Wireshark-users: Re: [Wireshark-users] Odd packets

From: Ove Fagerheim <ove.fagerheim@xxxxxxxxxxxxxxxxxx>
Date: Fri, 11 Aug 2006 14:46:04 +0200
I've tried the access list:

Access-list 110 deny ip host
Access-list 110 permit ip any any

applied to the inner interface on the router.

Ip access-group 110 out

Didn't help, the packets in question still arrives. The funny part is, I
have WireShark installed on both hosts, and whatever host I'm sniffing from,
that host's packets shows up correctly while packets to/from the other host
generates packets from *with the same DEC MAC addresses*

Probably a simple explanation, but...

Way beyon me

-----Opprinnelig melding-----
Fra: Joerg Mayer [mailto:jmayer@xxxxxxxxx] 
Sendt: 11. august 2006 13:50
Til: Community support list for Wireshark
Emne: Re: [Wireshark-users] Odd packets

On Fri, Aug 11, 2006 at 08:16:03AM +0200, Ove Fagerheim wrote:
> Telnet from this other host works like charm. Telnet, ping/traceroute,
> tftp and citrix/rdp all works fine from both hosts. The problem is the
> ip-phone. After finished the tftp download from the PBX/call manager it
> don't connect. That's the reason for the ethereal trouble.
> All MAC adresses are unique:
> Host1: 00:40:33:e1:85:46
> Host2: 00:08:02:69:1f:e4
> Ip-phone: 00:80:9f:56:ef:09
> Cisco: 00:17:0e:b0:ea:70
> Packets from has:
> Src: 08:00:2b:00:dc:dc
> Dst: 08:00:2b:00:01:02
> I've installed ethereal on the other host too. The packets here too show
> with the abowe src and dst.

Do these packets ( arrive via the router or are they from a
on the local subnet? To find out, just put an access-list on the router,
denying packets with source (don't forget a "log-input") and check
whether the counter increases (and log messages).


Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
Wireshark-users mailing list