tech-net: Re: weird packet found...help?

Subject: Re: weird packet found...help?
To: None <tech-net@netbsd.org>
From: Justin C. Walker <justin@apple.com>
List: tech-net
Date: 11/28/1999 15:57:44
> From: Andrew Brown <atatat@atatdot.net>
> Date: 1999-11-27 21:11:16 -0800
> To: tech-net@netbsd.org
> Subject: weird packet found...help?
> X-Hi-To-All-My-Friends-In-Domestic-Surveillance: hi there, sports  
fans  :)
> Delivered-to: tech-net@netbsd.org
> X-Mailer: Mutt 1.0i
>
> i've been watching my network (just to see what's out there) and i've 
> found several packets of the form
>
> 15:04:20.729215 55:55:55:55:55:55 58:55:55:55:55:55 800c 5461:
>                          5555 fcff 5555 fcff 5555 fcff 5555 fcff
>                          5555 fcff 5555 fcff 5555 fcff 5555 fcff
>                          5555 fcff 5555 fcff 5555 fcff 5555

  Depending on the kind of network eq	uipment you have, you're  
bound to see beaucoup packets of this sort.  I can't tell for sure,  
but this could be a collision, a late collision, or just a bogus  
packet from an exuberant driver.  We had cases of this on our  
network, which we "sort of" traced to an Intel box, running some  
variant of Linux, using an Intel EtherExpress Pro/100B.  Couldn't  
tell for sure, since there's no way to trace this stuff back to its  
source(*), but we hypothesized it was a bad driver.  If we unplugged  
the sucker, the problems went away.  We ended up replacing the board.  
 This happened with two different systems, both with the same board,  
FWIW.

(*) Should you be running on a switched network, with sufficiently  
helpful switches, the switch management software might let you  
isolate the port that's producing these packets.  I've never managed  
to get our IS guys to do it, but I think it's possible.

In any case, this looks like pure junk, either manufactured by the  
network, or provided to you by a pointer into random memory, by a  
wayward driver.  Nothing in it to lead you back to a culprit, unless  
the bit patterns look familiar (which is how we got to the linux  
box).

Regards,

Justin

--
Justin C. Walker, Curmudgeon-At-Large *
Institute for General Semantics       |
Manager, CoreOS Networking            | When crypto is outlawed,
Apple Computer, Inc.                  | Only outlaws will have crypto.
2 Infinite Loop                       |
Cupertino, CA 95014                   |
*-------------------------------------*-------------------------------*