Ethereal-users: [Ethereal-users] Re: Wierdness in CablemodemLand?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Rick Farina" <farinard@xxxxxxxxxx>
Date: Mon, 22 Apr 2002 01:26:04 -0400
I believe your presumed setup to be at least somewhat accurate John.  your
"cablemodem hub-like device" is most likely a hub, which you share with
several other people, but no the whole subnet.  Two things to try, but first
two things you must do.
First of all, you must get rid of hunt, I don't know what this crap is or
where you dug it up, but it is time to delete it.
Second, didn't I tell you to upgrade your Ethereal?  Did you do that?
Version that comes with RedHat is old, same with the libpcap that comes with
RedHat.  I can help you upgrade both if you would like, email me personnaly
about that.
Now that the basics are solved, moving on to problem solving.
First idea (forgive me ALoR), ettercap.sourceforge.net
download it, compile it, and type "./ettercap -Nc"
This will check your entire subnet (reliably!) for duplicated MAC addresses.
The program also has much further implications that you can explore on your
own, or with my help, but that is not a topic for this list.
Second, Arpwatch is a good program to determine mismatched/problomatic
IP/MAC combinations, check it out, I like it a lot.  (it's on some lbl.gov
site).
Best luck, and BTW, I run RedHat7.2 and it works great for me, so if you
need any help (and frankly 7.2 is a problomatic distro in my experience)
don't hesitate to ask.

-Rick Farina
----- Original Message -----
From: "John E. Mayorga" <jmayorga5@xxxxxxxxx>
To: <ethereal-users@xxxxxxxxxxxx>
Cc: "Rick Farina" <farinard@xxxxxxxxxx>; "Guy Harris" <guy@xxxxxxxxxx>
Sent: Monday, April 22, 2002 01:12
Subject: Wierdness in CablemodemLand?


OK. I confused the situation, I guess. Let us wipe the
hard drive and start over. I will reconstruct the
scenario from scratch.

I have a Linux box with only one NIC (eth0) connected
by a CAT5 cable to my cablemodem. The cablemodem is
connected to my TV cable, which goes out to
CablemodemLand, and eventually, to the Internet. I
have NO router between my box and my cablemodem. Here
is how I visualize (or hallucinate) it:

My Linux box
      | <-CAT5 cable
My Cablemodem
      | <-Black coaxial TV cable going to the wall
Some hub-like device in CablemodemLand
      | <-CAT5 cable (or fiber?)
Some router in CablemodemLand
      | <-CAT5 cable (or fiber?)
The rest of CablemodemLand
      | <-Some fast pipe
The Internet

I believe that any communication between me and
everyone else on my cablemodem subnet goes through a
router, as evidenced by this little script I made to
run traceroute:

for d in $(seq 0 255); do
    echo
    traceroute -m 3 24.127.52.$d
done


Here is the output of the script:

traceroute to 24.127.52.1 (24.127.52.1), 3 hops max,
38 byte packets
 1  * * *
 2  * * *
 3  * * *

traceroute to 24.127.52.2 (24.127.52.2), 3 hops max,
38 byte packets
 1  c-24-127-52-1.we.client2.attbi.com (24.127.52.1)
12.861 ms  8.688 ms  9.804 ms
 2  c-24-127-52-2.we.client2.attbi.com (24.127.52.2)
36.418 ms  24.211 ms  17.123 ms

traceroute to 24.127.52.3 (24.127.52.3), 3 hops max,
38 byte packets
 1  c-24-127-52-1.we.client2.attbi.com (24.127.52.1)
8.594 ms  8.229 ms  7.683 ms
 2  c-24-127-52-3.we.client2.attbi.com (24.127.52.3)
30.710 ms  20.020 ms  22.567 ms

traceroute to 24.127.52.4 (24.127.52.4), 3 hops max,
38 byte packets
 1  c-24-127-52-1.we.client2.attbi.com (24.127.52.1)
9.547 ms  7.799 ms  30.048 ms
 2  c-24-127-52-4.we.client2.attbi.com (24.127.52.4)
64.313 ms  17.647 ms  40.554 ms

