Re: what's 224.0.0.0 -- and other newbie net-questions
On Fri, Jun 23, 2000 at 08:03:21AM +0100, Tom Furie wrote: > On Thu, Jun 22, 2000 at 01:08:02AM -0500, Will Trillich wrote: > > > Q: what's the 224.0.0.0 ip/netmask for? > That's for multicast. I don't know much about multicast, maybe someone > else can help there. According to Stevens "TCP/IP Illustrated Vol. 1" 24.220.0.2 is "all routers on this subnet", and ICMP type 10 is router solicitation (router discovery). This information can also be found in RFC 1700 "Assigned Numbers" (STD0002), but it's not quite the same read as Stevens ... -- Nathan Norman "Eschew Obfuscation" Network Engineer GPG Key ID 1024D/51F98BB7http://home.midco.net/~nnorman/ Key fingerprint = C5F4 A147 416C E0BF AB73 8BEF F0C8 255C 51F9 8BB7 pgpp6JlEOvlCr.pgp Description: PGP signature
Re: what's 224.0.0.0 -- and other newbie net-questions
On Thu, Jun 22, 2000 at 01:08:02AM -0500, Will Trillich wrote: > Q: what's the 224.0.0.0 ip/netmask for? That's for multicast. I don't know much about multicast, maybe someone else can help there. > Q: what's the scheme behind ports '* -> *'? From any port to any port. > Jun 20 00:18:00 server kernel: IP fw-in deny eth0 ICMP/10 172.146.51.93 > 224.0.0.2 L=28 S=0x00 I=50959 F=0x T=128 > Jun 20 00:18:03 server kernel: IP fw-in deny eth0 ICMP/10 172.146.51.93 > 224.0.0.2 L=28 S=0x00 I=51215 F=0x T=128 > Jun 20 00:17:57 server kernel: IP fw-in deny eth0 ICMP/10 172.146.51.93 > 224.0.0.2 L=28 S=0x00 I=50191 F=0x T=128 > > there's that 224.0.0.* address, which may be unrelated. > > the other address is always a 172.*.*.* number; the addresses > change, but for each 172.*.*.* address there's always four > to twleve hits or so. The 172.146.51.93 resolves to AC92335D.ipt.aol.com and 224.0.0.2 resolves to ALL-ROUTERS.MCAST.NET, so it looks as though something at AOL is broadcasting something to all multicast routers. Cheers, Tom -- Do you guys know what you're doing, or are you just hacking? pgpfMwpKcDbPS.pgp Description: PGP signature
Re: what's 224.0.0.0 -- and other newbie net-questions
Will Trillich <[EMAIL PROTECTED]> writes: > On my `ipfwadm -leO` output i notice among other rules... > > IP firewall output rules, default policy: deny > pkts bytes type prot opt tosa tosx source destination ports > 0 0 acc udp 0xFF 0x00 0.0.0.0/0 224.0.0.0/4 * -> * > 0 0 acc icmp 0xFF 0x00 0.0.0.0/0 224.0.0.0/4 * > [columns omitted for space] > > this is something that appeared after an 'apt-get upgrade' > (currently in frozen with a slink kernel). > Q: what's the 224.0.0.0 ip/netmask for? > Q: what's the scheme behind ports '* -> *'? > > With a netmask of /4 digits, the 224 (decimal) translates to > 'E0' (hex); so valid values for the first 'dot' are anything > from 224 (E0) to 239 (EF). I'm familiar with some reserved > blocks of IP numbers, such as 168.192.*.* and 127.0.0.1 -- > so, what's (E*).*.*.* for? Hi, AFAIK 224.0.0.0 is the adress for multicasting. You can enable/disable this in the 2.2.x kernel Regs Baer -- You will pay for your sins. If you have already paid, please disregard this message. ;-)
what's 224.0.0.0 -- and other newbie net-questions
Here are some newbie-like networking questions that i hope some of you experts can elucidate for me: On my `ipfwadm -leO` output i notice among other rules... IP firewall output rules, default policy: deny pkts bytes type prot opt tosa tosx source destination ports 0 0 acc udp 0xFF 0x00 0.0.0.0/0 224.0.0.0/4 * -> * 0 0 acc icmp 0xFF 0x00 0.0.0.0/0 224.0.0.0/4 * [columns omitted for space] this is something that appeared after an 'apt-get upgrade' (currently in frozen with a slink kernel). Q: what's the 224.0.0.0 ip/netmask for? Q: what's the scheme behind ports '* -> *'? With a netmask of /4 digits, the 224 (decimal) translates to 'E0' (hex); so valid values for the first 'dot' are anything from 224 (E0) to 239 (EF). I'm familiar with some reserved blocks of IP numbers, such as 168.192.*.* and 127.0.0.1 -- so, what's (E*).*.*.* for? --- in my logs (brought to my attention via logcheck) i get these a lot: Jun 20 00:18:00 server kernel: IP fw-in deny eth0 ICMP/10 172.146.51.93 224.0.0.2 L=28 S=0x00 I=50959 F=0x T=128 Jun 20 00:18:03 server kernel: IP fw-in deny eth0 ICMP/10 172.146.51.93 224.0.0.2 L=28 S=0x00 I=51215 F=0x T=128 Jun 20 00:17:57 server kernel: IP fw-in deny eth0 ICMP/10 172.146.51.93 224.0.0.2 L=28 S=0x00 I=50191 F=0x T=128 there's that 224.0.0.* address, which may be unrelated. the other address is always a 172.*.*.* number; the addresses change, but for each 172.*.*.* address there's always four to twleve hits or so. Q: is this something to worry about--or what's going on? --- and from `ifconfig` i see... eth0 Link encap:Ethernet HWaddr 00:60:8C:82:C4:59 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1394446 errors:5 dropped:0 overruns:5 frame:5 TX packets:1352798 errors:0 dropped:0 overruns:0 carrier:2 collisions:385 Interrupt:10 Base address:0x300 eth1 Link encap:Ethernet HWaddr 00:60:97:1E:67:FD inet addr:208.33.90.85 Bcast:208.33.90.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:717781 errors:10 dropped:0 overruns:11 frame:10 TX packets:709231 errors:0 dropped:0 overruns:0 carrier:4 collisions:1325 Interrupt:11 Base address:0x340 Q: how bad is it to see errors > 0? Q: are collisions something to look into? Q: overruns/frame/carrier != 0 -- do they need fixing?