Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: tcpdump: strange logging?
Special Forums IP Networking tcpdump: strange logging? Post 302170612 by bakunin on Tuesday 26th of February 2008 04:52:33 AM
Old 02-26-2008
To be honest: i have no idea.

Having said this, here is a suspicion: as long as you can arp someone you can have a connection. it doesn't matter that layer 3 wouldn't work when your layer 2 already handles the connection.

Have you looked in your ARP-cache which MAC adress this strange adress maps to?

bakunin
 

10 More Discussions You Might Find Interesting

1. Programming

How To Use tcpdump

I have two net-card. one is 172.16.24.99(ENG) ,another is 172.16.25.99(ENG-B). Both masks is 255.255.255.0. I will monitor data on the tcp port 8055 in ENG, How do I set option of tcpdump command (2 Replies)
Discussion started by: chenhao_no1
2 Replies

2. UNIX for Dummies Questions & Answers

tcpdump

does anybody know what the -d -dd and -ddd options are used for ? thanks (2 Replies)
Discussion started by: ant04
2 Replies

3. IP Networking

tcpdump question

Hi, I got the following question regarding tcpdump and I would appreciate your help/feedback: --Scenario I am instructed to capture the network traffic by getting the tcpdump data/files of our network for every hour. --Problem Some of the connections are still open when the capture is done... (1 Reply)
Discussion started by: jinsunnyvale
1 Replies

4. Cybersecurity

i would like to know about tcpdump

i would like to know about tcpdump i would like to use tcpdump to get information about these - Date - time - source hostname - source mac address - source ip address - destination ip address - see outbound only then i use command like this tcpdump -i le0 -n -q -tttt -e src net... (0 Replies)
Discussion started by: chamnanpol
0 Replies

5. IP Networking

i would like to know about tcpdump

i would like to know about tcpdump i would like to use tcpdump to get information about these - Date - time - source hostname - source mac address - source ip address - destination ip address - see outbound only then i use command like this tcpdump -i le0 -n -q -tttt -e src net... (2 Replies)
Discussion started by: chamnanpol
2 Replies

6. Post Here to Contact Site Administrators and Moderators

Constant Logging In (After Logging Out)

Hi Everyone. First, I want to thank all of you for letting me participate in this great group. I am having a bit of a problem. After I get an email from a responder, I login to make my reply. In the mean time I get another response by email from another member, I go to reply to them and I... (6 Replies)
Discussion started by: Ccccc
6 Replies

7. Debian

Tcpdump Help !

Hi. Need Help with TcpDump Trying to sniff associatio-request with tcpdump but when i run this tcpdump -i eth0 wlan subtype assoc-req i get this error can anyone help me with this error ? Thanks alot !!:) (1 Reply)
Discussion started by: SoulZB
1 Replies

8. Cybersecurity

Need Help with this TCPDUMP output...

Hello everyone, so I'm getting this tcpdump, and it looks like..quite a mess... Can anyone decipher this? I can tell that one IP is requesting DNS info? but I'm having trouble finding out what some of the fields actually mean.. 19:44:50.707637 IP 66.81.1.252.53 > 64.147.113.139.28638: 52313... (4 Replies)
Discussion started by: Lost in Cyberia
4 Replies

9. Linux

Syslog not logging successful logging while unlocking server's console

When unlocking a Linux server's console there's no event indicating successful logging Is there a way I can fix this ? I have the following in my rsyslog.conf auth.info /var/log/secure authpriv.info /var/log/secure (1 Reply)
Discussion started by: walterthered
1 Replies

10. IP Networking

TCPdump

I've recently started learning to use TCPdump, and I find it pretty interesting. There's one thing I don't understand. When I tell it to capture packets on, say, the WiFi interface en1, it often captures packets sent or received by other hosts on the network. How can it do this? My... (3 Replies)
Discussion started by: Ultrix
3 Replies

LEARN ABOUT HPUX

arp

arp(7P) 																   arp(7P)

NAME

       arp - Address Resolution Protocol

DESCRIPTION

       ARP is a protocol used to dynamically map between DARPA Internet and hardware station addresses.  It is used by all LAN drivers.

       ARP caches Internet-to-hardware station address mappings.  When an interface requests a mapping for an address not in the cache, ARP queues
       the message that requires the mapping, and broadcasts a message on the associated network requesting the address mapping if the	encapsula-
       tion  method has been enabled for the interface.  If a response is provided, the new mapping is cached and any pending message is transmit-
       ted.  ARP queues at most one packet while waiting for a mapping request to be responded to; only the most recently  ``transmitted''  packet
       is kept.

       To  facilitate  communications with systems that do not use ARP, calls are provided to enter and delete entries in the Internet-to-hardware
       station address tables.

   Application Usage:
       Each call takes the same structure as an argument.  sets an ARP entry, gets an ARP entry, and deletes an ARP entry.   These  calls  can	be
       applied to any socket descriptor s, but only by the super-user.	The structure contains:

       The  address  family for the must be for the it must be The only flag bits that can be written are and Fibre Channel hosts only support the
       flag.  causes the entry to be permanent.  specifies that the ARP code should respond to ARP requests for the  indicated	host  coming  from
       other  machines.   This	allows	a host to act as an ARP server, which may be useful in convincing an ARP-only machine to talk to a non-ARP
       machine.

       ARP watches passively for hosts impersonating the local host (i.e., a host that responds to an ARP mapping request  for	the  local  host's
       address).

DIAGNOSTICS

       This message printed on the console screen means that
	    ARP has discovered another host on the local network that responds to mapping requests for its own Internet address.

WARNINGS

       To enable the encapsulation method, use the command (see ifconfig(1M)).

AUTHOR

       ARP was developed by the University of California, Berkeley.

SEE ALSO

       ifconfig(1M), inet(3N), lan(7), arp(1M).

       RFC826, Dave Plummer, Network Information Center, SRI.

																	   arp(7P)
All times are GMT -4. The time now is 03:43 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy