Results 1 to 3 of 3

Thread: Strange Packets

  1. #1
    Senior Member PacketThirst's Avatar
    Join Date
    Aug 2004

    Question Strange Packets

    I use an internet cable connection. While running my sniffer, i found some interesting ip broadcast packets from my ISP. Each packet contained the name of an induvidual (string). I found that these broadcasts occured after regular intervals.The source port is 67(bootps) and destination port is 68 (bootpc). Does anyone have any idea of what's going on ??.


  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Redondo Beach, CA
    That sounds like DHCP request and answering packets. They'd be broadcast probably from the actual DHCP server out to machines looking for addresses.

    Google Search to help you out.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    That would be my guess. But, without actually seeing the capture we can only guess.
    More than likely, its just you're ISP's DHCP server.

    I don't know why they'd do this though... I thought the client is supposed to look for the DHCP server... not the server look for DHCP clients... But excuse my ignorence... I'll have to do some reading up on it. I've rarely use DHCP on a network... I find it easier or more organized to just assign static IPs. Except for mobile users... then I just assign based on MAC address... which is still "static" in a way. The same MAC always gets the same IP from the DHCP server... wow... its amazing how easily I can just mumble on and on with my thoughts... its sad, I know.

    Ah, knew I wasn't going crazy...

    DHCP Lease Stages

    1. Lease Request - The client sends a broadcast requesting an IP address

    2. Lease Offer - The server sends the above information and marks the offered address as unavailable. The message sent is a DHCPOFFER broadcast message.

    3. Lease Acceptance - The first offer received by the client is accepted. The acceptance is sent from the client as a broadcast (DHCPREQUEST message) including the IP address of the DNS server that sent the accepted offer. Other DHCP servers retract their offers and mark the offered address as available and the accepted address as unavailable.

    4. Server lease acknowledgement - The server sends a DHCPACK or a DHCPNACK if an unavailable address was requested.

    AFAIK... Bootp works in a similar way...

    Maybe you're ISP is sending a request for an IP address... why don't you give them one and see what happens?

    A packet capture would really be nice at this point.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts