Ask Your Question
0

Why Is Private IP Address 10.0.0.1 Active On My Network?

asked 2022-07-24 20:09:59 +0000

Vtechie gravatar image

updated 2022-07-25 09:37:07 +0000

Guy Harris gravatar image

I'm looking for the person and device that is accessing the 10.0.0.1 on my Network, that is right. I have an Asus Router that has been illegally partitioned by I would assume who configured 10.0.0.1 as a Private IP Address, I have 3 Public IP Address, mine, and in the routing table two others that did not have the same subnet mask but recently that changed. And the Asus router has the standard Private IP Address of 192.168.50.1 but someone configured Port Forwarding to 192.168.1.1 with Vlans and a br0 of that goes to my side of the router because it has the same subnet mask. I realize some of this information has nothing to do with Wireshark, but it lets you know the scenario.

Thank you so very much in advance.

Frame 12: 1292 bytes on wire, 1292 bytes captured on interface \Device\NPF_{6911}, id 0
    Interface id: 0 (\Device\NPF_{6911},
        Interface name: \Device\NPF_{6911}
        Interface description: EXTREME MIRACLES
    Encapsulation type: Ethernet (1)
    Arrival Time: Jul 17, 2022 12:56:30.504782000 Central Daylight Time
    [Time shift for this packet: 0.000000000 seconds]
    [Time delta from previous captured frame: 0.443152000 seconds]
    [Time delta from previous displayed frame: 0.443152000 seconds]
    [Time since reference or first frame: 0.830789000 seconds]
    Frame Number: 12
    Frame Length: 1292 bytes (10336 bits)
    Capture Length: 1292 bytes (10336 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:udp:quic:tls:tls:tls:tls:tls:tls:tls:tls:tls:tls:tls]
    [Coloring Rule Name: Checksum Errors]
    [Coloring Rule String: cdp.checksum.status=="Bad" || edp.checksum.status=="Bad" || ip.checksum.status=="Bad" || tcp.checksum.status=="Bad" || udp.checksum.status=="Bad"|| sctp.checksum.status=="Bad" || mstp.checksum.status=="Bad"]
Ethernet II, Src: Dell_ Dst: ASUSTekC_
    Destination: ASUSTekC)
    Source: Dell_
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.50.112 (192.168.50.112), Dst: 10.0.0.1 (10.0.0.1)
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 1278
    Identification: 0x3f35 (16181)
    Flags: 0x40, Don't fragment
        0... .... = Security flag: Not evil
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    ...0 0000 0000 0000 = Fragment Offset: 0
    Time to Live: 128
    Protocol: UDP (17)
    Header Checksum: 0x0000 incorrect, should be 0xb9a0(may be caused by "IP checksum offload"?)
    [Header checksum status: Bad]
    [Calculated Checksum: 0xb9a0]
    Source Address: 192.168.50.112 (192.168.50.112)
    <Source or Destination Address: 192.168.50.112 (192.168.50.112)>
    <[Source Host: 192.168.50.112]>
    <[Source or Destination Host: 192.168.50.112]>
    Destination Address: 10.0.0.1 (10.0.0.1)
    <Source or Destination Address: 10.0.0.1 (10.0.0.1)>
    <[Destination Host ...
(more)
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-07-25 21:20:18 +0000

Guy Harris gravatar image

So the machine with IP address 192.168.50.112 is sending a QUIC packet to a machine with the IP address 10.0.0.1.

The packet that your machine received was sent from a machine that's probably a Dell machine, as Wireshark decoded the source MAC address as being one beginning with an OUI (which would be a vendor identification) that belongs to Dell, and is being sent to a a machine that's probably an Asus machine, as Wireshark decoded the destination MAC address as being one beginning with an OUI that belongs to Asus.

That does not guarantee that 192.168.50.112 is a Dell machine or that 10.0.0.1 is an Asus machine; 192.168.50.112 could be a Dell machine or might have sent the packet to a Dell machine that forwarded it to your machine, and 10.0.0.1 could be an Asus machine or it might be a machine to which the Dell machine forwarded the packet under the expectation that it would forward it to 10.0.0.1 or a machine that could forward the packet closer to 10.0.0.1.

Is the machine on which you're running Wireshark a Dell machine, with an interface with the address 192.168.50.112?

Do you have a machine from Asus? It might be a computer, or it might be a router.

edit flag offensive delete link more

Comments

Thanks for your response. I did not configure my Asus Router to be running the Private IP Address 10.0.0.1 nor is my computer configured to use that address. The DHCP Pool Range is 192.168.50.2-192.168.50.254. In the settings of the print of above it say only up to 192.168.50.253. I could put the beginning address to be 192.168.50.1 but it will not say and I get no errors on this. If I try to put 192.168.50.255 in the IP Pooling range end I get an error code.

Now the 192.168.50.255 shows up on my computer alive offline and online in Advance IP Scanner along with my own Private IP Address of 192.168.50.112 and they have the same MAC Address.

I'm guessing that whoever is illegally accessing ...(more)

Vtechie gravatar imageVtechie ( 2022-07-26 02:19:56 +0000 )edit

I did not configure my Asus Router to be running the Private IP Address 10.0.0.1

It doesn't have to; your machine (192.168.50.112) just has to think that sending a packet to the Asus router will get it one hop closer to 10.0.0.1.

What does the command route print report on your machine?

If I try to put 192.168.50.255 in the IP Pooling range end I get an error code.

That's because 192.168.50.255 is the broadcast IP address for your local network; it doesn't correspond to a machine, and is not a valid address to assign to a machine.

Now the 192.168.50.255 shows up on my computer alive offline and online in Advance IP Scanner

If you mean "Advanced IP Scanner", then, if I try running it on my Windows ...(more)

Guy Harris gravatar imageGuy Harris ( 2022-07-26 21:12:17 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2022-07-24 20:09:59 +0000

Seen: 1,268 times

Last updated: Jul 25 '22