On 12/03/2014 11:13 AM, Mark Milhollan wrote: <>
Do you mean PartedMagic as the destination port? If so that's just a translation from the port number to a name found in your /etc/services file. It is often wrong or misleading, and in most cases can be ignored.
i have no PartedMagic in /etc/services
NetName: COMCAST-VOIP-4
Given this it seems like you have Comcast phone service and what you are seeing is your phone checking-in with their switch.
my isp service is DSL with bellsouth.net over copper.
my neighbors to north and south of my home use comcast and they have wifi between them. wireless on my router is not enabled.
wireshark text file loaded at;
On 12/3/2014 12:47 PM, g wrote:
wireshark text file loaded at;
http://pastebin.com/rCU0CC10
some device on your network has the MAC address 00:0f:fe:8f:8f:23 which Wireshark is calling PartedMagic for unknown reasons. That MAC prefix apparently belongs to an obscure Chinese computer maker, G-Pro Computers. http://macaddress.webwat.ch/vendor/G-PRO_COMPUTER the weblink given for G-Pro is wrong.
some random google searching suggests that they may be an OEM for Lite-On, do you have any network devices from Lite-On (I'm only familiar with Lite-On as a CD/DVD burner/reader brand).
oh. the ARP packet suggests that MAC address is 192.168.1.144
1. No. Time Source Destination Protocol Length Info 2. 3 1.137831000 PartedMagic Broadcast ARP 42 Who has 192.168.1.254? Tell 192.168.1.144 3. 4. Frame 3: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface 0 5. Ethernet II, Src: PartedMagic (00:0f:fe:8f:8f:23), Dst: Broadcast (ff:ff:ff:ff:ff:ff) 6. Address Resolution Protocol (request)
John, thank you for replying.
On 12/03/2014 03:21 PM, John R Pierce wrote:
On 12/3/2014 12:47 PM, g wrote:
wireshark text file loaded at;
http://pastebin.com/rCU0CC10some device on your network has the MAC address 00:0f:fe:8f:8f:23 which Wireshark is calling PartedMagic for unknown reasons.
see my new paste at;
That MAC prefix apparently belongs to an obscure Chinese computer maker, G-Pro Computers. http://macaddress.webwat.ch/vendor/G-PRO_COMPUTER the weblink given for G-Pro is wrong.
interesting. where does one look to find assignment for MAC addresses?
some random google searching suggests that they may be an OEM for Lite-On, do you have any network devices from Lite-On
no network devices from Lite-on.
~]$ lspci|grep net 00:19.0 Ethernet controller: Intel Corporation 82566DM-2 Gigabit Network Connection (rev 02) ~]$
(I'm only familiar with Lite-On as a CD/DVD burner/reader brand).
same here.
oh. the ARP packet suggests that MAC address is 192.168.1.144
that is how i see it.
oh. the ARP packet suggests that MAC address is 192.168.1.144
that is how i see it.
is that 1.144 IP address in use by the machine you ran the lspci from? I think his original intent was that perhaps it was a separate device are you running VMs on this host by chance?
On 12/03/2014 04:15 PM, zep wrote:
oh. the ARP packet suggests that MAC address is 192.168.1.144
that is how i see it.
is that 1.144 IP address in use by the machine you ran the lspci from?
somewhere. but i know not where.
http://www.whoami.it/home/ shows me to be; adsl-184-41-28-86.mem.bellsouth.net for the hell of it, i pulled and reconnected DSL line, now, i am adsl-184-41-28-44.mem.bellsouth.net
which is now confusing me more because the 1.144 address is in;
~]$ ifconfig eth0 Link encap:Ethernet HWaddr 00:0F:FE:8F:8F:23 inet addr:192.168.1.144 Bcast:192.168.1.255 \ Mask:255.255.255.0 inet6 addr: fe80::20f:feff:fe8f:8f23/64 Scope:Link
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host
virbr0 Link encap:Ethernet HWaddr 52:54:00:B3:A7:95 inet addr:192.168.122.1 Bcast:192.168.122.255 \ Mask:255.255.255.0
[geo@boxen ~]$
so a question, in checking with a 'whoami' i got; adsl-184-41-28-86.mem.bellsouth.net where is the 192.168.1.144 being produced when i am not in a VM.
looking in man ifconfig, nothing is given as to just what is shown.
I think his original intent was that perhaps it was a separate device. are you running VMs on this host by chance?
no VM. this box connects straight to router, which connects straight to DSL/phone filter, which connects directly to drop line.
something/somebody is 'hiding in the wood pile' and it has me scratching my balding head even more bald.
On Wed, Dec 3, 2014 at 5:09 PM, g geleem@bellsouth.net wrote:
is that 1.144 IP address in use by the machine you ran the lspci from?
somewhere. but i know not where.
http://www.whoami.it/home/ shows me to be; adsl-184-41-28-86.mem.bellsouth.net for the hell of it, i pulled and reconnected DSL line, now, i am adsl-184-41-28-44.mem.bellsouth.net
which is now confusing me more because the 1.144 address is in;
~]$ ifconfig eth0 Link encap:Ethernet HWaddr 00:0F:FE:8F:8F:23 inet addr:192.168.1.144 Bcast:192.168.1.255 \ Mask:255.255.255.0 inet6 addr: fe80::20f:feff:fe8f:8f23/64 Scope:Link
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host
virbr0 Link encap:Ethernet HWaddr 52:54:00:B3:A7:95 inet addr:192.168.122.1 Bcast:192.168.122.255 \ Mask:255.255.255.0
[geo@boxen ~]$
so a question, in checking with a 'whoami' i got; adsl-184-41-28-86.mem.bellsouth.net where is the 192.168.1.144 being produced when i am not in a VM.
looking in man ifconfig, nothing is given as to just what is shown.