traceroute to 24.127.52.5 (24.127.52.5), 3 hops max,
38 byte packets
 1  c-24-127-52-1.we.client2.attbi.com (24.127.52.1)
8.445 ms  7.479 ms  8.230 ms
 2  c-24-127-52-5.we.client2.attbi.com (24.127.52.5)
629.591 ms  287.656 ms  468.429 ms

traceroute to 24.127.52.6 (24.127.52.6), 3 hops max,
38 byte packets
 1  c-24-127-52-1.we.client2.attbi.com (24.127.52.1)
32.718 ms  7.843 ms  8.603 ms
 2  * * *
 3  * * *

traceroute to 24.127.52.7 (24.127.52.7), 3 hops max,
38 byte packets
 1  c-24-127-52-1.we.client2.attbi.com (24.127.52.1)
24.676 ms  9.517 ms  9.311 ms
 2  c-24-127-52-7.we.client2.attbi.com (24.127.52.7)
26.035 ms  17.895 ms  16.057 ms

traceroute to 24.127.52.8 (24.127.52.8), 3 hops max,
38 byte packets
 1  c-24-127-52-1.we.client2.attbi.com (24.127.52.1)
10.852 ms  16.891 ms  14.634 ms
 2  * * *
 3  * * *

traceroute to 24.127.52.9 (24.127.52.9), 3 hops max,
38 byte packets
 1  c-24-127-52-1.we.client2.attbi.com (24.127.52.1)
9.447 ms  11.929 ms  10.144 ms
 2  c-24-127-52-9.we.client2.attbi.com (24.127.52.9)
17.247 ms  19.768 ms  21.184 ms

traceroute to 24.127.52.10 (24.127.52.10), 3 hops max,
38 byte packets
 1  c-24-127-52-10.we.client2.attbi.com (24.127.52.10)
 0.082 ms  0.065 ms  0.019 ms

traceroute to 24.127.52.11 (24.127.52.11), 3 hops max,
38 byte packets
 1  c-24-127-52-1.we.client2.attbi.com (24.127.52.1)
10.946 ms  9.845 ms  10.008 ms
 2  c-24-127-52-11.we.client2.attbi.com (24.127.52.11)
 22.315 ms  72.510 ms  50.399 ms

traceroute to 24.127.52.12 (24.127.52.12), 3 hops max,
38 byte packets
 1  c-24-127-52-1.we.client2.attbi.com (24.127.52.1)
11.272 ms  7.816 ms  11.236 ms
 2  c-24-127-52-12.we.client2.attbi.com (24.127.52.12)
 26.047 ms  17.113 ms  19.249 ms

traceroute to 24.127.52.13 (24.127.52.13), 3 hops max,
38 byte packets
 1  c-24-127-52-1.we.client2.attbi.com (24.127.52.1)
11.828 ms  9.249 ms  8.082 ms
 2  c-24-127-52-13.we.client2.attbi.com (24.127.52.13)
 40.670 ms  17.271 ms  20.813 ms

traceroute to 24.127.52.14 (24.127.52.14), 3 hops max,
38 byte packets
 1  c-24-127-52-1.we.client2.attbi.com (24.127.52.1)
8.609 ms  7.837 ms  7.974 ms
 2  c-24-127-52-14.we.client2.attbi.com (24.127.52.14)
 25.201 ms  17.533 ms  19.855 ms

traceroute to 24.127.52.15 (24.127.52.15), 3 hops max,
38 byte packets
 1  c-24-127-52-10.we.client2.attbi.com (24.127.52.10)
 2990.854 ms !H  2999.486 ms !H  2999.919 ms !H

traceroute to 24.127.52.16 (24.127.52.16), 3 hops max,
38 byte packets
 1  c-24-127-52-1.we.client2.attbi.com (24.127.52.1)
16.685 ms  10.077 ms  11.924 ms
 2  * * *
 3  * * *

traceroute to 24.127.52.17 (24.127.52.17), 3 hops max,
38 byte packets
 1  c-24-127-52-1.we.client2.attbi.com (24.127.52.1)
10.963 ms  12.966 ms  7.927 ms
 2  c-24-127-52-17.we.client2.attbi.com (24.127.52.17)
 23.943 ms  19.733 ms  108.442 ms

traceroute to 24.127.52.18 (24.127.52.18), 3 hops max,
38 byte packets
 1  c-24-127-52-1.we.client2.attbi.com (24.127.52.1)
8.401 ms  7.929 ms  8.022 ms
 2  c-24-127-52-18.we.client2.attbi.com (24.127.52.18)
 44.247 ms  21.426 ms  22.364 ms

traceroute to 24.127.52.19 (24.127.52.19), 3 hops max,
38 byte packets
 1  c-24-127-52-10.we.client2.attbi.com (24.127.52.10)
 2992.137 ms !H  2991.881 ms !H  2999.922 ms !H

traceroute to 24.127.52.20 (24.127.52.20), 3 hops max,
38 byte packets
 1  c-24-127-52-1.we.client2.attbi.com (24.127.52.1)
9.588 ms  9.820 ms  20.384 ms
 2  c-24-127-52-20.we.client2.attbi.com (24.127.52.20)
 29.184 ms  30.943 ms  18.647 ms


Subquestion - Why is it that when the script gets to
24.127.52.15,19,26,28, etc. the connection does not go
through the router? Are they actually connected to the
same cablemodem hub-like device that I am? Can someone
tell me the real name of this "cablemodem hub-like
device" so I can stop using this lame terminology?

I used pretty much the same script for ARPing 1.04.
Here is the output (which makes sense):

ARPING 24.127.52.1 from 24.127.52.10 eth0
Unicast reply from 24.127.52.1 [00:B0:8E:F7:3C:54]
8.803ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

ARPING 24.127.52.2 from 24.127.52.10 eth0
Unicast reply from 24.127.52.2 [00:D0:09:61:D7:2F]
9.601ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

ARPING 24.127.52.3 from 24.127.52.10 eth0
Unicast reply from 24.127.52.3 [00:04:5A:41:2C:F3]
51.540ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

ARPING 24.127.52.4 from 24.127.52.10 eth0
Unicast reply from 24.127.52.4 [00:02:E3:03:C4:E0]
9.096ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

ARPING 24.127.52.5 from 24.127.52.10 eth0
Unicast reply from 24.127.52.5 [00:10:4C:12:30:1E]
9.515ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

ARPING 24.127.52.6 from 24.127.52.10 eth0
Unicast reply from 24.127.52.6 [00:03:47:DB:D7:13]
31.087ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

ARPING 24.127.52.7 from 24.127.52.10 eth0
Unicast reply from 24.127.52.7 [00:00:C5:3C:9A:32]
12.555ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

ARPING 24.127.52.8 from 24.127.52.10 eth0
Sent 1 probes (1 broadcast(s))
Received 0 response(s)

ARPING 24.127.52.9 from 24.127.52.10 eth0
Unicast reply from 24.127.52.9 [00:04:5A:E5:9D:2C]
51.110ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

ARPING 24.127.52.10 from 24.127.52.10 eth0
Sent 1 probes (1 broadcast(s))
Received 0 response(s)
ARPING 24.127.52.11 from 24.127.52.10 eth0
Unicast reply from 24.127.52.11 [00:04:5A:2A:A1:5A]
57.094ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

ARPING 24.127.52.12 from 24.127.52.10 eth0
Unicast reply from 24.127.52.12 [00:E0:18:0B:59:D3]
12.825ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

ARPING 24.127.52.13 from 24.127.52.10 eth0
Sent 1 probes (1 broadcast(s))
Received 0 response(s)

ARPING 24.127.52.14 from 24.127.52.10 eth0
Unicast reply from 24.127.52.14 [00:E0:18:56:8C:B0]
46.400ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

ARPING 24.127.52.15 from 24.127.52.10 eth0
Sent 1 probes (1 broadcast(s))
Received 0 response(s)

ARPING 24.127.52.16 from 24.127.52.10 eth0
Unicast reply from 24.127.52.16 [00:10:B5:DB:5A:08]
10.529ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

ARPING 24.127.52.17 from 24.127.52.10 eth0
Unicast reply from 24.127.52.17 [00:00:C5:5D:46:0F]
74.859ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

ARPING 24.127.52.18 from 24.127.52.10 eth0
Unicast reply from 24.127.52.18 [00:10:4C:12:C8:50]
13.427ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

ARPING 24.127.52.19 from 24.127.52.10 eth0
Sent 1 probes (1 broadcast(s))
Received 0 response(s)

ARPING 24.127.52.20 from 24.127.52.10 eth0
Unicast reply from 24.127.52.20 [00:60:08:B1:2E:2A]
47.158ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

ARPING 24.127.52.21 from 24.127.52.10 eth0
Unicast reply from 24.127.52.21 [00:03:6D:13:E6:33]
13.618ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

ARPING 24.127.52.22 from 24.127.52.10 eth0
Unicast reply from 24.127.52.22 [00:03:47:D9:60:86]
89.945ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)


If I do an "nmap -sP 24.127.52.*", I get the following
output from nmap:

Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Host c-24-127-52-1.we.client2.attbi.com (24.127.52.1)
appears to be up.
Host c-24-127-52-2.we.client2.attbi.com (24.127.52.2)
appears to be up.
Host c-24-127-52-3.we.client2.attbi.com (24.127.52.3)
appears to be up.
Host c-24-127-52-4.we.client2.attbi.com (24.127.52.4)
appears to be up.
Host c-24-127-52-5.we.client2.attbi.com (24.127.52.5)
appears to be up.
Host c-24-127-52-7.we.client2.attbi.com (24.127.52.7)
appears to be up.
Host c-24-127-52-10.we.client2.attbi.com
(24.127.52.10) appears to be up.
Host c-24-127-52-12.we.client2.attbi.com
(24.127.52.12) appears to be up.
Host c-24-127-52-14.we.client2.attbi.com
(24.127.52.14) appears to be up.
Host c-24-127-52-17.we.client2.attbi.com
(24.127.52.17) appears to be up.
Host c-24-127-52-18.we.client2.attbi.com
(24.127.52.18) appears to be up.
Host c-24-127-52-20.we.client2.attbi.com
(24.127.52.20) appears to be up.
Host c-24-127-52-21.we.client2.attbi.com
(24.127.52.21) appears to be up.
Host c-24-127-52-23.we.client2.attbi.com
(24.127.52.23) appears to be up.
Host c-24-127-52-27.we.client2.attbi.com
(24.127.52.27) appears to be up.
Host c-24-127-52-32.we.client2.attbi.com
(24.127.52.32) appears to be up.
Host c-24-127-52-38.we.client2.attbi.com
(24.127.52.38) appears to be up.
Host c-24-127-52-41.we.client2.attbi.com
(24.127.52.41) appears to be up.
Host c-24-127-52-45.we.client2.attbi.com
(24.127.52.45) appears to be up.
Host c-24-127-52-50.we.client2.attbi.com
(24.127.52.50) appears to be up.
Host c-24-127-52-51.we.client2.attbi.com
(24.127.52.51) appears to be up.
Host c-24-127-52-53.we.client2.attbi.com
(24.127.52.53) appears to be up.
Host c-24-127-52-60.we.client2.attbi.com
(24.127.52.60) appears to be up.
Host c-24-127-52-62.we.client2.attbi.com
(24.127.52.62) appears to be up.
Host c-24-127-52-64.we.client2.attbi.com
(24.127.52.64) appears to be up.
Host c-24-127-52-67.we.client2.attbi.com
(24.127.52.67) appears to be up.
Host c-24-127-52-68.we.client2.attbi.com
(24.127.52.68) appears to be up.
Host c-24-127-52-75.we.client2.attbi.com
(24.127.52.75) appears to be up.
Host c-24-127-52-85.we.client2.attbi.com
(24.127.52.85) appears to be up.
Host c-24-127-52-86.we.client2.attbi.com
(24.127.52.86) appears to be up.
Host c-24-127-52-87.we.client2.attbi.com
(24.127.52.87) appears to be up.
Host c-24-127-52-88.we.client2.attbi.com
(24.127.52.88) appears to be up.
Host c-24-127-52-91.we.client2.attbi.com
(24.127.52.91) appears to be up.
Host c-24-127-52-92.we.client2.attbi.com
(24.127.52.92) appears to be up.
Host c-24-127-52-93.we.client2.attbi.com
(24.127.52.93) appears to be up.
Host c-24-127-52-99.we.client2.attbi.com
(24.127.52.99) appears to be up.
Host c-24-127-52-100.we.client2.attbi.com
(24.127.52.100) appears to be up.
Host c-24-127-52-101.we.client2.attbi.com
(24.127.52.101) appears to be up.
Host c-24-127-52-107.we.client2.attbi.com
(24.127.52.107) appears to be up.
Host c-24-127-52-111.we.client2.attbi.com
(24.127.52.111) appears to be up.
Host c-24-127-52-116.we.client2.attbi.com
(24.127.52.116) appears to be up.
Host c-24-127-52-119.we.client2.attbi.com
(24.127.52.119) appears to be up.
Host c-24-127-52-121.we.client2.attbi.com
(24.127.52.121) appears to be up.
Host c-24-127-52-122.we.client2.attbi.com
(24.127.52.122) appears to be up.
Host c-24-127-52-126.we.client2.attbi.com
(24.127.52.126) appears to be up.
Host c-24-127-52-129.we.client2.attbi.com
(24.127.52.129) appears to be up.
Host c-24-127-52-133.we.client2.attbi.com
(24.127.52.133) appears to be up.
Host c-24-127-52-136.we.client2.attbi.com
(24.127.52.136) appears to be up.
Host c-24-127-52-140.we.client2.attbi.com
(24.127.52.140) appears to be up.
Host c-24-127-52-141.we.client2.attbi.com
(24.127.52.141) appears to be up.
Host c-24-127-52-142.we.client2.attbi.com
(24.127.52.142) appears to be up.
Host c-24-127-52-146.we.client2.attbi.com
(24.127.52.146) appears to be up.
Host c-24-127-52-149.we.client2.attbi.com
(24.127.52.149) appears to be up.
Host c-24-127-52-151.we.client2.attbi.com
(24.127.52.151) appears to be up.
Host c-24-127-52-152.we.client2.attbi.com
(24.127.52.152) appears to be up.
Host c-24-127-52-153.we.client2.attbi.com
(24.127.52.153) appears to be up.
Host c-24-127-52-157.we.client2.attbi.com
(24.127.52.157) appears to be up.
Host c-24-127-52-158.we.client2.attbi.com
(24.127.52.158) appears to be up.
Host c-24-127-52-159.we.client2.attbi.com
(24.127.52.159) appears to be up.
Host c-24-127-52-160.we.client2.attbi.com
(24.127.52.160) appears to be up.
Host c-24-127-52-163.we.client2.attbi.com
(24.127.52.163) appears to be up.
Host c-24-127-52-165.we.client2.attbi.com
(24.127.52.165) appears to be up.
Host c-24-127-52-166.we.client2.attbi.com
(24.127.52.166) appears to be up.
Host c-24-127-52-167.we.client2.attbi.com
(24.127.52.167) appears to be up.
Host c-24-127-52-168.we.client2.attbi.com
(24.127.52.168) appears to be up.
Host c-24-127-52-176.we.client2.attbi.com
(24.127.52.176) appears to be up.
Host c-24-127-52-177.we.client2.attbi.com
(24.127.52.177) appears to be up.
Host c-24-127-52-179.we.client2.attbi.com
(24.127.52.179) appears to be up.
Host c-24-127-52-181.we.client2.attbi.com
(24.127.52.181) appears to be up.
Host c-24-127-52-182.we.client2.attbi.com
(24.127.52.182) appears to be up.
Host c-24-127-52-183.we.client2.attbi.com
(24.127.52.183) appears to be up.
Host c-24-127-52-184.we.client2.attbi.com
(24.127.52.184) appears to be up.
Host c-24-127-52-186.we.client2.attbi.com
(24.127.52.186) appears to be up.
Host c-24-127-52-187.we.client2.attbi.com
(24.127.52.187) appears to be up.
Host c-24-127-52-189.we.client2.attbi.com
(24.127.52.189) appears to be up.
Host c-24-127-52-191.we.client2.attbi.com
(24.127.52.191) appears to be up.
Host c-24-127-52-192.we.client2.attbi.com
(24.127.52.192) appears to be up.
Host c-24-127-52-199.we.client2.attbi.com
(24.127.52.199) appears to be up.
Host c-24-127-52-200.we.client2.attbi.com
(24.127.52.200) appears to be up.
Host c-24-127-52-204.we.client2.attbi.com
(24.127.52.204) appears to be up.
Host c-24-127-52-210.we.client2.attbi.com
(24.127.52.210) appears to be up.
Host c-24-127-52-211.we.client2.attbi.com
(24.127.52.211) appears to be up.
Host c-24-127-52-217.we.client2.attbi.com
(24.127.52.217) appears to be up.
Host c-24-127-52-218.we.client2.attbi.com
(24.127.52.218) appears to be up.
Host c-24-127-52-224.we.client2.attbi.com
(24.127.52.224) appears to be up.
Host c-24-127-52-230.we.client2.attbi.com
(24.127.52.230) appears to be up.
Host c-24-127-52-235.we.client2.attbi.com
(24.127.52.235) appears to be up.
Host c-24-127-52-236.we.client2.attbi.com
(24.127.52.236) appears to be up.
Host c-24-127-52-237.we.client2.attbi.com
(24.127.52.237) appears to be up.
Host c-24-127-52-239.we.client2.attbi.com
(24.127.52.239) appears to be up.
Host c-24-127-52-241.we.client2.attbi.com
(24.127.52.241) appears to be up.
Host c-24-127-52-250.we.client2.attbi.com
(24.127.52.250) appears to be up.
Host c-24-127-52-254.we.client2.attbi.com
(24.127.52.254) appears to be up.
Host c-24-127-52-255.we.client2.attbi.com
(24.127.52.255) appears to be up.

Nmap run completed -- 256 IP addresses (94 hosts up)
scanned in 23 seconds


If I try to collect MAC addresses using Hunt 1.5 to
collect MAC addresses, while sending out a "nmap -sP
24.127.52.*", the following is reported by Hunt, as if
it was indicating an error:

ARP: MAC src != ARP src for host 24.127.52.3

ARP: MAC src != ARP src for host 24.127.52.4

ARP: MAC src != ARP src for host 24.127.52.5

ARP: MAC src != ARP src for host 24.127.52.6

ARP: MAC src != ARP src for host 24.127.52.7

ARP: MAC src != ARP src for host 24.127.52.8

ARP: MAC src != ARP src for host 24.127.52.9

ARP: MAC src != ARP src for host 24.127.52.11

ARP: MAC src != ARP src for host 24.127.52.12

ARP: MAC src != ARP src for host 24.127.52.13

ARP: MAC src != ARP src for host 24.127.52.14

ARP: MAC src != ARP src for host 24.127.52.16

ARP: MAC src != ARP src for host 24.127.52.17

ARP: MAC src != ARP src for host 24.127.52.18

ARP: MAC src != ARP src for host 24.127.52.20

ARP: MAC src != ARP src for host 24.127.52.21

ARP: MAC src != ARP src for host 24.127.52.22

ARP: MAC src != ARP src for host 24.127.52.23

ARP: MAC src != ARP src for host 24.127.52.24

ARP: MAC src != ARP src for host 24.127.52.25

ARP: MAC src != ARP src for host 24.127.52.27

ARP: MAC src != ARP src for host 24.127.52.29

ARP: MAC src != ARP src for host 24.127.52.31

ARP: MAC src != ARP src for host 24.127.52.32

ARP: MAC src != ARP src for host 24.127.52.33

ARP: MAC src != ARP src for host 24.127.52.37

ARP: MAC src != ARP src for host 24.127.52.38

ARP: MAC src != ARP src for host 24.127.52.39

ARP: MAC src != ARP src for host 24.127.52.40

ARP: MAC src != ARP src for host 24.127.52.41

ARP: MAC src != ARP src for host 24.127.52.42

ARP: MAC src != ARP src for host 24.127.52.43

ARP: MAC src != ARP src for host 24.127.52.44

ARP: MAC src != ARP src for host 24.127.52.45

ARP: MAC src != ARP src for host 24.127.52.47

ARP: MAC src != ARP src for host 24.127.52.48

ARP: MAC src != ARP src for host 24.127.52.49

ARP: MAC src != ARP src for host 24.127.52.50

ARP: MAC src != ARP src for host 24.127.52.51

ARP: MAC src != ARP src for host 24.127.52.52

ARP: MAC src != ARP src for host 24.127.52.53

ARP: MAC src != ARP src for host 24.127.52.55

ARP: MAC src != ARP src for host 24.127.52.56

ARP: MAC src != ARP src for host 24.127.52.60

ARP: MAC src != ARP src for host 24.127.52.61

ARP: MAC src != ARP src for host 24.127.52.62

ARP: MAC src != ARP src for host 24.127.52.64

ARP: MAC src != ARP src for host 24.127.52.65
ARP: MAC src != ARP src for host 24.127.52.67
ARP: MAC src != ARP src for host 24.127.52.68
ARP: MAC src != ARP src for host 24.127.52.69
ARP: MAC src != ARP src for host 24.127.52.70
ARP: MAC src != ARP src for host 24.127.52.74
ARP: MAC src != ARP src for host 24.127.52.75
ARP: MAC src != ARP src for host 24.127.52.78
ARP: MAC src != ARP src for host 24.127.52.82
ARP: MAC src != ARP src for host 24.127.52.85
ARP: MAC src != ARP src for host 24.127.52.86
ARP: MAC src != ARP src for host 24.127.52.87
ARP: MAC src != ARP src for host 24.127.52.88
ARP: MAC src != ARP src for host 24.127.52.89
ARP: MAC src != ARP src for host 24.127.52.90
ARP: MAC src != ARP src for host 24.127.52.91
ARP: MAC src != ARP src for host 24.127.52.92
ARP: MAC src != ARP src for host 24.127.52.93
ARP: MAC src != ARP src for host 24.127.52.99
ARP: MAC src != ARP src for host 24.127.52.100
ARP: MAC src != ARP src for host 24.127.52.101
ARP: MAC src != ARP src for host 24.127.52.103
ARP: MAC src != ARP src for host 24.127.52.104
ARP: MAC src != ARP src for host 24.127.52.107
ARP: MAC src != ARP src for host 24.127.52.109
ARP: MAC src != ARP src for host 24.127.52.110
ARP: MAC src != ARP src for host 24.127.52.111
ARP: MAC src != ARP src for host 24.127.52.114
ARP: MAC src != ARP src for host 24.127.52.115
ARP: MAC src != ARP src for host 24.127.52.116
