Help me understand something here.
Results 1 to 3 of 3

Thread: Help me understand something here.

  1. #1
    Member
    Join Date
    Feb 2002
    Posts
    99

    Help me understand something here.

    Ok, today I booted up to linux and started playing around on my home network. I ran Cheops for shits and giggles, not very interesting, untill I ran it on the WAN side. Ok, then I redid all my wiring so my connection to the internet looked like this

    Cable Modem>Netgear MR314>Home LAN with 2 windows boxes and a linux box.

    I telneted to my router from the linux box @ 192.168.0.2 and took a look at the ARP tables for the router as well as the localhost. (192.168.0.2). Nothing interesting on my box, just my gateway (192.168.0.1). However the ARP tables on my router got me wondering about a few things. I'll type it up then ask my questions.

    IP-addr-------------- Type---------Time-------MAC------- Stat]-----Iface
    192.168.0.6------------10MB------------10--------------6-------------- 11--------NULL
    192.168.0.2------------10MB------------300----00:80:ad:87:cf:e0-----41-------- enif0
    192.168.0.4------------10MB------------300----00:05:02:85:f3:76----41--------enif0
    192.168.0.3------------10MB------------300----00:39:ab:16:c1:c4----41----------enif0
    192.168.0.255---------10MB-------------0-------(broadcast) ff:ff------43--------NULL
    24.129.72.1------------10MB-----------100----00:0b:fc:41:94:54----41---------enif1
    10.248.42.1------------10MB------------120------same as above------41---------enif1
    10.248.10.1------------10MB------------40 ------same as above------41---------enif1
    24.129.58.1------------10MB------------300 -----same as above------41---------enif1
    10.244.168.1----------10MB-------------210-----same as above------41---------enif1
    24.129.59.255---------10MB------------ 0-------(broadcast) ff:ff----43 ---------NULL
    24.129.198.1----------10MB------------140------00:0b:fc:41:94:54-41 ---------enif1




    EDIT: Okay, now I'm back from the interview I edited the table to make it easier to read. Ok, from what I gather is that enif0 is my LAN and enif1 is my WAN side. I got that. Now I need some input from you people (theroies are good too) about the following.

    1. How do I convert that time format into something thats human readable. Or tell me what base system its based on and I'll look it up myself.

    2. Why do multiple IP's correspond to the same MAC address. Also, why are the IP's showing a different time? Is it a router that my cable modem is connected to somewherer "down the road"? I know that cable modems arent a "modem" (a bridge right?). Could this just be my neighborhood router, but then the MAC addy. I'm confused as piss.

    3. I have 192.168.0.6 setup as the DMZ server on the router, but the catch is that the DMZ computer and IP doesnt exist. When it shows the MAC as 6 is that just a # of connection attempts at that addy? Just a kinda way for me to keep track of who is trying to be nefarious when I look through my snort logs

    4. Why are there 2 different network addresses shown in the ARP table (10.248.*.*) and (24.129.*.*) I know on the WAN side my IP that is shown to the world is from the 24.129.*.* network. Could the 10.248 network be a private network that Comcast uses to connect to the cable modem? Maybe the TFTP server that loads the DOCSIS files is on this network? I'm sure we all know why that would be if thats the case.

    I'm not looking for any of this information for the purpose of doing something bad, so dont play that card. Its just something that I've been trying to figure out for the past few days. I'm the kind of person that likes to know why a watch ticks, to put it as an analogy.

    Any insight, therioes, links, etc. would be greatly appreciated.

    Jonesy.

  2. #2
    Member
    Join Date
    Feb 2002
    Posts
    99
    bump

  3. #3
    AO Antique pwaring's Avatar
    Join Date
    Aug 2001
    Posts
    1,409
    Originally posted here by Jonesy69
    bump
    This isn't a response to your question, but if you want to bump up a thread there's a 'bump up' button towards the bottom right hand corner of each thread.
    Paul Waring - Web site design and development.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •