-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thursday 08 June 2006 06:32, Boyd Lynn Gerber wrote:
I am seeing this a lot. Always the same, just time is changing. It was the first 1-5 of what I captured.
No. Time Source Destination Protocol Info 2 0.613500 192.168.30.32 Broadcast ARP Who has 192.168.30.32? Gratuitous ARP Frame 2 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 192.168.30.32 (00:0e:0c:4a:83:11), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Address Resolution Protocol (request/gratuitous ARP)
OK, I was hoping to see some actual attempt at using a service, so we could deduce what it was that was running, but we can't have everything
It appears to be quite simple: that machine is configured to use the 192.168.30.32 address.
Gratuitous ARP is what a machine sends out when it's set to use a certain IP and wants to make sure no one else is using it already.
So either it's just misconfigured totally, or it's set up to use multiple IP addresses (does it have two network cards with one left unconfigured, perhaps? Or some setup involving virtual network cards or aliases?)
I'd suggest the admin of that windows box needs to look again at his settings. Assuming 00:0e:0c:4a:83:11 is the MAC address of that machine, this LAN trace proves that the machine is using (or trying to use) that IP as its address
That is the mac address of the win 2003 Server. After over 200 of exactly
the same above. I finally got one that was a little different.
No. Time Source Destination Protocol
Info
270 5.620763 192.168.30.32 Broadcast ARP
Who has 192.168.2.87? Tell 192.168.2.160
Frame 270 (106 bytes on wire, 106 bytes captured)
Ethernet II, Src: 192.168.30.32 (00:0e:0c:4a:83:11), Dst: Broadcast
(ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)
Thanks, I will send the Win Admin an other request.
- --
Boyd Gerber