ARP cache MAC and Docker












2















When I run cat /proc/net/arp I see two entries* bound to :



IP address       HW type     Flags       HW address            Mask     Device

35.224.99.156    0x1         0x0         00:00:00:00:00:00     *        docker0

35.222.85.5      0x1         0x0         00:00:00:00:00:00     *        docker0


Even after ip -s -s neigh flush all and arp -n these entries come back. What do the results above mean?



Why is the ARP binding the docker0 device to an IPs (35.224.99.156) and (35.222.85.5) with mac 00:00:00:00:00:00 which I do not recognise all though they are from Google Cloud/Google or spoofed to be as such.



Is this expected, a bug or corruption or something more sinister?



*detected originally using OSQuery 



SELECT address, mac, COUNT(mac) AS mac_count

  FROM arp_cache GROUP BY mac

  HAVING count(mac) > 1;


docker network inspect bridge is



[

   {

       "Name": "bridge",

       "Id": "REDACTED",

       "Created": "2019-02-09T17:38:43.817882245Z",

       "Scope": "local",

       "Driver": "bridge",

       "EnableIPv6": false,

       "IPAM": {

           "Driver": "default",

           "Options": null,

           "Config": [

               {

                   "Subnet": "172.17.0.0/16",

                   "Gateway": "172.17.0.1"

               }

           ]

       },

       "Internal": false,

       "Attachable": false,

       "Ingress": false,

       "ConfigFrom": {

           "Network": ""

       },

       "ConfigOnly": false,

       "Containers": {},

       "Options": {

           "com.docker.network.bridge.default_bridge": "true",

           "com.docker.network.bridge.enable_icc": "true",

           "com.docker.network.bridge.enable_ip_masquerade": "true",

           "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",

           "com.docker.network.bridge.name": "docker0",

           "com.docker.network.driver.mtu": "1500"

       },

       "Labels": {}

   }

]





networking docker mac-address arp google-cloud-platform







share|improve this question

























  • Include the docker network inspect bridge output.

    – BMitch
    Feb 8 at 14:22











  • @BMitch post updated with output

    – Gridcell Coder
    Feb 9 at 18:13
















2















When I run cat /proc/net/arp I see two entries* bound to :



IP address       HW type     Flags       HW address            Mask     Device

35.224.99.156    0x1         0x0         00:00:00:00:00:00     *        docker0

35.222.85.5      0x1         0x0         00:00:00:00:00:00     *        docker0


Even after ip -s -s neigh flush all and arp -n these entries come back. What do the results above mean?



Why is the ARP binding the docker0 device to an IPs (35.224.99.156) and (35.222.85.5) with mac 00:00:00:00:00:00 which I do not recognise all though they are from Google Cloud/Google or spoofed to be as such.



Is this expected, a bug or corruption or something more sinister?



*detected originally using OSQuery 



SELECT address, mac, COUNT(mac) AS mac_count

  FROM arp_cache GROUP BY mac

  HAVING count(mac) > 1;


docker network inspect bridge is



[

   {

       "Name": "bridge",

       "Id": "REDACTED",

       "Created": "2019-02-09T17:38:43.817882245Z",

       "Scope": "local",

       "Driver": "bridge",

       "EnableIPv6": false,

       "IPAM": {

           "Driver": "default",

           "Options": null,

           "Config": [

               {

                   "Subnet": "172.17.0.0/16",

                   "Gateway": "172.17.0.1"

               }

           ]

       },

       "Internal": false,

       "Attachable": false,

       "Ingress": false,

       "ConfigFrom": {

           "Network": ""

       },

       "ConfigOnly": false,

       "Containers": {},

       "Options": {

           "com.docker.network.bridge.default_bridge": "true",

           "com.docker.network.bridge.enable_icc": "true",

           "com.docker.network.bridge.enable_ip_masquerade": "true",

           "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",

           "com.docker.network.bridge.name": "docker0",

           "com.docker.network.driver.mtu": "1500"

       },

       "Labels": {}

   }

]





networking docker mac-address arp google-cloud-platform







share|improve this question

























  • Include the docker network inspect bridge output.

    – BMitch
    Feb 8 at 14:22











  • @BMitch post updated with output

    – Gridcell Coder
    Feb 9 at 18:13














2












2








2








When I run cat /proc/net/arp I see two entries* bound to :



IP address       HW type     Flags       HW address            Mask     Device

35.224.99.156    0x1         0x0         00:00:00:00:00:00     *        docker0

35.222.85.5      0x1         0x0         00:00:00:00:00:00     *        docker0


Even after ip -s -s neigh flush all and arp -n these entries come back. What do the results above mean?



