What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Confusion over Sysinfo WAN information

Dref

Occasional Visitor
Hi

Bit by bit I’m exploring my Asus AC68U

And bit by bit I discover how little I know!

Can anyone help me with this:

The Asus is connected to a fiberhome router (NO WIFI) supplied by the ISP (2 or 3 years old) and NOT set to bridge mode. The cabling is Fiberhome > Asus >Tplink Gigabit 8 port smart switch connected to all the LAN devices in the system. My SIP VOIP and IPTV (ISP supplied) are connected directly to the fiberhome via cable.

Looking at Tools/sysinfo it shows the following as shown in the attachment: Sorry I cannot seem to upload this image even though I have reduced it to below the criteria the board sets

Here are some questions about what it shows, the last one being the most confusing to me.

1. It shows a link speed of 100 base T. to the fiberhome (not surprising I guess as it’s old and it was free from the ISP). Is this likely to be causing a bottleneck for inet access?

2. The VLAN for this connection shows “2” is that because of the smart switch I have in the system?

3. Now the most confusing thing. The system shows the MAC address for the connected WAN. This keeps changing between 3 different addresses!! If you hover over the MAC address showing it will show you the manufacture. One of them is the FIBERHOME (my modem/router), another is CISCO, and the third is XEROX. Both MACs check out in a different MAC database.

I do not have any equipment from Xerox or Cisco – the VOIP Box is OBIHAI (different MAC) and the IPTV I have no idea but I can’t imagine it’s either one.

Can anyone explain to me what might be happening.

Thanks
 

Attachments

  • toolssysinfo1.jpg
    toolssysinfo1.jpg
    47.8 KB · Views: 645
  • toolssysinfo(1).jpg
    toolssysinfo(1).jpg
    47.2 KB · Views: 625
  • toolssysinfo.jpg
    toolssysinfo.jpg
    45.3 KB · Views: 678
  • toolssysinfo.jpg
    toolssysinfo.jpg
    42 KB · Views: 701
  • toolssysinfo.jpg
    toolssysinfo.jpg
    42 KB · Views: 494
Hi

Bit by bit I’m exploring my Asus AC68U

And bit by bit I discover how little I know!

Can anyone help me with this:

The Asus is connected to a fiberhome router (NO WIFI) supplied by the ISP (2 or 3 years old) and NOT set to bridge mode. The cabling is Fiberhome > Asus >Tplink Gigabit 8 port smart switch connected to all the LAN devices in the system. My SIP VOIP and IPTV (ISP supplied) are connected directly to the fiberhome via cable.

Looking at Tools/sysinfo it shows the following as shown in the attachment: Sorry I cannot seem to upload this image even though I have reduced it to below the criteria the board sets

Here are some questions about what it shows, the last one being the most confusing to me.

1. It shows a link speed of 100 base T. to the fiberhome (not surprising I guess as it’s old and it was free from the ISP). Is this likely to be causing a bottleneck for inet access?

2. The VLAN for this connection shows “2” is that because of the smart switch I have in the system?

3. Now the most confusing thing. The system shows the MAC address for the connected WAN. This keeps changing between 3 different addresses!! If you hover over the MAC address showing it will show you the manufacture. One of them is the FIBERHOME (my modem/router), another is CISCO, and the third is XEROX. Both MACs check out in a different MAC database.

I do not have any equipment from Xerox or Cisco – the VOIP Box is OBIHAI (different MAC) and the IPTV I have no idea but I can’t imagine it’s either one.

Can anyone explain to me what might be happening.

Thanks
 
Sincere apologies for all those similar uploads. When I did the upload I could not see any confirmation of a successful upload so I assumed the image was outside the boards parameters. Even Preview did not show them. Apologies again but I am new to this Board and this was my first upload. I'll do better next time!
 
1) Only if your Internet connection is faster than 100 Mbps
2) This is normal, Asuswrt puts the Internet on vlan2 and LAN on vlan1.
3) Last Seen Device refers to the last device connected to that network interface that was seen. If multiple devices are connected to it, then it will change depending on which was the last one to send a packet to that port.
 
1) Only if your Internet connection is faster than 100 Mbps
2) This is normal, Asuswrt puts the Internet on vlan2 and LAN on vlan1.
3) Last Seen Device refers to the last device connected to that network interface that was seen. If multiple devices are connected to it, then it will change depending on which was the last one to send a packet to that port.

Thanks

1. My inet connection is fiber allegedly 20/10. Which speedtest shows for local links but if I use other testers that test uploadand download from outside of the ISP country I get around 6 download and frequently more than that upload. I think this is because the provider's international gateways are restricted (Thailand).

