[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-sun
Subject: Re: "OLD-BROADCAST" traffic
From: Carl Gibbons <cgibbons () DU ! EDU>
Date: 2000-05-24 17:26:28
[Download RAW message or body]
On Tue, 23 May 2000, Ryan Russell wrote:
> There's a lot of 0's there. (old broadcast is 0.0.0.0) Could be a flaky
> piece of network equipment between the monitoring machine and sending
> machines. Can you send snoop output w/MAC addresses? Just as a sanity
> check, do you have access to the machines listed as sending machines to
> run snoop there to see if those packets leave them that way?
Great differential diagnosis idea, thanks! I did simultaneous
snoops on two of these Solaris boxes. Neither is producing any
of these "OLD-BROADCAST" packets, but each receives plenty of
them which appear to be coming from the other. All of the traffic
between these Suns passes through a Catalyst 2900 switch; maybe
that's the true source of these packets?
Anyway, you asked for snoop output with MAC addresses. Here's a view of
one of these packets using snoop's -v switch:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 31 arrived at 10:52:24.94
ETHER: Packet size = 60 bytes
ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast)
ETHER: Source = 8:0:20:ab:bd:25, Sun
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 40 bytes
IP: Identification = 65033
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 1 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 3804
IP: Source address = 130.253.192.68, sunhost2.cs.du.edu
IP: Destination address = 0.0.0.0, OLD-BROADCAST
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 1021
TCP: Destination port = 0
TCP: Sequence number = 0
TCP: Acknowledgement number = 0
TCP: Data offset = 20 bytes
TCP: Flags = 0x14
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .1.. = Reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 0
TCP: Checksum = 0x6811
TCP: Urgent pointer = 0
TCP: No options
TCP:
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic