October 15th, 2003, 03:56 AM
tcp dump question
Heres the senerio....
When I tcpdump my lan I see normal arp request and microsoft net-bios traffic....all normal. I am behind a hardware firewall ...I see many requests, be it http(80) or AIM(5190) on subnet 192.168.1.100 or somthing alike ...all normal if that was the subnet I was using , but its not , granted I am using a non-routable subnet but not the same one. I have checked all systems on the network and non have this IP . Even wierder is if I sniff the connection I can see traffic passing . is it possible that this traffic is getting forwarded to all hosts on my cable connections? anybody got any ideas as to what is happening... Thanks
October 15th, 2003, 07:05 AM
Is that the Gateway Address of a router on the network?
"It is a shame that stupidity is not painful" - Anton LaVey
October 15th, 2003, 07:39 AM
Wazz is right, it may be a gateway..... on the other hand it can be a network address translator from your cable provider. I've a set-up that is somehow a similar, all out-bound traffic are translated to a single IP address and all incoming are directed to the machines respective public addresses. I hope this helps.
Wazz may be correct, it can be your hosts gateway. Or it can be a network address translator. some practices a method of translating outgoing and incoming traffic to a single IP adress.