Revision history [back]
Why would I get a Cisco and HewlettP as Private IP address on Random Pkt Gen.
Hello, and thanks for your help on this matter.
I have my laptop on and running, I've been seeing private 10.x.x.x.x in Wireshark and in my Asus router. I have not configured this type of Private IP Address on my home network. I run a Random packet capture before I connect my computer to the back of my ISP modem. My computer has WIFI disabled in the Bios. Below is what I capture. Oh, my Asus router was not even plugged in.
These are not my devices in my home.
Frame 1: 2629 bytes on wire, 2629 bytes captured on interface randpkt, id 0
Interface id: 0 (randpkt)
Interface name: randpkt
Interface description: Random packet generator
Encapsulation type: Ethernet (1)
Arrival Time: (0)Dec 31, 1969 18:00:00.000000000 Central Standard Time
[Time shift for this packet: 0.000000000 seconds]
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 2629 bytes (21032 bits)
Capture Length: 2629 bytes (21032 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:tds:data]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum.status=="Bad" || edp.checksum.status=="Bad" || ip.checksum.status=="Bad" || tcp.checksum.status=="Bad" || udp.checksum.status=="Bad"|| sctp.checksum.status=="Bad" || mstp.checksum.status=="Bad"]
Ethernet II, Src: Cisco_98:39:81 (00:08:a3:98:39:81), Dst: HewlettP_0d:7a:ed (00:50:8b:0d:7a:ed)
Destination: HewlettP_0d:7a:ed (00:50:8b:0d:7a:ed)
<[Destination (resolved): HewlettP_0d:7a:ed]>
<[Destination OUI: 00:50:8b (Hewlett Packard)]>
<[Destination OUI (resolved): Hewlett Packard]>
Address: HewlettP_0d:7a:ed (00:50:8b:0d:7a:ed)
<[Address (resolved): HewlettP_0d:7a:ed]>
<[Address OUI: 00:50:8b (Hewlett Packard)]>
<[Address OUI (resolved): Hewlett Packard]>
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
<.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)>
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
<.... ...0 .... .... .... .... = IG bit: Individual address (unicast)>
Source: Cisco_98:39:81 (00:08:a3:98:39:81)
<[Source (resolved): Cisco_98:39:81]>
<[Source OUI: 00:08:a3 (Cisco Systems, Inc)]>
<[Source OUI (resolved): Cisco Systems, Inc]>
Address: Cisco_98:39:81 (00:08:a3:98:39:81)
<[Address (resolved): Cisco_98:39:81]>
<[Address OUI: 00:08:a3 (Cisco Systems, Inc)]>
<[Address OUI (resolved): Cisco Systems, Inc]>
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
<.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)>
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
<.... ...0 .... .... .... .... = IG bit: Individual address (unicast)>
Type: IPv4 (0x0800)
Trailer: 52 9c 5d 5b 2e 29 f7 43 71 cd 5d 4c 7b d9 a0 7c 34 15 25 73 00 b2 1f b2 …
Frame check sequence: 0x0bf53599 incorrect, should be 0xd2d4f9bc
[Expert Info (Error/Checksum): Bad checksum [should be 0xd2d4f9bc]]
[Bad checksum [should be 0xd2d4f9bc]]
<Message: Bad checksum [should be 0xd2d4f9bc]>
[Severity level: Error]
[Group: Checksum]
[FCS Status: Bad]
Internet Protocol Version 4, Src: 172.20.2.34 (172.20.2.34), Dst: 10.194.238.130 (10.194.238.130)
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 909
Identification: 0x90d4 (37076)
Flags: 0x40, Don't fragment
0... .... = Security flag: Not evil
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 124
Protocol: TCP (6)
Header Checksum: 0xc31b [correct]
[Header checksum status: Good]
[Calculated Checksum: 0xc31b]
Source Address: 172.20.2.34 (172.20.2.34)
<Source or Destination Address: 172.20.2.34 (172.20.2.34)>
<[Source Host: 172.20.2.34]>
<[Source or Destination Host: 172.20.2.34]>
Destination Address: 10.194.238.130 (10.194.238.130)
<Source or Destination Address: 10.194.238.130 (10.194.238.130)>
<[Destination Host: 10.194.238.130]>
<[Source or Destination Host: 10.194.238.130]>
Transmission Control Protocol, Src Port: ms-sql-s (1433), Dst Port: theta-lm (2296), Seq: 1, Ack: 1, Len: 869
Source Port: ms-sql-s (1433)
Destination Port: theta-lm (2296)
<Source or Destination Port: ms-sql-s (1433)>
<Source or Destination Port: theta-lm (2296)>
[Stream index: 0]
[Conversation completeness: Incomplete (8)]
[TCP Segment Len: 869]
Sequence Number: 1 (relative sequence number)
Sequence Number (raw): 4283336006
[Next Sequence Number: 870 (relative sequence number)]
Acknowledgment Number: 1 (relative ack number)
Acknowledgment number (raw): 2729722538
0101 .... = Header Length: 20 bytes (5)
Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······AP···]
Window: 15400
[Calculated window size: 15400]
[Window size scaling factor: -1 (unknown)]
Checksum: 0x0fda incorrect, should be 0x1cb2(maybe caused by "TCP checksum offload"?)
[Expert Info (Error/Checksum): Bad checksum [should be 0x1cb2]]
[Bad checksum [should be 0x1cb2]]
<Message: Bad checksum [should be 0x1cb2]>
[Severity level: Error]
[Group: Checksum]
[Checksum Status: Bad]
[Calculated Checksum: 0x1cb2]
Urgent Pointer: 0
[Timestamps]
[Time since first frame in this TCP stream: 0.000000000 seconds]
[Time since previous frame in this TCP stream: 0.000000000 seconds]
[SEQ/ACK analysis]
[Bytes in flight: 869]
[Bytes sent since last PSH flag: 869]
TCP payload (869 bytes)
[PDU Size: 63797]
Tabular Data Stream
Type: Unknown (219)
Status: 0xde, Ignore this event, Event notification, Reset connection, Reset connection keeping transaction state
.... ...0 = End of message: False
.... ..1. = Ignore this event: True
.... .1.. = Event notification: True
.... 1... = Reset connection: True
...1 .... = Reset connection keeping transaction state: True
Length: 63797
Channel: 42915
Packet Number: 160
Window: 97
Data (861 bytes)
Data: 7c c8 3b 9c 97 36 6b 24 fc 81 18 13 90 4b 10 92 09 d3 bb 47 30 ee 2e 25 …
Text: |�;��6k$��\030\023�K\020�\t��G0�.%s
[Expert Info (Warning/Undecoded): Trailing stray characters]
[Trailing stray characters]
<Message: Trailing stray characters>
[Severity level: Warning]
[Group: Undecoded]
[Payload MD5 hash: a052b93bf84a9a9965c7317c6b30a93d]
[Length: 861]
Why would I get a Cisco and HewlettP as Private IP address on Random Pkt Gen.
Hello, and thanks for your help on this matter.
I have my laptop on and running, I've been seeing private 10.x.x.x.x in Wireshark and in my Asus router. I have not configured this type of Private IP Address on my home network. I run a Random packet capture before I connect my computer to the back of my ISP modem. My computer has WIFI disabled in the Bios. Below is what I capture. Oh, my Asus router was not even plugged in.
These are not my devices in my home.
Frame 1: 2629 bytes on wire, 2629 bytes captured on interface randpkt, id 0
Interface id: 0 (randpkt)
Interface name: randpkt
Interface description: Random packet generator
Encapsulation type: Ethernet (1)
Arrival Time: (0)Dec 31, 1969 18:00:00.000000000 Central Standard Time
[Time shift for this packet: 0.000000000 seconds]
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 2629 bytes (21032 bits)
Capture Length: 2629 bytes (21032 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:tds:data]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum.status=="Bad" || edp.checksum.status=="Bad" || ip.checksum.status=="Bad" || tcp.checksum.status=="Bad" || udp.checksum.status=="Bad"|| sctp.checksum.status=="Bad" || mstp.checksum.status=="Bad"]
Ethernet II, Src: Cisco_98:39:81 (00:08:a3:98:39:81), Dst: HewlettP_0d:7a:ed (00:50:8b:0d:7a:ed)
Destination: HewlettP_0d:7a:ed (00:50:8b:0d:7a:ed)
<[Destination (resolved): HewlettP_0d:7a:ed]>
<[Destination OUI: 00:50:8b (Hewlett Packard)]>
<[Destination OUI (resolved): Hewlett Packard]>
Address: HewlettP_0d:7a:ed (00:50:8b:0d:7a:ed)
<[Address (resolved): HewlettP_0d:7a:ed]>
<[Address OUI: 00:50:8b (Hewlett Packard)]>
<[Address OUI (resolved): Hewlett Packard]>
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
<.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)>
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
<.... ...0 .... .... .... .... = IG bit: Individual address (unicast)>
Source: Cisco_98:39:81 (00:08:a3:98:39:81)
<[Source (resolved): Cisco_98:39:81]>
<[Source OUI: 00:08:a3 (Cisco Systems, Inc)]>
<[Source OUI (resolved): Cisco Systems, Inc]>
Address: Cisco_98:39:81 (00:08:a3:98:39:81)
<[Address (resolved): Cisco_98:39:81]>
<[Address OUI: 00:08:a3 (Cisco Systems, Inc)]>
<[Address OUI (resolved): Cisco Systems, Inc]>
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
<.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)>
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
<.... ...0 .... .... .... .... = IG bit: Individual address (unicast)>
Type: IPv4 (0x0800)
Trailer: 52 9c 5d 5b 2e 29 f7 43 71 cd 5d 4c 7b d9 a0 7c 34 15 25 73 00 b2 1f b2 …
Frame check sequence: 0x0bf53599 incorrect, should be 0xd2d4f9bc
[Expert Info (Error/Checksum): Bad checksum [should be 0xd2d4f9bc]]
[Bad checksum [should be 0xd2d4f9bc]]
<Message: Bad checksum [should be 0xd2d4f9bc]>
[Severity level: Error]
[Group: Checksum]
[FCS Status: Bad]
Internet Protocol Version 4, Src: 172.20.2.34 (172.20.2.34), Dst: 10.194.238.130 (10.194.238.130)
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 909
Identification: 0x90d4 (37076)
Flags: 0x40, Don't fragment
0... .... = Security flag: Not evil
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 124
Protocol: TCP (6)
Header Checksum: 0xc31b [correct]
[Header checksum status: Good]
[Calculated Checksum: 0xc31b]
Source Address: 172.20.2.34 (172.20.2.34)
<Source or Destination Address: 172.20.2.34 (172.20.2.34)>
<[Source Host: 172.20.2.34]>
<[Source or Destination Host: 172.20.2.34]>
Destination Address: 10.194.238.130 (10.194.238.130)
<Source or Destination Address: 10.194.238.130 (10.194.238.130)>
<[Destination Host: 10.194.238.130]>
<[Source or Destination Host: 10.194.238.130]>
Transmission Control Protocol, Src Port: ms-sql-s (1433), Dst Port: theta-lm (2296), Seq: 1, Ack: 1, Len: 869
Source Port: ms-sql-s (1433)
Destination Port: theta-lm (2296)
<Source or Destination Port: ms-sql-s (1433)>
<Source or Destination Port: theta-lm (2296)>
[Stream index: 0]
[Conversation completeness: Incomplete (8)]
[TCP Segment Len: 869]
Sequence Number: 1 (relative sequence number)
Sequence Number (raw): 4283336006
[Next Sequence Number: 870 (relative sequence number)]
Acknowledgment Number: 1 (relative ack number)
Acknowledgment number (raw): 2729722538
0101 .... = Header Length: 20 bytes (5)
Flags: 0x018 (PSH, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 1... = Push: Set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······AP···]
Window: 15400
[Calculated window size: 15400]
[Window size scaling factor: -1 (unknown)]
Checksum: 0x0fda incorrect, should be 0x1cb2(maybe caused by "TCP checksum offload"?)
[Expert Info (Error/Checksum): Bad checksum [should be 0x1cb2]]
[Bad checksum [should be 0x1cb2]]
<Message: Bad checksum [should be 0x1cb2]>
[Severity level: Error]
[Group: Checksum]
[Checksum Status: Bad]
[Calculated Checksum: 0x1cb2]
Urgent Pointer: 0
[Timestamps]
[Time since first frame in this TCP stream: 0.000000000 seconds]
[Time since previous frame in this TCP stream: 0.000000000 seconds]
[SEQ/ACK analysis]
[Bytes in flight: 869]
[Bytes sent since last PSH flag: 869]
TCP payload (869 bytes)
[PDU Size: 63797]
Tabular Data Stream
Type: Unknown (219)
Status: 0xde, Ignore this event, Event notification, Reset connection, Reset connection keeping transaction state
.... ...0 = End of message: False
.... ..1. = Ignore this event: True
.... .1.. = Event notification: True
.... 1... = Reset connection: True
...1 .... = Reset connection keeping transaction state: True
Length: 63797
Channel: 42915
Packet Number: 160
Window: 97
Data (861 bytes)
Data: 7c c8 3b 9c 97 36 6b 24 fc 81 18 13 90 4b 10 92 09 d3 bb 47 30 ee 2e 25 …
Text: |�;��6k$��\030\023�K\020�\t��G0�.%s
[Expert Info (Warning/Undecoded): Trailing stray characters]
[Trailing stray characters]
<Message: Trailing stray characters>
[Severity level: Warning]
[Group: Undecoded]
[Payload MD5 hash: a052b93bf84a9a9965c7317c6b30a93d]
[Length: 861]
Why would I get a Cisco and HewlettP as Private IP address on Random Pkt Gen.
Hello, and thanks for your help on this matter.
I have my laptop on and running, I've been seeing private 10.x.x.x.x in Wireshark and in my Asus router. I have not configured this type of Private IP Address on my home network. I run a Random packet capture before I connect my computer to the back of my ISP modem. My computer has WIFI disabled in the Bios. Below is what I capture. Oh, my Asus router was not even plugged in.
These are not my devices in my home.