RE: Ping the subnet address

From: Guilherme Correia (razzolini80@hotmail.com)
Date: Fri Jul 02 2004 - 12:34:30 GMT-3

• Next message: Howard C. Berkowitz: "Re: 3550 Protected Ports"
• Previous message: john matijevic: "RE: Ping the subnet address"
• Maybe in reply to: Guilherme Correia: "Ping the subnet address"
• Next in thread: john matijevic: "RE: Ping the subnet address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

yes, it happens on all routers, exactly the same behaviour..I have rebooted
them in the hope this was going to change but still the same after reboot.

From: "john matijevic" <matijevi@bellsouth.net>
Reply-To: "john matijevic" <matijevi@bellsouth.net>
To: "'Tom Martin'" <tig@wiltecinc.com>, <ccielab@groupstudy.com>
CC: "'Kenneth Wygand'" <KWygand@customonline.com>
Subject: RE: Ping the subnet address
Date: Fri, 2 Jul 2004 11:19:48 -0400

Guilherme,
Does this issue only appear on one router where you ping? In otherwords
can you go to another router, and ping and you see the same issue on
that same subnet?

John Matijevic, CCIE #13254, MCSE, CNE, CCEA
Network Consultant
Hablo Espanol
305-321-6232

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Tom Martin
Sent: Friday, July 02, 2004 11:13 AM
To: ccielab@groupstudy.com
Cc: Kenneth Wygand
Subject: RE: Ping the subnet address

Ken,

I'd be very hesitant to try and block any traffic just because I thought
it might be strange, especially if everything was working properly. I
assumed that this was a lab scenario...

-- Tom

________________________________

From: Kenneth Wygand [mailto:KWygand@customonline.com]
Sent: Friday, July 02, 2004 11:07 AM
To: Tom Martin; ccielab@groupstudy.com
Cc: Guilherme Correia
Subject: RE: Ping the subnet address

Tom,

I'd be -very- hesitant to put an ACL blocking all broadcasts in a
production environment. Guilherme may have all kinds of services running
over this network, and blocking broadcasts may bust a lot of other
things.

Thanks!

Ken

________________________________

From: nobody@groupstudy.com on behalf of Tom Martin
Sent: Fri 7/2/2004 10:55 AM
To: ccielab@groupstudy.com
Cc: Guilherme Correia
Subject: RE: Ping the subnet address

Hello,

You didn't include any excerpts from your packet capture, but I
recreated the scenario using "debug ip packet" instead of using a packet
capture. When you ping the all-zeroes or all-ones broadcast address, the
pinging router actually sends packets out to destination
255.255.255.255, not the IP that you specified!

Sending router debug output:

r2#ping 192.168.12.0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.0, timeout is 2 seconds:

Mar 15 02:48:12.975: IP: s=192.168.12.2 (local), d=255.255.255.255
(FastEthernet0), len 100, sending broad/multicast
Mar 15 02:48:12.979: IP: s=192.168.12.1 (FastEthernet0), d=192.168.12.2
(FastEthernet0), len 100, rcvd 3
Reply to request 0 from 192.168.12.1, 4 ms
Mar 15 02:48:14.975: IP: s=192.168.12.2 (local), d=255.255.255.255
(FastEthernet0), len 100, sending broad/multicast
Mar 15 02:48:14.979: IP: s=192.168.12.1 (FastEthernet0), d=192.168.12.2
(FastEthernet0), len 100, rcvd 3
Reply to request 1 from 192.168.12.1, 4 ms
Mar 15 02:48:16.975: IP: s=192.168.12.2 (local), d=255.255.255.255
(FastEthernet0), len 100, sending broad/multicast
Mar 15 02:48:16.979: IP: s=192.168.12.1 (FastEthernet0), d=192.168.12.2
(FastEthernet0), len 100, rcvd 3
Reply to request 2 from 192.168.12.1, 4 ms
Mar 15 02:48:18.975: IP: s=192.168.12.2 (local), d=255.255.255.255
(FastEthernet0), len 100, sending broad/multicast
Mar 15 02:48:18.979: IP: s=192.168.12.1 (FastEthernet0), d=192.168.12.2
(FastEthernet0), len 100, rcvd 3
Reply to request 3 from 192.168.12.1, 4 ms
Mar 15 02:48:20.975: IP: s=192.168.12.2 (local), d=255.255.255.255
(FastEthernet0), len 100, sending broad/multicast
Mar 15 02:48:20.979: IP: s=192.168.12.1 (FastEthernet0), d=192.168.12.2
(FastEthernet0), len 100, rcvd 3
Reply to request 4 from 192.168.12.1, 4 ms
r2#

Confirmation that 255.255.255.255 is the destination, output from the
receiving router:

r1#
*Mar 1 00:30:00.339: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, rcvd 2
*Mar 1 00:30:00.339: IP: s=192.168.12.1 (local), d=192.168.12.2
(Ethernet1/0),len 100, sending
*Mar 1 00:30:02.339: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, rcvd 2
*Mar 1 00:30:02.339: IP: s=192.168.12.1 (local), d=192.168.12.2
(Ethernet1/0),len 100, sending
*Mar 1 00:30:04.339: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, rcvd 2
*Mar 1 00:30:04.339: IP: s=192.168.12.1 (local), d=192.168.12.2
(Ethernet1/0),len 100, sending
*Mar 1 00:30:06.339: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, rcvd 2
*Mar 1 00:30:06.339: IP: s=192.168.12.1 (local), d=192.168.12.2
(Ethernet1/0),len 100, sending
*Mar 1 00:30:08.339: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, rcvd 2
*Mar 1 00:30:08.339: IP: s=192.168.12.1 (local), d=192.168.12.2
(Ethernet1/0),len 100, sending
r1#

To answer your question on how to stop it (assuming you still want to do
so), just use an access-list. I used:

access-list 100 deny ip any host 255.255.255.255
access-list 100 permit ip any any
interface Ethernet1/0
   ip access-group 100 in

That resulted in failed pings from the sending side and the following
output from the receiving side:

*Mar 1 00:32:05.739: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, access denied
*Mar 1 00:32:07.739: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, access denied
*Mar 1 00:32:09.739: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, access denied
*Mar 1 00:32:11.739: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, access denied
*Mar 1 00:32:13.739: IP: s=192.168.12.2 (Ethernet1/0),
d=255.255.255.255, len 100, access denied

-- Tom

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Guilherme Correia
Sent: Friday, July 02, 2004 9:36 AM
To: ccielab@groupstudy.com
Subject: Ping the subnet address

Hi

I am experiencing this weird issue that when I ping the subnet address,
one
of the routers respond.
For example, when I ping 172.24.18.4 (subnet 172.24.18.4/30) one of the
routers with an interface on the subnet responds:

7204-1#ping 172.24.18.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 206.24.18.4, timeout is 2 seconds:

Reply to request 0 from 172.24.18.5, 1 ms
Reply to request 1 from 172.24.18.5, 1 ms
Reply to request 2 from 172.24.18.5, 1 ms
Reply to request 3 from 172.24.18.5, 1 ms
Reply to request 4 from 172.24.18.5, 1 ms

How can I stop this?

TIA

• Next message: Howard C. Berkowitz: "Re: 3550 Protected Ports"
• Previous message: john matijevic: "RE: Ping the subnet address"
• Maybe in reply to: Guilherme Correia: "Ping the subnet address"
• Next in thread: john matijevic: "RE: Ping the subnet address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:11:45 GMT-3