Ask Your Question

Why Is Private IP Address Active On My Network?

asked 2022-07-24 20:09:59 +0000

Vtechie gravatar image

updated 2022-07-25 09:37:07 +0000

Guy Harris gravatar image

I'm looking for the person and device that is accessing the on my Network, that is right. I have an Asus Router that has been illegally partitioned by I would assume who configured as a Private IP Address, I have 3 Public IP Address, mine, and in the routing table two others that did not have the same subnet mask but recently that changed. And the Asus router has the standard Private IP Address of but someone configured Port Forwarding to with Vlans and a br0 of that goes to my side of the router because it has the same subnet mask. I realize some of this information has nothing to do with Wireshark, but it lets you know the scenario.

Thank you so very much in advance.

Frame 12: 1292 bytes on wire, 1292 bytes captured on interface \Device\NPF_{6911}, id 0
    Interface id: 0 (\Device\NPF_{6911},
        Interface name: \Device\NPF_{6911}
        Interface description: EXTREME MIRACLES
    Encapsulation type: Ethernet (1)
    Arrival Time: Jul 17, 2022 12:56:30.504782000 Central Daylight Time
    [Time shift for this packet: 0.000000000 seconds]
    [Time delta from previous captured frame: 0.443152000 seconds]
    [Time delta from previous displayed frame: 0.443152000 seconds]
    [Time since reference or first frame: 0.830789000 seconds]
    Frame Number: 12
    Frame Length: 1292 bytes (10336 bits)
    Capture Length: 1292 bytes (10336 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:udp:quic:tls:tls:tls:tls:tls:tls:tls:tls:tls:tls:tls]
    [Coloring Rule Name: Checksum Errors]
    [Coloring Rule String: cdp.checksum.status=="Bad" || edp.checksum.status=="Bad" || ip.checksum.status=="Bad" || tcp.checksum.status=="Bad" || udp.checksum.status=="Bad"|| sctp.checksum.status=="Bad" || mstp.checksum.status=="Bad"]
Ethernet II, Src: Dell_ Dst: ASUSTekC_
    Destination: ASUSTekC)
    Source: Dell_
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: (, Dst: (
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 1278
    Identification: 0x3f35 (16181)
    Flags: 0x40, Don't fragment
        0... .... = Security flag: Not evil
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    ...0 0000 0000 0000 = Fragment Offset: 0
    Time to Live: 128
    Protocol: UDP (17)
    Header Checksum: 0x0000 incorrect, should be 0xb9a0(may be caused by "IP checksum offload"?)
    [Header checksum status: Bad]
    [Calculated Checksum: 0xb9a0]
    Source Address: (
    <Source or Destination Address: (>
    <[Source Host:]>
    <[Source or Destination Host:]>
    Destination Address: (
    <Source or Destination Address: (>
    <[Destination Host ...
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2022-07-25 21:20:18 +0000

Guy Harris gravatar image

So the machine with IP address is sending a QUIC packet to a machine with the IP address

The packet that your machine received was sent from a machine that's probably a Dell machine, as Wireshark decoded the source MAC address as being one beginning with an OUI (which would be a vendor identification) that belongs to Dell, and is being sent to a a machine that's probably an Asus machine, as Wireshark decoded the destination MAC address as being one beginning with an OUI that belongs to Asus.

That does not guarantee that is a Dell machine or that is an Asus machine; could be a Dell machine or might have sent the packet to a Dell machine that forwarded it to your machine, and could be an Asus machine or it might be a machine to which the Dell machine forwarded the packet under the expectation that it would forward it to or a machine that could forward the packet closer to

Is the machine on which you're running Wireshark a Dell machine, with an interface with the address

Do you have a machine from Asus? It might be a computer, or it might be a router.

edit flag offensive delete link more


Thanks for your response. I did not configure my Asus Router to be running the Private IP Address nor is my computer configured to use that address. The DHCP Pool Range is In the settings of the print of above it say only up to I could put the beginning address to be but it will not say and I get no errors on this. If I try to put in the IP Pooling range end I get an error code.

Now the shows up on my computer alive offline and online in Advance IP Scanner along with my own Private IP Address of and they have the same MAC Address.

I'm guessing that whoever is illegally accessing ...(more)

Vtechie gravatar imageVtechie ( 2022-07-26 02:19:56 +0000 )edit

I did not configure my Asus Router to be running the Private IP Address

It doesn't have to; your machine ( just has to think that sending a packet to the Asus router will get it one hop closer to

What does the command route print report on your machine?

If I try to put in the IP Pooling range end I get an error code.

That's because is the broadcast IP address for your local network; it doesn't correspond to a machine, and is not a valid address to assign to a machine.

Now the shows up on my computer alive offline and online in Advance IP Scanner

If you mean "Advanced IP Scanner", then, if I try running it on my Windows ...(more)

Guy Harris gravatar imageGuy Harris ( 2022-07-26 21:12:17 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2022-07-24 20:09:59 +0000

Seen: 966 times

Last updated: Jul 25 '22