tcpdump 抓到的包，208这个IP这是怎么回事？

houshuang · 发表于 2006-4-7 12:01:19

[root@cfs ~]# tcpdump -c 50 -i eth2 arp -n -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes
11:55:51.437385 arp who-has 192.168.0.208 tell 192.168.0.21
11:55:51.519930 arp who-has 192.168.0.208 tell 192.168.0.29
11:55:51.649107 arp who-has 192.168.0.208 tell 192.168.0.24
11:55:51.792510 arp who-has 192.168.0.208 tell 192.168.0.7
11:55:51.836122 arp who-has 192.168.0.208 tell 192.168.0.50
11:55:51.850172 arp who-has 192.168.0.208 tell 192.168.0.6
11:55:51.888702 arp who-has 192.168.0.208 tell 192.168.0.8
11:55:51.917409 arp who-has 192.168.0.208 tell 192.168.0.31
11:55:51.982926 arp who-has 192.168.0.208 tell 192.168.0.39
11:55:52.026687 arp who-has 192.168.0.208 tell 192.168.0.55
11:55:52.065826 arp who-has 192.168.0.208 tell 192.168.0.28
11:55:52.079745 arp who-has 192.168.0.208 tell 192.168.0.56
11:55:52.158085 arp who-has 192.168.0.208 tell 192.168.0.27
11:55:52.203997 arp who-has 192.168.0.208 tell 192.168.0.9
11:55:52.243204 arp who-has 192.168.0.208 tell 192.168.0.34
11:55:52.295588 arp who-has 192.168.0.208 tell 192.168.0.26
11:55:52.315293 arp who-has 192.168.0.208 tell 192.168.0.4
11:55:52.389448 arp who-has 192.168.0.208 tell 192.168.0.5
11:55:52.403416 arp who-has 192.168.0.208 tell 192.168.0.30
11:55:52.445086 arp who-has 192.168.0.208 tell 192.168.0.25
11:55:52.532942 arp who-has 192.168.0.208 tell 192.168.0.38
11:55:52.547240 arp who-has 192.168.0.208 tell 192.168.0.36
11:55:52.601914 arp who-has 192.168.0.208 tell 192.168.0.54
11:55:52.672896 arp who-has 192.168.0.208 tell 192.168.0.32
11:55:52.696210 arp who-has 192.168.0.208 tell 192.168.0.51
11:55:52.829904 arp who-has 192.168.0.208 tell 192.168.0.33
11:55:52.878803 arp who-has 192.168.0.208 tell 192.168.0.21
11:55:52.957493 arp who-has 192.168.0.208 tell 192.168.0.29
11:55:53.090497 arp who-has 192.168.0.208 tell 192.168.0.24
11:55:53.233946 arp who-has 192.168.0.208 tell 192.168.0.7
11:55:53.277580 arp who-has 192.168.0.208 tell 192.168.0.50
11:55:53.318902 arp who-has 192.168.0.208 tell 192.168.0.6
11:55:53.330147 arp who-has 192.168.0.208 tell 192.168.0.8
11:55:53.358835 arp who-has 192.168.0.208 tell 192.168.0.31
11:55:53.424382 arp who-has 192.168.0.208 tell 192.168.0.39
11:55:53.468118 arp who-has 192.168.0.208 tell 192.168.0.55
11:55:53.507283 arp who-has 192.168.0.208 tell 192.168.0.28
11:55:53.548539 arp who-has 192.168.0.208 tell 192.168.0.56
11:55:53.626887 arp who-has 192.168.0.208 tell 192.168.0.27
11:55:53.672859 arp who-has 192.168.0.208 tell 192.168.0.9
11:55:53.684673 arp who-has 192.168.0.208 tell 192.168.0.34
11:55:53.764399 arp who-has 192.168.0.208 tell 192.168.0.26

内网没有208这个IP，是因为什么软件引起的？

houshuang · 发表于 2006-4-7 12:07:41

卡了一下，发重了，删一个吧。

yongjian · 发表于 2006-4-7 13:57:42

nics will frequently send arp requests to its sub network in order to update its arp table, so it will virtually reach every single ip addr.

houshuang · 发表于 2006-4-7 17:52:16

可是我的网络中没有208这个IP呀，为什么要跟他联系？

天籁之星 · 发表于 2006-4-8 21:44:11

这些明显是arp请求，208是被请求者，难道是都在向这个IP注册什么东西?

yongjian · 发表于 2006-4-9 00:35:22

MAC. This IP may have been used before I guess..

xucaf · 发表于 2006-4-13 22:03:49

内网里好像有很多机子都在询问208这个机子。你确定没有这个机子吗？
然后看看其它机子中，是那些进程引起的这些arp查询。

		自动登录	找回密码
密码			注册

tcpdump 抓到的包，208这个IP这是怎么回事？

浏览过的版块