the same DNS by trapping the dynamic IP changes off of my machine. That is completely off of my machine and they canceled my account for non-use some time ago.
Just wish I could isolate the code\program that is doing the standard query calls to xxz0n3dxx.dyndns.org.hsd1.pa.comcast.net and xxz0n3dxx.dyndns.org.
-- Thanks in Advance... http://weconsulting.org IchBin, Philadelphia, Pa, USA http://ichbinquotations.weconsulting.org ______________________________________________________________________ 'If there is one, Knowledge is the "Fountain of Youth"' -William E. Taylor, Regular Guy (1952-) Randy.Grein@xxxxxxxxxxxxxx wrote:
Guy,As you suspected Comcast Cable is a shared medium. ARP traffic is high as there are multiple class C subnets on the network; it was an interesting little tidbit I discovered when I migrated to it. It's surprising the first time you see it, but it does work fairly well.Randy Grein Network EngineerGuy Harris <guy@xxxxxxxxxxxx> Sent by: wireshark-users-bounces@xxxxxxxxxxxxx07/11/2007 01:19 AM Please respond to Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> To Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> cc weconsultants@xxxxxxxxx Subject Re: [Wireshark-users] Tons of ARP packets...? Richard Mundell wrote:ARP traffic appears to be what is essentially administrative trafficfromother DSL customersNot likely, given that he's not using DSL, he's using a cable modem; as he said:I have a Comcast Internet Cable connection.DSL connections are point-to-point, so you shouldn't see traffic to or from other customers (unless you're communicating directly with one of those customers). I have the impression that at least some cable modem connections are more like Ethernets, in that you're on a common network with some other customers, and can see their traffic.I don't know whether that's the case here, however; the ARP requests *are* being sent from what appears to be a wide variety of IP addresses, so they could be from other clients on the net.(on the internet side of your connection) so your ISP'srouter can figure out IP address to Ethernet address mappings (mightalso beDHCP traffic... Not sure if that shows up in Wireshark as ARP traffic...Given that IP address to Ethernet address mappings are done by making ARP requests, they'll probably show up in Wireshark as ARP traffic.The other traffic in the capture is a high volume of (failed) DNSlookupsfrom your PC to a host called xxz0n3dxx.dyndns.org. I've confirmed thisDNSentry doesn't exist,Or, at least, it didn't exist at the time you tried it. "dyndns" stands for "Dynamic DNS"; one service that DynDNS provides is free Dynamic DNS:http://www.dyndns.com/services/dns/dyndns/which lets you register a given IP address, even if it's not a static IP address, with a particular host name. That page indicates what that can be used for.Now:but I'm wondering if you might have some malware on your PC which is trying to "phone home"....why some software on his machine is trying to contact that machine is another question; perhaps it's safe, but perhaps it's not._______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-users - ------------------------- CONFIDENTIALITY NOTICE: The information in this message may be proprietary and/or confidential, and is intended only for the use of the individual(s) to whom this email is addressed. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this email and deleting this email from your computer. Nothing contained in this email or any attachment shall satisfy the requirements for contract formation or constitute an electronic signature. _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-users
- Follow-Ups:
- Re: [Wireshark-users] Tons of ARP packets...?
- From: Guy Harris
- Re: [Wireshark-users] Tons of ARP packets...?
- References:
- Re: [Wireshark-users] Tons of ARP packets...?
- From: Guy Harris
- Re: [Wireshark-users] Tons of ARP packets...?
- From: Randy . Grein
- Re: [Wireshark-users] Tons of ARP packets...?
- Prev by Date: Re: [Wireshark-users] Tons of ARP packets...?
- Next by Date: Re: [Wireshark-users] Fwd: Adding the 802.15.4 dissector...
- Previous by thread: Re: [Wireshark-users] Tons of ARP packets...?
- Next by thread: Re: [Wireshark-users] Tons of ARP packets...?
- Index(es):