Anno domini 2019 Sat, 12 Oct 17:03:29 +0200 Stefan Krusche scripsit: > Am Samstag, 12. Oktober 2019 schrieb Dr. Nikolaus Klepp: > > Install wireshark or tcpdump. Guess it's the "arp-who-has ... tell > > ..." class of messages. > > Yes, good guess! Tcpdump show lots of these messages: > > 16:47:40.633536 ARP, Request who-has ip5b418d68.dynamic.kabel-deutschland.de > tell ip5b418dfe.dynamic.kabel-deutschland.de, length 46 > 16:47:40.821784 ARP, Request who-has ip5b418b24.dynamic.kabel-deutschland.de > tell ip5b418bfe.dynamic.kabel-deutschland.de, length 46 > 16:47:41.006438 ARP, Request who-has ip5b418a98.dynamic.kabel-deutschland.de > tell ip5b418afe.dynamic.kabel-deutschland.de, length 46 > > But what does that mean? The addresses asked for all seem to > be from the pool of the IP addresses/domains which this ISP > gives out. > > $ nslookup ip5b418d68.dynamic.kabel-deutschland.de > Server: 127.0.0.1 > Address: 127.0.0.1#53 > > Non-authoritative answer: > Name: ip5b418d68.dynamic.kabel-deutschland.de > Address: 91.65.141.104 > > $ nslookup ip5b418b24.dynamic.kabel-deutschland.de > Server: 127.0.0.1 > Address: 127.0.0.1#53 > > Non-authoritative answer: > Name: ip5b418b24.dynamic.kabel-deutschland.de > Address: 91.65.139.36 > > $ nslookup ip5b418a98.dynamic.kabel-deutschland.de > Server: 127.0.0.1 > Address: 127.0.0.1#53 > > Non-authoritative answer: > Name: ip5b418a98.dynamic.kabel-deutschland.de > Address: 91.65.138.152 > > $ whois 91.65.141.104 # output cut > […] > inetnum: 91.65.0.0 - 91.65.255.255 > netname: KABEL-DEUTSCHLAND-CUSTOMER-SERVICES-14 > […] > > Why would my machine send these requests? > > Any hint much appreciated.
Please see: http://www.omnisecu.com/tcpip/address-resolution-protocol-arp.php And search for "arp spooing", this will reveal more funny details :) Nik > > Thanks again, > Stefan > _______________________________________________ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > -- Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ... _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
