From owner-freebsd-questions  Fri Aug  4  0:55:34 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id 4275037B8C5
	for <freebsd-questions@freebsd.org>; Fri,  4 Aug 2000 00:55:31 -0700 (PDT)
	(envelope-from cjc@184.215.6.64.reflexcom.com)
Received: from 184.215.6.64.reflexcom.com ([64.6.215.184]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Fri, 4 Aug 2000 00:54:30 -0700
Received: (from cjc@localhost)
	by 184.215.6.64.reflexcom.com (8.9.3/8.9.3) id AAA27259;
	Fri, 4 Aug 2000 00:55:29 -0700 (PDT)
	(envelope-from cjc)
Date: Fri, 4 Aug 2000 00:55:28 -0700
From: "Crist J . Clark" <cjclark@reflexnet.net>
To: Pierre Chiu <pccb@yahoo.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Problem: arp: unknown hardware address format (0x0800
Message-ID: <20000804005528.F66052@184.215.6.64.reflexcom.com>
Reply-To: cjclark@alum.mit.edu
References: <59125816885.20000803223510@yahoo.com> <20000803234318.D66052@184.215.6.64.reflexcom.com> <171142514454.20000804031328@yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <171142514454.20000804031328@yahoo.com>; from pccb@yahoo.com on Fri, Aug 04, 2000 at 03:13:28AM -0400
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, Aug 04, 2000 at 03:13:28AM -0400, Pierre Chiu wrote:
> I ran tcpdump -en arp > arp.dump.txt for one minute.
> 
> and this is the output http://www.pchiu.com/arp.dump.txt
> 
> I suspect this is the offencing packet.
> 
> 03:10:24.404368 0:5:2:50:91:7d ff:ff:ff:ff:ff:ff 0806 60: arp who-has 24.112.76.60 (ff:ff:ff:ff:ff:ff) tell 24.112.75.77
> 
> Comment pls?

Looks like a valid ARP to me.

Looking at the URL you give, I suspect these are your bad boys,

  03:10:20.224371 0:e0:29:20:86:e3 ff:ff:ff:ff:ff:ff 0806 60: arp-#2 for proto #2048 (4) hardware #2048 (0)

Note that 2048 = 0x0800 like in your kernel messages,

> >> Aug  3 21:48:01 zeus /kernel: arp: unknown hardware address format (0x0800)

Off the top of my head, I'm not sure what those are. Some other ARP
replies reveal that the machine generating those is 24.112.151.96. I
originally had hoped you were going to dump raw packets. Maybe if you
have a look at those, you can figure it out. However, unless you
control that hardware, it looks like it is out of your hands... Unless
those really are valid ARPs and your machine is freaking out because
it does not know what to do. It shouldn't be so verbose (or the
verbosity controllable) if that traffic is actually OK.
-- 
Crist J. Clark                           cjclark@alum.mit.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message