From owner-freebsd-questions Fri Aug 4 12:53:33 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail.everyday.cx (cr308584-a.wlfdle1.on.wave.home.com [24.114.52.208]) by hub.freebsd.org (Postfix) with ESMTP id 6186037B6C6 for ; Fri, 4 Aug 2000 12:53:29 -0700 (PDT) (envelope-from pccb@yahoo.com) Received: from apollo (apollo.objtech.com [192.168.111.5]) by mail.everyday.cx (Postfix) with ESMTP id 405C23121; Fri, 4 Aug 2000 15:53:28 -0400 (EDT) Date: Fri, 4 Aug 2000 15:53:28 -0400 From: Pierre Chiu X-Mailer: The Bat! (v1.45) Personal Reply-To: Pierre Chiu X-Priority: 3 (Normal) Message-ID: <14840252309.20000804155328@yahoo.com> To: cjclark@alum.mit.edu Cc: freebsd-questions@FreeBSD.ORG Subject: Re[2]: Problem: arp: unknown hardware address format (0x0800 In-reply-To: <20000804005528.F66052@184.215.6.64.reflexcom.com> References: <59125816885.20000803223510@yahoo.com> <20000803234318.D66052@184.215.6.64.reflexcom.com> <171142514454.20000804031328@yahoo.com> <20000804005528.F66052@184.215.6.64.reflexcom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I should had run the raw dump :( http://www.pchiu.com/arp.dump.raw I am reading the tcpdump now. Hopefully, I can find out what that arp packet mean. I agree that nothing I can do to stop other computers emitting strange packet into the network. But for educational purpose, I would like to find out the cause of the problem. Does he has a bad NIC or running strange programs, etc...? Anyway, thank a lot for your help CJ. Friday, August 04, 2000, 3:55:28 AM, you wrote: > On Fri, Aug 04, 2000 at 03:13:28AM -0400, Pierre Chiu wrote: >> I ran tcpdump -en arp > arp.dump.txt for one minute. >> >> and this is the output http://www.pchiu.com/arp.dump.txt >> >> I suspect this is the offencing packet. >> >> 03:10:24.404368 0:5:2:50:91:7d ff:ff:ff:ff:ff:ff 0806 60: arp who-has 24.112.76.60 (ff:ff:ff:ff:ff:ff) tell 24.112.75.77 >> >> Comment pls? > Looks like a valid ARP to me. > Looking at the URL you give, I suspect these are your bad boys, > 03:10:20.224371 0:e0:29:20:86:e3 ff:ff:ff:ff:ff:ff 0806 60: arp-#2 for proto #2048 (4) hardware #2048 (0) > Note that 2048 = 0x0800 like in your kernel messages, >> >> Aug 3 21:48:01 zeus /kernel: arp: unknown hardware address format (0x0800) > Off the top of my head, I'm not sure what those are. Some other ARP > replies reveal that the machine generating those is 24.112.151.96. I > originally had hoped you were going to dump raw packets. Maybe if you > have a look at those, you can figure it out. However, unless you > control that hardware, it looks like it is out of your hands... Unless > those really are valid ARPs and your machine is freaking out because > it does not know what to do. It shouldn't be so verbose (or the > verbosity controllable) if that traffic is actually OK. -- Pierre \\|// (o o) +-------------------------oOOo-(_)-oOOo-----------------------------+ EMail : mailto:pccb(at)yahoo(dot)com PGPkey : http://www.pchiu.com/pgpkey.txt PGP fingerprint: 949E 0F39 422D 53EA F463 8C06 9E07 5078 838B 4D20 +-------------------------------------------------------------------+ terrorist activities To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message