Why is the ARP binding the docker0 device to an IPs (35.224.99.156) and (35.222.85.5) with mac 00:00:00:00:00:00 which I do not recognise all though they are from Google Cloud/Google or spoofed to be as such.



Is this expected, a bug or corruption or something more sinister?



*detected originally using OSQuery 



SELECT address, mac, COUNT(mac) AS mac_count

  FROM arp_cache GROUP BY mac

  HAVING count(mac) > 1;


docker network inspect bridge is



[

   {

       "Name": "bridge",

       "Id": "REDACTED",

       "Created": "2019-02-09T17:38:43.817882245Z",

       "Scope": "local",

       "Driver": "bridge",

       "EnableIPv6": false,

       "IPAM": {

           "Driver": "default",

           "Options": null,

           "Config": [

               {

                   "Subnet": "172.17.0.0/16",

                   "Gateway": "172.17.0.1"

               }

           ]

       },

       "Internal": false,

       "Attachable": false,

       "Ingress": false,

       "ConfigFrom": {

           "Network": ""

       },

       "ConfigOnly": false,

       "Containers": {},

       "Options": {

           "com.docker.network.bridge.default_bridge": "true",

           "com.docker.network.bridge.enable_icc": "true",

           "com.docker.network.bridge.enable_ip_masquerade": "true",

           "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",

           "com.docker.network.bridge.name": "docker0",

           "com.docker.network.driver.mtu": "1500"

       },

       "Labels": {}

   }

]





networking docker mac-address arp google-cloud-platform







share|improve this question
















When I run cat /proc/net/arp I see two entries* bound to :



IP address       HW type     Flags       HW address            Mask     Device

35.224.99.156    0x1         0x0         00:00:00:00:00:00     *        docker0

35.222.85.5      0x1         0x0         00:00:00:00:00:00     *        docker0


Even after ip -s -s neigh flush all and arp -n these entries come back. What do the results above mean?



Why is the ARP binding the docker0 device to an IPs (35.224.99.156) and (35.222.85.5) with mac 00:00:00:00:00:00 which I do not recognise all though they are from Google Cloud/Google or spoofed to be as such.



Is this expected, a bug or corruption or something more sinister?



*detected originally using OSQuery 



SELECT address, mac, COUNT(mac) AS mac_count

  FROM arp_cache GROUP BY mac

  HAVING count(mac) > 1;


docker network inspect bridge is



[

   {

       "Name": "bridge",

       "Id": "REDACTED",

       "Created": "2019-02-09T17:38:43.817882245Z",

       "Scope": "local",

       "Driver": "bridge",

       "EnableIPv6": false,

       "IPAM": {

           "Driver": "default",

           "Options": null,

           "Config": [

               {

                   "Subnet": "172.17.0.0/16",

                   "Gateway": "172.17.0.1"

               }

           ]

       },

       "Internal": false,

       "Attachable": false,

       "Ingress": false,

       "ConfigFrom": {

           "Network": ""

       },

       "ConfigOnly": false,

       "Containers": {},

       "Options": {

           "com.docker.network.bridge.default_bridge": "true",

           "com.docker.network.bridge.enable_icc": "true",

           "com.docker.network.bridge.enable_ip_masquerade": "true",

           "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",

           "com.docker.network.bridge.name": "docker0",

           "com.docker.network.driver.mtu": "1500"

       },

       "Labels": {}

   }

]





networking docker mac-address arp google-cloud-platform




networking docker mac-address arp google-cloud-platform






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Feb 9 at 18:12







Gridcell Coder

















asked Feb 7 at 17:02









Gridcell CoderGridcell Coder

133




133













  • Include the docker network inspect bridge output.

    – BMitch
    Feb 8 at 14:22











  • @BMitch post updated with output

    – Gridcell Coder
    Feb 9 at 18:13



















  • Include the docker network inspect bridge output.

    – BMitch
    Feb 8 at 14:22











  • @BMitch post updated with output

    – Gridcell Coder
    Feb 9 at 18:13

















Include the docker network inspect bridge output.

– BMitch
Feb 8 at 14:22





Include the docker network inspect bridge output.

– BMitch
Feb 8 at 14:22













@BMitch post updated with output

– Gridcell Coder
Feb 9 at 18:13





@BMitch post updated with output

– Gridcell Coder
Feb 9 at 18:13










1 Answer
1






active

oldest

votes


















2














These are from connectivity-checks made by NetworkManager.



