Wireshark-users: Re: [Wireshark-users] Wireshark-users Digest, Vol 17, Issue 16
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: James Ortega <admiral.ross@xxxxxxxxx>
Date: Sat, 13 Oct 2007 08:20:27 -0700 (PDT)
Thanks Chad for replying.  This is driving me nuts because I really don't know what it all means and how to turn it all off.  As for the packet that is what syslog shows.  I'm assuming the rest of it get truncated.  In addition, I don't have any mac with that manufacture in my network.  I'm wondering if I turn off DHCP to test for a day or two will these messages disappear.  Now if I can get a packet analyzer to pick up the data from mysql it would be able to tell me what everything is.  Maybe even give me stats and graphs, like Ntop. 
 

MSN: admiral.ross, Y!: admiral.ross, AIM: admiralwross
http://r-loc-one.com, http://stb575.com
-----Inline Attachment Follows-----

No IP UDP forwarder (aka IP helper or DHCP helper) configured on the router would be my guess.  Since the packet has a source address, I'll also guess that these are rebind packets instead of renews or discovers, but you didn't post the whole frame...  Source mac info points to:

00-01-5C   (hex)        CADANT INC.
00015C     (base 16)        CADANT INC.
                4343 Commerce Court - Ste. #207
                Lisle IL 60532
                UNITED STATES