Wireshark-users: Re: [Wireshark-users] Odd packets
From: Ove Fagerheim <ove.fagerheim@xxxxxxxxxxxxxxxxxx>
Date: Fri, 11 Aug 2006 14:46:04 +0200
I've tried the access list: Access-list 110 deny ip host 127.0.0.1 172.30.1.0 0.0.0.255 Access-list 110 permit ip any any applied to the inner interface on the router. Ip access-group 110 out Didn't help, the packets in question still arrives. The funny part is, I have WireShark installed on both hosts, and whatever host I'm sniffing from, that host's packets shows up correctly while packets to/from the other host generates packets from 127.0.0.1 *with the same DEC MAC addresses* Probably a simple explanation, but... Way beyon me Ove -----Opprinnelig melding----- Fra: Joerg Mayer [mailto:jmayer@xxxxxxxxx] Sendt: 11. august 2006 13:50 Til: Community support list for Wireshark Emne: Re: [Wireshark-users] Odd packets On Fri, Aug 11, 2006 at 08:16:03AM +0200, Ove Fagerheim wrote: > Telnet from this other host works like charm. Telnet, ping/traceroute, ftp, > tftp and citrix/rdp all works fine from both hosts. The problem is the > ip-phone. After finished the tftp download from the PBX/call manager it just > don't connect. That's the reason for the ethereal trouble. > > All MAC adresses are unique: > > Host1: 00:40:33:e1:85:46 > Host2: 00:08:02:69:1f:e4 > Ip-phone: 00:80:9f:56:ef:09 > Cisco: 00:17:0e:b0:ea:70 > > Packets from 127.0.0.1 has: > Src: 08:00:2b:00:dc:dc > Dst: 08:00:2b:00:01:02 > > I've installed ethereal on the other host too. The packets here too show up > with the abowe src and dst. Do these packets (127.0.0.1) arrive via the router or are they from a machine on the local subnet? To find out, just put an access-list on the router, denying packets with source 127.0.0.1 (don't forget a "log-input") and check whether the counter increases (and log messages). Ciao Joerg -- Joerg Mayer <jmayer@xxxxxxxxx> We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-users
- Prev by Date: Re: [Wireshark-users] Odd packets
- Next by Date: Re: [Wireshark-users] [Ethereal-users] Capturing frames greater than 1500 bytes
- Previous by thread: Re: [Wireshark-users] Odd packets
- Next by thread: [Wireshark-users] SNMP in Wireshark 0.99.2
- Index(es):
- Get Wireshark
- Download
- Code of Conduct