| raw e-mail | index | archive | help
I've run two tcpdumps per interface and with the exception of some
items at the beginning and the numbers after the timestamp, they're
the same. Looks like both interfaces are seeing packets on net 10
and net 15. Here are the entries that show up under both dumps after
the following entry ends up in /var/log/messages:
Jun 1 21:14:05 black /kernel: arp: 10.0.0.1 is on lo0 but got reply from
00:80:c8:fd:88:0d on ed1
21:14:05.461124 arp who-has green.tmpest1.org tell black.tmpest1.org
21:14:05.461600 arp reply green.tmpest1.org is-at 8:0:7:6f:1d:fe
21:14:05.461640 black.tmpest1.org > green.tmpest1.org: icmp: echo request
21:14:05.462292 green.tmpest1.org > black.tmpest1.org: icmp: echo reply (DF)
21:14:06.472603 black.tmpest1.org > green.tmpest1.org: icmp: echo request
21:14:06.473131 green.tmpest1.org > black.tmpest1.org: icmp: echo reply (DF)
21:14:07.482590 black.tmpest1.org > green.tmpest1.org: icmp: echo request
21:14:07.483018 green.tmpest1.org > black.tmpest1.org: icmp: echo reply (DF)
21:14:08.492603 black.tmpest1.org > green.tmpest1.org: icmp: echo request
21:14:08.493037 green.tmpest1.org > black.tmpest1.org: icmp: echo reply (DF)
The beginning of ed1 (net 15) has the following when I first
establish a connection to my router (start of dump):
21:10:28.449996 ce573230.cup.hp.com.iad3 > 15.75.12.3.domain: 1784+ (37)
21:10:29.390619 ce573230.cup.hp.com.1033 > 15.75.12.3.domain: 23899+ (43)
21:10:33.461109 ce573230.cup.hp.com.1034 > 15.75.12.3.domain: 1784+ (37)
21:10:34.399514 ce573230.cup.hp.com.1035 > 15.75.12.3.domain: 23899+ (43)
21:10:43.469619 ce573230.cup.hp.com.1036 > 15.75.12.3.domain: 1784+ (37)
21:10:44.409584 ce573230.cup.hp.com.1037 > 15.75.12.3.domain: 23899+ (43)
21:11:03.479889 ce573230.cup.hp.com.1038 > 15.75.12.3.domain: 1784+ (37)
21:11:43.490596 ce573230.cup.hp.com.1039 > 15.75.12.3.domain: 1785+ (60)
21:11:48.500599 ce573230.cup.hp.com.1040 > 15.75.12.3.domain: 1785+ (60)
21:11:48.571926 ce573230.cup.hp.com.1041 > 15.75.12.3.domain: 6263+ (43)
21:11:53.580695 ce573230.cup.hp.com.1042 > 15.75.12.3.domain: 6263+ (43)
21:11:58.510743 ce573230.cup.hp.com.1043 > 15.75.12.3.domain: 1785+ (60)
21:12:03.590810 ce573230.cup.hp.com.1044 > 15.75.12.3.domain: 6263+ (43)
21:12:18.521073 ce573230.cup.hp.com.1045 > 15.75.12.3.domain: 1785+ (60)
21:12:25.575091 ce573230.cup.hp.com.blackjack > cr873230.cup.hp.com.telnet:
S 51457545:51457545(0) win 16384 <mss 1460> (DF) [tos 0x10]
While ed2 (net 10) has the following (start of dump):
21:11:48.500727 ce573230.cup.hp.com.1040 > 15.75.12.3.domain: 1785+ (60)
21:11:48.572032 ce573230.cup.hp.com.1041 > 15.75.12.3.domain: 6263+ (43)
21:11:53.580805 ce573230.cup.hp.com.1042 > 15.75.12.3.domain: 6263+ (43)
21:11:58.510868 ce573230.cup.hp.com.1043 > 15.75.12.3.domain: 1785+ (60)
21:12:03.590920 ce573230.cup.hp.com.1044 > 15.75.12.3.domain: 6263+ (43)
21:12:18.521200 ce573230.cup.hp.com.1045 > 15.75.12.3.domain: 1785+ (60)
21:12:25.575177 ce573230.cup.hp.com.blackjack > cr873230.cup.hp.com.telnet:
S 51457545:51457545(0) win 16384 <mss 1460> (DF) [tos 0x10]
How can I make sense out of this?
Ken
p.s. ce573230 is 15.75.136.174 (ed1)
cr873230 is my router, 15.75.136.169 (ed1)
black is 10.0.0.1 (ed2)
green is 10.0.0.4 (ed2)
15.75.12.3 is the name server
--
Ken Lui 19111 Pruneridge Avenue
klui@cup.hp.com Cupertino, CA 95014-0795 USA
Information Solutions & Services 1.408.447.3230 FAX 1.408.447.0218
Views within this message may not be those of the Hewlett-Packard Company
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?>