Re: Strange ldap Behavior.

[Valdis.Kletnieks () vt edu]

On Tue, 18 May 2004 15:15:56 +0200, "Soderland, Craig" <craig.soderland () sap com>  said:

>  I did a snoop from our tech sandbox (xxxxxx) to port 389 using the
>  following command: 'snoop -v port 389' (without the quotes). The attached
>  file shows a segment of the results. Notice the line:

I don't see an attached file?

>       ETHER:  Destination = 0:0:5e:0:1:1, U.S. Department of Defense

>  Why should a connection be made to US Dept. of Defense? Any Ideas?

Remember - that's an *ethernet* destination.  As such, it's still on your local
network (hopefully ;).  That's probably not a destination, that's supposed to
be a manufacturer code...

However, it looks like somebody has a borked data file someplace.  What I
*suspect* was intended here was that it took the first 3 octets and tried to
convert '0:0:5e' to a manufacturer code (there's a list available at http://
standards.ieee.org/regauth/oui/oui.txt) - so for instance any Ethernet address
that starts off with 00:05:73 is a Cisco card.  One of the Ethernet cards on my
laptop has a MAC address that starts off with 00:10:A4 - which tells  you it's
a Xircom card.  The docking station's MAC address starts with 0:6:5B - that's a
Dell-rebadged 3Com.

Only problem is that 0:0:5e is registered as:

00-00-5E   (hex)                USC INFORMATION SCIENCES INST
00005E     (base 16)            USC INFORMATION SCIENCES INST
                                INTERNET ASS'NED NOS.AUTHORITY
                                4676 ADMIRALTY WAY
                                MARINA DEL REY CA 90292-6695

I don't see the DoD as having registered a prefix of its own there...

If this is a Sun system, you want to be looking at either /etc/ethers file,
or the NIS maps 'ethers', 'ethers.byname', and 'ethers.byaddr' - check
the /etc/nsswitch.conf file for details on which your system uses.

Attachment: _bin
Description: