On 10/30/2015 09:01 AM, Timothy Murphy wrote:> Johnny Hughes wrote: > >>> So I guess the strange IP address probably comes from some Lite-On device >>> somewhere in my house - maybe on the server itself, an HP MicroServer. >>> There are so many possible electronic culprits today. > >> You should be able to use nmap to scan the device. > > Thanks very much for the suggestion, I'll try that. > > I've been surprised how much information I get from iptraf-ng, > which I only discovered recently. > I knew about "arp -a", but I'm told I should be using "ip neigh". > However, that doesn't give the name of each device on the network > (if known), as arp does. >Try putting this line IPV6INIT=no in the relevant config file, probably something like /etc/sysconfig/networking/devices/ifcfg-eth? then restart your network.
ken wrote:> On 10/30/2015 09:01 AM, Timothy Murphy wrote:>>>> So I guess the strange IP address probably comes from some Lite-On >>>> device somewhere in my house - maybe on the server itself, an HP >>>> MicroServer. There are so many possible electronic culprits today. >> >>> You should be able to use nmap to scan the device. >> >> Thanks very much for the suggestion, I'll try that.> Try putting this line > IPV6INIT=no > in the relevant config file, probably something like > /etc/sysconfig/networking/devices/ifcfg-eth? > then restart your network.I don't have a directory /etc/sysconfig/networking/ on my CentOS-7 server, but I have IPV6INIT=no in /etc/sysconfig/network-scripts/ifcfg-enp{23}s0 . Incidentally, I haven't yet worked out how to get any useful information from nmap, as suggested by Johnny Hughes - I only get information about open ports, which is interesting but not relevant to my query about the 169.254.* address appearing in "arp -a" on my server. I looked at "man nmap" but there seem to be an infinity of options. -- Timothy Murphy gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin
On 11/01/2015 07:40 AM, Timothy Murphy wrote:> ken wrote: > >> On 10/30/2015 09:01 AM, Timothy Murphy wrote: >>>>> So I guess the strange IP address probably comes from some Lite-On >>>>> device somewhere in my house - maybe on the server itself, an HP >>>>> MicroServer. There are so many possible electronic culprits today. >>>> You should be able to use nmap to scan the device. >>> Thanks very much for the suggestion, I'll try that. >> Try putting this line >> IPV6INIT=no >> in the relevant config file, probably something like >> /etc/sysconfig/networking/devices/ifcfg-eth? >> then restart your network. > I don't have a directory /etc/sysconfig/networking/ on my CentOS-7 server, > but I have IPV6INIT=no in /etc/sysconfig/network-scripts/ifcfg-enp{23}s0 . > > Incidentally, I haven't yet worked out how to get any useful information > from nmap, as suggested by Johnny Hughes - I only get information > about open ports, which is interesting but not relevant to my query > about the 169.254.* address appearing in "arp -a" on my server. > I looked at "man nmap" but there seem to be an infinity of options. > >assuming nmap says there's a web server running, can you connect to it? how did you run nmap against it? I'd think you would have to create a dummy interface on the same network range to be able to communicate to it. I suspect something like a service processor/ilo/rilo/whatever HP calls their management interface. could you have powered the machine up first then waited a little while before putting network cables in, esp in the one labeled 'mgmt'? -- public gpg key id: 1362BA1A
On 11/01/2015 04:40 AM, Timothy Murphy wrote:> I don't have a directory /etc/sysconfig/networking/ on my CentOS-7 server, > but I have IPV6INIT=no in /etc/sysconfig/network-scripts/ifcfg-enp{23}s0 .You're seeing a strange IPv4 address on your network. Changing IPv6 won't affect that in any way, and I recommend leaving IPv6 enabled. If nothing else, v6 capable applications work better when you have v6 connectivity.> Incidentally, I haven't yet worked out how to get any useful information > from nmap, as suggested by Johnny Hughes - I only get information > about open ports, which is interesting but not relevant to my query > about the 169.254.* address appearing in "arp -a" on my server. > I looked at "man nmap" but there seem to be an infinity of options.I'm not sure if Linux will cache an ARP entry if the host sends an unsolicited update, but you normally won't have a route to that address to scan it. Run 'ip route show' to see if you have a route to the address you're seeing (the link-local network is 169.254.0.0/16). If you don't see a direct route, then add an address on your system so that you can reach the link-local host: ip addr add 169.254.192.100/16 dev eth0 Once you have an address on the link-local network, you should be able to ping or scan the unknown device. Use nmap: nmap -sS -O 169.254.192.123 That command will scan common ports on the unknown device and attempt to guess its operating system.