Am Samstag, 12. Oktober 2019 schrieb Dr. Nikolaus Klepp:
> Install wireshark or tcpdump. Guess it's the "arp-who-has ... tell
> ..." class of messages.
Yes, good guess! Tcpdump show lots of these messages:
16:47:40.633536 ARP, Request who-has ip5b418d68.dynamic.kabel-deutschland.de tell ip5b418dfe.dynamic.kabel-deutschland.de, length 46
16:47:40.821784 ARP, Request who-has ip5b418b24.dynamic.kabel-deutschland.de tell ip5b418bfe.dynamic.kabel-deutschland.de, length 46
16:47:41.006438 ARP, Request who-has ip5b418a98.dynamic.kabel-deutschland.de tell ip5b418afe.dynamic.kabel-deutschland.de, length 46
But what does that mean? The addresses asked for all seem to
be from the pool of the IP addresses/domains which this ISP
gives out.
$ nslookup ip5b418d68.dynamic.kabel-deutschland.de
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: ip5b418d68.dynamic.kabel-deutschland.de
Address: 91.65.141.104
$ nslookup ip5b418b24.dynamic.kabel-deutschland.de
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: ip5b418b24.dynamic.kabel-deutschland.de
Address: 91.65.139.36
$ nslookup ip5b418a98.dynamic.kabel-deutschland.de
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: ip5b418a98.dynamic.kabel-deutschland.de
Address: 91.65.138.152
$ whois 91.65.141.104 # output cut
[…]
inetnum: 91.65.0.0 - 91.65.255.255
netname: KABEL-DEUTSCHLAND-CUSTOMER-SERVICES-14
[…]
Why would my machine send these requests?
Any hint much appreciated.
Thanks again,
Stefan
::
Re: [DNG] how to investigate consta…
