Folks: I have a question that I cannot seem to answer. I just set up a firewall box for a wireless network on SuSE 7.1. I just built a new kernel (2.2.20) and am still having a strange issue. Apparently, this box, (let's call it "28.100") is not properly interpreting ARP traffic. When using TETHEREAL to capture traffic, I see this: 28.97.0.0 -> 0.0.0.0 IP Fragmented IP protocol (proto=rdp 0x1b, off=18584) 28.97.0.0 -> 0.0.0.0 IP Fragmented IP protocol (proto=rdp 0x1b, off=18584) 28.97.0.0 -> 0.0.0.0 IP Fragmented IP protocol (proto=rdp 0x1b, off=18584) 28.97.0.0 -> 0.0.0.0 IP Fragmented IP protocol (proto=rdp 0x1b, off=18584) 28.97.0.0 -> 0.0.0.0 IP Fragmented IP protocol (proto=rdp 0x1b, off=18584) 28.97.0.0 -> 0.0.0.0 IP Fragmented IP protocol (proto=rdp 0x1b, off=18584) However, at the same time, I monitor the same line from another (identical) machine, running SuSE 7.1 and Kernel 2.2.20, I get: 00:c0:49:13:b8:1b -> ff:ff:ff:ff:ff:ff ARP Who has 216.12.28.98? Tell 216.12.28.97 00:c0:49:13:b8:1b -> ff:ff:ff:ff:ff:ff ARP Who has 216.12.28.106? Tell 216.12.28.97 00:c0:49:13:b8:1b -> ff:ff:ff:ff:ff:ff ARP Who has 216.12.28.106? Tell 216.12.28.97 00:c0:49:13:b8:1b -> ff:ff:ff:ff:ff:ff ARP Who has 216.12.28.106? Tell 216.12.28.97 00:c0:49:13:b8:1b -> ff:ff:ff:ff:ff:ff ARP Who has 216.12.28.106? Tell 216.12.28.97 It appears that in the first example, the machine is not properly interpreting ARP traffic. Any ideas on how to remedy this situation? Thanks, Gregg Sperling glsrms.com administrator ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jul 15 2002 - 08:44:49 PDT