|
Security Basics
mailing list archives
RE: anyone who saw this arp traffic?
From: "dissolved" <dissolved () comcast net>
Date: Thu, 24 Feb 2005 19:40:16 -0500
Are any secondary interfaces or sub-interfaces defined on a gateway?
-----Original Message-----
From: Monty Ree [mailto:chulmin2 () hotmail com]
Sent: Tuesday, February 22, 2005 8:41 PM
To: security-basics () securityfocus com
Subject: anyone who saw this arp traffic?
Hello, all.
When I capture network traffic at server farm,I can see lots of arp
broadcast like below.
But there is no server which use 172.16.x.x ip address.
and curiously,
1. source ip and destination ip is same
2. more curiously, same traffic(source mac:0:10:dc:f1:f7:64 , source
ip:172.16.97.157) is seen at my office.
3. I can also see this traffic(source mac:0:10:dc:f1:f7:64 , source
ip:172.16.97.157 ) at other IDC.
Have you ever seen this traffic?
Thanks in advance.
10:15:26.759069 0:10:dc:f1:f7:64 Broadcast arp 60: arp who-has
172.16.97.157 (Broadcast) tell 172.16.97.157
10:15:26.803792 0:c:76:4e:4:c8 Broadcast arp 60: arp who-has 172.16.100.103
(Broadcast) tell 172.16.100.103
10:15:26.955878 0:c:76:4e:4:c8 Broadcast arp 60: arp who-has 172.16.100.103
(Broadcast) tell 172.16.100.103
10:15:26.967737 0:10:dc:f1:f7:64 Broadcast arp 60: arp who-has
172.16.97.157 (Broadcast) tell 172.16.97.157
_________________________________________________________________
고.. 감.. 도.. 사.. 랑.. 만.. 들.. 기.. MSN 러브
http://www.msn.co.kr/love/
 By Date 
By Thread
Current thread:
- RE: anyone who saw this arp traffic? dissolved (Feb 28)
|
Intro
