On Tue, 18 May 2004 15:15:56 +0200, "Soderland, Craig"
<craig.soderland@xxxxxxx> said:
> I did a snoop from our tech sandbox (xxxxxx) to port 389 using the
> following command: 'snoop -v port 389' (without the quotes). The attached
> file shows a segment of the results. Notice the line:
I don't see an attached file?
> ETHER: Destination = 0:0:5e:0:1:1, U.S. Department of Defense
> Why should a connection be made to US Dept. of Defense? Any Ideas?
Remember - that's an *ethernet* destination. As such, it's still on your local
network (hopefully ;). That's probably not a destination, that's supposed to
be a manufacturer code...
However, it looks like somebody has a borked data file someplace. What I
*suspect* was intended here was that it took the first 3 octets and tried to
convert '0:0:5e' to a manufacturer code (there's a list available at http://
standards.ieee.org/regauth/oui/oui.txt) - so for instance any Ethernet address
that starts off with 00:05:73 is a Cisco card. One of the Ethernet cards on my
laptop has a MAC address that starts off with 00:10:A4 - which tells you it's
a Xircom card. The docking station's MAC address starts with 0:6:5B - that's a
Dell-rebadged 3Com.
Only problem is that 0:0:5e is registered as:
00-00-5E (hex) USC INFORMATION SCIENCES INST
00005E (base 16) USC INFORMATION SCIENCES INST
INTERNET ASS'NED NOS.AUTHORITY
4676 ADMIRALTY WAY
MARINA DEL REY CA 90292-6695
I don't see the DoD as having registered a prefix of its own there...
If this is a Sun system, you want to be looking at either /etc/ethers file,
or the NIS maps 'ethers', 'ethers.byname', and 'ethers.byaddr' - check
the /etc/nsswitch.conf file for details on which your system uses.
Attachment:
pgp00102.pgp
Description: PGP signature