Ok, today I booted up to linux and started playing around on my home network. I ran Cheops for shits and giggles, not very interesting, untill I ran it on the WAN side. Ok, then I redid all my wiring so my connection to the internet looked like this

Cable Modem>Netgear MR314>Home LAN with 2 windows boxes and a linux box.

I telneted to my router from the linux box @ 192.168.0.2 and took a look at the ARP tables for the router as well as the localhost. (192.168.0.2). Nothing interesting on my box, just my gateway (192.168.0.1). However the ARP tables on my router got me wondering about a few things. I'll type it up then ask my questions.

IP-addr-------------- Type---------Time-------MAC------- Stat]-----Iface
192.168.0.6------------10MB------------10--------------6-------------- 11--------NULL
192.168.0.2------------10MB------------300----00:80:ad:87:cf:e0-----41-------- enif0
192.168.0.4------------10MB------------300----00:05:02:85:f3:76----41--------enif0
192.168.0.3------------10MB------------300----00:39:ab:16:c1:c4----41----------enif0
192.168.0.255---------10MB-------------0-------(broadcast) ff:ff------43--------NULL
24.129.72.1------------10MB-----------100----00:0b:fc:41:94:54----41---------enif1
10.248.42.1------------10MB------------120------same as above------41---------enif1
10.248.10.1------------10MB------------40 ------same as above------41---------enif1
24.129.58.1------------10MB------------300 -----same as above------41---------enif1
10.244.168.1----------10MB-------------210-----same as above------41---------enif1
24.129.59.255---------10MB------------ 0-------(broadcast) ff:ff----43 ---------NULL
24.129.198.1----------10MB------------140------00:0b:fc:41:94:54-41 ---------enif1




EDIT: Okay, now I'm back from the interview I edited the table to make it easier to read. Ok, from what I gather is that enif0 is my LAN and enif1 is my WAN side. I got that. Now I need some input from you people (theroies are good too) about the following.

1. How do I convert that time format into something thats human readable. Or tell me what base system its based on and I'll look it up myself.

2. Why do multiple IP's correspond to the same MAC address. Also, why are the IP's showing a different time? Is it a router that my cable modem is connected to somewherer "down the road"? I know that cable modems arent a "modem" (a bridge right?). Could this just be my neighborhood router, but then the MAC addy. I'm confused as piss.

3. I have 192.168.0.6 setup as the DMZ server on the router, but the catch is that the DMZ computer and IP doesnt exist. When it shows the MAC as 6 is that just a # of connection attempts at that addy? Just a kinda way for me to keep track of who is trying to be nefarious when I look through my snort logs

4. Why are there 2 different network addresses shown in the ARP table (10.248.*.*) and (24.129.*.*) I know on the WAN side my IP that is shown to the world is from the 24.129.*.* network. Could the 10.248 network be a private network that Comcast uses to connect to the cable modem? Maybe the TFTP server that loads the DOCSIS files is on this network? I'm sure we all know why that would be if thats the case.

I'm not looking for any of this information for the purpose of doing something bad, so dont play that card. Its just something that I've been trying to figure out for the past few days. I'm the kind of person that likes to know why a watch ticks, to put it as an analogy.

Any insight, therioes, links, etc. would be greatly appreciated.

Jonesy.