Unknown/Weird Traffic?

[gs-list <gs-list () glsrms com>]

Folks:

I have a question that I cannot seem to answer.  I just set up a firewall 
box for a wireless network on SuSE 7.1.  I just built a new kernel (2.2.20) 
and am still having a strange issue.

Apparently, this box, (let's call it "28.100") is not properly interpreting 
ARP traffic.   When using TETHEREAL to capture traffic, I see this:

28.97.0.0 -> 0.0.0.0 IP Fragmented IP protocol (proto=rdp 0x1b, off=18584)
28.97.0.0 -> 0.0.0.0 IP Fragmented IP protocol (proto=rdp 0x1b, off=18584)
28.97.0.0 -> 0.0.0.0 IP Fragmented IP protocol (proto=rdp 0x1b, off=18584)
28.97.0.0 -> 0.0.0.0 IP Fragmented IP protocol (proto=rdp 0x1b, off=18584)
28.97.0.0 -> 0.0.0.0 IP Fragmented IP protocol (proto=rdp 0x1b, off=18584)
28.97.0.0 -> 0.0.0.0 IP Fragmented IP protocol (proto=rdp 0x1b, off=18584)

However, at the same time, I monitor the same line from another (identical) 
machine, running SuSE 7.1 and Kernel 2.2.20, I get:

00:c0:49:13:b8:1b -> ff:ff:ff:ff:ff:ff ARP Who has 216.12.28.98?  Tell 
216.12.28.97
00:c0:49:13:b8:1b -> ff:ff:ff:ff:ff:ff ARP Who has 216.12.28.106?  Tell 
216.12.28.97
00:c0:49:13:b8:1b -> ff:ff:ff:ff:ff:ff ARP Who has 216.12.28.106?  Tell 
216.12.28.97
00:c0:49:13:b8:1b -> ff:ff:ff:ff:ff:ff ARP Who has 216.12.28.106?  Tell 
216.12.28.97
00:c0:49:13:b8:1b -> ff:ff:ff:ff:ff:ff ARP Who has 216.12.28.106?  Tell 
216.12.28.97

It appears that in the first example, the machine is not properly 
interpreting ARP traffic.

Any ideas on how to remedy this situation?

Thanks,
Gregg Sperling
glsrms.com administrator



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com