i am using win7 operating system connected wireless to zte F660.
when trying to sniff the traffic using wireshark , i've capture lots of ARP request from unknown interface, which is not exist on my router neither on my window host client.
below is the screenshot:
the unknown interface shows "78:19:f7:40:b7:c5" as its mac address http://imgur.com/a/Nsyrp
my lan interface http://imgur.com/a/8NKMF
my wlan interface http://imgur.com/a/EMCzl
I'm not an network administrator and i hope someone can light me up.
i really appreciate for your help.
asked 27 Jul '16, 17:58
edited 27 Jul '16, 17:59
From the strange subnet ARP packets, it looks like there are at least 5 devices.
Two IP senders [10.11.48.2 & 10.11.48.3] and they are asking for three other devices MAC address [10.11.50.43, 10.11.51.28 & 10.11.51.220]. So it's most likely that they are all on a subnet 10.11.48.0/22 (range: 10.11.48.1 ~ 10.11.51.255).
Also look at your LAN 4 interface. It doesn't show IP address of that interface, but you can see both send & receive traffic (and not in any small numbers either).
But as you're attached to WLAN on subnet 192.168.0.0/16, these packets shouldn't be broadcast to you at all as it's an entirely different subnet.
Likewise, the strange ARP request packets don't have any replies over a several minute span meaning that this is only 1 way traffic you're seeing. That too is strange because the ARP requesting devices have a specific IP whom they are probably talking to and thus there should be two way traffic. But that's not the case.
As such, I recommend you look at the IP settings for your LAN 4 first and if it is in the 10.11.48.0/22 range, then perhaps your router is set to bridging mode?
And if LAN 4 is NOT in the 10.11.48.0/22 range, then perhaps somebody elses wireless packets are bleeding over and you're picking them up and capturing them. But if you don't use 10.11.48.0/22 subnet range, then there will be no route from your router to that subnet and thus you will only see one way incoming packets, but no returned packets which is what this looks like.
answered 30 Jul '16, 19:01