ARP: MAC src != ARP src for host 24.127.52.119
ARP: MAC src != ARP src for host 24.127.52.120
ARP: MAC src != ARP src for host 24.127.52.121
ARP: MAC src != ARP src for host 24.127.52.122
ARP: MAC src != ARP src for host 24.127.52.123
ARP: MAC src != ARP src for host 24.127.52.124
ARP: MAC src != ARP src for host 24.127.52.125
ARP: MAC src != ARP src for host 24.127.52.126
ARP: MAC src != ARP src for host 24.127.52.129
ARP: MAC src != ARP src for host 24.127.52.131
ARP: MAC src != ARP src for host 24.127.52.133
ARP: MAC src != ARP src for host 24.127.52.134
ARP: MAC src != ARP src for host 24.127.52.135
ARP: MAC src != ARP src for host 24.127.52.136
ARP: MAC src != ARP src for host 24.127.52.138
ARP: MAC src != ARP src for host 24.127.52.140
ARP: MAC src != ARP src for host 24.127.52.141
ARP: MAC src != ARP src for host 24.127.52.142
ARP: MAC src != ARP src for host 24.127.52.146
ARP: MAC src != ARP src for host 24.127.52.149
ARP: MAC src != ARP src for host 24.127.52.150
ARP: MAC src != ARP src for host 24.127.52.151
ARP: MAC src != ARP src for host 24.127.52.152
ARP: MAC src != ARP src for host 24.127.52.153
ARP: MAC src != ARP src for host 24.127.52.155
ARP: MAC src != ARP src for host 24.127.52.157
ARP: MAC src != ARP src for host 24.127.52.158
ARP: MAC src != ARP src for host 24.127.52.159
ARP: MAC src != ARP src for host 24.127.52.160
ARP: MAC src != ARP src for host 24.127.52.161
ARP: MAC src != ARP src for host 24.127.52.163
ARP: MAC src != ARP src for host 24.127.52.165
ARP: MAC src != ARP src for host 24.127.52.166
ARP: MAC src != ARP src for host 24.127.52.167
ARP: MAC src != ARP src for host 24.127.52.168
ARP: MAC src != ARP src for host 24.127.52.172
ARP: MAC src != ARP src for host 24.127.52.173
ARP: MAC src != ARP src for host 24.127.52.175
ARP: MAC src != ARP src for host 24.127.52.176
ARP: MAC src != ARP src for host 24.127.52.177
ARP: MAC src != ARP src for host 24.127.52.178
ARP: MAC src != ARP src for host 24.127.52.179
ARP: MAC src != ARP src for host 24.127.52.181
ARP: MAC src != ARP src for host 24.127.52.182
ARP: MAC src != ARP src for host 24.127.52.183
ARP: MAC src != ARP src for host 24.127.52.184
ARP: MAC src != ARP src for host 24.127.52.185
ARP: MAC src != ARP src for host 24.127.52.186
ARP: MAC src != ARP src for host 24.127.52.187
ARP: MAC src != ARP src for host 24.127.52.189
ARP: MAC src != ARP src for host 24.127.52.190
ARP: MAC src != ARP src for host 24.127.52.191
ARP: MAC src != ARP src for host 24.127.52.192
ARP: MAC src != ARP src for host 24.127.52.193
ARP: MAC src != ARP src for host 24.127.52.196
ARP: MAC src != ARP src for host 24.127.52.199
ARP: MAC src != ARP src for host 24.127.52.200
ARP: MAC src != ARP src for host 24.127.52.203
ARP: MAC src != ARP src for host 24.127.52.204
ARP: MAC src != ARP src for host 24.127.52.205
ARP: MAC src != ARP src for host 24.127.52.208
ARP: MAC src != ARP src for host 24.127.52.210
ARP: MAC src != ARP src for host 24.127.52.211
ARP: MAC src != ARP src for host 24.127.52.212
ARP: MAC src != ARP src for host 24.127.52.215
ARP: MAC src != ARP src for host 24.127.52.217
ARP: MAC src != ARP src for host 24.127.52.218
ARP: MAC src != ARP src for host 24.127.52.220
ARP: MAC src != ARP src for host 24.127.52.221
ARP: MAC src != ARP src for host 24.127.52.224
ARP: MAC src != ARP src for host 24.127.52.230
ARP: MAC src != ARP src for host 24.127.52.235
ARP: MAC src != ARP src for host 24.127.52.236
ARP: MAC src != ARP src for host 24.127.52.237
ARP: MAC src != ARP src for host 24.127.52.239
ARP: MAC src != ARP src for host 24.127.52.241
ARP: MAC src != ARP src for host 24.127.52.246
ARP: MAC src != ARP src for host 24.127.52.248
ARP: MAC src != ARP src for host 24.127.52.249
ARP: MAC src != ARP src for host 24.127.52.250
ARP: MAC src != ARP src for host 24.127.52.252
ARP: MAC src != ARP src for host 24.127.52.254
ARP: MAC src != ARP src for host 24.127.52.255


