On 8/2/12 1:19 AM, Øyvind Lode - Forums wrote: > > From: Tom Eastep [mailto:[email protected]] > Sent: 2. august 2012 04:32 > On 8/1/12 3:24 PM, Bill Shirley wrote: >> If I understand this correctly, some device on your LAN is sending >> packets with a source address of 127.0.0.1. I would want to see those >> packets with tcpdump: >> >> tcpdump -n -i eth1 host 127.0.0.1 >> > >> I would also want to see the ethernet header on the offending packets, so I >> would add the -e option: > >> tcpdump -nei eth1 host 127.0.0.1 > > munin:~# tcpdump -nei eth1 host 127.0.0.1 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes > 10:04:28.383784 00:19:cb:c2:20:e7 > ff:ff:ff:ff:ff:ff, ethertype ARP > (0x0806), l > ength 60: Request who-has 192.168.1.5 tell 127.0.0.1, length 46 > 10:05:28.384162 00:19:cb:c2:20:e7 > ff:ff:ff:ff:ff:ff, ethertype ARP > (0x0806), l > ength 60: Request who-has 192.168.1.5 tell 127.0.0.1, length 46 > 10:06:28.384288 00:19:cb:c2:20:e7 > ff:ff:ff:ff:ff:ff, ethertype ARP > (0x0806), l > ength 60: Request who-has 192.168.1.5 tell 127.0.0.1, length 46 > 10:07:28.384566 00:19:cb:c2:20:e7 > ff:ff:ff:ff:ff:ff, ethertype ARP > (0x0806), l > ength 60: Request who-has 192.168.1.5 tell 127.0.0.1, length 46 > 10:08:28.565055 00:19:cb:c2:20:e7 > ff:ff:ff:ff:ff:ff, ethertype ARP > (0x0806), l > ength 60: Request who-has 192.168.1.5 tell 127.0.0.1, length 46 > > __________ > > I hope you guys understand the above output. > Because I don't fully understand :)
The above shows that the system with MAC address 00:19:cb:c2:20:e7 wants to communicate with 192.168.1.5 but it is bizarrely using 127.0.0.1 as the source IP address in its ARP requests. So whichever box has that MAC address is the problem. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
