Wireshark-users: Re: [Wireshark-users] Ping Replys without Request
From: "STEINECKE Michael SD-G (AREVA NP GmbH)" <Michael.Steinecke@xxxxxxxxx>
Date: Wed, 30 Aug 2006 15:35:59 +0200
Hello Petr, they belong to the devices. I've uploaded a sample for the scenario, you'll find it here: http://rapidshare.de/files/31314716/echo_reply_sample.pcap Michael Steinecke > -----Ursprüngliche Nachricht----- > Von: wireshark-users-bounces@xxxxxxxxxxxxx > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] Im Auftrag von > Petr Vácha > Gesendet: Mittwoch, 30. August 2006 15:00 > An: Community support list for Wireshark > Betreff: Re: [Wireshark-users] Ping Replys without Request > > No, I mean MAC addresses that are present in the ICMP > replies.... if they really belong to devices involved or are > different. > > Petr > > > -----Original Message----- > > From: wireshark-users-bounces@xxxxxxxxxxxxx > > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of > STEINECKE > > Michael SD-G (AREVA NP GmbH) > > Sent: Wednesday, August 30, 2006 2:57 PM > > To: Community support list for Wireshark > > Subject: Re: [Wireshark-users] Ping Replys without Request > > > > Hello Petr, > > > > you mean if displayed the MAC-adress resolution instead of the > > MAC-adress? > > Then thea answer is yes. But this is only a setting in wireshark i > > think. > > > > Michael Steinecke > > > > > -----Ursprüngliche Nachricht----- > > > Von: wireshark-users-bounces@xxxxxxxxxxxxx > > > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] Im Auftrag > von Petr > > > Vácha > > > Gesendet: Dienstag, 29. August 2006 10:51 > > > An: Community support list for Wireshark > > > Betreff: Re: [Wireshark-users] Ping Replys without Request > > > > > > Hello, > > > we have come up with the similar problem once, but I need you to > > > answer the following question to see if it's really the same > > > situation: > > > > > > Are MAC address in the ICMP packet really present in your > network or > > > are they something like DigitalEquipment_00-02-01 (one > such is the > > > source and one is the destination)? > > > > > > Petr Vacha > > > > > > > -----Original Message----- > > > > From: wireshark-users-bounces@xxxxxxxxxxxxx > > > > [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of > > > Jim Young > > > > Sent: Monday, August 28, 2006 5:25 PM > > > > To: wireshark-users@xxxxxxxxxxxxx > > > > Subject: Re: [Wireshark-users] Ping Replys without Request > > > > > > > > Hello Michael, > > > > > > > > >>> "STEINECKE Michael SD-G (AREVA NP GmbH)" > > > > <Michael.Steinecke@xxxxxxxxx> 08/28/06 4:33 AM >>> > > > > > Hello folks, > > > > > > > > > > i've a bit strange issue in the communication between a > > Server and > > > > his > > > > > client (a microcontroler). > > > > > The controler send "Echo Reply" packets without a > corresponding > > > > ICMP > > > > > requests. Is there another way how this can happen then > > an program > > > > or > > > > > firmware error? Something like an TCP packet that > > requests a ICMP > > > > Echo > > > > > par example? > > > > > > > > > > Best Regards > > > > > Michael Steinecke > > > > > > > > Does you controller have multiple NIC interfaces? If so, then > > > > depending on how you've set up your route statements on the > > > controller > > > > (assuming that you can) it's possible that replies received > > > on one NIC > > > > interface will be returned out a different > > > > NIC interface. IP addresses more than one hop away could > > > > be taking a "default" route (out the NIC interface towards your > > > > server). > > > > > > > > Take a look at the destination IP address (where the ping > > reply is > > > > supposed to go to) and the destination MAC address for the > > > ping reply. > > > > This should give you a clue on who/what might be generating the > > > > original request. > > > > > > > > Then again if it's some type of specialized controller, then I > > > > wouldn't be surprised to see the vendor doing something > > > non-conventual > > > > like using ICMP echo replies to send signalling > > > > information to some other station(s). > > > > > > > > I've also seen some devices that use an an undocumented > > private NIC > > > > setup internally. I've had a few occasions where these > back-end > > > > packets have leaked out the one public NIC. > > > > > > > > I hope this find this useful. > > > > > > > > Jim Young > > > > > > > > > > > > > > > > _______________________________________________ > > > > Wireshark-users mailing list > > > > Wireshark-users@xxxxxxxxxxxxx > > > > http://www.wireshark.org/mailman/listinfo/wireshark-users > > > > > > > _______________________________________________ > > > Wireshark-users mailing list > > > Wireshark-users@xxxxxxxxxxxxx > > > http://www.wireshark.org/mailman/listinfo/wireshark-users > > > > > _______________________________________________ > > Wireshark-users mailing list > > Wireshark-users@xxxxxxxxxxxxx > > http://www.wireshark.org/mailman/listinfo/wireshark-users > > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > http://www.wireshark.org/mailman/listinfo/wireshark-users >
- References:
- Re: [Wireshark-users] Ping Replys without Request
- From: Petr Vácha
- Re: [Wireshark-users] Ping Replys without Request
- Prev by Date: Re: [Wireshark-users] Ping Replys without Request
- Next by Date: Re: [Wireshark-users] Using with a switch
- Previous by thread: Re: [Wireshark-users] Ping Replys without Request
- Next by thread: [Wireshark-users] Ping Replys without Request
- Index(es):