Ethereal: Re: [Ethereal-users] arp packet shows odd info

Ethereal-users: February 2003

Subject: Re: [Ethereal-users] arp packet shows odd info
From: Guy Harris <gharris@xxxxxxxxx>
Date: Sun, 9 Feb 2003 13:52:43 -0800

On Sat, Feb 08, 2003 at 11:25:43AM -1000, John Covey wrote:
> When an arp is sent out for say, the mac address of 192.168.1.100, the
> packets has an known IP address field (192.168.1.100) and an unknown
> destination Mac address field (0.0.0.0),

Presumably you mean

	...and an unknown destination MAC address field
	(00:00:00:00:00:00),

as 0.0.0.0 looks like an IP address.

> it is here that I see the fqdn
> "monitoring.centuryc.net" which is on a 216.30.172.x network.

I.e., it says that 00:00:00:00:00:00 corresponds to
"monitoring.centuryc.net"?

Is there an ARP packet in your capture that requests the MAC address of
"monitoring.centuryc.net" (regardless of whether that's on the net on
which you're capturing or not)?  If so, the ARP packet probably has its
IP address as the target IP address, and 00:00:00:00:00:00 as the target
MAC address, which can cause the ARP code to bogusly tell the Ethereal
name resolution code that 00:00:00:00:00:00 is the MAC address for the
host "monitoring.centuryc.net".

Follow-Ups:
- Re: [Ethereal-users] arp packet shows odd info
  - From: Guy Harris

References:
- [Ethereal-users] arp packet shows odd info
  - From: John Covey
- Re: [Ethereal-users] arp packet shows odd info
  - From: Guy Harris
- Re: [Ethereal-users] arp packet shows odd info
  - From: John Covey

Prev by Date: Re: [Ethereal-users] Saving name resolution data?
Next by Date: [Ethereal-users] Radius attribute "Event-Timestamp" is not decoded
Previous by thread: Re: [Ethereal-users] arp packet shows odd info
Next by thread: Re: [Ethereal-users] arp packet shows odd info
Index(es):
- Date
- Thread