Hello, in the network of my company the firewall based on SuSE 7.0 the following kernel warning appears from time to time: Nov 14 16:03:35 dbwwall kernel: martian source 4796a8c0 for ff64a8c0, dev eth0 Nov 14 16:03:35 dbwwall kernel: ll header: ff ff ff ff ff ff 00 a0 f9 00 d0 57 08 00 I know what matian sources are. My question is, how I can find out the device or intruder, which causes the trouble. Which tool can I use to find the listed mac-address in my Network? Thanks in advance! Rainer Frohne
Here is the link to a thread in which I asked a similar question.
http://archives.neohapsis.com/archives/linux/suse/2000-q3/0161.html
I did not investigate further because i had misconfigured my pppoe
connection.
Corvin
--
Corvin Russell
have you considered the arpwatch daemon? martin also sprach Rainer Frohne (on Sun, 19 Nov 2000 09:14:37PM +0100):
Hello, in the network of my company the firewall based on SuSE 7.0 the following kernel warning appears from time to time: Nov 14 16:03:35 dbwwall kernel: martian source 4796a8c0 for ff64a8c0, dev eth0 Nov 14 16:03:35 dbwwall kernel: ll header: ff ff ff ff ff ff 00 a0 f9 00 d0 57 08 00
I know what matian sources are. My question is, how I can find out the device or intruder, which causes the trouble. Which tool can I use to find the listed mac-address in my Network?
Thanks in advance!
Rainer Frohne
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
`echo madduck@!#:1:s@\@@@.net` (greetings from the heart of the sun.) -- "it would be truly surprising if sound were not capable of suggesting colour, if colours could not give the idea of the melody, if sound and colour were not adequate to express ideas." -- claude debussy
Hello Mad Duck,
how can I detect the device with the arpwatch demon?
Rainer
----- Original Message -----
From: "MaD dUCK"
have you considered the arpwatch daemon?
martin
also sprach Rainer Frohne (on Sun, 19 Nov 2000 09:14:37PM +0100):
Hello, in the network of my company the firewall based on SuSE 7.0 the following kernel warning appears from time to time: Nov 14 16:03:35 dbwwall kernel: martian source 4796a8c0 for ff64a8c0, dev eth0 Nov 14 16:03:35 dbwwall kernel: ll header: ff ff ff ff ff ff 00 a0 f9 00 d0 57 08 00
I know what matian sources are. My question is, how I can find out the device or intruder, which causes the trouble. Which tool can I use to find the listed mac-address in my Network?
Thanks in advance!
Rainer Frohne
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
`echo madduck@!#:1:s@\@@@.net`
(greetings from the heart of the sun.)
-- "it would be truly surprising if sound were not capable of suggesting colour, if colours could not give the idea of the melody, if sound and colour were not adequate to express ideas." -- claude debussy
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
also sprach Rainer Frohne (on Mon, 20 Nov 2000 01:13:18AM +0100):
Hello Mad Duck,
halloechen gleichfalls :)
how can I detect the device with the arpwatch demon?
well, you can't directly. however, running arpwatch for a period of time should allow you to build up a database of all the MAC addresses on the subnet you are on. it will identify IP and vendor, so this might make it a little easier. for example, from arpwatch, i can extract the following information about our router: mac address: 0:60:70:72:90:0 ip address: xxx.xxx.82.1 timestamp: 970859426 vendor: Cisco routers (2524 and 4500) or about an arbitrary machine: mac: 0:a0:40:d:82:14 ip: 130.58.82.143 timestamp: 973955730 name: d143 vendor: Apple (PCI Mac) hope this helps. gruesse, martin `echo madduck@!#:1:s@\@@@.net` (greetings from the heart of the sun.) -- "it would be truly surprising if sound were not capable of suggesting colour, if colours could not give the idea of the melody, if sound and colour were not adequate to express ideas." -- claude debussy
Hello Mad Duck,
thanks a lot! this was the tool, I was looking for!
greetings
rainer
----- Original Message -----
From: "MaD dUCK"
also sprach Rainer Frohne (on Mon, 20 Nov 2000 01:13:18AM +0100):
Hello Mad Duck,
halloechen gleichfalls :)
how can I detect the device with the arpwatch demon?
well, you can't directly. however, running arpwatch for a period of time should allow you to build up a database of all the MAC addresses on the subnet you are on. it will identify IP and vendor, so this might make it a little easier.
for example, from arpwatch, i can extract the following information about our router:
mac address: 0:60:70:72:90:0 ip address: xxx.xxx.82.1 timestamp: 970859426 vendor: Cisco routers (2524 and 4500)
or about an arbitrary machine:
mac: 0:a0:40:d:82:14 ip: 130.58.82.143 timestamp: 973955730 name: d143 vendor: Apple (PCI Mac)
hope this helps. gruesse, martin
`echo madduck@!#:1:s@\@@@.net`
(greetings from the heart of the sun.)
-- "it would be truly surprising if sound were not capable of suggesting colour, if colours could not give the idea of the melody, if sound and colour were not adequate to express ideas." -- claude debussy
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (3)
-
Corvin Russell
-
MaD dUCK
-
Rainer.Frohne@t-online.de