dmesg Martian header warning, from/to same IP, MAC from ISP modem

oS 13.2 64-bit KDE4

I’ve been getting this warning with some frequency in dmesg:

IPv4: martian source <DESKTOP-IP> from <DESKTOP-IP>, on dev enp3s0 *(same to/from IP)*
  +0,000007] ll header: 00000000: xx xx xx xx xx xx xx xx xx xx xx xx 80 00        .P.==..)......

From the ll header the source MAC is the DESKTOP network card (my main work/server gig at home) and the from MAC is the ISP’s crappy modem/router, which is also the DNS server.

The 80 00 at the end of the header identify an IPv4 packet.

Nice explanation of header-to-MAC translation at the bottom of this thread, unfortunately without a conclusion:

The network is IPV4 only, manually configured with Yast/ifup, and the DESKTOP-modem connection is wired. Network manager is not installed.

There are two other wireless routers set up as wifi AP’s and switches (no routing). One of the routers is also a DHCP server for visiting/chromecast devices. This is currently disabled for testing and had no impact on the martian warnings.

All devices are on the same and only network, i.e., the AP’s broadcast different SSIDs but all devices have the same IP base (e.g., 192.168.1.X). SSIDs are different due to the distance between routers (connected by wire) and to separate home and visitor’s devices.

I’ve gone through a lot of posts about this warning, but most deal with two different networks and/or different source and from IPs. I’ve checked that the AP’s have DNS and DHCP disabled, and all devices (modem included) have IPv6 disabled (ISP is currently IPv4 only).

I know I can disable martian log warnings, but it would be better to deal with the cause and not the consequence.

Any ideas?


Note: I also disabled port forwarding in the modem (torrent) without effect.

No ideas, anyone?

You shouldn’t need to sanitize this kind of information, it’s just about impossible for anyone to use the info you’ve removed for any kind of hacking. Reading the actual values are helpful, at the moment the viewer has to interpret your placeholders to understand what your error is saying.

Based on your general description,
I’d want to re-consider whether the networks you’re connecting to (both wired and wireless) are architected properly… Every network should be unique and you should only have one NIC active at a time (eg I wouldn’t recommend having both wired and wireless active at the same time, and <definitely> if they have the same NetworkID and even worse, if they connect to the same LAN). If you’re doing this (two active NICs at the same time), either physically unplug thel network cable, switch off your wireless, run rfkill or whatever you need to do to use only one NIC, reboot and look at your packets again. Note that depending on whether you’re running a Workgroup or Domain network, it may also take some time for your machine to be re-identified and older identifications purged.


Hi Tsu,

Thank you for replying.

A case of better safe than sorry - not about the internal network IP addresses, of course, but regarding the modem/router MAC. Anyway, the point was to reaffirm what’s in the title, that the both IP addresses are the same, of the desktop, and the MACs are from the desktop and the modem/router.

FWIW, here’s the un-sanitized dmesg warning:

  +7,796199] IPv4: martian source from, on dev enp3s0
  +0,000008] ll header: 00000000: d8 05 0e 3d 3d d9 81 39 95 05 9c 0e 08 00        .P.==..)......

I’ve no idea what the .P.==…)… at the end means.

There’s only the onboard NIC - and the desktop only has a single wired connection, as stated in my first post, and it’s NOT running networkmanager - hence no concerns about two networks. As I’ve noted, most posts about martian headers deal with what you are saying, two networks on the same LAN, but that is AFAIKS not the case here.

However, as nothing is certain in life and computer sciences, I’ve shut off both APs so that that only the desktop wired connection to the modem is active (there’s a gigabit switch between them, with only the desktop and modem lights up), and no wireless broadcasting. After a few minutes I got the same martian warning again. I’ll reboot everything and see if continues, and post back here.

Thanks again,


Ahhh. Rebooted 30 min ago, still no martians. I’ll give it some more time and restart stuff (APs, torrent) one by one, to see which one trigger the warnings.

Troubleshooting this requires rebooting after any modifications because then the machine “re-announces” itself in your network, and other machines are supposed to respect when your machine newly appears on the network. Even with the new announcement, it’s unknown if the old cached information is still being used in your network for awhile… and it can be further be affected in a Workgroup when there isn’t a certain designated “Browse Master,” which is determined by election (so the role can shift from one machine to another).

If you have mulitple APs, then if they are the type that can be configured as a mesh network, then that should be done… Else, they should be configured so your machine can’t “roam” unexpectedly between APs.


OK, the culprit is the torrent client, possibly the port forwarding set in the modem. I’ll check some ideas.

Got it. The martian warning is caused by using the same internal and external port number for transmission on the router NAT/virtual server settings. Using different ports clear the warnings, but makes transmission see the new port as closed, with consequent loss of connectivity performance. But this is a subject for another thread.

Thanks to Tsu for replying, it got me in the right direction at the end :wink: