Security Incidents mailing list archives
Re: Whose is the traffic ?
From: Jan Marek <jmarek () PF JCU CZ>
Date: Wed, 15 Nov 2000 20:52:11 +0100
Hallo, Dmitry Alyabyev wrote:
Hi Could anyone describe these packets ? It looks like Novell-produced traffic as for me but I'm not sure. Any details are welcome. # tcpdump -n ! tcp and ! udp 12:38:14.397840 0:2:b9:e2:1c:c7 > 1:80:c2:0:0:0 sap 42 ui/C len=43
yes, it's a Novell SAP (Service Advertising Protocol) packet: this packet send every Novell server for advertising about providing services...
0000 0000 0080 0000 02b9 e219 c000 0000 3980 0000 02b9 e21c c080 1303 0014 0002 000f 0000 0000 0000 0000 00 12:38:16.403918 0:2:b9:e2:1c:c7 > 1:80:c2:0:0:0 sap 42 ui/C len=43 0000 0000 0080 0000 02b9 e219 c000 0000 3980 0000 02b9 e21c c080 1303 0014 0002 000f 0000 0000 0000 0000 00 -- Dimitry
Sincerely John -- Ing. Jan Marek mailto:jmarek () pf jcu cz, tel.:038/777 30 72 Pedagogical Faculty of University of South Bohemia Jeronymova 10, 370 01 Ceske Budejovice Motto: Kazda snaha bude po zasluze potrestana: z Murphyho zakonu
Current thread:
- Whose is the traffic ? Dmitry Alyabyev (Nov 16)
- Re: Whose is the traffic ? Crist Clark (Nov 17)
- Re: Whose is the traffic ? Jan Marek (Nov 17)
- <Possible follow-ups>
- Re: Whose is the traffic ? Kris Boutilier (Nov 17)
- Re: Whose is the traffic ? Dmitry Alyabyev (Nov 17)