This is a static archive of our old Q&A Site. Please post any new questions and answers at

unknown interface caught on wireshark


i am using win7 operating system connected wireless to zte F660.

when trying to sniff the traffic using wireshark , i've capture lots of ARP request from unknown interface, which is not exist on my router neither on my window host client.

below is the screenshot:

the unknown interface shows "78:19:f7:40:b7:c5" as its mac address

my lan interface

my wlan interface

I'm not an network administrator and i hope someone can light me up.

i really appreciate for your help.


asked 27 Jul '16, 17:58

noobie's gravatar image

accept rate: 0%

edited 27 Jul '16, 17:59

Cable modem user?

(27 Jul '16, 22:37) Jaap ♦

@Jaap, yes sir

it is ADSL fiber optic modem,and i connect using wifi to the modem.

it is strange because i catch lots of internal ips with different range than my network

(30 Jul '16, 11:49) noobie

One Answer:


From the strange subnet ARP packets, it looks like there are at least 5 devices.

Two IP senders [ &] and they are asking for three other devices MAC address [, &]. So it's most likely that they are all on a subnet (range: ~

Also look at your LAN 4 interface. It doesn't show IP address of that interface, but you can see both send & receive traffic (and not in any small numbers either).

But as you're attached to WLAN on subnet, these packets shouldn't be broadcast to you at all as it's an entirely different subnet.

Likewise, the strange ARP request packets don't have any replies over a several minute span meaning that this is only 1 way traffic you're seeing. That too is strange because the ARP requesting devices have a specific IP whom they are probably talking to and thus there should be two way traffic. But that's not the case.

As such, I recommend you look at the IP settings for your LAN 4 first and if it is in the range, then perhaps your router is set to bridging mode?

And if LAN 4 is NOT in the range, then perhaps somebody elses wireless packets are bleeding over and you're picking them up and capturing them. But if you don't use subnet range, then there will be no route from your router to that subnet and thus you will only see one way incoming packets, but no returned packets which is what this looks like.


answered 30 Jul '16, 19:01

wbenton's gravatar image

accept rate: 0%