The only problem I have is this just started last week. I have had this
connection since sometime in April. Why would it just now start to rear
it's head?
I did find out that Comcast is now updating and replacing hardware for
higher speeds. At least that is what one of the technical support person
told me. So their are big network changes happening. Naturally I do not
remember the specific details.
I am concerned with the DNS calls to dyndns.org. Well at least the half
hearted attempt. Not sure why is it appending xxz0n3dxx to the front of
that URL. Same goes with
xxz0n3dxx.dyndns.org.hsd1.pa.comcast.net. If I remember correctly the
suffix of hsd1.pa.comcast.net is part of a real comcast DNS.
I use to run my Internet server, not Comcast, off of my machine until
the ISP filtered out all of the unsolicited IP packets to my PC.
Naturally that shutdown my Internet web server (Apache\Tomcat) from
outside access. I use to use NO-IP to give me a pseudo static IP address
by maintaining the same DNS by trapping the dynamic IP changes off of my
machine. That is completely off of my machine and they canceled my
account for non-use some time ago.
Just wish I could isolate the code\program that is doing the standard
query calls to xxz0n3dxx.dyndns.org.hsd1.pa.comcast.net and
xxz0n3dxx.dyndns.org.
--
Thanks in Advance... http://weconsulting.org
IchBin, Philadelphia, Pa, USA http://ichbinquotations.weconsulting.org
______________________________________________________________________
'If there is one, Knowledge is the "Fountain of Youth"'
-William E. Taylor, Regular Guy (1952-)
Randy.Grein@xxxxxxxxxxxxxx wrote:
Guy,
As you suspected Comcast Cable is a shared medium. ARP traffic is high as
there are multiple class C subnets on the network; it was an interesting
little tidbit I discovered when I migrated to it. It's surprising the
first time you see it, but it does work fairly well.
Randy Grein
Network Engineer
Guy Harris <guy@xxxxxxxxxxxx>
Sent by: wireshark-users-bounces@xxxxxxxxxxxxx
07/11/2007 01:19 AM
Please respond to
Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
To
Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
cc
weconsultants@xxxxxxxxx
Subject
Re: [Wireshark-users] Tons of ARP packets...?
Richard Mundell wrote:
ARP traffic appears to be what is essentially administrative traffic
from
other DSL customers
Not likely, given that he's not using DSL, he's using a cable modem; as
he said:
I have a Comcast Internet Cable connection.
DSL connections are point-to-point, so you shouldn't see traffic to or
from other customers (unless you're communicating directly with one of
those customers). I have the impression that at least some cable modem
connections are more like Ethernets, in that you're on a common network
with some other customers, and can see their traffic.
I don't know whether that's the case here, however; the ARP requests
*are* being sent from what appears to be a wide variety of IP addresses,
so they could be from other clients on the net.
(on the internet side of your connection) so your ISP's
router can figure out IP address to Ethernet address mappings (might
also be
DHCP traffic... Not sure if that shows up in Wireshark as ARP traffic...
Given that IP address to Ethernet address mappings are done by making
ARP requests, they'll probably show up in Wireshark as ARP traffic.
The other traffic in the capture is a high volume of (failed) DNS
lookups
from your PC to a host called xxz0n3dxx.dyndns.org. I've confirmed this
DNS
entry doesn't exist,
Or, at least, it didn't exist at the time you tried it. "dyndns" stands
for "Dynamic DNS"; one service that DynDNS provides is free Dynamic DNS:
http://www.dyndns.com/services/dns/dyndns/
which lets you register a given IP address, even if it's not a static IP
address, with a particular host name. That page indicates what that can
be used for.
Now:
but I'm wondering if you might have some malware on
your PC which is trying to "phone home".
...why some software on his machine is trying to contact that machine is
another question; perhaps it's safe, but perhaps it's not.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
- -------------------------
CONFIDENTIALITY NOTICE: The information in this message may be proprietary and/or confidential, and is intended only for the use of the individual(s) to whom this email is addressed. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this email and deleting this email from your computer. Nothing contained in this email or any attachment shall satisfy the requirements for contract formation or constitute an electronic signature.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
