Ask Your Question
0

Why would I get a Cisco and HewlettP as Private IP address on Random Pkt Gen.

asked 2022-02-20 21:55:26 +0000

Vtechie gravatar image

updated 2022-02-20 22:01:00 +0000

grahamb gravatar image

Hello, and thanks for your help on this matter.

I have my laptop on and running, I've been seeing private 10.x.x.x.x in Wireshark and in my Asus router. I have not configured this type of Private IP Address on my home network. I run a Random packet capture before I connect my computer to the back of my ISP modem. My computer has WIFI disabled in the Bios. Below is what I capture. Oh, my Asus router was not even plugged in.

These are not my devices in my home.

Frame 1: 2629 bytes on wire, 2629 bytes captured on interface randpkt, id 0
    Interface id: 0 (randpkt)
        Interface name: randpkt
        Interface description: Random packet generator
    Encapsulation type: Ethernet (1)
    Arrival Time: (0)Dec 31, 1969 18:00:00.000000000 Central Standard Time
    [Time shift for this packet: 0.000000000 seconds]
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 2629 bytes (21032 bits)
    Capture Length: 2629 bytes (21032 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp:tds:data]
    [Coloring Rule Name: Checksum Errors]
    [Coloring Rule String: cdp.checksum.status=="Bad" || edp.checksum.status=="Bad" || ip.checksum.status=="Bad" || tcp.checksum.status=="Bad" || udp.checksum.status=="Bad"|| sctp.checksum.status=="Bad" || mstp.checksum.status=="Bad"]
Ethernet II, Src: Cisco_98:39:81 (00:08:a3:98:39:81), Dst: HewlettP_0d:7a:ed (00:50:8b:0d:7a:ed)
    Destination: HewlettP_0d:7a:ed (00:50:8b:0d:7a:ed)
        <[Destination (resolved): HewlettP_0d:7a:ed]>
        <[Destination OUI: 00:50:8b (Hewlett Packard)]>
        <[Destination OUI (resolved): Hewlett Packard]>
        Address: HewlettP_0d:7a:ed (00:50:8b:0d:7a:ed)
        <[Address (resolved): HewlettP_0d:7a:ed]>
        <[Address OUI: 00:50:8b (Hewlett Packard)]>
        <[Address OUI (resolved): Hewlett Packard]>
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        <.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)>
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        <.... ...0 .... .... .... .... = IG bit: Individual address (unicast)>
    Source: Cisco_98:39:81 (00:08:a3:98:39:81)
        <[Source (resolved): Cisco_98:39:81]>
        <[Source OUI: 00:08:a3 (Cisco Systems, Inc)]>
        <[Source OUI (resolved): Cisco Systems, Inc]>
        Address: Cisco_98:39:81 (00:08:a3:98:39:81)
        <[Address (resolved): Cisco_98:39:81]>
        <[Address OUI: 00:08:a3 (Cisco Systems, Inc)]>
        <[Address OUI (resolved): Cisco Systems, Inc]>
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        <.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)>
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        <.... ...0 .... .... .... .... = IG bit: Individual address (unicast)>
    Type: IPv4 (0x0800)
    Trailer: 52 9c 5d 5b 2e 29 f7 43 71 cd 5d 4c 7b d9 a0 7c 34 15 25 73 00 b2 1f b2 …
    Frame check sequence: 0x0bf53599 incorrect, should be 0xd2d4f9bc
        [Expert ...
(more)
edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2022-02-20 22:10:17 +0000

grahamb gravatar image

randpkt generates random packets based on a pre-configured type, one of which is TDS or tabular data stream as seen here (by using the -t tds option).

The packet template for tds uses Cisco and HP OUI Mac addresses, not IPs, for the Ethernet II portion of the generated packet and that's why they show up in your capture.

edit flag offensive delete link more

Comments

Thank you for your answer.

I could not find anything to verify the packet templates of the mac addresses. I cannot find the TDS in the captured packets from above either. However, I have had someone try to miniplate my studies in MSQL that which is disabled at this time. So the TDS would make sense if I could find it above.

When I have ran the Random Packet Generator, I just use the Wireshark capture, I have not specified what type of capture to run, but I have seen it change before. Each time I run it it seems to change.

https://en.wikipedia.org/wiki/Tabular... FROM WIKIPEDIA Tabular Data Stream From Wikipedia, the free encyclopedia Tabular Data Stream (TDS) is an application layer protocol used to transfer data between a database server and a client. It was initially designed and developed by Sybase Inc. for their Sybase ...(more)

Vtechie gravatar imageVtechie ( 2022-02-21 00:06:49 +0000 )edit

See the source file that contains the packet templates randpkt_core.c and the definitions of the byte array pkt_tds.

When randpkt isn't provided a -t argument, it will randomly choose a packet type to generate.

grahamb gravatar imagegrahamb ( 2022-02-21 09:03:40 +0000 )edit

randpkt generates random packets based on a pre-configured type

...which means that the packets you see if you capture with the random packet generator that comes with Wireshark are NOT packets from your network, they're packets the random packet generator is sending to Wireshark over a pipe, with no network involved.

Guy Harris gravatar imageGuy Harris ( 2022-02-21 17:56:26 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2022-02-20 21:55:26 +0000

Seen: 455 times

Last updated: Feb 20 '22