Why am I seeing packets intended for other recipients while behind a router?

1

I'm using a wired internet connection. The ISP provides an ethernet cable, a static private IP, and a dynamic public IP. I bought a router and gave the router the static private IP.

I'm using wireshark and I'm seeing that I can view packets with source IP of other users in my network (other users of my ISP). The structure of the IP is same as mine ( 10.10.X.X )

According to my understanding of networking, all packets will be accepted till layer 2, and then discarded if the MAC address is not matching. Hence I should be seeing all packets if the wire was directly connected to my PC's interface. But, I'm behind a router and wireshark is monitoring the interface on my PC, not the router's interface. So the router should be dropping the packets before it can even reach my PC interface

How is this possible?

PS:

  • Download wireshark output here
  • My router is a very basic model. Model TL-WR841N from TP Link
  • Not using any custom firmware from DD-WRT

xavier666

Posted 2016-01-22T19:52:18.980

Reputation: 155

You gave us a capture, but forgot to mention which IP was on the system you were capturing from. Anyway, are you sure that you aren't just seeing standard broadcast traffic? Name announcements and so on? Computers frequently send out messages to the local network advertising various things like their name, and so on. – Zoredache – 2016-01-22T20:02:59.183

+Zoredache My static private IP is 10.10.40.5 – xavier666 – 2016-01-22T20:18:40.697

Answers

2

From what I can see from your dump, none of the traffic from these other 10.x addresses are leaving the local network, this looks to be destined for the 224.x.x.x range, which is multicast /broadcast traffic - indeed, other then traffic destined or sourced for 192.168.1.10, I do not see any traffic destined for the wider Internet from the part of your dump I looked at.

davidgo

Posted 2016-01-22T19:52:18.980

Reputation: 49 152

@xavier666, if you don't understand davidgo's reference to multicast traffic - see the Wikipedia multicast article.

– moonpoint – 2016-01-22T20:21:21.113

+moonpoint I got it. I thought multicasting was only at IP level, not at MAC level. I saw the LLMNR protocol at wiki and got it. Thanks :) – xavier666 – 2016-01-22T20:23:40.600

@xavier666, multicast exists at both levels (see multicast addresses)

– heavyd – 2016-01-22T20:26:52.370

Asked: 2016-01-22T19:52:18.980

Viewed: 65 times

Active: 2016-01-22T20:17:16.477