3. Thanks for that info BUT as I said these MACs keep cycling through permanently so if as you say it is receiving packets from these devices and I have no devices from these manufactures attached anywhere on my system, not now and not in the past it is a mystery to me as to how this can be happening.

Is it possible that the fiber connection has been compromised?
 
3. Thanks for that info BUT as I said these MACs keep cycling through permanently so if as you say it is receiving packets from these devices and I have no devices from these manufactures attached anywhere on my system, not now and not in the past it is a mystery to me as to how this can be happening.

You said it was on the WAN interface, which means this is on your ISP's ends, not on your own network.
 
You said it was on the WAN interface, which means this is on your ISP's ends, not on your own network.
That's what I initially thought, but when I re-read his post he said "The Asus is connected to a fiberhome router (NO WIFI) supplied by the ISP (2 or 3 years old) and NOT set to bridge mode". Seems a bit strange.
 
That's what I initially thought, but when I re-read his post he said "The Asus is connected to a fiberhome router (NO WIFI) supplied by the ISP (2 or 3 years old) and NOT set to bridge mode". Seems a bit strange.

Your ISP has equipment beyond that fiberhome router. In my case for instance, for months I saw a Cisco MAC there - it recently changed to a different hardware provider's MAC. This is the equipment that your ISP has on their end.
 
Your ISP has equipment beyond that fiberhome router. In my case for instance, for months I saw a Cisco MAC there - it recently changed to a different hardware provider's MAC. This is the equipment that your ISP has on their end.
I didn't ask the question, @Dref did. :D

I understand what you are saying about the ISP equipment, but my point was that if the router is not in bridge mode then presumably it's in "router mode". MAC addresses don't traverse routers so theoretically the Asus shouldn't be seeing anything other than the router's MAC address.

My guess is that the "fiberhome router" is an ADSL device. I haven't used ADSL routers for years, perhaps they are inherently "bridge-like".
 
Hi
Thanks for all your input
Firstly, the router/modem is a fiber optic not as far as I am aware ADSL. Secondly this modem router has NO WIFI and is set to route mode (I've just been into admin to check). Finally, even if The MAC addresses could be "passed through" to the ASUS I can understand a Cisco device sending packets maybe from the ISP BUT why a Xerox device (MAC double Checked) As far as I am aware they only make network printers so why would my ISP's printer be sending me packets.

STOP PRESS I have just run angry IP on range 192.168.0 to 192.168.2.255

It identifies the IP 192.168.1.1 as GoAhead-Webs/PeerSec-Matrix/SSL/3.4.2-OPEN. NO MAC and no fiberhome

Last week someone installed internet on a neighbour's house and they were messing around with my cable (at the top of a pole so I couldn't see). When I asked them what they were doing they said they were from 3BB BUT I know that this fiber cable was installed by TOT so now I am wondering if something they have done may be causing this.
 
Sorry just realized that 3BB and TOT probably mean nothing to you. They are ISP's in Thailand and asfar as I am aware fiber cable is not shared.
 
Here’s a follow up on my router questions

As I have said before I am new to this router business (but not to IT) and so I started to look at the logs in the ASUS and found this in Port forwarding (same screen as logs) See first image on page.

The redirects to 192.168.2.1.154 are to my Asustor NAS (although I do not believe I knowingly set this up on this router but I am not worried by that).

But we also have port 33110 redirected to IP 192.168.2.110 and described as Goodsync……….

However if I list all the IP’s on the system no IP of 192.168.2.110 shows see second image on page.

The AC68U cycles between 192.168.2.1 and 192.168.1.100 which I guess is fine since it is connected to the modem router from the ISP

192.168.2.36 is a powerline adapter set to LAN only so I can temporarily extend the cable network until I have time to buy an additional switch.

192.168.2.168 is switched off since Microsoft changed the Skype protocols.

The other IP’s are self explanatory.

As I say I am still learning about all this stuff so maybe my lack of knowledge is making me more paranoid than I should be!
 

Attachments

  • Issue 1.jpg
    Issue 1.jpg
    104.1 KB · Views: 515
Apologies again
The mystery of the missing IP solved. It's the machine my gf uses and I tell here to leave it on all the time but she always switches off. I remembered she was using it yesterday and sure enough it was off. Switched on and it came up IP 192.168.2.110. BUT i still don't understand how port forwarding got set up to Goodsync..... Her machine is connected to the powerline, is that the powerline or Asus thinking for itself?
 
The AC68U cycles between 192.168.2.1 and 192.168.1.100 which I guess is fine since it is connected to the modem router from the ISP
You shouldn't be seeing any WAN-side IP addresses like 192.168.1.1 or 192.168.1.100 from a client on your LAN (which is 192.168.2.x). That could suggest that you have something fundamentally wrong with your network setup.

What is your router's LAN IP address and netmask (LAN > LAN IP). It should be 192.168.2.1 and 255.255.255.0.

BUT why a Xerox device (MAC double Checked) As far as I am aware they only make network printers so why would my ISP's printer be sending me packets.
Historically Xerox did much more than just make printers, although they are now predominantly a document company. A MAC address only indicates the manufacturer of the network chip, which is often not the same as the equipment it is part of. Also Xerox was one of the very earliest companies involved in the development of the internet (see Xerox PARC and Ethernet). As such huge chunks of IP and MAC addresses were assigned to the company. It's quite possible that Xerox has sold off parts of its MAC address allocation to other companies.
 
Last edited:
Thanks Colin

I wrote this before I read your posting above.

I will leave it intact although I take your points - Incidentally, the MAC shown for XEROX is 00:00:00:00:00:01 which I thought was strange.

Firstly, a very big thank you to RMerlin and Colin Taylor for helping this Newbie along the way.

I really do appreciate it.

Re: port forwarding. Now the mist might be clearing!
I could not figure out how this could have got into my system.

Sometime ago I downloaded a file synchronization product to the machine now connected to the powerline. Anyway, I didn’t much like the product so I didn’t use it a lot and I uninstalled it.

The name of the product - GOODSYNC which I thought was just a file synchronization product and the connection (excuse the pun) didn’t click until you sent me the link. I had no idea it would modify the Router settings.

Many thanks.

Now how do I remove the port forwarding entry (I’ve looked everywhere in the ASUS Merlin admin and the only place to set it up appears to be in WAN settings but there appears nowhere to remove them.

I am loathe to switch of UPnP off because I think it’s needed for my SMB link from my android TV box to the Asustor Nas, all other potential security problems are off (including port forwarding).

Anyway that’s the easy part. I am still perplexed by 2 things:

1. If you look at the attachment you will see I ran another IP scanner which found the Fiberhome Modem/Router - also it shows this:

GoAhead-Webs/PeerSec-Matrix/SSL/3.4.2-OPEN on 192.168.1.1

I’ve looked this up on Google and it says that “GoAhead is the worlds most popular embedded web server. It is simple, tiny and ideal for the efficient hosting of embedded web applications.”

I’m always worried when I see “embedded” especially as I have run IP scans before and never seen it. Of course it is possible it has been put there by my ISP (talking to their techies is difficult as I am in Thailand and cannot speak Thai and their English is non existent. The fiberhome is Chinese! I’ve been to their web site already!!).

So can anyone speculate whether this should be there or not.

2. I am still confused as to why a Xerox device is sending packets to my modem – as I said before I thought they only made network printers (could this MAC address be spoofed)?

Thanks
 

Attachments

  • IP Scan.JPG
    IP Scan.JPG
    17.8 KB · Views: 503
BTW What firmware are you using? The latest from Asus or a third party?

1. Your screen shot is too small to read.
2. Port forwards are usually cleared when the router is rebooted.
3. The "GoAhead-Webs" is not unusual. It's just the software that's providing the web interface for your ISP router.
4. Did you check the LAN IP address and netmask as I asked?
5. The fact that the MAC address is 00:00:00:00:00:01 is suspicious. It probably indicates it's a virtual address on the ISP router, perhaps for bridging purposes.
 
Thanks,

The firmware on the Asus is Merlin latest version. The LAN IP is as you say.
I know it sounds paranoid but I am concerned that someone is piggy backing off my router (see my previous post about the neighbours installation - is that possible??) Also the Fiberhome modem router is NOT bridged I have confirmed this in admin on it.
 

Attachments

  • Bigger.jpg
    Bigger.jpg
    38.6 KB · Views: 445
I know it sounds paranoid but I am concerned that someone is piggy backing off my router (see my previous post about the neighbours installation - is that possible??)
Whilst it's not impossible, I would think it unlikely. Everything on the other (internet) side of your modem is shared communications anyway. It's up to the telecoms/ISP company to ensure the right data goes to the right destination.

It's also in the company's financial interest to ensure that nobody can just piggyback on their customer's connections by "splicing in" another cable. They usually achieve this by only allowing communication to "authenticated" devices (i.e. modems).

When cable modems were first introduced in my country it was discovered that by spicing a cable into an existing connection and spoofing a MAC address you could get "free" internet. However, the practice very soon became widely known about and the cable company rapidly changed their equipment so that couldn't happen anymore.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Back
Top