Ethereal-users: [Ethereal-users] Re: Wierdness in CablemodemLand?
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Rick Farina" <farinard@xxxxxxxxxx>
Date: Mon, 22 Apr 2002 01:26:04 -0400
I believe your presumed setup to be at least somewhat accurate John. your "cablemodem hub-like device" is most likely a hub, which you share with several other people, but no the whole subnet. Two things to try, but first two things you must do. First of all, you must get rid of hunt, I don't know what this crap is or where you dug it up, but it is time to delete it. Second, didn't I tell you to upgrade your Ethereal? Did you do that? Version that comes with RedHat is old, same with the libpcap that comes with RedHat. I can help you upgrade both if you would like, email me personnaly about that. Now that the basics are solved, moving on to problem solving. First idea (forgive me ALoR), ettercap.sourceforge.net download it, compile it, and type "./ettercap -Nc" This will check your entire subnet (reliably!) for duplicated MAC addresses. The program also has much further implications that you can explore on your own, or with my help, but that is not a topic for this list. Second, Arpwatch is a good program to determine mismatched/problomatic IP/MAC combinations, check it out, I like it a lot. (it's on some lbl.gov site). Best luck, and BTW, I run RedHat7.2 and it works great for me, so if you need any help (and frankly 7.2 is a problomatic distro in my experience) don't hesitate to ask. -Rick Farina ----- Original Message ----- From: "John E. Mayorga" <jmayorga5@xxxxxxxxx> To: <ethereal-users@xxxxxxxxxxxx> Cc: "Rick Farina" <farinard@xxxxxxxxxx>; "Guy Harris" <guy@xxxxxxxxxx> Sent: Monday, April 22, 2002 01:12 Subject: Wierdness in CablemodemLand? OK. I confused the situation, I guess. Let us wipe the hard drive and start over. I will reconstruct the scenario from scratch. I have a Linux box with only one NIC (eth0) connected by a CAT5 cable to my cablemodem. The cablemodem is connected to my TV cable, which goes out to CablemodemLand, and eventually, to the Internet. I have NO router between my box and my cablemodem. Here is how I visualize (or hallucinate) it: My Linux box | <-CAT5 cable My Cablemodem | <-Black coaxial TV cable going to the wall Some hub-like device in CablemodemLand | <-CAT5 cable (or fiber?) Some router in CablemodemLand | <-CAT5 cable (or fiber?) The rest of CablemodemLand | <-Some fast pipe The Internet I believe that any communication between me and everyone else on my cablemodem subnet goes through a router, as evidenced by this little script I made to run traceroute: for d in $(seq 0 255); do echo traceroute -m 3 24.127.52.$d done Here is the output of the script: traceroute to 24.127.52.1 (24.127.52.1), 3 hops max, 38 byte packets 1 * * * 2 * * * 3 * * * traceroute to 24.127.52.2 (24.127.52.2), 3 hops max, 38 byte packets 1 c-24-127-52-1.we.client2.attbi.com (24.127.52.1) 12.861 ms 8.688 ms 9.804 ms 2 c-24-127-52-2.we.client2.attbi.com (24.127.52.2) 36.418 ms 24.211 ms 17.123 ms traceroute to 24.127.52.3 (24.127.52.3), 3 hops max, 38 byte packets 1 c-24-127-52-1.we.client2.attbi.com (24.127.52.1) 8.594 ms 8.229 ms 7.683 ms 2 c-24-127-52-3.we.client2.attbi.com (24.127.52.3) 30.710 ms 20.020 ms 22.567 ms traceroute to 24.127.52.4 (24.127.52.4), 3 hops max, 38 byte packets 1 c-24-127-52-1.we.client2.attbi.com (24.127.52.1) 9.547 ms 7.799 ms 30.048 ms 2 c-24-127-52-4.we.client2.attbi.com (24.127.52.4) 64.313 ms 17.647 ms 40.554 ms traceroute to 24.127.52.5 (24.127.52.5), 3 hops max, 38 byte packets 1 c-24-127-52-1.we.client2.attbi.com (24.127.52.1) 8.445 ms 7.479 ms 8.230 ms 2 c-24-127-52-5.we.client2.attbi.com (24.127.52.5) 629.591 ms 287.656 ms 468.429 ms traceroute to 24.127.52.6 (24.127.52.6), 3 hops max, 38 byte packets 1 c-24-127-52-1.we.client2.attbi.com (24.127.52.1) 32.718 ms 7.843 ms 8.603 ms 2 * * * 3 * * * traceroute to 24.127.52.7 (24.127.52.7), 3 hops max, 38 byte packets 1 c-24-127-52-1.we.client2.attbi.com (24.127.52.1) 24.676 ms 9.517 ms 9.311 ms 2 c-24-127-52-7.we.client2.attbi.com (24.127.52.7) 26.035 ms 17.895 ms 16.057 ms traceroute to 24.127.52.8 (24.127.52.8), 3 hops max, 38 byte packets 1 c-24-127-52-1.we.client2.attbi.com (24.127.52.1) 10.852 ms 16.891 ms 14.634 ms 2 * * * 3 * * * traceroute to 24.127.52.9 (24.127.52.9), 3 hops max, 38 byte packets 1 c-24-127-52-1.we.client2.attbi.com (24.127.52.1) 9.447 ms 11.929 ms 10.144 ms 2 c-24-127-52-9.we.client2.attbi.com (24.127.52.9) 17.247 ms 19.768 ms 21.184 ms traceroute to 24.127.52.10 (24.127.52.10), 3 hops max, 38 byte packets 1 c-24-127-52-10.we.client2.attbi.com (24.127.52.10) 0.082 ms 0.065 ms 0.019 ms traceroute to 24.127.52.11 (24.127.52.11), 3 hops max, 38 byte packets 1 c-24-127-52-1.we.client2.attbi.com (24.127.52.1) 10.946 ms 9.845 ms 10.008 ms 2 c-24-127-52-11.we.client2.attbi.com (24.127.52.11) 22.315 ms 72.510 ms 50.399 ms traceroute to 24.127.52.12 (24.127.52.12), 3 hops max, 38 byte packets 1 c-24-127-52-1.we.client2.attbi.com (24.127.52.1) 11.272 ms 7.816 ms 11.236 ms 2 c-24-127-52-12.we.client2.attbi.com (24.127.52.12) 26.047 ms 17.113 ms 19.249 ms traceroute to 24.127.52.13 (24.127.52.13), 3 hops max, 38 byte packets 1 c-24-127-52-1.we.client2.attbi.com (24.127.52.1) 11.828 ms 9.249 ms 8.082 ms 2 c-24-127-52-13.we.client2.attbi.com (24.127.52.13) 40.670 ms 17.271 ms 20.813 ms traceroute to 24.127.52.14 (24.127.52.14), 3 hops max, 38 byte packets 1 c-24-127-52-1.we.client2.attbi.com (24.127.52.1) 8.609 ms 7.837 ms 7.974 ms 2 c-24-127-52-14.we.client2.attbi.com (24.127.52.14) 25.201 ms 17.533 ms 19.855 ms traceroute to 24.127.52.15 (24.127.52.15), 3 hops max, 38 byte packets 1 c-24-127-52-10.we.client2.attbi.com (24.127.52.10) 2990.854 ms !H 2999.486 ms !H 2999.919 ms !H traceroute to 24.127.52.16 (24.127.52.16), 3 hops max, 38 byte packets 1 c-24-127-52-1.we.client2.attbi.com (24.127.52.1) 16.685 ms 10.077 ms 11.924 ms 2 * * * 3 * * * traceroute to 24.127.52.17 (24.127.52.17), 3 hops max, 38 byte packets 1 c-24-127-52-1.we.client2.attbi.com (24.127.52.1) 10.963 ms 12.966 ms 7.927 ms 2 c-24-127-52-17.we.client2.attbi.com (24.127.52.17) 23.943 ms 19.733 ms 108.442 ms traceroute to 24.127.52.18 (24.127.52.18), 3 hops max, 38 byte packets 1 c-24-127-52-1.we.client2.attbi.com (24.127.52.1) 8.401 ms 7.929 ms 8.022 ms 2 c-24-127-52-18.we.client2.attbi.com (24.127.52.18) 44.247 ms 21.426 ms 22.364 ms traceroute to 24.127.52.19 (24.127.52.19), 3 hops max, 38 byte packets 1 c-24-127-52-10.we.client2.attbi.com (24.127.52.10) 2992.137 ms !H 2991.881 ms !H 2999.922 ms !H traceroute to 24.127.52.20 (24.127.52.20), 3 hops max, 38 byte packets 1 c-24-127-52-1.we.client2.attbi.com (24.127.52.1) 9.588 ms 9.820 ms 20.384 ms 2 c-24-127-52-20.we.client2.attbi.com (24.127.52.20) 29.184 ms 30.943 ms 18.647 ms Subquestion - Why is it that when the script gets to 24.127.52.15,19,26,28, etc. the connection does not go through the router? Are they actually connected to the same cablemodem hub-like device that I am? Can someone tell me the real name of this "cablemodem hub-like device" so I can stop using this lame terminology? I used pretty much the same script for ARPing 1.04. Here is the output (which makes sense): ARPING 24.127.52.1 from 24.127.52.10 eth0 Unicast reply from 24.127.52.1 [00:B0:8E:F7:3C:54] 8.803ms Sent 1 probes (1 broadcast(s)) Received 1 response(s) ARPING 24.127.52.2 from 24.127.52.10 eth0 Unicast reply from 24.127.52.2 [00:D0:09:61:D7:2F] 9.601ms Sent 1 probes (1 broadcast(s)) Received 1 response(s) ARPING 24.127.52.3 from 24.127.52.10 eth0 Unicast reply from 24.127.52.3 [00:04:5A:41:2C:F3] 51.540ms Sent 1 probes (1 broadcast(s)) Received 1 response(s) ARPING 24.127.52.4 from 24.127.52.10 eth0 Unicast reply from 24.127.52.4 [00:02:E3:03:C4:E0] 9.096ms Sent 1 probes (1 broadcast(s)) Received 1 response(s) ARPING 24.127.52.5 from 24.127.52.10 eth0 Unicast reply from 24.127.52.5 [00:10:4C:12:30:1E] 9.515ms Sent 1 probes (1 broadcast(s)) Received 1 response(s) ARPING 24.127.52.6 from 24.127.52.10 eth0 Unicast reply from 24.127.52.6 [00:03:47:DB:D7:13] 31.087ms Sent 1 probes (1 broadcast(s)) Received 1 response(s) ARPING 24.127.52.7 from 24.127.52.10 eth0 Unicast reply from 24.127.52.7 [00:00:C5:3C:9A:32] 12.555ms Sent 1 probes (1 broadcast(s)) Received 1 response(s) ARPING 24.127.52.8 from 24.127.52.10 eth0 Sent 1 probes (1 broadcast(s)) Received 0 response(s) ARPING 24.127.52.9 from 24.127.52.10 eth0 Unicast reply from 24.127.52.9 [00:04:5A:E5:9D:2C] 51.110ms Sent 1 probes (1 broadcast(s)) Received 1 response(s) ARPING 24.127.52.10 from 24.127.52.10 eth0 Sent 1 probes (1 broadcast(s)) Received 0 response(s) ARPING 24.127.52.11 from 24.127.52.10 eth0 Unicast reply from 24.127.52.11 [00:04:5A:2A:A1:5A] 57.094ms Sent 1 probes (1 broadcast(s)) Received 1 response(s) ARPING 24.127.52.12 from 24.127.52.10 eth0 Unicast reply from 24.127.52.12 [00:E0:18:0B:59:D3] 12.825ms Sent 1 probes (1 broadcast(s)) Received 1 response(s) ARPING 24.127.52.13 from 24.127.52.10 eth0 Sent 1 probes (1 broadcast(s)) Received 0 response(s) ARPING 24.127.52.14 from 24.127.52.10 eth0 Unicast reply from 24.127.52.14 [00:E0:18:56:8C:B0] 46.400ms Sent 1 probes (1 broadcast(s)) Received 1 response(s) ARPING 24.127.52.15 from 24.127.52.10 eth0 Sent 1 probes (1 broadcast(s)) Received 0 response(s) ARPING 24.127.52.16 from 24.127.52.10 eth0 Unicast reply from 24.127.52.16 [00:10:B5:DB:5A:08] 10.529ms Sent 1 probes (1 broadcast(s)) Received 1 response(s) ARPING 24.127.52.17 from 24.127.52.10 eth0 Unicast reply from 24.127.52.17 [00:00:C5:5D:46:0F] 74.859ms Sent 1 probes (1 broadcast(s)) Received 1 response(s) ARPING 24.127.52.18 from 24.127.52.10 eth0 Unicast reply from 24.127.52.18 [00:10:4C:12:C8:50] 13.427ms Sent 1 probes (1 broadcast(s)) Received 1 response(s) ARPING 24.127.52.19 from 24.127.52.10 eth0 Sent 1 probes (1 broadcast(s)) Received 0 response(s) ARPING 24.127.52.20 from 24.127.52.10 eth0 Unicast reply from 24.127.52.20 [00:60:08:B1:2E:2A] 47.158ms Sent 1 probes (1 broadcast(s)) Received 1 response(s) ARPING 24.127.52.21 from 24.127.52.10 eth0 Unicast reply from 24.127.52.21 [00:03:6D:13:E6:33] 13.618ms Sent 1 probes (1 broadcast(s)) Received 1 response(s) ARPING 24.127.52.22 from 24.127.52.10 eth0 Unicast reply from 24.127.52.22 [00:03:47:D9:60:86] 89.945ms Sent 1 probes (1 broadcast(s)) Received 1 response(s) If I do an "nmap -sP 24.127.52.*", I get the following output from nmap: Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ ) Host c-24-127-52-1.we.client2.attbi.com (24.127.52.1) appears to be up. Host c-24-127-52-2.we.client2.attbi.com (24.127.52.2) appears to be up. Host c-24-127-52-3.we.client2.attbi.com (24.127.52.3) appears to be up. Host c-24-127-52-4.we.client2.attbi.com (24.127.52.4) appears to be up. Host c-24-127-52-5.we.client2.attbi.com (24.127.52.5) appears to be up. Host c-24-127-52-7.we.client2.attbi.com (24.127.52.7) appears to be up. Host c-24-127-52-10.we.client2.attbi.com (24.127.52.10) appears to be up. Host c-24-127-52-12.we.client2.attbi.com (24.127.52.12) appears to be up. Host c-24-127-52-14.we.client2.attbi.com (24.127.52.14) appears to be up. Host c-24-127-52-17.we.client2.attbi.com (24.127.52.17) appears to be up. Host c-24-127-52-18.we.client2.attbi.com (24.127.52.18) appears to be up. Host c-24-127-52-20.we.client2.attbi.com (24.127.52.20) appears to be up. Host c-24-127-52-21.we.client2.attbi.com (24.127.52.21) appears to be up. Host c-24-127-52-23.we.client2.attbi.com (24.127.52.23) appears to be up. Host c-24-127-52-27.we.client2.attbi.com (24.127.52.27) appears to be up. Host c-24-127-52-32.we.client2.attbi.com (24.127.52.32) appears to be up. Host c-24-127-52-38.we.client2.attbi.com (24.127.52.38) appears to be up. Host c-24-127-52-41.we.client2.attbi.com (24.127.52.41) appears to be up. Host c-24-127-52-45.we.client2.attbi.com (24.127.52.45) appears to be up. Host c-24-127-52-50.we.client2.attbi.com (24.127.52.50) appears to be up. Host c-24-127-52-51.we.client2.attbi.com (24.127.52.51) appears to be up. Host c-24-127-52-53.we.client2.attbi.com (24.127.52.53) appears to be up. Host c-24-127-52-60.we.client2.attbi.com (24.127.52.60) appears to be up. Host c-24-127-52-62.we.client2.attbi.com (24.127.52.62) appears to be up. Host c-24-127-52-64.we.client2.attbi.com (24.127.52.64) appears to be up. Host c-24-127-52-67.we.client2.attbi.com (24.127.52.67) appears to be up. Host c-24-127-52-68.we.client2.attbi.com (24.127.52.68) appears to be up. Host c-24-127-52-75.we.client2.attbi.com (24.127.52.75) appears to be up. Host c-24-127-52-85.we.client2.attbi.com (24.127.52.85) appears to be up. Host c-24-127-52-86.we.client2.attbi.com (24.127.52.86) appears to be up. Host c-24-127-52-87.we.client2.attbi.com (24.127.52.87) appears to be up. Host c-24-127-52-88.we.client2.attbi.com (24.127.52.88) appears to be up. Host c-24-127-52-91.we.client2.attbi.com (24.127.52.91) appears to be up. Host c-24-127-52-92.we.client2.attbi.com (24.127.52.92) appears to be up. Host c-24-127-52-93.we.client2.attbi.com (24.127.52.93) appears to be up. Host c-24-127-52-99.we.client2.attbi.com (24.127.52.99) appears to be up. Host c-24-127-52-100.we.client2.attbi.com (24.127.52.100) appears to be up. Host c-24-127-52-101.we.client2.attbi.com (24.127.52.101) appears to be up. Host c-24-127-52-107.we.client2.attbi.com (24.127.52.107) appears to be up. Host c-24-127-52-111.we.client2.attbi.com (24.127.52.111) appears to be up. Host c-24-127-52-116.we.client2.attbi.com (24.127.52.116) appears to be up. Host c-24-127-52-119.we.client2.attbi.com (24.127.52.119) appears to be up. Host c-24-127-52-121.we.client2.attbi.com (24.127.52.121) appears to be up. Host c-24-127-52-122.we.client2.attbi.com (24.127.52.122) appears to be up. Host c-24-127-52-126.we.client2.attbi.com (24.127.52.126) appears to be up. Host c-24-127-52-129.we.client2.attbi.com (24.127.52.129) appears to be up. Host c-24-127-52-133.we.client2.attbi.com (24.127.52.133) appears to be up. Host c-24-127-52-136.we.client2.attbi.com (24.127.52.136) appears to be up. Host c-24-127-52-140.we.client2.attbi.com (24.127.52.140) appears to be up. Host c-24-127-52-141.we.client2.attbi.com (24.127.52.141) appears to be up. Host c-24-127-52-142.we.client2.attbi.com (24.127.52.142) appears to be up. Host c-24-127-52-146.we.client2.attbi.com (24.127.52.146) appears to be up. Host c-24-127-52-149.we.client2.attbi.com (24.127.52.149) appears to be up. Host c-24-127-52-151.we.client2.attbi.com (24.127.52.151) appears to be up. Host c-24-127-52-152.we.client2.attbi.com (24.127.52.152) appears to be up. Host c-24-127-52-153.we.client2.attbi.com (24.127.52.153) appears to be up. Host c-24-127-52-157.we.client2.attbi.com (24.127.52.157) appears to be up. Host c-24-127-52-158.we.client2.attbi.com (24.127.52.158) appears to be up. Host c-24-127-52-159.we.client2.attbi.com (24.127.52.159) appears to be up. Host c-24-127-52-160.we.client2.attbi.com (24.127.52.160) appears to be up. Host c-24-127-52-163.we.client2.attbi.com (24.127.52.163) appears to be up. Host c-24-127-52-165.we.client2.attbi.com (24.127.52.165) appears to be up. Host c-24-127-52-166.we.client2.attbi.com (24.127.52.166) appears to be up. Host c-24-127-52-167.we.client2.attbi.com (24.127.52.167) appears to be up. Host c-24-127-52-168.we.client2.attbi.com (24.127.52.168) appears to be up. Host c-24-127-52-176.we.client2.attbi.com (24.127.52.176) appears to be up. Host c-24-127-52-177.we.client2.attbi.com (24.127.52.177) appears to be up. Host c-24-127-52-179.we.client2.attbi.com (24.127.52.179) appears to be up. Host c-24-127-52-181.we.client2.attbi.com (24.127.52.181) appears to be up. Host c-24-127-52-182.we.client2.attbi.com (24.127.52.182) appears to be up. Host c-24-127-52-183.we.client2.attbi.com (24.127.52.183) appears to be up. Host c-24-127-52-184.we.client2.attbi.com (24.127.52.184) appears to be up. Host c-24-127-52-186.we.client2.attbi.com (24.127.52.186) appears to be up. Host c-24-127-52-187.we.client2.attbi.com (24.127.52.187) appears to be up. Host c-24-127-52-189.we.client2.attbi.com (24.127.52.189) appears to be up. Host c-24-127-52-191.we.client2.attbi.com (24.127.52.191) appears to be up. Host c-24-127-52-192.we.client2.attbi.com (24.127.52.192) appears to be up. Host c-24-127-52-199.we.client2.attbi.com (24.127.52.199) appears to be up. Host c-24-127-52-200.we.client2.attbi.com (24.127.52.200) appears to be up. Host c-24-127-52-204.we.client2.attbi.com (24.127.52.204) appears to be up. Host c-24-127-52-210.we.client2.attbi.com (24.127.52.210) appears to be up. Host c-24-127-52-211.we.client2.attbi.com (24.127.52.211) appears to be up. Host c-24-127-52-217.we.client2.attbi.com (24.127.52.217) appears to be up. Host c-24-127-52-218.we.client2.attbi.com (24.127.52.218) appears to be up. Host c-24-127-52-224.we.client2.attbi.com (24.127.52.224) appears to be up. Host c-24-127-52-230.we.client2.attbi.com (24.127.52.230) appears to be up. Host c-24-127-52-235.we.client2.attbi.com (24.127.52.235) appears to be up. Host c-24-127-52-236.we.client2.attbi.com (24.127.52.236) appears to be up. Host c-24-127-52-237.we.client2.attbi.com (24.127.52.237) appears to be up. Host c-24-127-52-239.we.client2.attbi.com (24.127.52.239) appears to be up. Host c-24-127-52-241.we.client2.attbi.com (24.127.52.241) appears to be up. Host c-24-127-52-250.we.client2.attbi.com (24.127.52.250) appears to be up. Host c-24-127-52-254.we.client2.attbi.com (24.127.52.254) appears to be up. Host c-24-127-52-255.we.client2.attbi.com (24.127.52.255) appears to be up. Nmap run completed -- 256 IP addresses (94 hosts up) scanned in 23 seconds If I try to collect MAC addresses using Hunt 1.5 to collect MAC addresses, while sending out a "nmap -sP 24.127.52.*", the following is reported by Hunt, as if it was indicating an error: ARP: MAC src != ARP src for host 24.127.52.3 ARP: MAC src != ARP src for host 24.127.52.4 ARP: MAC src != ARP src for host 24.127.52.5 ARP: MAC src != ARP src for host 24.127.52.6 ARP: MAC src != ARP src for host 24.127.52.7 ARP: MAC src != ARP src for host 24.127.52.8 ARP: MAC src != ARP src for host 24.127.52.9 ARP: MAC src != ARP src for host 24.127.52.11 ARP: MAC src != ARP src for host 24.127.52.12 ARP: MAC src != ARP src for host 24.127.52.13 ARP: MAC src != ARP src for host 24.127.52.14 ARP: MAC src != ARP src for host 24.127.52.16 ARP: MAC src != ARP src for host 24.127.52.17 ARP: MAC src != ARP src for host 24.127.52.18 ARP: MAC src != ARP src for host 24.127.52.20 ARP: MAC src != ARP src for host 24.127.52.21 ARP: MAC src != ARP src for host 24.127.52.22 ARP: MAC src != ARP src for host 24.127.52.23 ARP: MAC src != ARP src for host 24.127.52.24 ARP: MAC src != ARP src for host 24.127.52.25 ARP: MAC src != ARP src for host 24.127.52.27 ARP: MAC src != ARP src for host 24.127.52.29 ARP: MAC src != ARP src for host 24.127.52.31 ARP: MAC src != ARP src for host 24.127.52.32 ARP: MAC src != ARP src for host 24.127.52.33 ARP: MAC src != ARP src for host 24.127.52.37 ARP: MAC src != ARP src for host 24.127.52.38 ARP: MAC src != ARP src for host 24.127.52.39 ARP: MAC src != ARP src for host 24.127.52.40 ARP: MAC src != ARP src for host 24.127.52.41 ARP: MAC src != ARP src for host 24.127.52.42 ARP: MAC src != ARP src for host 24.127.52.43 ARP: MAC src != ARP src for host 24.127.52.44 ARP: MAC src != ARP src for host 24.127.52.45 ARP: MAC src != ARP src for host 24.127.52.47 ARP: MAC src != ARP src for host 24.127.52.48 ARP: MAC src != ARP src for host 24.127.52.49 ARP: MAC src != ARP src for host 24.127.52.50 ARP: MAC src != ARP src for host 24.127.52.51 ARP: MAC src != ARP src for host 24.127.52.52 ARP: MAC src != ARP src for host 24.127.52.53 ARP: MAC src != ARP src for host 24.127.52.55 ARP: MAC src != ARP src for host 24.127.52.56 ARP: MAC src != ARP src for host 24.127.52.60 ARP: MAC src != ARP src for host 24.127.52.61 ARP: MAC src != ARP src for host 24.127.52.62 ARP: MAC src != ARP src for host 24.127.52.64 ARP: MAC src != ARP src for host 24.127.52.65 ARP: MAC src != ARP src for host 24.127.52.67 ARP: MAC src != ARP src for host 24.127.52.68 ARP: MAC src != ARP src for host 24.127.52.69 ARP: MAC src != ARP src for host 24.127.52.70 ARP: MAC src != ARP src for host 24.127.52.74 ARP: MAC src != ARP src for host 24.127.52.75 ARP: MAC src != ARP src for host 24.127.52.78 ARP: MAC src != ARP src for host 24.127.52.82 ARP: MAC src != ARP src for host 24.127.52.85 ARP: MAC src != ARP src for host 24.127.52.86 ARP: MAC src != ARP src for host 24.127.52.87 ARP: MAC src != ARP src for host 24.127.52.88 ARP: MAC src != ARP src for host 24.127.52.89 ARP: MAC src != ARP src for host 24.127.52.90 ARP: MAC src != ARP src for host 24.127.52.91 ARP: MAC src != ARP src for host 24.127.52.92 ARP: MAC src != ARP src for host 24.127.52.93 ARP: MAC src != ARP src for host 24.127.52.99 ARP: MAC src != ARP src for host 24.127.52.100 ARP: MAC src != ARP src for host 24.127.52.101 ARP: MAC src != ARP src for host 24.127.52.103 ARP: MAC src != ARP src for host 24.127.52.104 ARP: MAC src != ARP src for host 24.127.52.107 ARP: MAC src != ARP src for host 24.127.52.109 ARP: MAC src != ARP src for host 24.127.52.110 ARP: MAC src != ARP src for host 24.127.52.111 ARP: MAC src != ARP src for host 24.127.52.114 ARP: MAC src != ARP src for host 24.127.52.115 ARP: MAC src != ARP src for host 24.127.52.116 ARP: MAC src != ARP src for host 24.127.52.119 ARP: MAC src != ARP src for host 24.127.52.120 ARP: MAC src != ARP src for host 24.127.52.121 ARP: MAC src != ARP src for host 24.127.52.122 ARP: MAC src != ARP src for host 24.127.52.123 ARP: MAC src != ARP src for host 24.127.52.124 ARP: MAC src != ARP src for host 24.127.52.125 ARP: MAC src != ARP src for host 24.127.52.126 ARP: MAC src != ARP src for host 24.127.52.129 ARP: MAC src != ARP src for host 24.127.52.131 ARP: MAC src != ARP src for host 24.127.52.133 ARP: MAC src != ARP src for host 24.127.52.134 ARP: MAC src != ARP src for host 24.127.52.135 ARP: MAC src != ARP src for host 24.127.52.136 ARP: MAC src != ARP src for host 24.127.52.138 ARP: MAC src != ARP src for host 24.127.52.140 ARP: MAC src != ARP src for host 24.127.52.141 ARP: MAC src != ARP src for host 24.127.52.142 ARP: MAC src != ARP src for host 24.127.52.146 ARP: MAC src != ARP src for host 24.127.52.149 ARP: MAC src != ARP src for host 24.127.52.150 ARP: MAC src != ARP src for host 24.127.52.151 ARP: MAC src != ARP src for host 24.127.52.152 ARP: MAC src != ARP src for host 24.127.52.153 ARP: MAC src != ARP src for host 24.127.52.155 ARP: MAC src != ARP src for host 24.127.52.157 ARP: MAC src != ARP src for host 24.127.52.158 ARP: MAC src != ARP src for host 24.127.52.159 ARP: MAC src != ARP src for host 24.127.52.160 ARP: MAC src != ARP src for host 24.127.52.161 ARP: MAC src != ARP src for host 24.127.52.163 ARP: MAC src != ARP src for host 24.127.52.165 ARP: MAC src != ARP src for host 24.127.52.166 ARP: MAC src != ARP src for host 24.127.52.167 ARP: MAC src != ARP src for host 24.127.52.168 ARP: MAC src != ARP src for host 24.127.52.172 ARP: MAC src != ARP src for host 24.127.52.173 ARP: MAC src != ARP src for host 24.127.52.175 ARP: MAC src != ARP src for host 24.127.52.176 ARP: MAC src != ARP src for host 24.127.52.177 ARP: MAC src != ARP src for host 24.127.52.178 ARP: MAC src != ARP src for host 24.127.52.179 ARP: MAC src != ARP src for host 24.127.52.181 ARP: MAC src != ARP src for host 24.127.52.182 ARP: MAC src != ARP src for host 24.127.52.183 ARP: MAC src != ARP src for host 24.127.52.184 ARP: MAC src != ARP src for host 24.127.52.185 ARP: MAC src != ARP src for host 24.127.52.186 ARP: MAC src != ARP src for host 24.127.52.187 ARP: MAC src != ARP src for host 24.127.52.189 ARP: MAC src != ARP src for host 24.127.52.190 ARP: MAC src != ARP src for host 24.127.52.191 ARP: MAC src != ARP src for host 24.127.52.192 ARP: MAC src != ARP src for host 24.127.52.193 ARP: MAC src != ARP src for host 24.127.52.196 ARP: MAC src != ARP src for host 24.127.52.199 ARP: MAC src != ARP src for host 24.127.52.200 ARP: MAC src != ARP src for host 24.127.52.203 ARP: MAC src != ARP src for host 24.127.52.204 ARP: MAC src != ARP src for host 24.127.52.205 ARP: MAC src != ARP src for host 24.127.52.208 ARP: MAC src != ARP src for host 24.127.52.210 ARP: MAC src != ARP src for host 24.127.52.211 ARP: MAC src != ARP src for host 24.127.52.212 ARP: MAC src != ARP src for host 24.127.52.215 ARP: MAC src != ARP src for host 24.127.52.217 ARP: MAC src != ARP src for host 24.127.52.218 ARP: MAC src != ARP src for host 24.127.52.220 ARP: MAC src != ARP src for host 24.127.52.221 ARP: MAC src != ARP src for host 24.127.52.224 ARP: MAC src != ARP src for host 24.127.52.230 ARP: MAC src != ARP src for host 24.127.52.235 ARP: MAC src != ARP src for host 24.127.52.236 ARP: MAC src != ARP src for host 24.127.52.237 ARP: MAC src != ARP src for host 24.127.52.239 ARP: MAC src != ARP src for host 24.127.52.241 ARP: MAC src != ARP src for host 24.127.52.246 ARP: MAC src != ARP src for host 24.127.52.248 ARP: MAC src != ARP src for host 24.127.52.249 ARP: MAC src != ARP src for host 24.127.52.250 ARP: MAC src != ARP src for host 24.127.52.252 ARP: MAC src != ARP src for host 24.127.52.254 ARP: MAC src != ARP src for host 24.127.52.255 Now, when I press "h" to tell Hunt to dump the MACs it collected, I get: --- mac table --- 24.127.52.1 00:B0:8E:F7:3C:54 24.127.52.10 00:01:02:84:77:E2 --- mac disc. daemon --- rcvpkt 2425, free/alloc 63/64 ---M--- Strange, only two MAC addresses. If I poke through the traffice that I had generated with the "nmap -sP 24.127.52.*" using Ethereal, any responses from the machines nmap was communicating with (mostly http responses) gives the following Layer 2 info: For "Ethernet II" it gives the MAC of the router (and it resolves to the router's IP on the same line) For the IP layer on the "Internet Protocol" line it gives Source: as the machine nmap was communicating with at the time. Helpful hints: It was explained to me during the installation that I was the only one on my segment, which is believable, considering my location. My network mask is: 255.255.254.0 I am including an attachment of the Ethereal log of another "nmap 24.127.52.*", done about 15 minutes after the first. >From this: 1) Can anyone give me clues about how my cablemodem network configuration might be layed out (by at&t @home)? 2) Can anyone tell me why the MAC addresses reported by Ethereal are all that of the router? 3) Is there any strangeness going on here, or am I a bonehead. The latter answer is OK if you explain why. :-) Thanx, John P.S. I'll even include a subject header this time... __________________________________________________ Do You Yahoo!? Yahoo! Games - play chess, backgammon, pool and more http://games.yahoo.com/
- Follow-Ups:
- [Ethereal-users] Re: Wierdness in CablemodemLand?
- From: John E. Mayorga
- [Ethereal-users] Re: Wierdness in CablemodemLand?
- References:
- [Ethereal-users] Wierdness in CablemodemLand?
- From: John E. Mayorga
- [Ethereal-users] Wierdness in CablemodemLand?
- Prev by Date: [Ethereal-users] Wierdness in CablemodemLand?
- Next by Date: Re: [Ethereal-users] Wierdness in CablemodemLand?
- Previous by thread: [Ethereal-users] Wierdness in CablemodemLand?
- Next by thread: [Ethereal-users] Re: Wierdness in CablemodemLand?
- Index(es):