This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

We are having some strange activity on the network, with intermittent slowing down. Wireshark scans produce multiple results from the same source:

Ethernet II, Src: fe:80:00:00:00:00 (fe:80:00:00:00:00), Dst: 59:de:e6:c9:98:55 (59:de:e6:c9:98:55)

Any initial thoughts?

asked 26 Mar '14, 02:59

bl33pcode's gravatar image

bl33pcode
11112
accept rate: 0%


Neither of those addresses are well known addresses, so it could be

  • some special config in your local network setup, you don't know of
  • a broken device (switch, NIC, etc.) that just sends bogus frames and hence the unknown MAC addresses
  • someone playing tricks with you, like a local use who is 'testing' hacker tools

Please check the switch logs and CAM table of your switches to figure out the switch port where the sending device is attached to the switch. Wireshark won't be able to help you, unless you see some clear text messages in the frames that help to identify the sending device.

Regards
Kurt

permanent link

answered 26 Mar '14, 09:02

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 26 Mar '14, 09:03

Yeah, we can't identify the mac address atm.

will check the switches.

(26 Mar '14, 09:24) bl33pcode

Don't forget to look at the content (payload) of the frames!

Is it possible to post a sample on http://cloudshark.org ?

(26 Mar '14, 10:44) Kurt Knochner ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×41
×29

question asked: 26 Mar '14, 02:59

question was seen: 2,380 times

last updated: 26 Mar '14, 10:44

p​o​w​e​r​e​d by O​S​Q​A