Now, when I press "h" to tell Hunt to dump the MACs it
collected, I get:

--- mac table ---
24.127.52.1              00:B0:8E:F7:3C:54
24.127.52.10             00:01:02:84:77:E2
--- mac disc. daemon --- rcvpkt 2425, free/alloc 63/64
---M---


Strange, only two MAC addresses. If I poke through the
traffice that I had generated with the "nmap -sP
24.127.52.*" using Ethereal, any responses from the
machines nmap was communicating with (mostly http
responses) gives the following Layer 2 info:

For "Ethernet II" it gives the MAC of the router (and
it resolves to the router's IP on the same line)

For the IP layer on the "Internet Protocol" line it
gives Source: as the machine nmap was communicating
with at the time.

Helpful hints: It was explained to me during the
installation that I was the only one on my segment,
which is believable, considering my location. My
network mask is: 255.255.254.0

I am including an attachment of the Ethereal log of
another "nmap 24.127.52.*", done about 15 minutes
after the first.

>From this:
1) Can anyone give me clues about how my cablemodem
network configuration might be layed out (by at&t
@home)?

2) Can anyone tell me why the MAC addresses reported
by Ethereal are all that of the router?

3) Is there any strangeness going on here, or am I a
bonehead. The latter answer is OK if you explain why.
:-)

Thanx,

John

P.S. I'll even include a subject header this time...


__________________________________________________
Do You Yahoo!?
Yahoo! Games - play chess, backgammon, pool and more
http://games.yahoo.com/