Hey Michael,
Found out some more info for this issue - forgot to mail to the list
previously, but here is pretty much everything you ever wanted to know about
those pesky martian packets:
as you explained
> martian source 3edb5d3f for 03db5d3f, dev eth1
> 3edb5d3f == 63.93.219.62 = source IP
> 03db5d3f == 63.93.219.3 = destination IP (may actually be your subnet
>broadcast address on the external interface - can't tell without gateway
>and subnet info tho)
now for the header
> ll header: ff ff ff ff ff ff 00 30 c1 d8 b6 80 08 06
ff ff ff ff ff ff = destination MAC address - this equates to a binary of
11111111 11111111 11111111 11111111 11111111 11111111 or simply a broadcast
to anything on the LAN with a MAC address - probably shouldn't be forwarded
off the LAN in any case
00 30 c1 d8 b7 80 = Source MAC address
Remaining characters define the ARP Protocol type:
arp packet type 08:06
arp_hrd 00:01 /* Ethernet1*/ arp_prot
08:00 /* IP=0x800 */ arp_hlen 06
/* hlen = 6 */ arp_plen 04
/* plen = 4 */ arp_op 00:01 /* arp
ARP_REQ*/ arp_sha 00:c0:7b:61:44:fe /* 123 */ arp_spa
cc:b2:d7:7b /* 123 */ arp_tha
00:00:00:00:00:00
arp_tpa cc:b2:d7:13 /* 19 */
All info gathered from
http://www.cpm.ru/service/manuals/pipeline/pipe130/6.0.0/usergde/filter.htm
and
http://lists.suse.com/archive/suse-linux-e/2000-Jul/0282.html
Hope it helps a little
Simon
>From: "Michael D. Schleif" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: LEAF <[EMAIL PROTECTED]>
>Subject: [Leaf-user] Martians: please, help track this one down ???
>Date: Mon, 29 Oct 2001 22:33:15 -0600
>
>
>Yes, I know what martians are. Yes, I know how they can occur.
>
>No, I do not know how to locate and eradicate this one ;<
>
> martian source 3edb5d3f for 03db5d3f, dev eth1
> ll header: ff ff ff ff ff ff 00 30 c1 d8 b6 80 08 06
>
> 3edb5d3f == 63.93.219.62
> 03db5d3f == 63.93.219.3
>
>However, now that I know that it's there, on a network from which it
>cannot escape, *HOW* do I track it down?
>
>How do we interpret that second line?
>
>Am I right in assuming that the MAC address is buried somewhere in line
>2?
>
>Anybody have any suggestions on how to locate this ugly bugger?
>
>What do you think?
>
>--
>
>Best Regards,
>
>mds
>mds resource
>888.250.3987
>
>Dare to fix things before they break . . .
>
>Our capacity for understanding is inversely proportional to how much we
>think we know. The more I know, the more I know I don't know . . .
>
>_______________________________________________
>Leaf-user mailing list
>[EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/leaf-user
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
