Date: Wed, 4 Sep 1996 08:51:59 -0500 From: "Daniel M. Eischen" <deischen@iworks.InterWorks.org> To: paul@nation-net.com, questions@FreeBSD.org Subject: Re: arp info overwritten Message-ID: <9609041351.AA12869@iworks.InterWorks.org>
next in thread | raw e-mail | index | archive | help
> Is this message anything to worry about? > The 2 IPs are machines in our class C. > > arp info overwritten for 194.159.125.100 by 00:05:02:44:5f:d1 > arp info overwritten for 194.159.125.110 by 00:05:02:54:3f:54 > > Thanks, Paul Walsh. Well, it depends on if you use those machines or not ;-) You've got two pairs of machines using IP addresses 194.159.125.100 and 194.159.125.110. You see this happen a lot on Windows machines and Macs in which users can modify the IP addresses. Either that or poor administration. We've got a couple of FreeBSD PCs sitting in a building full of PCs and Macs in the same subnet. We see this happen at least once a month and logged by our FreeBSD PCs. Usually we can determine which machines are at fault by using tcpdump on the affected ethernet MAC addresses and by browsing shared DIRs (and similar things on a Mac). When tcpdump starts spewing a lot of info, then you've browsed the right machine. With this method, you either need a Windows and/or Mac next to your FreeBSD box, or someone else to help you (one to look at tcpdump output and another to browse the Windows/Mac systems. I don't know any other way of doing it (unless the adminstrators have a list of all the machines and their MAC addresses). Maybe there's a better way? Dan Eischen deischen@iworks.interWorks.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9609041351.AA12869>