Results 1 to 9 of 9

Thread: wireshark showing weird activity

  1. #1
    Junior Member
    Join Date
    Oct 2006
    Posts
    9

    wireshark showing weird activity

    hello all
    was running wireshark to work out why emails taking so long to download and found this

    source: 10.40.128.1
    destination 255.255.255.255
    protocol: DHCP
    interface (MAC): Jetcell_74:el:54
    source port 67
    dest port 68

    this is a bootup port?
    and i have no jetcell interface
    this happens if i run in promiscuous mode or not
    is this something to panic about!!

    ps i do have vmplayer installed but not comming from those MAC addresses

    win xp home sp2
    cheers

  2. #2
    Banned
    Join Date
    Jul 2006
    Location
    /
    Posts
    385
    Howdy.

    Nothing to get paranoid over.

    source: 10.40.128.1
    destination 255.255.255.255


    The source would be where you are downloading your emails from.
    and the destination is normal. it's equivelant to your default ip addresse 125.0.0.1

    are you sure that the jetcell has nothing to do with your modem? router etc?

    and the dhcp is just your network card etc.

    if your still paranoid, then check your firewall settings, and maybe just see if you can change the ports that your email client use's to download the relevant emails

    And it could be taking a little while to download as your email client might be having trouble connecting to your pop3 server where your emails are stored, or the server might be getting a heavy load etc etc.

    cheers
    acidtone..
    Last edited by acidtone; May 22nd, 2007 at 04:06 AM.

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Doesn't look weird to me.

    http://en.wikipedia.org/wiki/Dynamic...ation_Protocol

    Jetcell is a chip manufacturer, it means your NIC uses a chip from Jetcell. Turn off MAC-address resolution to see the whole MAC address. The first part of a MAC address is called an Organizationally Unique Identifier or OUI.

    http://standards.ieee.org/regauth/oui/index.shtml
    Last edited by SirDice; May 22nd, 2007 at 10:28 AM.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Ummm, dude. This is broadcast traffic (255.255.255.255) to obtain an IP (via DHCP protocol) address for the NIC card, half of which is resolved for you via WireShark's name resolution setting (JetCell). The last half of the MAC is the serial number of your card.

    DHCP is a broadcast protocol and has nothing to do with your e-mail being slow.

    Pan through the capture for SMTP and POP3 traffic to see the e-mail traffic to and from your machine.

    --TH13
    Last edited by thehorse13; May 22nd, 2007 at 12:04 PM.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Look at port 53 (DNS) too as it can have an adverse effect on the initial connection speed if DNS isn't working properly.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Junior Member
    Join Date
    Oct 2006
    Posts
    9
    i understand what you are saying but i do not have any jetcell mac addresses address on my network

    i only have the one nic whose mac i know

    and if i shutdown any web/email clients (i use opera) the 10.40.128.1 is still pouring out requests?

  7. #7
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Wireshark says otherwise.

    What exactly do you have on your network? Are there any wireless devices connected? Printers? Print server cards? So on and so on.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  8. #8
    Junior Member
    Join Date
    Oct 2006
    Posts
    9
    no i (think) i have every thing acounted for
    bband box whose mac address i know
    wireless router whose mac address i know
    one wireless card whose mac address i know belkin
    and ethernet card whose mac address i know
    (have vmplayer on pc but those macs only run when vmplayer is open and running)

    that is why i am 'scared'

  9. #9
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    If you have a wireless network and there are devices nearby that aren't yours, you may have something that has associated with your AP. Get netstumbler on your laptop and go searching for the device you don't recognize.

    --Th13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Similar Threads

  1. Weird, weird, weird game
    By Kosmograd in forum AntiOnline's General Chit Chat
    Replies: 1
    Last Post: July 6th, 2006, 08:44 PM
  2. weird, weird, weird problem w/ DSL (help pls)
    By rabit in forum AntiOnline's General Chit Chat
    Replies: 13
    Last Post: August 21st, 2004, 12:55 AM
  3. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM
  4. Symantec on alert after Net activity surge
    By spools.exe in forum AntiVirus Discussions
    Replies: 0
    Last Post: October 3rd, 2003, 05:32 PM
  5. Weird server problem
    By komal in forum Web Development
    Replies: 2
    Last Post: June 17th, 2002, 08:05 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •