[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Fri, 08 Jul 2005 17:20:24 +0100 Julian Hall wrote: > Grant Sewell wrote: > > >Hi James. Are you *certain* it's not coming from another subnet? You do have a > >non-default subnet mask on both your interfaces? > > > >Grant. > > > Taken from Sourceforge: > > "Many have asked, "Why do I get these martian source messages?" > > martian source df00a8c0 for 0200a8c0, dev eth1 > > ll header: 00 e0 29 40 d3 b9 00 00 e8 10 10 f6 08 00 > > Packets that come to you from a source not consistent with the routing > statements for an interface are from way out there somewhere, like Mars, > hence martian source. If the line read: > > martian source 192.168.0.223 for 192.168.0.2, dev eth1 > > you might have a clue as to what machine is sending ``martial packets''. > > To really check out it out use this information: > > The 00:e0:29:40:d3:b9 is the mac address of your ethernet card and > 00:00:e8:10:10:f6 is the mac address of the senders ethernet card 08 00 > is the type of the ethernet packet, and if memory serves me 0800 is ip. > > The messages are harmless except for cluttering up your screen and/or > log files. However, they may be your clue as to unwanted traffic and/or > hosts on your network." > > Taking James' original error into account this suggests to my limited > knowledge and reading of the above that 10.0.15.255 is the source IP and > as 10.0.15.* is *not* the same subnet as James' default of 10.0.12.* > that would be consistent with a martian source error. Actually *.255 > IPs are normally routers and suchlike are they not, seeing as the lowest > numbers usually get used by actual PCs. > > Kind regards, > > Julian Since James is not using a standard Class A, B or C mask, we cannot say that "it is coming from network 10.0.15.*" or whatever. With a netmask of 255.255.252.0, both James' eth0 and eth1 *would* be in the 10.0.12.0 - 10.0.15.255 subnet (network address of 10.0.12.0 and broadcast of 10.0.15.255), so the source IP of this martian packet is within the same subnet, however, the log entry says that the martian packet is on the broadcast address. Since the packet would appear to be originating from the same subnet as your device is on, I am surprised that it's being picked up as a martian. Strange. Grant. -- Artificial intelligence is no match for nuratal stidutipy. -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html