Re: Image download BOOTME

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Brad (bitter_at_staticemi.org)
Date: 12/15/04

Next message: Steve Maillet \(eMVP\): "Re: hai Bytekeeper & Paul G Tobey"
Previous message: HKim: "Porting a driver for ipaq without a ipaq BSP"
In reply to: yuun: "Re: Image download BOOTME"
Next in thread: Michael Schaffner, P.E.: "Re: Image download BOOTME"
Messages sorted by: [ date ] [ thread ]

Date: Wed, 15 Dec 2004 16:33:34 -0500

ARP requests only happen if the device you need a MAC address for is on
the same subnet as you.

- Brad

yuun wrote:
> Hi, I have used a packet capture tool to see what really happen.
>
> There are 2 gateway between the host & the target. I confirm that
> BOOTME packets are UDP Broadcast with port 980. These packets contain
> the info so that we can see the Device Boot Name with IP adr in
> connectivity options.
>
> Here are the packets exchanged for a normal image download :
>
> - The target send 4 times an Eth-II packet to itself.
> - Before assigning his IP adr, the target verify that it's not used
> with an ARP request. Broadcast
> - Then the target sends BOOTME messages. Broadcast, UDP, port 980.
> - When the user attach the device from PB, the host wait for an EBOOT
> message.
> - The host send an ARP request of the IP of the target.
> - The target send an ARP reply. (UDP, Unicast)
> - The host initiate the TFTP download. src.port=2800 dst.port=980
> - The image is downloaded. target.port=1024 host.port=2800
>
> When the target & host are on different subnets :
> I see the 4 first steps as above. Then I get :
> - The host initiate the TFTP download. src.port=2882 dst.port=980
> then the target send a BOOTME msg as if it doesn't receive the msg from
> the host.
> - The host resend an TFTP initiate msg.
>
> The strange thing is that the host don't do an ARP request to find the
> IP adr of the target. It seems that the target doesn't receive the TFTP
> initiate packet.
>
> Do you have any idea of a possible reason ?
>

Next message: Steve Maillet \(eMVP\): "Re: hai Bytekeeper & Paul G Tobey"
Previous message: HKim: "Porting a driver for ipaq without a ipaq BSP"
In reply to: yuun: "Re: Image download BOOTME"
Next in thread: Michael Schaffner, P.E.: "Re: Image download BOOTME"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: [2.4 PATCH] bugfix: ARP respond on all devices
... > to use as the source in packets it will output once the ... If your host has two interfaces on two different pyhsical nets and host A from ... An ARP request is discarded if the source IP address is not in the same subnet. ... send the line "unsubscribe linux-kernel" in ...
(Linux-Kernel)
Re: A weird routing question.
... like to do a special treatment on packets incoming via eth0 and whose ... This option adds a `ROUTE' target, which enables you to setup unusual ... though through traffic shaping or accountancy on some other host ...
(comp.os.linux.networking)
Re: MiM Simultaneous close attack
... What you said is right.I have succeeded in this.But in this way,I failed to fake the gateway's MAC. ... 4.The gateway frequently sends arp request like arp request who is at xx.xx tell gg.gg.Because ... 6.So the gateway's mac in Host B's cache will alternate between the fakeand the correct one.I have seen the phenomena in host Bwith arp -a. ... > Arp Broadcast who-has 10.0.0.3 tell ...
(Vuln-Dev)
RE: arpwatch
... host, not the host for whom an ARP request has been made. ... is broadcasted it will work on a switched network. ... I don't agree, arp requests are broadcasts. ...
(Security-Basics)
Re: Strange Failure Mode in FreeBSD 4.11
... Greg Barniskis writes: ... >target IP address is ARPed for and you should see the target's MAC ... >in the arp table on the known good system, even if the pings never ... >question is functioning insofar as it responds to an ARP request. ...
(freebsd-questions)