>> 15:04:20.729215 55:55:55:55:55:55 58:55:55:55:55:55 800c 5461:
>>                          5555 fcff 5555 fcff 5555 fcff 5555 fcff
>>                          5555 fcff 5555 fcff 5555 fcff 5555 fcff
>>                          5555 fcff 5555 fcff 5555 fcff 5555
>
>  Depending on the kind of network eq	uipment you have, you're  
>bound to see beaucoup packets of this sort.  I can't tell for sure,  
>but this could be a collision, a late collision, or just a bogus  
>packet from an exuberant driver.  We had cases of this on our  
>network, which we "sort of" traced to an Intel box, running some  
>variant of Linux, using an Intel EtherExpress Pro/100B.  Couldn't  
>tell for sure, since there's no way to trace this stuff back to its  
>source(*), but we hypothesized it was a bad driver.  If we unplugged  
>the sucker, the problems went away.  We ended up replacing the board.  

it's an hme0 on a ultra-sparc 5 running solaris.  i was just asking in
this forum because people here are smart.

>(*) Should you be running on a switched network, with sufficiently  
>helpful switches, the switch management software might let you  
>isolate the port that's producing these packets.  I've never managed  
>to get our IS guys to do it, but I think it's possible.

unfortunately not, but then again, i don't think anyone has the time
or energy (or budget) to warrant an exhaustive search for something
like this.

>In any case, this looks like pure junk, either manufactured by the  
>network, or provided to you by a pointer into random memory, by a  
>wayward driver.  Nothing in it to lead you back to a culprit, unless  
>the bit patterns look familiar (which is how we got to the linux  
>box).

it looks like junk, but it's rather regular.  i'd sort of convinced
myself that a machine reading manchester encoding on a wire where a
differential manchester encoded collision took place would see this,
but that would just explain the fives, not the other stuff.

i think i'll just ignore it.  it (this type of "garbage") accounts for
only 1330/5746134 packets in a 12 hour segment of recorded traffic.
that's about .00231% of the traffic.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."