I've tried the access list:
Access-list 110 deny ip host 127.0.0.1 172.30.1.0 0.0.0.255
Access-list 110 permit ip any any
applied to the inner interface on the router.
Ip access-group 110 out
Didn't help, the packets in question still arrives. The funny part is, I
have WireShark installed on both hosts, and whatever host I'm sniffing from,
that host's packets shows up correctly while packets to/from the other host
generates packets from 127.0.0.1 *with the same DEC MAC addresses*
Probably a simple explanation, but...
Way beyon me
Ove
-----Opprinnelig melding-----
Fra: Joerg Mayer [mailto:jmayer@xxxxxxxxx]
Sendt: 11. august 2006 13:50
Til: Community support list for Wireshark
Emne: Re: [Wireshark-users] Odd packets
On Fri, Aug 11, 2006 at 08:16:03AM +0200, Ove Fagerheim wrote:
> Telnet from this other host works like charm. Telnet, ping/traceroute,
ftp,
> tftp and citrix/rdp all works fine from both hosts. The problem is the
> ip-phone. After finished the tftp download from the PBX/call manager it
just
> don't connect. That's the reason for the ethereal trouble.
>
> All MAC adresses are unique:
>
> Host1: 00:40:33:e1:85:46
> Host2: 00:08:02:69:1f:e4
> Ip-phone: 00:80:9f:56:ef:09
> Cisco: 00:17:0e:b0:ea:70
>
> Packets from 127.0.0.1 has:
> Src: 08:00:2b:00:dc:dc
> Dst: 08:00:2b:00:01:02
>
> I've installed ethereal on the other host too. The packets here too show
up
> with the abowe src and dst.
Do these packets (127.0.0.1) arrive via the router or are they from a
machine
on the local subnet? To find out, just put an access-list on the router,
denying packets with source 127.0.0.1 (don't forget a "log-input") and check
whether the counter increases (and log messages).
Ciao
Joerg
--
Joerg Mayer <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
