Wireshark-users: Re: [Wireshark-users] Tons of ARP packets...?
From: "Frank Bulk" <frnkblk@xxxxxxxxx>
Date: Thu, 12 Jul 2007 22:50:54 -0500
For a time I had a user that passed me their iptables logs regarding this traffic...once I saw what it was, I had to assure him that this was normal. Frank -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Randy.Grein@xxxxxxxxxxxxxx Sent: Wednesday, July 11, 2007 10:37 AM To: Community support list for Wireshark Subject: Re: [Wireshark-users] Tons of ARP packets...? Guy, As you suspected Comcast Cable is a shared medium. ARP traffic is high as there are multiple class C subnets on the network; it was an interesting little tidbit I discovered when I migrated to it. It's surprising the first time you see it, but it does work fairly well. Randy Grein Network Engineer Guy Harris <guy@xxxxxxxxxxxx> Sent by: wireshark-users-bounces@xxxxxxxxxxxxx 07/11/2007 01:19 AM Please respond to Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> To Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> cc weconsultants@xxxxxxxxx Subject Re: [Wireshark-users] Tons of ARP packets...? Richard Mundell wrote: > ARP traffic appears to be what is essentially administrative traffic from > other DSL customers Not likely, given that he's not using DSL, he's using a cable modem; as he said: > I have a Comcast Internet Cable connection. DSL connections are point-to-point, so you shouldn't see traffic to or from other customers (unless you're communicating directly with one of those customers). I have the impression that at least some cable modem connections are more like Ethernets, in that you're on a common network with some other customers, and can see their traffic. I don't know whether that's the case here, however; the ARP requests *are* being sent from what appears to be a wide variety of IP addresses, so they could be from other clients on the net. > (on the internet side of your connection) so your ISP's > router can figure out IP address to Ethernet address mappings (might also be > DHCP traffic... Not sure if that shows up in Wireshark as ARP traffic... Given that IP address to Ethernet address mappings are done by making ARP requests, they'll probably show up in Wireshark as ARP traffic. > The other traffic in the capture is a high volume of (failed) DNS lookups > from your PC to a host called xxz0n3dxx.dyndns.org. I've confirmed this DNS > entry doesn't exist, Or, at least, it didn't exist at the time you tried it. "dyndns" stands for "Dynamic DNS"; one service that DynDNS provides is free Dynamic DNS: http://www.dyndns.com/services/dns/dyndns/ which lets you register a given IP address, even if it's not a static IP address, with a particular host name. That page indicates what that can be used for. Now: > but I'm wondering if you might have some malware on > your PC which is trying to "phone home". ...why some software on his machine is trying to contact that machine is another question; perhaps it's safe, but perhaps it's not. _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-users - ------------------------- CONFIDENTIALITY NOTICE: The information in this message may be proprietary and/or confidential, and is intended only for the use of the individual(s) to whom this email is addressed. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this email and deleting this email from your computer. Nothing contained in this email or any attachment shall satisfy the requirements for contract formation or constitute an electronic signature. _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-users
- References:
- Re: [Wireshark-users] Tons of ARP packets...?
- From: Guy Harris
- Re: [Wireshark-users] Tons of ARP packets...?
- From: Randy . Grein
- Re: [Wireshark-users] Tons of ARP packets...?
- Prev by Date: Re: [Wireshark-users] Beginner
- Next by Date: Re: [Wireshark-users] Beginner
- Previous by thread: Re: [Wireshark-users] Tons of ARP packets...?
- Next by thread: Re: [Wireshark-users] Tons of ARP packets...?
- Index(es):