On 6/14/05, Linux Hawk <linux_hawk@xxxxxxxxx> wrote:
> I am getting a lot of traffic on our Network.
>
> My question at this point is why in the main window of
> Ethereal why does it give something like # # # # # . 1
> instead of a IP Address?
>
> In the main window…
> The source is not a IP Address, instead it is 5
> numbers and a .1 at the end.
> It is something like # # # # # . 1
> (I do not want to give out the exact # since this
> email is clear text)
> Also the destination is 0.255
> It is a .ZIP which is a Get Net Info request
>
> In the Protocol Tree Window
> The destination says it is a
> Appletalk-Broadcast-Address
> We have no Mac stuff at all.
> The Source said it is from a Sercom product.
>
> I get 2 different Mac addresses.
> I can locate the Source mac address on our Network
> Switch.
> I found which port it is, but our building is all
> mislabeled
>
> I am still hunting this down and trying to learn this
> stuff.
>
> My question at this point is why in the main window of
> Ethereal why does it give something like # # # # # . 1
> instead of a IP Address?
Because it is not an IP packet but an AppleTalk packet?
You apparently do have hosts using the AppleTalk in your network and
that is why
they do not display an IP address.
ZIP GetNetInfo IS a packet generated by AppleTalk so it does appear
without any doubt you have Mac's in your broadcast domain. Optionally
there might be some other OS that supports AppleTalk but very few OSs
do.
