No IP UDP forwarder (aka IP helper or DHCP helper) configured on the router
would be my guess. Since the packet has a source address, I'll also guess
that these are rebind packets instead of renews or discovers, but you didn't
post the whole frame... Source mac info points to:
00-01-5C (hex) CADANT INC.
00015C (base 16) CADANT INC.
4343 Commerce Court - Ste. #207
Lisle IL 60532
UNITED STATES
On 10/12/07, James Ortega <[EMAIL PROTECTED]> wrote:
>
> Hello All!
>
> I run a sys-log and sending all of the info to mysql. Does wireshark have
> this ability to send data to mysql or read from it and provide analysis?
>
> Also, I'm getting a lot of dropped packets and I don't know exactly what
> they are? I've asked around and no one has a clue. Hopefully, here someone
> will have more insight. Once I find out what it is I'd like to get rid of
> it.
>
> DROP IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:01:5c:24:0f:42:08:00
> SRC=10.75.160.1 DST=255.255.255.255 LEN=407 TOS=0x00 PREC=0x00 TTL=64
> ID=14603 PROTO=UDP SPT=67 DPT=68 LEN=387
> <000><http://192.168.1.5/phplogcon/syslog-display.php?slt=DROP>
>
> It looks like dhcp broadcast packets. But if that is the reason, why
> would my router want to drop them? As of todays count I have 11,536 entries
> in my syslog.
>
> Any help would be appreciated
> .
> Admiral Ross
>
> ------------------------------
> MSN: admiral.ross, Y!: admiral.ross, AIM: admiralwross
> http://r-loc-one.com, http://stb575.com
>
>
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@wireshark.org
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>
_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
