Witam, Od kilku dni w sieci, którą zarządzam dzieją się dziwne rzeczy. arpmonitor na serwerze pokazuje coś takiego: [Reply] From: 192.168.10.244 [00:E0:22:22:3A:E1] To: 192.168.1.1 [00:0A:5E:20:82:5C] [Request] From: 192.168.16.10 [00:0D:88:8C:A6:CE] To: 239.255.255.250 [6C:02:79:08:C7:C8] [Request] From: 192.168.17.40 [00:0D:88:B9:5B:90] To: 239.255.255.250 [49:12:80:55:01:10] [Request] From: 192.168.17.200 [00:0D:88:99:3A:29] To: 239.255.255.250 [00:00:00:00:00:00] [Request] From: 192.168.17.60 [00:0D:88:B9:57:50] To: 239.255.255.250 [6E:2C:49:5F:96:4F] [Request] From: 192.168.61.1 [00:0D:88:B9:5A:55] To: 239.255.255.250 [49:0F:80:58:01:10] [Request] From: 192.168.61.1 [00:0D:88:B9:5A:55] To: 224.0.1.76 [5B:CB:32:F9:5B:F1] [Request] From: 192.168.17.40 [00:0D:88:B9:5B:90] To: 224.0.1.76 [49:0C:80:5B:01:10] [Request] From: 192.168.16.10 [00:0D:88:8C:A6:CE] To: 224.0.1.76 [6C:1D:79:08:D5:5F] [Request] From: 192.168.17.60 [00:0D:88:B9:57:50] To: 224.0.1.76 [7C:4F:98:76:77:A2] [Request] From: 192.168.17.200 [00:0D:88:99:3A:29] To: 224.0.1.76 [00:89:00:89:00:3A]
Wszystkie adresy z klasy 192.168.0.0, to Access Pointy. Z kolei tcpdump na mojej workstacji (trochę ukryty z boku sieci) pokazuje coś podobnego, ale adresy wydaję się bardziej znane: # tcpdump -v -n -i wlan0|head -n10 tcpdump: listening on wlan0, link-type EN10MB (Ethernet), capture size 96 bytes 06:51:42.078779 IP (tos 0x0, ttl 126, id 98, offset 0, flags [none], length: 226) 169.254.145.177.138 > 169.254.255.255.138: NBT UDP PACKET(138) 06:51:42.102968 IP (tos 0x0, ttl 99, id 51, offset 0, flags [none], length: 96) 169.254.145.177.137 > 169.254.255.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 06:51:42.104837 IP (tos 0x0, ttl 98, id 51, offset 0, flags [none], length: 96) 169.254.145.177.137 > 169.254.255.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 06:51:42.110824 IP (tos 0x0, ttl 99, id 51, offset 0, flags [none], length: 96) 169.254.145.177.137 > 169.254.255.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 06:51:42.118603 IP (tos 0x0, ttl 99, id 51, offset 0, flags [none], length: 96) 169.254.145.177.137 > 169.254.255.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 06:51:42.120682 IP (tos 0x0, ttl 98, id 51, offset 0, flags [none], length: 96) 169.254.145.177.137 > 169.254.255.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 06:51:42.126322 IP (tos 0x0, ttl 98, id 51, offset 0, flags [none], length: 96) 169.254.145.177.137 > 169.254.255.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 06:51:42.137152 IP (tos 0x0, ttl 98, id 51, offset 0, flags [none], length: 96) 169.254.145.177.137 > 169.254.255.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 06:51:42.138775 IP (tos 0x0, ttl 98, id 51, offset 0, flags [none], length: 96) 169.254.145.177.137 > 169.254.255.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST 06:51:42.148963 IP (tos 0x0, ttl 98, id 51, offset 0, flags [none], length: 96) 169.254.145.177.137 > 169.254.255.255.137: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST Myślełem początkowo, że to są zapytania dhcp, ale w naszej sieci nie ma dhcp, więc to raczej odpada. Połączenia po SMB są wycięte na poziomie AP-ków, więc porty, z których idą te połączenia wydają mi się podwójnie dziwne. Może ktoś już miał podobny problem i go rozwiązał? -- Michal Chruszcz -=- Seen at http://prox.pl/~troll/?gallery _________________________________________ http://pld-linux.org/ = faq, howto, newsy dostales tutaj odpowiedz na swoje pytanie? podziel sie z innymi i dopisz do FAQ! http://pld-linux.org/FAQ/
