Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IP from private range in wireshark capture

This is the place for general discussions - we are a family site - no bad language, no flames.
A Moderators word is final.

IP from private range in wireshark capture

Unread postby mak_20789 » May 10th, 2009, 3:04 am

Hi,
i installed wireshark on Ubuntu 8.04 yesterday and was connected to net wirelessly. I ran wireshark as sudo. Here is a line from packets captured on wireless interface:

who has? .................... tell
10.232.218.1................ 10.232.218.117

Now my IP begins with 192.168 and same for my default gateway. From what little knowledge I have, this seems to be and ARP msg but how come its from some IP address other than my computer (i.e. 10.232.218.117 )

Also there was a line "Zhongxin_81:94:e7" which was an ARP broadcast.

Can anyone please explain what these two things mean?

Thank you.
mak_20789
Regular Member
 
Posts: 102
Joined: September 6th, 2007, 12:40 pm
Advertisement
Register to Remove

Re: IP from private range in wireshark capture

Unread postby Orac » May 10th, 2009, 4:46 am

The IP range 10.0.0.0 - 10.255.255.255 is reserved by IANA for private internets.

Its fully described in this article, https://www.arin.net/knowledge/rfc/rfc1918.txt

Its therefore assumed that your machine is connected to a private network.
Orac
MRU Emeritus
MRU Emeritus
 
Posts: 1260
Joined: October 18th, 2006, 12:51 pm
Location: Third stone from the sun

Re: IP from private range in wireshark capture

Unread postby mak_20789 » May 10th, 2009, 7:05 am

I am just a home user with only one laptop connected with wireless.

Is it a security concern?
mak_20789
Regular Member
 
Posts: 102
Joined: September 6th, 2007, 12:40 pm

Re: IP from private range in wireshark capture

Unread postby Orac » May 10th, 2009, 12:04 pm

mak_20789 wrote:was connected to net wirelessly
Was that your own personal wifi router that is connected to your ISP, or were you connected to a public network?

If you connecetd to a public network, you may find that the IP 10.232.218.1 is the networks IP.

If you connected thru your own wifi router then take a look at the logs, see if you can see anything about the connection from them to 10.232.218.1

This forum helps windows users with malware problems, we dont have the analatical tools available that would allow an indepth analysis of a *nix system, so i would suggest you try the Ubuntu forum who should be able to help you.
Orac
MRU Emeritus
MRU Emeritus
 
Posts: 1260
Joined: October 18th, 2006, 12:51 pm
Location: Third stone from the sun

Re: IP from private range in wireshark capture

Unread postby mak_20789 » May 10th, 2009, 11:57 pm

Orac wrote: Was that your own personal wifi router that is connected to your ISP, or were you connected to a public network?


No, its my own router connected to ISP, not a public network.



If you connected thru your own wifi router then take a look at the logs, see if you can see anything about the connection from them to 10.232.218.1


Logs of my router didnt say anything about any IP address.

This forum helps windows users with malware problems, we dont have the analatical tools available that would allow an indepth analysis of a *nix system, so i would suggest you try the Ubuntu forum who should be able to help you.


I just thought of it as a general question of Private IP address appearing in wireshark capture.
Anyways, I am getting help from Ubuntu forums. Just wanted to see if anyone else has had the same experience.
Thank you.

(Btw, can you please tell me whats wrong with the quote feature i have used?)
mak_20789
Regular Member
 
Posts: 102
Joined: September 6th, 2007, 12:40 pm

Re: IP from private range in wireshark capture

Unread postby Gary R » May 11th, 2009, 3:18 am

mak_20789 wrote:(Btw, can you please tell me whats wrong with the quote feature i have used?)


You had BBCode disabled in your post editor (see the boxes below the input field).

I've re-enabled it for you.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


Return to General Discussions



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware