Hello, On Tue, September 6, 2016 13:51, André Paulsberg-Csibi (IBM Consultant) wrote: > I will only add to the answers that this is not so widely used , > that fact that you see this these packets would suggest that > one unit in your network with MAC 4c:72:b9:56:16:3e is using the HIP > protocol > to try to identify hosts within your LAYER 2 BROADCAST domain . I see; > You could block it and ignore it , but maybe you would like to find that > MAC owner and check why it is using HIP . yes this is my computer and the line came from my router; > If it is some unit you manage , maybe you can "remove" it at the source > and save your L2-BC from this traffic all together :-) yes, of course, but where can I find the piece of software that is doing this on my computer running WinXP Prof. x64 Ed.; Thanks, Walter > -----Original Message----- > From: netfilter-owner@xxxxxxxxxxxxxxx > [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of Walter H. > Sent: 6. september 2016 12:59 > To: netfilter@xxxxxxxxxxxxxxx > Subject: Rule for PROTO=139? > > Hello, > > does anybody know with which rule I can catch these entries: > > [317607.438061] IN=br0 OUT= MAC=ff:ff:ff:ff:ff:ff:4c:72:b9:56:16:3e:08:00 > SRC=0.0.0.0 DST=255.255.255.255 LEN=72 TOS=0x00 PREC=0x00 TTL=255 ID=1624 > PROTO=139 > > Thanks, > Walter -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
