Need Advice about strange Ip's

[Bluezayer]

Hello Who ever is reading, i am having a small problem with my... internet. Well it's not a problem persay but it needs some clarifications before i feel safe moving on. its kinda hard to explain but i will try.

 

Well where do i start...i have 2 programs called Glasswire and Advanced ip scanner. i use them to monitor my network form time to time and i today got a strange ip appear, well it was a local ip 192.168.1.255 but it's mac address didn't add up. Since it is the same as my laptop that i am using, and it has another local ip 192.168.1.115 so is this something strange? i have never seen it before i have tried restarting and running a scan on my computer and nothing has changed. My system is clean according to Bitdefender. anyway i don't know too much about mac addresses and stuff a little not much but to me it seems like my laptop has 2  local ip's both who are active according to previously mentioned programs so if you have any idea of what this is pls reply and if you have no idea of what this is you can still reply with words of comfort.

 

btw i'm new to this forum so be nice pls

[Verrierr]

Do you happen to connect via wi-fi and cable on different occasions perhaps?

[Bluezayer]

3 minutes ago, Verrierr said:

Do you happen to connect via wi-fi and cable on different occasions perhaps?

No have never connected with cabel only wifi.

 

[Verrierr]

10 minutes ago, Bluezayer said:

but it's mac address didn't add up

what do you mean by this?

[Bluezayer]

1 minute ago, Verrierr said:

what do you mean by this?

Well both mac adresses are the same but local ip's are different. i dont know much about mac addresses but are they not they uniqe? or is it posible that someone has logged onto my internet and has the same mac adress?

 

[Verrierr]

29 minutes ago, Bluezayer said:

Well both mac adresses are the same but local ip's are different. i dont know much about mac addresses but are they not they uniqe? or is it posible that someone has logged onto my internet and has the same mac adress?

 

Technicly it's possible but requires quite a bit of professional equipment to pull off so it's rather unlikely. Perhaps your router made a mistake and leased two different ip addreses to one device? Is it something that's present at the moment? If it is maybe you could post a screen from command prompt after running "ipconfig"?

[Bluezayer]

8 minutes ago, Verrierr said:

Technicly it's possible butrequires quit a bit of professional equipment to pull off so it's rather unlikely. Perhaps your router made a mistake and leased two different ip addreses to one device? Is it something that's present at the moment? If it is maybe you could post a screen from command prompt after running "ipconfig"?

i have already checked "ipconfig" and there is nothing new there no changes or clues, but i did forget to mention

that i was running a vpn at the time when i first discovered this "other ip same mac adress" thing, can this be it? if so why is it still there after i have turned the vpn off+restarted my pc. I have never had this appear when using a vpn have been using it for a  year.

 

Thanks for answering me btw...

[U.Ho]

54 minutes ago, Bluezayer said:

Well where do i start...i have 2 programs called Glasswire and Advanced ip scanner. i use them to monitor my network form time to time and i today got a strange ip appear, well it was a local ip 192.168.1.255 but it's mac address didn't add up. Since it is the same as my laptop that i am using, and it has another local ip 192.168.1.115 so is this something strange? i have never seen it before i have tried restarting and running a scan on my computer and nothing has changed. My system is clean according to Bitdefender. anyway i don't know too much about mac addresses and stuff a little not much but to me it seems like my laptop has 2  local ip's both who are active according to previously mentioned programs so if you have any idea of what this is pls reply and if you have no idea of what this is you can still reply with words of comfort.

 

btw i'm new to this forum so be nice pls

192.168.1.255 would be the broadcast address of the network 192.168.1.0/24. 

I'm assuming you're using a default configuration on a router so that your netmask is 255.255.255.0?

 

The broadcast address is used to communicate to all devices in the network. It's nothing to be frightened about unless you're sure your computer is not involved in that particular traffic. 

[Bluezayer]

7 minutes ago, U.Ho said:

192.168.1.255 would be the broadcast address of the network 192.168.1.0/24. 

I'm assuming you're using a default configuration on a router so that your netmask is 255.255.255.0?

 

The broadcast address is used to communicate to all devices in the network. It's nothing to be frightened about unless you're sure your computer is not involved in that particular traffic. 

Well first i am using default config on my router.

 

Second: i do think it is connected to my computer since it has the same mac adress as my laptop. Off course i can be wrong since i dont have any idea but if so why did it only appear now? why haven't i always seen it?

 

Thanks for answering

[paddy-stone]

The second IP address is the VPNs, pretty sure.

[Bluezayer]

1 hour ago, paddy-stone said:

The second IP address is the VPNs, pretty sure.

But why have it only appeared now? the vpn has not updated or anything  and why is it still connected after i have restarted+uninstalled the vpn

 

thanks for answering.

[paddy-stone]

42 minutes ago, Bluezayer said:

But why have it only appeared now? the vpn has not updated or anything  and why is it still connected after i have restarted+uninstalled the vpn

 

thanks for answering.

Ahh I see, in that case I don't know, sorry.

 

Never have a problem with my VPN, shows this

 

Sorry for the crap disfigurement of addresses, didn't have much time to spend with this, lol.

[U.Ho]

15 hours ago, Bluezayer said:

Well first i am using default config on my router.

 

Second: i do think it is connected to my computer since it has the same mac adress as my laptop. Off course i can be wrong since i dont have any idea but if so why did it only appear now? why haven't i always seen it?

 

Thanks for answering

Well I guess there hasn't been much broadcast traffic going on.

Maybe you could make a wireshark packet capture and see what the traffic really is?

[Bluezayer]

52 minutes ago, paddy-stone said:

Sorry for the crap disfigurement of addresses, didn't have much time to spend with this, lol.

No don't worry about it, thank you for your help i really appreciate it

[Bluezayer]

32 minutes ago, U.Ho said:

Well I guess there hasn't been much broadcast traffic going on.

Maybe you could make a wireshark packet capture and see what the traffic really is?

ok.. again thank you for your help

 

i did download wireshark and watched a quick tutorial and the only packets that ip 192.168.1.255 is receiving is from my laptop and is sending nothing so i think/hope that it means none is "watching" 

 

5    0.338313    192.168.1.115    192.168.1.255    UDP    305    54915→54915 Len=263

 

this is what all the packets says, so unless you think there is something wrong with that as again, i have no idea. Hopefully i can get some sleep

[Bluezayer]

No... wait doesn't that mean someone is "watching"?... because my pc is sending stuff to another pc with the same macadress?... wait what? am i wrong? pls tell me i'm wrong.

 

Can a laptop have 2 local ip's? but that still doesn't make sense as i am not receiving any thing from 192.168.1.255 nor can i see it sending anything.

And i googled what UDP protocol was and it only scared me more...Suitable for Multi Media streaming? Wha? and i have checked and it still appears in wireshark after i have closed chrome, steam and other programs like that.

i'm getting a headache.

 

[jagdtigger]

Just chill out first okay? That address is the local subnet's broadcast address. A packet sent to this address will be relayed to all of the devices connected to it. Many device/program uses this for harmless things. Your router for DHCP, or a media player searching for media servers . And dont be scared from UDP, you can think of it as a stripped down TCP :

Quote

UDP uses a simple connectionless transmission model with a minimum of protocol mechanism. UDP provides checksums for data integrity, and port numbers for addressing different functions at the source and destination of the datagram. It has no handshaking dialogues, and thus exposes the user's program to any unreliability of the underlying network and so there is no guarantee of delivery, ordering, or duplicate protection. If error correction facilities are needed at the network interface level, an application may use the Transmission Control Protocol (TCP) or Stream Control Transmission Protocol (SCTP) which are designed for this purpose.

https://en.wikipedia.org/wiki/User_Datagram_Protocol

[Bluezayer]

1 minute ago, jagdtigger said:

Just chill out first okay? That address is the local subnet's broadcast address. A packet sent to this address will be relayed to all of the devices connected to it. Many device/program uses this for harmless things. Your router for DHCP, or a media player searching for media servers . And dont be scared from UDP, you can think of it as a stripped down TCP :

https://en.wikipedia.org/wiki/User_Datagram_Protocol

Really? U sure? if that's it then everything's ok. so Everyone has this? is that it? still don't understand why it only appear now not always been there but ok if it's harmless i suppose i should just ignore it. 

 

Thanks for your help

[U.Ho]

7 hours ago, Bluezayer said:

ok.. again thank you for your help

 

i did download wireshark and watched a quick tutorial and the only packets that ip 192.168.1.255 is receiving is from my laptop and is sending nothing so i think/hope that it means none is "watching" 

 

5    0.338313    192.168.1.115    192.168.1.255    UDP    305    54915→54915 Len=263

 

this is what all the packets says, so unless you think there is something wrong with that as again, i have no idea. Hopefully i can get some sleep

Have you by any chance installed Logitech ARX software recently?

A bit of googling brought up worries about packets just like that that in the end were sent by ARX.

[Bluezayer]

3 hours ago, U.Ho said:

Have you by any chance installed Logitech ARX software recently?

A bit of googling brought up worries about packets just like that that in the end were sent by ARX.

i haven't personally but i have a Logitech gaming mouse and it uses some software no idea what ARX is (sorry)  But could it have updated and that is the cause of this?

[jagdtigger]

2 hours ago, Bluezayer said:

i haven't personally but i have a Logitech gaming mouse and it uses some software no idea what ARX is (sorry)  But could it have updated and that is the cause of this?

ARX is the control program for logitech's stuff...

(The table is in Hungarian, it means google is your friend .)

[U.Ho]

11 hours ago, Bluezayer said:

i haven't personally but i have a Logitech gaming mouse and it uses some software no idea what ARX is (sorry)  But could it have updated and that is the cause of this?

Yes that sounds likely.

 

In any case it's nothing to worry about. It's just your pc sending broadcast packets.

[Bluezayer]

2 hours ago, U.Ho said:

Yes that sounds likely.

 

In any case it's nothing to worry about. It's just your pc sending broadcast packets.

ok! Thank you for your help!