Why would I get a Cisco and HewlettP as Private IP address on Random Pkt Gen.

asked 2022-02-20 21:55:26 +0000

Vtechie
1 ●3 ●12 ●14

updated 2022-02-20 22:01:00 +0000

grahamb

flag of United Kingdom of Great Britain and Northern Ireland

23835 ●4 ●973 ●227 https://www.wireshark.org

Hello, and thanks for your help on this matter.

I have my laptop on and running, I've been seeing private 10.x.x.x.x in Wireshark and in my Asus router. I have not configured this type of Private IP Address on my home network. I run a Random packet capture before I connect my computer to the back of my ISP modem. My computer has WIFI disabled in the Bios. Below is what I capture. Oh, my Asus router was not even plugged in.

These are not my devices in my home.

Frame 1: 2629 bytes on wire, 2629 bytes captured on interface randpkt, id 0
    Interface id: 0 (randpkt)
        Interface name: randpkt
        Interface description: Random packet generator
    Encapsulation type: Ethernet (1)
    Arrival Time: (0)Dec 31, 1969 18:00:00.000000000 Central Standard Time
    [Time shift for this packet: 0.000000000 seconds]
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 2629 bytes (21032 bits)
    Capture Length: 2629 bytes (21032 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp:tds:data]
    [Coloring Rule Name: Checksum Errors]
    [Coloring Rule String: cdp.checksum.status=="Bad" || edp.checksum.status=="Bad" || ip.checksum.status=="Bad" || tcp.checksum.status=="Bad" || udp.checksum.status=="Bad"|| sctp.checksum.status=="Bad" || mstp.checksum.status=="Bad"]
Ethernet II, Src: Cisco_98:39:81 (00:08:a3:98:39:81), Dst: HewlettP_0d:7a:ed (00:50:8b:0d:7a:ed)
    Destination: HewlettP_0d:7a:ed (00:50:8b:0d:7a:ed)
        <[Destination (resolved): HewlettP_0d:7a:ed]>
        <[Destination OUI: 00:50:8b (Hewlett Packard)]>
        <[Destination OUI (resolved): Hewlett Packard]>
        Address: HewlettP_0d:7a:ed (00:50:8b:0d:7a:ed)
        <[Address (resolved): HewlettP_0d:7a:ed]>
        <[Address OUI: 00:50:8b (Hewlett Packard)]>
        <[Address OUI (resolved): Hewlett Packard]>
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        <.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)>
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        <.... ...0 .... .... .... .... = IG bit: Individual address (unicast)>
    Source: Cisco_98:39:81 (00:08:a3:98:39:81)
        <[Source (resolved): Cisco_98:39:81]>
        <[Source OUI: 00:08:a3 (Cisco Systems, Inc)]>
        <[Source OUI (resolved): Cisco Systems, Inc]>
        Address: Cisco_98:39:81 (00:08:a3:98:39:81)
        <[Address (resolved): Cisco_98:39:81]>
        <[Address OUI: 00:08:a3 (Cisco Systems, Inc)]>
        <[Address OUI (resolved): Cisco Systems, Inc]>
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        <.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)>
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        <.... ...0 .... .... .... .... = IG bit: Individual address (unicast)>
    Type: IPv4 (0x0800)
    Trailer: 52 9c 5d 5b 2e 29 f7 43 71 cd 5d 4c 7b d9 a0 7c 34 15 25 73 00 b2 1f b2 …
    Frame check sequence: 0x0bf53599 incorrect, should be 0xd2d4f9bc
        [Expert ...

(more)

edit retag flag offensive close merge delete

add a comment

answered 2022-02-20 22:10:17 +0000

grahamb

23835 ●4 ●973 ●227 https://www.wireshark.org

randpkt generates random packets based on a pre-configured type, one of which is TDS or tabular data stream as seen here (by using the -t tds option).

The packet template for tds uses Cisco and HP OUI Mac addresses, not IPs, for the Ethernet II portion of the generated packet and that's why they show up in your capture.

edit flag offensive delete link

Comments

Thank you for your answer.

I could not find anything to verify the packet templates of the mac addresses. I cannot find the TDS in the captured packets from above either. However, I have had someone try to miniplate my studies in MSQL that which is disabled at this time. So the TDS would make sense if I could find it above.

When I have ran the Random Packet Generator, I just use the Wireshark capture, I have not specified what type of capture to run, but I have seen it change before. Each time I run it it seems to change.

https://en.wikipedia.org/wiki/Tabular... FROM WIKIPEDIA Tabular Data Stream From Wikipedia, the free encyclopedia Tabular Data Stream (TDS) is an application layer protocol used to transfer data between a database server and a client. It was initially designed and developed by Sybase Inc. for their Sybase ...(more)

Vtechie ( 2022-02-21 00:06:49 +0000 )edit

See the source file that contains the packet templates randpkt_core.c and the definitions of the byte array pkt_tds.

When randpkt isn't provided a -t argument, it will randomly choose a packet type to generate.

grahamb ( 2022-02-21 09:03:40 +0000 )edit

randpkt generates random packets based on a pre-configured type

...which means that the packets you see if you capture with the random packet generator that comes with Wireshark are NOT packets from your network, they're packets the random packet generator is sending to Wireshark over a pipe, with no network involved.

Guy Harris ( 2022-02-21 17:56:26 +0000 )edit

add a comment

Why would I get a Cisco and HewlettP as Private IP address on Random Pkt Gen.

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Why would I get a Cisco and HewlettP as Private IP address on Random Pkt Gen. edit

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Why would I get a Cisco and HewlettP as Private IP address on Random Pkt Gen.