Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Weird IP found on the network, am I being hacked? 1

Status
Not open for further replies.
confusedtekguy

confusedtekguy

IS-IT--Management
Jun 6, 2003
47
US
I downloaded a network monitor from (7 day trial version) I've been monitoring our 25 computer network for a week, found a weird IP that every computer, inculding server, communicates with:

IP is 10.0.0.255

protocol: ether.IP.UDP.netbios-ns
port: 137

or
protocol: ether.IP.UDP.netbios-dgm
port: 138

I'm not quite sure what it is... Our domain is in the 10.0.0.xxx range. I can ping it, but not resolve to hostname. Used an IP scan, but it tells me it's not a live host. Looked in the DHCP server address leases, it's not there. Any suggestions about what it is?
 
Sort by date Sort by votes
If you network is 10.0.0.* .... then 10.0.0.255 is your BROADCAST adress if your netmask is something like 255.255.255.0

Am i right ?

_____________________________
Don't forget folks,
...unless you want the coco-macaques to be send for you,
... vote people with tipmaster awards if they helped you.
 
Upvote 0 Downvote
Yep, that's what I thought it would be... but for some reason I've always assumed the broadcast would be 255.255.255.255. Incoming silly question - what exactly is broadcast used for? And why do I sometimes see 10.0.0.255 sending packets to itself? Thanks alot for the info [thumbsup]
 
Upvote 0 Downvote
One check in /etc/services later...
________________
netbios-ns 137/tcp # NETBIOS Name Service
netbios-ns 137/udp
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-dgm 138/udp
________________

255.255.255.255 is broadcasting the whole world. All i know about the packets it that thery have something to do with NETBIOS, which is generally a windows thing.

Broadcast can be useful for diagnostics, and are used for scanning, , certain applications, etc. The Ip is normal.

--Dave.


_____________________________
Don't forget folks,
...unless you want the coco-macaques to be send for you,
... vote people with tipmaster awards if they helped you.
 
Upvote 0 Downvote
The broadcasts in question are used to update the names of the computers that are active on the network. You see the results when you browse your local network. Each of the computers that shows up has broadcast an annoncement that it is connected and available.
 
Upvote 0 Downvote
There you go, now here's a fella that knows netbios ( I admit to total failure on windows netowkring... i'm a linux/unix guy myself)

_____________________________
Don't forget folks,
...unless you want the coco-macaques to be sent for you,
... vote people with tipmaster awards if they helped you.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
786
Sameer258
Sameer258
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
583
XLNTech1
XLNTech1
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
649
Johnkite
Johnkite
ciscokid1984
  • Locked
  • Question
Watchguard RDP from external network
Replies
1
Views
249
hairlessupportmonkey
hairlessupportmonkey
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
187
Russtoleum
Russtoleum

Part and Inventory Search

Sponsor

Back
Top