I think his original intent was that perhaps it was a separate device. are you running VMs on this host by chance?
no VM. this box connects straight to router, which connects straight to DSL/phone filter, which connects directly to drop line.
something/somebody is 'hiding in the wood pile' and it has me scratching my balding head even more bald.
Sounds like a typical NAT router setup to me. The router would have one public IP and uses a private subnet for your LAN side. The other end of an outbound connection sees the NATed public address.
On 12/3/2014 3:09 PM, g wrote:
On 12/03/2014 04:15 PM, zep wrote:
>oh. the ARP packet suggests that MAC address is 192.168.1.144
that is how i see it.
is that 1.144 IP address in use by the machine you ran the lspci from?
somewhere. but i know not where.
http://www.whoami.it/home/ shows me to be; adsl-184-41-28-86.mem.bellsouth.net for the hell of it, i pulled and reconnected DSL line, now, i am adsl-184-41-28-44.mem.bellsouth.net
which is now confusing me more because the 1.144 address is in;
~]$ ifconfig eth0 Link encap:Ethernet HWaddr 00:0F:FE:8F:8F:23 inet addr:192.168.1.144 Bcast:192.168.1.255 \ Mask:255.255.255.0 inet6 addr: fe80::20f:feff:fe8f:8f23/64 Scope:Link
your ROUTER gets the internet IP on its WAN side (184.41.28.86 or whatever), and your LAN uses 192.168.1.xxx, the system you ran ifconfig on there has 192.168.1.144. the router 'translates' your private LAN addresses to the public internet address, this process is often called NAT (Network Address Translation), or Masquerade.
so. Wireshark, for unknown reasons, thinks your system is 'PartedMagic'. I have no idea why.
so... 'PartedMagic' is a red herring. whats the ACTUAL problem here we're trying to solve?
Possibly your system was installed or cloned using PartedMagic, and that left an entry in
/etc/ethers
mapping your default nic to the name 'PartedMagic'?
K
Kahlil (Kal) Hodgson GPG: C9A02289 Head of Technology (m) +61 (0) 4 2573 0382 DealMax Pty Ltd
Suite 1416 401 Docklands Drive Docklands VIC 3008 Australia
"All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer." -- IBM maintenance manual, 1925
On Thu, Dec 4, 2014 at 10:23 AM, John R Pierce pierce@hogranch.com wrote:
On 12/3/2014 3:09 PM, g wrote:
On 12/03/2014 04:15 PM, zep wrote:
>oh. the ARP packet suggests that MAC address is 192.168.1.144
that is how i see it.
is that 1.144 IP address in use by the machine you ran the lspci from?
somewhere. but i know not where.
http://www.whoami.it/home/ shows me to be; adsl-184-41-28-86.mem.bellsouth.net for the hell of it, i pulled and reconnected DSL line, now, i am adsl-184-41-28-44.mem.bellsouth.net
which is now confusing me more because the 1.144 address is in;
~]$ ifconfig eth0 Link encap:Ethernet HWaddr 00:0F:FE:8F:8F:23 inet addr:192.168.1.144 Bcast:192.168.1.255 \ Mask:255.255.255.0 inet6 addr: fe80::20f:feff:fe8f:8f23/64 Scope:Link
your ROUTER gets the internet IP on its WAN side (184.41.28.86 or whatever), and your LAN uses 192.168.1.xxx, the system you ran ifconfig on there has 192.168.1.144. the router 'translates' your private LAN addresses to the public internet address, this process is often called NAT (Network Address Translation), or Masquerade.
so. Wireshark, for unknown reasons, thinks your system is 'PartedMagic'. I have no idea why.
so... 'PartedMagic' is a red herring. whats the ACTUAL problem here we're trying to solve?
-- john r pierce 37N 122W somewhere on the middle of the left coast
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Apologies for the previous top post :-( Forgot to trim the (...)
On 12/03/2014 05:05 PM, g wrote:
John, thank you for replying.
On 12/03/2014 03:21 PM, John R Pierce wrote:
On 12/3/2014 12:47 PM, g wrote:
wireshark text file loaded at;
http://pastebin.com/rCU0CC10some device on your network has the MAC address 00:0f:fe:8f:8f:23 which Wireshark is calling PartedMagic for unknown reasons.
see my new paste at;
since
[zep@nemesis ~]$ nslookup secure.informaction.com Server: 192.168.10.22 Address: 192.168.10.22#53
Non-authoritative answer: Name: secure.informaction.com Address: 82.103.140.42 Name: secure.informaction.com Address: 82.103.140.40 Name: secure.informaction.com Address: 69.195.141.178 Name: secure.informaction.com Address: 69.195.141.179
and going to www.informaction.com lists off things like noscript and a few other browser add on sorts of things, I'd tend to think that you [perhaps the plural 'you', meaning possibly some other individual] installed one of their extensions [or some other piece of FOSS] and it's doing a call home to check for updates or do some sort of comparison, like adblock's blacklist.
no idea where the wonky name comes from.
-
g -
John R Pierce -
Kahlil Hodgson -
Les Mikesell -
zep