See below.
At 02:31 PM 3/10/02 -0500, Jeff wrote:
>First this is not part of the previous postings concerning AOL dial-outs
>on an internal network.
>
>I have a small home network of 5 machines including the LEAF box and
>have been running Eigerstein for about 6 -7 months with little if no
>problems.
>
>But, I am seeing the following:
>Mar 10 15:06:16 myrouter kernel: martian destination f9260000 from
>eb02a8c0, dev eth1
>Mar 10 15:06:40 myrouter last message repeated 8 times
>
>First of all, eth1 is my internal network. Second what are those
>numbers? They are not MAC addresses, only 32, not 48 bits. Even if they
>are hex for IP x.x.x.x, they don't correspond to my internal network,
>192.168.2.x
>
>What are those numbers representing? So maybe I can figure out where to
>look for what is causing them them.
Haven't we done a FAQ answer for this one? I guess not, since it keeps
coming up. So let me try a first draft of one here, to respond to Jeff.
Q. What do the numbers reported in log entries of martian packets mean?
A. They are the source and destination IP addresses of the packet, just
written in a hard-to-read form. They are hexadecimal (base-16) numbers,
written with the 4 bytes in the opposite order from what you are used to.
Here is the secret decoder ring for them.
Reported address: eb02a8c0
Broken up into bytes: eb 02 a8 c0
Translated to decimal: 235 002 168 192
Reverse byte order: 192.168.2.235
If you are unfamiliar with hex numbers, they use the characters a-f to stand
for 10-15 respectively. To translate a hex-format byte XY to decimal, use
this formula:
decimal value = x * 16 + y
where x = 0 iff X == 0
1 iff X == 1
2 iff X == 2
3 iff X == 3
4 iff X == 4
5 iff X == 5
6 iff X == 6
7 iff X == 7
8 iff X == 8
10 iff X == 9
11 iff X == a
12 iff X == b
13 iff X == c
14 iff X == d
15 iff X == e
and y and Y have the same relationship as x and X.
So, Jeff, the source is 192.168.2.235, an address that is at least plausible
as part of your LAN. What is "martian" about the example you listed is the
destination address, f9260000, which you can translate for yourself using
the procedure I illustrated above (and, having done so, you can post a
followup suggesting ways to make the FAQ clearer).
--
------------------------------------"Never tell me the odds!"---
Ray Olszewski -- Han Solo
Palo Alto, CA [EMAIL PROTECTED]
----------------------------------------------------------------
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