# nslookup connectivity-check.ubuntu.com

Server:         127.0.0.53

Address:        127.0.0.53#53



Non-authoritative answer:

Name:   connectivity-check.ubuntu.com

Address: 35.224.99.156

Name:   connectivity-check.ubuntu.com

Address: 35.222.85.5


There is a bug so the arp-request go out the wrong interfaces. See: https://bugzilla.redhat.com/show_bug.cgi?id=1634286



You can prevent this by removing the package network-manager-config-connectivity-ubuntu



apt purge network-manager-config-connectivity-ubuntu





share|improve this answer

























    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1403215%2farp-cache-mac-and-docker%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    2














    These are from connectivity-checks made by NetworkManager.



    # nslookup connectivity-check.ubuntu.com
    
Server:         127.0.0.53
    
Address:        127.0.0.53#53
    

    
Non-authoritative answer:
    
Name:   connectivity-check.ubuntu.com
    
Address: 35.224.99.156
    
Name:   connectivity-check.ubuntu.com
    
Address: 35.222.85.5


    There is a bug so the arp-request go out the wrong interfaces. See: https://bugzilla.redhat.com/show_bug.cgi?id=1634286



    You can prevent this by removing the package network-manager-config-connectivity-ubuntu



    apt purge network-manager-config-connectivity-ubuntu





    share|improve this answer






























      2














      These are from connectivity-checks made by NetworkManager.



      # nslookup connectivity-check.ubuntu.com
      
Server:         127.0.0.53
      
Address:        127.0.0.53#53
      

      
Non-authoritative answer:
      
Name:   connectivity-check.ubuntu.com
      
Address: 35.224.99.156
      
Name:   connectivity-check.ubuntu.com
      
Address: 35.222.85.5


      There is a bug so the arp-request go out the wrong interfaces. See: https://bugzilla.redhat.com/show_bug.cgi?id=1634286



      You can prevent this by removing the package network-manager-config-connectivity-ubuntu



      apt purge network-manager-config-connectivity-ubuntu





      share|improve this answer




























        2












        2








        2







        These are from connectivity-checks made by NetworkManager.



        # nslookup connectivity-check.ubuntu.com
        
Server:         127.0.0.53
        
Address:        127.0.0.53#53
        

        
Non-authoritative answer:
        
Name:   connectivity-check.ubuntu.com
        
Address: 35.224.99.156
        
Name:   connectivity-check.ubuntu.com
        
Address: 35.222.85.5


        There is a bug so the arp-request go out the wrong interfaces. See: https://bugzilla.redhat.com/show_bug.cgi?id=1634286



        You can prevent this by removing the package network-manager-config-connectivity-ubuntu



        apt purge network-manager-config-connectivity-ubuntu





        share|improve this answer















        These are from connectivity-checks made by NetworkManager.



        # nslookup connectivity-check.ubuntu.com
        
Server:         127.0.0.53
        
Address:        127.0.0.53#53
        

        
Non-authoritative answer:
        
Name:   connectivity-check.ubuntu.com
        
Address: 35.224.99.156
        
Name:   connectivity-check.ubuntu.com
        
Address: 35.222.85.5


        There is a bug so the arp-request go out the wrong interfaces. See: https://bugzilla.redhat.com/show_bug.cgi?id=1634286



        You can prevent this by removing the package network-manager-config-connectivity-ubuntu



        apt purge network-manager-config-connectivity-ubuntu






        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited Feb 25 at 11:18

























        answered Feb 25 at 10:00









        David WeberDavid Weber

        362




        362






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1403215%2farp-cache-mac-and-docker%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            How to reconfigure Docker Trusted Registry 2.x.x to use CEPH FS mount instead of NFS and other traditional...

            Image
            0 I am having trouble trying to reconfigure my DTR container to try and use a CEPH FS mount we created to act as a storage backend for our image repository. The Docs are very vague on this and nothing exactly explains on how to do it. Has anyone yet connected the dots? linux filesystems mount storage docker share | improve this question asked Feb 1 at 6:40 jRapp3r jRapp3r 1 1 add a comment  | 
            Read more

            is 'sed' thread safe

            Image
            2 If I have a shell/python script that uses sed to modify a file in place based on user inputs, and then two users run the same script at the same time or approx. same time, is 'sed' thread safe ? Or perhaps it is not an issue because the file_descripor that was opened by the first thread will be used to lock the file anyway ? thx linux sed python share | improve this question edited 7 hours ago Jeff Schaller 42.9k 11 59 137 asked 7 hours ago terreys terreys
            Read more

            How to make a Squid Proxy server?

            Image
            1 I want to set up squid proxy server for monitoring user activity in a network and Internet Web URL filtering for user. I also want to configure the user login, user log, user access group, and block unwanted web sites in my network. Please help me and guide me the full process to do this. server proxy squid share | improve this question edited Jul 31 '12 at 14:45 Jorge Castro 37.1k 107 422 617 asked Jul 31 '12 at 5:16 Goivind Tiwari Goivind Tiwari
            Read more