The only problem I have is this just started last week. I have had this connection since sometime in April. Why would it just now start to rear it's head?
I did find out that Comcast is now updating and replacing hardware for higher speeds. At least that is what one of the technical support person told me. So their are big network changes happening. Naturally I do not remember the specific details. I am concerned with the DNS calls to dyndns.org. Well at least the half hearted attempt. Not sure why is it appending xxz0n3dxx to the front of that URL. Same goes with xxz0n3dxx.dyndns.org.hsd1.pa.comcast.net. If I remember correctly the suffix of hsd1.pa.comcast.net is part of a real comcast DNS. I use to run my Internet server, not Comcast, off of my machine until the ISP filtered out all of the unsolicited IP packets to my PC. Naturally that shutdown my Internet web server (Apache\Tomcat) from outside access. I use to use NO-IP to give me a pseudo static IP address by maintaining the same DNS by trapping the dynamic IP changes off of my machine. That is completely off of my machine and they canceled my account for non-use some time ago. Just wish I could isolate the code\program that is doing the standard query calls to xxz0n3dxx.dyndns.org.hsd1.pa.comcast.net and xxz0n3dxx.dyndns.org. -- Thanks in Advance... http://weconsulting.org IchBin, Philadelphia, Pa, USA http://ichbinquotations.weconsulting.org ______________________________________________________________________ 'If there is one, Knowledge is the "Fountain of Youth"' -William E. Taylor, Regular Guy (1952-) [EMAIL PROTECTED] wrote: > Guy, > As you suspected Comcast Cable is a shared medium. ARP traffic is high as > there are multiple class C subnets on the network; it was an interesting > little tidbit I discovered when I migrated to it. It's surprising the > first time you see it, but it does work fairly well. > > Randy Grein > Network Engineer > > > > Guy Harris <[EMAIL PROTECTED]> > Sent by: [EMAIL PROTECTED] > 07/11/2007 01:19 AM > Please respond to > Community support list for Wireshark <[email protected]> > > > To > Community support list for Wireshark <[email protected]> > cc > [EMAIL PROTECTED] > Subject > Re: [Wireshark-users] Tons of ARP packets...? > > > > > > > Richard Mundell wrote: > >> ARP traffic appears to be what is essentially administrative traffic > from >> other DSL customers > > Not likely, given that he's not using DSL, he's using a cable modem; as > he said: > >> I have a Comcast Internet Cable connection. > > DSL connections are point-to-point, so you shouldn't see traffic to or > from other customers (unless you're communicating directly with one of > those customers). I have the impression that at least some cable modem > connections are more like Ethernets, in that you're on a common network > with some other customers, and can see their traffic. > > I don't know whether that's the case here, however; the ARP requests > *are* being sent from what appears to be a wide variety of IP addresses, > so they could be from other clients on the net. > >> (on the internet side of your connection) so your ISP's >> router can figure out IP address to Ethernet address mappings (might > also be >> DHCP traffic... Not sure if that shows up in Wireshark as ARP traffic... > > Given that IP address to Ethernet address mappings are done by making > ARP requests, they'll probably show up in Wireshark as ARP traffic. > >> The other traffic in the capture is a high volume of (failed) DNS > lookups >> from your PC to a host called xxz0n3dxx.dyndns.org. I've confirmed this > DNS >> entry doesn't exist, > > Or, at least, it didn't exist at the time you tried it. "dyndns" stands > for "Dynamic DNS"; one service that DynDNS provides is free Dynamic DNS: > > http://www.dyndns.com/services/dns/dyndns/ > > which lets you register a given IP address, even if it's not a static IP > address, with a particular host name. That page indicates what that can > be used for. > > Now: > >> but I'm wondering if you might have some malware on >> your PC which is trying to "phone home". > > ...why some software on his machine is trying to contact that machine is > another question; perhaps it's safe, but perhaps it's not. > _______________________________________________ > Wireshark-users mailing list > [email protected] > http://www.wireshark.org/mailman/listinfo/wireshark-users > > > > - ------------------------- > > CONFIDENTIALITY NOTICE: The information in this message may be proprietary > and/or confidential, and is intended only for the use of the individual(s) to > whom this email is addressed. If you are not the intended recipient, you are > hereby notified that any use, dissemination, distribution or copying of this > communication is strictly prohibited. If you have received this communication > in error, please notify us immediately by replying to this email and deleting > this email from your computer. Nothing contained in this email or any > attachment shall satisfy the requirements for contract formation or > constitute an electronic signature. > _______________________________________________ > Wireshark-users mailing list > [email protected] > http://www.wireshark.org/mailman/listinfo/wireshark-users _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
