From: Tom Martin (tig@wiltecinc.com)
Date: Fri Jul 02 2004 - 12:13:24 GMT-3
Ken,
I'd be very hesitant to try and block any traffic just because I thought
it might be strange, especially if everything was working properly. I
assumed that this was a lab scenario...
-- Tom
________________________________
From: Kenneth Wygand [mailto:KWygand@customonline.com]
Sent: Friday, July 02, 2004 11:07 AM
To: Tom Martin; ccielab@groupstudy.com
Cc: Guilherme Correia
Subject: RE: Ping the subnet address
Tom,
I'd be -very- hesitant to put an ACL blocking all broadcasts in a
production environment. Guilherme may have all kinds of services running
over this network, and blocking broadcasts may bust a lot of other
things.
Thanks!
Ken
________________________________
From: nobody@groupstudy.com on behalf of Tom Martin
Sent: Fri 7/2/2004 10:55 AM
To: ccielab@groupstudy.com
Cc: Guilherme Correia
Subject: RE: Ping the subnet address
Hello,
You didn't include any excerpts from your packet capture, but I
recreated the scenario using "debug ip packet" instead of using a packet
capture. When you ping the all-zeroes or all-ones broadcast address, the
pinging router actually sends packets out to destination
255.255.255.255, not the IP that you specified!
Sending router debug output:
r2#ping 192.168.12.0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.0, timeout is 2 seconds:
Mar 15 02:48:12.975: IP: s=192.168.12.2 (local), d=255.255.255.255
(FastEthernet0), len 100, sending broad/multicast
Mar 15 02:48:12.979: IP: s=192.168.12.1 (FastEthernet0), d=192.168.12.2
(FastEthernet0), len 100, rcvd 3
Reply to request 0 from 192.168.12.1, 4 ms
Mar 15 02:48:14.975: IP: s=192.168.12.2 (local), d=255.255.255.255
(FastEthernet0), len 100, sending broad/multicast
Mar 15 02:48:14.979: IP: s=192.168.12.1 (FastEthernet0), d=192.168.12.2
(FastEthernet0), len 100, rcvd 3
Reply to request 1 from 192.168.12.1, 4 ms
Mar 15 02:48:16.975: IP: s=192.168.12.2 (local), d=255.255.255.255
(FastEthernet0), len 100, sending broad/multicast
Mar 15 02:48:16.979: IP: s=192.168.12.1 (FastEthernet0), d=192.168.12.2
(FastEthernet0), len 100, rcvd 3
Reply to request 2 from 192.168.12.1, 4 ms
Mar 15 02:48:18.975: IP: s=192.168.12.2 (local), d=255.255.255.255
(FastEthernet0), len 100, sending broad/multicast
Mar 15 02:48:18.979: IP: s=192.168.12.1 (FastEthernet0), d=192.168.12.2
(FastEthernet0), len 100, rcvd 3
Reply to request 3 from 192.168.12.1, 4 ms
Mar 15 02:48:20.975: IP: s=192.168.12.2 (local), d=255.255.255.255
(FastEthernet0), len 100, sending broad/multicast
Mar 15 02:48:20.979: IP: s=192.168.12.1 (FastEthernet0), d=192.168.12.2
(FastEthernet0), len 100, rcvd 3
Reply to request 4 from 192.168.12.1, 4 ms
r2#
Confirmation that 255.255.255.255 is the destination, output from the
receiving router:
r1#
*Mar 1 00:30:00.339: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, rcvd 2
*Mar 1 00:30:00.339: IP: s=192.168.12.1 (local), d=192.168.12.2
(Ethernet1/0),len 100, sending
*Mar 1 00:30:02.339: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, rcvd 2
*Mar 1 00:30:02.339: IP: s=192.168.12.1 (local), d=192.168.12.2
(Ethernet1/0),len 100, sending
*Mar 1 00:30:04.339: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, rcvd 2
*Mar 1 00:30:04.339: IP: s=192.168.12.1 (local), d=192.168.12.2
(Ethernet1/0),len 100, sending
*Mar 1 00:30:06.339: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, rcvd 2
*Mar 1 00:30:06.339: IP: s=192.168.12.1 (local), d=192.168.12.2
(Ethernet1/0),len 100, sending
*Mar 1 00:30:08.339: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, rcvd 2
*Mar 1 00:30:08.339: IP: s=192.168.12.1 (local), d=192.168.12.2
(Ethernet1/0),len 100, sending
r1#
To answer your question on how to stop it (assuming you still want to do
so), just use an access-list. I used:
access-list 100 deny ip any host 255.255.255.255
access-list 100 permit ip any any
interface Ethernet1/0
ip access-group 100 in
That resulted in failed pings from the sending side and the following
output from the receiving side:
*Mar 1 00:32:05.739: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, access denied
*Mar 1 00:32:07.739: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, access denied
*Mar 1 00:32:09.739: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, access denied
*Mar 1 00:32:11.739: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, access denied
*Mar 1 00:32:13.739: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, access denied
-- Tom
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Guilherme Correia
Sent: Friday, July 02, 2004 9:36 AM
To: ccielab@groupstudy.com
Subject: Ping the subnet address
Hi
I am experiencing this weird issue that when I ping the subnet address,
one
of the routers respond.
For example, when I ping 172.24.18.4 (subnet 172.24.18.4/30) one of the
routers with an interface on the subnet responds:
7204-1#ping 172.24.18.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 206.24.18.4, timeout is 2 seconds:
Reply to request 0 from 172.24.18.5, 1 ms
Reply to request 1 from 172.24.18.5, 1 ms
Reply to request 2 from 172.24.18.5, 1 ms
Reply to request 3 from 172.24.18.5, 1 ms
Reply to request 4 from 172.24.18.5, 1 ms
How can I stop this?
TIA
This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:11:45 GMT-3