[NTLUG:Discuss] snooping on cable segment

Burton M. Strauss III Burton_Strauss at comcast.net
Tue Oct 12 09:13:23 CDT 2004 

Well, things have changed - you now see only broadcast traffic from others.
But based upon ARP (address resolution protocol) messages, you can get a
clue as to who is being served by the same CMTS (Cable Modem T? System - the
head end router).

As root:

# tcpdump -i eth2 arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 68 bytes
09:12:02.421212 arp who-has c-24-0-200-163.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:02.449832 arp who-has c-24-0-198-216.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:02.555630 arp who-has c-24-0-204-118.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:02.924849 arp who-has c-24-0-204-142.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:02.953675 arp who-has c-24-0-197-223.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:03.866026 arp who-has 10.178.5.1 tell 10.178.0.1
09:12:03.927671 arp who-has c-24-0-196-128.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:04.436759 arp who-has c-24-0-193-109.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:04.540763 arp who-has c-24-0-197-237.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:04.827132 arp who-has c-24-0-195-17.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:04.844538 arp who-has c-24-0-204-221.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:05.381071 arp who-has c-24-0-193-115.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:05.502868 arp who-has c-24-0-204-118.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:06.005442 arp who-has c-24-0-194-174.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:06.182977 arp who-has c-24-0-200-163.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:06.548232 arp who-has c-24-0-195-182.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:06.842621 arp who-has c-24-0-193-110.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:07.248849 arp who-has c-24-0-196-37.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:07.412244 arp who-has c-24-0-196-128.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:07.502648 arp who-has c-24-0-197-237.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:07.800544 arp who-has c-24-0-197-64.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:07.837487 arp who-has c-24-0-204-221.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:08.045738 arp who-has c-24-0-204-118.client.comcast.net tell
c-24-0-192-1.client.comcast.net
09:12:08.987896 arp who-has c-24-0-200-163.client.comcast.net tell
c-24-0-192-1.client.comcast.net

24 packets captured
24 packets received by filter
0 packets dropped by kernel

-----Burton


> -----Original Message-----
> From: discuss-bounces at ntlug.org [mailto:discuss-bounces at ntlug.org]On
> Behalf Of Dennis Myhand
> Sent: Monday, October 11, 2004 6:15 PM
> To: discuss at ntlug.org
> Subject: [NTLUG:Discuss] snooping on cable segment
>
>
> I remember reading about a command that would let you see who was
> connected to your local cable internet segment.  I think it was on this
> group I read the note but it has been some years back.  Can any of you
> think of what I can't?  Thanks, Dennis
>
>
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list