-
May 21st, 2007, 07:25 PM
#1
Junior Member
wireshark showing weird activity
hello all
was running wireshark to work out why emails taking so long to download and found this
source: 10.40.128.1
destination 255.255.255.255
protocol: DHCP
interface (MAC): Jetcell_74:el:54
source port 67
dest port 68
this is a bootup port?
and i have no jetcell interface
this happens if i run in promiscuous mode or not
is this something to panic about!!
ps i do have vmplayer installed but not comming from those MAC addresses
win xp home sp2
cheers
-
May 22nd, 2007, 04:04 AM
#2
Howdy.
Nothing to get paranoid over.
source: 10.40.128.1
destination 255.255.255.255
The source would be where you are downloading your emails from.
and the destination is normal. it's equivelant to your default ip addresse 125.0.0.1
are you sure that the jetcell has nothing to do with your modem? router etc?
and the dhcp is just your network card etc.
if your still paranoid, then check your firewall settings, and maybe just see if you can change the ports that your email client use's to download the relevant emails
And it could be taking a little while to download as your email client might be having trouble connecting to your pop3 server where your emails are stored, or the server might be getting a heavy load etc etc.
cheers
acidtone..
Last edited by acidtone; May 22nd, 2007 at 04:06 AM.
-
May 22nd, 2007, 10:21 AM
#3
Doesn't look weird to me.
http://en.wikipedia.org/wiki/Dynamic...ation_Protocol
Jetcell is a chip manufacturer, it means your NIC uses a chip from Jetcell. Turn off MAC-address resolution to see the whole MAC address. The first part of a MAC address is called an Organizationally Unique Identifier or OUI.
http://standards.ieee.org/regauth/oui/index.shtml
Last edited by SirDice; May 22nd, 2007 at 10:28 AM.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
May 22nd, 2007, 12:00 PM
#4
Ummm, dude. This is broadcast traffic (255.255.255.255) to obtain an IP (via DHCP protocol) address for the NIC card, half of which is resolved for you via WireShark's name resolution setting (JetCell). The last half of the MAC is the serial number of your card.
DHCP is a broadcast protocol and has nothing to do with your e-mail being slow.
Pan through the capture for SMTP and POP3 traffic to see the e-mail traffic to and from your machine.
--TH13
Last edited by thehorse13; May 22nd, 2007 at 12:04 PM.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
May 22nd, 2007, 12:07 PM
#5
Look at port 53 (DNS) too as it can have an adverse effect on the initial connection speed if DNS isn't working properly.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
May 22nd, 2007, 06:59 PM
#6
Junior Member
i understand what you are saying but i do not have any jetcell mac addresses address on my network
i only have the one nic whose mac i know
and if i shutdown any web/email clients (i use opera) the 10.40.128.1 is still pouring out requests?
-
May 22nd, 2007, 09:25 PM
#7
Wireshark says otherwise.
What exactly do you have on your network? Are there any wireless devices connected? Printers? Print server cards? So on and so on.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
May 23rd, 2007, 06:36 PM
#8
Junior Member
no i (think) i have every thing acounted for
bband box whose mac address i know
wireless router whose mac address i know
one wireless card whose mac address i know belkin
and ethernet card whose mac address i know
(have vmplayer on pc but those macs only run when vmplayer is open and running)
that is why i am 'scared'
-
May 23rd, 2007, 07:36 PM
#9
If you have a wireless network and there are devices nearby that aren't yours, you may have something that has associated with your AP. Get netstumbler on your laptop and go searching for the device you don't recognize.
--Th13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
Similar Threads
-
By Kosmograd in forum AntiOnline's General Chit Chat
Replies: 1
Last Post: July 6th, 2006, 08:44 PM
-
By rabit in forum AntiOnline's General Chit Chat
Replies: 13
Last Post: August 21st, 2004, 12:55 AM
-
By gore in forum Newbie Security Questions
Replies: 11
Last Post: December 29th, 2003, 08:01 AM
-
By spools.exe in forum AntiVirus Discussions
Replies: 0
Last Post: October 3rd, 2003, 05:32 PM
-
By komal in forum Web Development
Replies: 2
Last Post: June 17th, 2002, 08:05 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|