LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   arp who-has? tell? (https://www.linuxquestions.org/questions/linux-networking-3/arp-who-has-tell-608112/)

macroron 12-20-2007 08:15 AM
arp who-has? tell?
 
Hello,

My desktop computer, running fedora 8, software firewall on, selinux on, dynamic dns, my ip adress is 98.203.6.135, ron@c-98-203-6-135.hsd1.fl.comcast.net. is connected directly to Comcast via a cable modem. I recently changed modems due to an electrical storm. I noticed the new modems pc activity light blinks continuously. This did not happen with the old modem. I read an article about tcp dump and tried # /usr/sbin/tcpdump -nS > tcpdump.log Here is part of tcpdump.log:

08:15:47.984724 arp who-has 71.206.79.141 tell 71.206.76.1
08:15:47.985081 arp who-has 98.203.1.140 tell 98.203.0.1
08:15:48.160197 arp who-has 76.110.184.13 tell 76.110.184.1
08:15:48.208245 arp who-has 66.229.170.141 tell 66.229.170.1
08:15:48.280100 arp who-has 98.203.0.91 tell 98.203.0.1
08:15:48.280552 arp who-has 98.203.0.92 tell 98.203.0.1
08:15:48.280868 arp who-has 98.203.0.93 tell 98.203.0.1
08:15:48.281164 arp who-has 98.203.0.94 tell 98.203.0.1
08:15:48.281591 arp who-has 98.203.0.95 tell 98.203.0.1
08:15:48.281998 arp who-has 98.203.0.96 tell 98.203.0.1
08:15:48.282696 arp who-has 98.203.0.97 tell 98.203.0.1
08:15:48.283852 arp who-has 98.203.0.99 tell 98.203.0.1
08:15:48.284338 arp who-has 98.203.0.100 tell 98.203.0.1
08:15:48.285053 arp who-has 98.203.0.101 tell 98.203.0.1
08:15:48.285399 arp who-has 98.203.2.181 tell 98.203.0.1
08:15:48.285699 arp who-has 98.203.0.102 tell 98.203.0.1
08:15:48.286154 arp who-has 98.203.0.103 tell 98.203.0.1
08:15:48.287382 arp who-has 98.203.0.105 tell 98.203.0.1
08:15:48.287780 arp who-has 98.203.0.106 tell 98.203.0.1
08:15:48.289626 arp who-has 98.203.0.109 tell 98.203.0.1
08:15:48.292039 arp who-has 65.34.210.47 tell 65.34.210.1
08:15:48.492036 arp who-has 76.110.191.29 tell 76.110.184.1
08:15:48.513075 arp who-has 66.229.170.86 tell 66.229.170.1
08:15:48.513366 IP 98.203.6.135.33433 > 68.87.74.162.domain: 63866+ PTR? 86.170.229.66.in-addr.arpa. (44)
08:15:48.552057 arp who-has 98.203.1.178 tell 98.203.0.1
08:15:48.567617 IP 68.87.74.162.domain > 98.203.6.135.33433: 63866 1/0/0 (93)
08:15:48.676102 arp who-has 66.229.170.31 tell 66.229.170.1
08:15:48.733381 arp who-has 98.203.3.181 tell 98.203.0.1
08:15:48.774378 arp who-has 76.110.185.155 tell 76.110.184.1
08:15:49.080792 arp who-has 71.206.77.81 tell 71.206.76.1
08:15:49.118336 arp who-has 98.46.109.240 tell 98.46.109.1
08:15:49.118731 IP 98.203.6.135.33433 > 68.87.74.162.domain: 184+ PTR? 240.109.46.98.in-addr.arpa. (44)
08:15:49.134683 IP 68.87.74.162.domain > 98.203.6.135.33433: 184 NXDomain 0/1/0 (132)
08:15:49.160092 arp who-has 76.110.187.17 tell 76.110.184.1
08:15:49.208825 arp who-has 76.110.189.58 tell 76.110.184.1
08:15:49.317184 arp who-has 65.34.210.47 tell 65.34.210.1
08:15:49.413014 arp who-has 98.203.2.162 tell 98.203.0.1
08:15:49.589418 arp who-has 76.110.184.13 tell 76.110.184.1
08:15:49.592161 arp who-has 98.203.5.98 tell 98.203.0.1
08:15:49.635103 arp who-has 76.110.185.232 tell 76.110.184.1
08:15:49.752062 arp who-has 65.34.211.67 tell 65.34.210.1
08:15:49.872395 arp who-has 98.203.3.153 tell 98.203.0.1
08:15:50.091724 arp who-has 98.203.0.111 tell 98.203.0.1
08:15:50.093236 arp who-has 98.203.0.114 tell 98.203.0.1
08:15:50.094008 arp who-has 98.203.0.115 tell 98.203.0.1
08:15:50.095170 arp who-has 98.203.0.117 tell 98.203.0.1
08:15:50.098236 arp who-has 98.203.0.118 tell 98.203.0.1
08:15:50.098577 arp who-has 98.203.0.120 tell 98.203.0.1
08:15:50.098876 arp who-has 98.203.0.121 tell 98.203.0.1
08:15:50.099178 arp who-has 98.203.0.122 tell 98.203.0.1
08:15:50.099480 arp who-has 98.203.0.123 tell 98.203.0.1
08:15:50.101209 arp who-has 98.203.0.125 tell 98.203.0.1
08:15:50.101561 arp who-has 98.203.0.126 tell 98.203.0.1
08:15:50.174306 arp who-has 76.110.186.255 tell 76.110.184.1
08:15:50.174588 IP 98.203.6.135.33433 > 68.87.74.162.domain: 32460+ PTR? 255.186.110.76.in-addr.arpa. (45)
08:15:50.190267 arp who-has 76.110.184.13 tell 76.110.184.1
08:15:50.206890 arp who-has 98.203.0.39 tell 98.203.0.1
08:15:50.220917 arp who-has 71.206.78.27 tell 71.206.76.1
08:15:50.224216 arp who-has 66.229.170.254 tell 66.229.170.1
08:15:50.228505 IP 68.87.74.162.domain > 98.203.6.135.33433: 32460 1/0/0 (95)
08:15:50.228984 IP 98.203.6.135.33433 > 68.87.74.162.domain: 22637+ PTR? 254.170.229.66.in-addr.arpa. (45)
08:15:50.281247 IP 68.87.74.162.domain > 98.203.6.135.33433: 22637 1/0/0 (95)
08:15:50.282044 arp who-has 76.110.189.110 tell 76.110.184.1
08:15:50.364382 arp who-has 98.46.109.90 tell 98.46.109.1
08:15:50.392168 arp who-has 76.110.189.56 tell 76.110.184.1
08:15:50.531449 arp who-has 98.203.7.246 tell 98.203.0.1
08:15:50.538798 arp who-has 98.35.105.247 tell 98.35.105.1
08:15:50.539099 IP 98.203.6.135.33433 > 68.87.74.162.domain: 62320+ PTR? 247.105.35.98.in-addr.arpa. (44)
08:15:50.539324 IP 98.203.6.135.traceroute > 68.87.74.162.domain: 3108+ PTR? 247.105.35.98.in-addr.arpa. (44)
08:15:50.568403 arp who-has 71.206.79.143 tell 71.206.76.1
08:15:50.591548 arp who-has 66.229.170.84 tell 66.229.170.1
08:15:50.593753 IP 68.87.74.162.domain > 98.203.6.135.33433: 62320 NXDomain 0/1/0 (132)

Is this normal? What does all this mean?

-macroron-

unSpawn 12-20-2007 04:52 PM
Looks normal to me. Just ARP (Address Resolution Protocol) requests interspersed with some DNS (Domain Name Service) traffic. Using your favourite searchengine with the TLA's ARP and DNS should bring up enough sites with explanation.

macroron 12-20-2007 06:24 PM
Re: arp who-has? tell?
 
Thank You,

I'm beginning to understand. More explanation here:

I am just beginning my study of networking with the intention to get a router and start a home network. My next project is to get a static ip address from DynDNS www.dyndns.com/ and then study up on routers. Any sugestions on hardware and software would be appreciated. I'd like to eventually experiment with a wireless sff motherboard diy router project.

-macroron-

unSpawn 12-21-2007 04:44 AM
Quote:
Originally Posted by macroron (Post 2997550)
I am just beginning my study of networking with the intention to get a router and start a home network.
Definately commendable in times where people rather jump w/o reading anything beforehand.


Quote:
Originally Posted by macroron (Post 2997550)
My next project is to get a static ip address from DynDNS and then study up on routers.
You don't get a static IP address from DynDNS but from your ISP. What you get from DynDNS is a FQDN that links to the IP your provide. A lot of modem/routers have options to automagically send the new IP to services like DynDNS if your ISP changes it.


Quote:
Originally Posted by macroron (Post 2997550)
Any sugestions on hardware and software would be appreciated. I'd like to eventually experiment with a wireless sff motherboard diy router project.
Wrt to networking there's a lot of interesting sites like Uri's TCP/IP Resources List and wWrt routing there's really only one F(ive)LA and that's the LARTC. Pace it, try to take weekly doses. Those provide you with more than you ever wanted to know about those topics.

macroron 12-21-2007 05:49 AM
Re: arp who-has? tell?
 
Quote:
Originally Posted by unSpawn (Post 2997911)
Wrt to networking there's a lot of interesting sites like Uri's TCP/IP Resources List and wWrt routing there's really only one F(ive)LA and that's the LARTC. Pace it, try to take weekly doses. Those provide you with more than you ever wanted to know about those topics.
Thank You for the references.

-macroron-


All times are GMT -5. The time now is 03:05 AM.