Wireshark-users: Re: [Wireshark-users] Odd packets
From: Joerg Mayer <jmayer@xxxxxxxxx>
Date: Thu, 10 Aug 2006 13:01:47 +0200
On Wed, Aug 09, 2006 at 11:13:40AM +0200, Ove Fagerheim wrote:
> Looking at the traffic behind a Cisco 1841, I can see the packet from the
> Wireshark host fine. All other packets appears as icmp echo request packets,
> and a source address  of 127.0.0.1.

I'm not sure I have all the information to understand what a) your setup
and b) your problem is. 
So there is a network, then there is a Cisco1841 and then there is the
host that you use to capture. Wireshark only sees the traffic from and
to that host, and in addition to that, you see ping requests with a
sender address of 127.0.0.1? If that is the case, than I think that it
is normal. If you see no other packets at all (no broadcast or multicast
packets) then I'm wondering what is going on. it's still interesting,
that you see ping packets with source localhost. It looks like some
virus infected host is pinging you with a faked sender address.

 ciao
     Joerg


-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.