f



which are packets with source ip 0.0.0.0

hello,
      I am working on linux and i observe that i am getting some
0.0.0.0 packets? I want to know who is sending those packets? Are they
sent by services running on my Linux box?
       Which protocols require to send those packets? Does there any
connection with raw sockets?

0
linux
5/3/2005 9:29:04 AM
comp.protocols.tcp-ip 4448 articles. 0 followers. Post Follow

5 Replies
691 Views

Similar Articles

[PageSpeed] 27

From: <linux.lover2004@gmail.com>

| hello,
|       I am working on linux and i observe that i am getting some
| 0.0.0.0 packets? I want to know who is sending those packets? Are they
| sent by services running on my Linux box?
|        Which protocols require to send those packets? Does there any
| connection with raw sockets?

DHCP or BootP asking a server for an IP address.

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


0
David
5/3/2005 12:16:49 PM
hi,

this packets are used to send packet to dhcp server.
peer :
broadcast layer 2
+
src ip 0.0.0.0
dest ip broadcast 255.255.255.255

it is to request an ip. l3 should be udp and port 67-68 (not sure for 
the ports)

then server send a packet to 0.0.0.0 with an ip in data.

maybe 0.0.0.0 it is used with other protocol application.

hope usefull
bye

(excuse my english)


linux.lover2004@gmail.com wrote:
> hello,
>       I am working on linux and i observe that i am getting some
> 0.0.0.0 packets? I want to know who is sending those packets? Are they
> sent by services running on my Linux box?
>        Which protocols require to send those packets? Does there any
> connection with raw sockets?
> 
0
devoo
5/3/2005 8:39:21 PM
Is it possible to have source ip 0.0.0.0 packets travel across my linux
pc when i remove network cable from NIC and use ifdown eth0 and uses
ping localhost?
          Because what i found after sending and receiving 2 ping/pong
packets on 127.0.0.1 Network Stack is also getting those source ip
0.0.0.0 packets? How it is possible?

0
linux
5/4/2005 12:52:19 AM
In article <1115167939.350295.141920@f14g2000cwb.googlegroups.com>,
 <linux.lover2004@gmail.com> wrote:
:Is it possible to have source ip 0.0.0.0 packets travel across my linux
:pc when i remove network cable from NIC and use ifdown eth0 and uses
:ping localhost?
:          Because what i found after sending and receiving 2 ping/pong
:packets on 127.0.0.1 Network Stack is also getting those source ip
:0.0.0.0 packets? How it is possible?

0.0.0.0 is a reserved IP address that "must not" be used in an IP
packet, not even during ARP (ARP packets have no IP header.)

Sometimes this rule gets violated. For example, a Cisco PIX
that is engaged in DHCP or PPPoE negotiations may end up emitting
syslog packets with a source IP of 0.0.0.0, since it doesn't
know what else to use.
-- 
Warning: potentially contains traces of nuts.
0
roberson
5/4/2005 1:26:49 AM
Walter Roberson wrote:
> 0.0.0.0 is a reserved IP address that "must not" be used in an IP
> packet, not even during ARP (ARP packets have no IP header.)

That's not correct.  It is valid to use 0.0.0.0 as the source address
during an initialization procedure by which a host learns its own IP
address or by which a router acquires its configuration -- in other
words, during a BOOTP or DHCP exchange.  Cf:

RFC 951 (BOOTP):

3. Packet Format

   In the IP header of a bootrequest, the client fills in its own IP
   source address if known, otherwise zero.  When the server address is
   unknown, the IP destination address will be the 'broadcast address'
   255.255.255.255.  This address means 'broadcast on the local cable,
   (I don't know my net number)' [4].

RFC 1122 (Host Requirements):

3.2.1.3  Addressing: RFC-791 Section 3.

            (a)  { 0, 0 }

                 This host on this network.  MUST NOT be sent, except as
                 a source address as part of an initialization procedure
                 by which the host learns its own IP address.

RFC 1812 (IPv4 Router Requirements):

4.2.2.11 Addressing: RFC 791 Section 3.2

   (a) { 0, 0 }

        This host on this network.  It MUST NOT be used as a source
        address by routers, except the router MAY use this as a source
        address as part of an initialization procedure (e.g., if the
        router is using BOOTP to load its configuration information).

        Incoming datagrams with a source address of { 0, 0 } which are
        received for local delivery (see Section [5.2.3]), MUST be
        accepted if the router implements the associated protocol and
        that protocol clearly defines appropriate action to be taken.
        Otherwise, a router MUST silently discard any locally-delivered
        datagram whose source address is { 0, 0 }.

   DISCUSSION
      Some protocols define specific actions to take in response to a
      received datagram whose source address is { 0, 0 }.  Two examples
      are BOOTP and ICMP Mask Request.  The proper operation of these
      protocols often depends on the ability to receive datagrams whose
      source address is { 0, 0 }.  For most protocols, however, it is
      best to ignore datagrams having a source address of { 0, 0 } since
      they were probably generated by a misconfigured host or router.
      Thus, if a router knows how to deal with a given datagram having a
      { 0, 0 } source address, the router MUST accept it.  Otherwise,
      the router MUST discard it.

RFC 2131 (DHCP):

4.1 Constructing and sending DHCP messages

   DHCP messages broadcast by a client prior to that client obtaining
   its IP address must have the source address field in the IP header
   set to 0.

//cmh
0
C
5/6/2005 4:16:31 AM
Reply: