[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-sun
Subject:    Re: "OLD-BROADCAST" traffic
From:       Carl Gibbons <cgibbons () DU ! EDU>
Date:       2000-05-24 17:26:28
[Download RAW message or body]

On Tue, 23 May 2000, Ryan Russell wrote:

> There's a lot of 0's there.  (old broadcast is 0.0.0.0)  Could be a flaky
> piece of network equipment between the monitoring machine and sending
> machines.  Can you send snoop output w/MAC addresses?  Just as a sanity
> check, do you have access to the machines listed as sending machines to
> run snoop there to see if those packets leave them that way?

Great differential diagnosis idea, thanks!  I did simultaneous
snoops on two of these Solaris boxes.  Neither is producing any
of these "OLD-BROADCAST" packets, but each receives plenty of
them which appear to be coming from the other.  All of the traffic
between these Suns passes through a Catalyst 2900 switch; maybe
that's the true source of these packets?

Anyway, you asked for snoop output with MAC addresses.  Here's a view of
one of these packets using snoop's -v switch:

ETHER:  ----- Ether Header -----
ETHER:
ETHER:  Packet 31 arrived at 10:52:24.94
ETHER:  Packet size = 60 bytes
ETHER:  Destination = ff:ff:ff:ff:ff:ff, (broadcast)
ETHER:  Source      = 8:0:20:ab:bd:25, Sun
ETHER:  Ethertype = 0800 (IP)
ETHER:
IP:   ----- IP Header -----
IP:
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x00
IP:         xxx. .... = 0 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:   Total length = 40 bytes
IP:   Identification = 65033
IP:   Flags = 0x4
IP:         .1.. .... = do not fragment
IP:         ..0. .... = last fragment
IP:   Fragment offset = 0 bytes
IP:   Time to live = 1 seconds/hops
IP:   Protocol = 6 (TCP)
IP:   Header checksum = 3804
IP:   Source address = 130.253.192.68, sunhost2.cs.du.edu
IP:   Destination address = 0.0.0.0, OLD-BROADCAST
IP:   No options
IP:
TCP:  ----- TCP Header -----
TCP:
TCP:  Source port = 1021
TCP:  Destination port = 0
TCP:  Sequence number = 0
TCP:  Acknowledgement number = 0
TCP:  Data offset = 20 bytes
TCP:  Flags = 0x14
TCP:        ..0. .... = No urgent pointer
TCP:        ...1 .... = Acknowledgement
TCP:        .... 0... = No push
TCP:        .... .1.. = Reset
TCP:        .... ..0. = No Syn
TCP:        .... ...0 = No Fin
TCP:  Window = 0
TCP:  Checksum = 0x6811
TCP:  Urgent pointer = 0
TCP:  No options
TCP:

[prev in list] [next in list] [prev in thread] [next in thread]