Linux/Unix - tcpdump captured IPX broadcast

Author

tcpdump captured IPX broadcast

kill97

2004-01-10, 12:34 pm

hi all,

My hotel is running on IP. did a tcpdump on my network and i got alot of traffics like this:

' 23:27:59:543654 0.00:53:a5:c2:10:2c.453 > 0.ff:ff:ff:ff:ff:ff.453:ipx-rip-req 7463986321/645'

this traffic is strong enough to stop everyone from accessing the network.

Q1. what are these?

Q2. what can i do to prevent this?

RussS

2004-01-10, 2:34 pm

I haven't a chance to consider this yet, but IPX is considered a Novell protocol. Whether or not your network includes IPX natively there area a few things possible.

1. Someone has installed IPX protocol somewhere incorrectly.
2. You have a NIC that is going bad.
3. There is a rogue server on your network.

Tarzanboy

2004-01-10, 4:01 pm

Some older games use IPX as well.

Cheers,
TB

Tarzanboy

2004-01-10, 4:32 pm

It's been a while since I have had anything to do with IPX, but analyzing the packet looks like this to me:

timestamp: 23:27:59:543654
Network number: 0.
Sender Network ID (MAC address): 00:53:a5:c2:10:2c.
Port: 453 (RIP)
going to: >
Destination Network number: 0.
Destination MAC address (anyone out there): ff:ff:ff:ff:ff:ff.
Destination Port: 453
Info (router request): ipx-rip-req
Some other stuff: 7463986321/645'

Ideally you should have a network map with MAC addresses listed or at the very least, with IP addresses. To track down the broadcasters, make note of the MAC addresses and in that event you don't have the MACs listed on a map, you could use ARP to attempt to track the MAC to the IP address.

Cheers,
TB

kill97

2004-01-10, 11:28 pm

hi all,

thanks for the reply.

to Tarzanboy,
how would i use ARP to track the MAC to the IP addr?

Tarzanboy

2004-01-11, 3:15 pm

Since ARP maps MAC addresses to IP addresses, in the console, try arp -a which should bring up the ARP table.

Cheers,
TB

Sponsored Links