Security Incidents mailing list archives

Re: Whose is the traffic ?

From: Jan Marek <jmarek () PF JCU CZ>
Date: Wed, 15 Nov 2000 20:52:11 +0100

Hallo,

Dmitry Alyabyev wrote:


Hi

Could anyone describe these packets ?
It looks like Novell-produced traffic as for me but I'm not sure.
Any details are welcome.

# tcpdump -n ! tcp and ! udp

12:38:14.397840 0:2:b9:e2:1c:c7 > 1:80:c2:0:0:0 sap 42 ui/C len=43


yes, it's a Novell SAP (Service Advertising Protocol) packet:
this packet send every Novell server for advertising about
providing services...

                         0000 0000 0080 0000 02b9 e219 c000 0000
                         3980 0000 02b9 e21c c080 1303 0014 0002
                         000f 0000 0000 0000 0000 00
12:38:16.403918 0:2:b9:e2:1c:c7 > 1:80:c2:0:0:0 sap 42 ui/C len=43
                         0000 0000 0080 0000 02b9 e219 c000 0000
                         3980 0000 02b9 e21c c080 1303 0014 0002
                         000f 0000 0000 0000 0000 00

--
Dimitry


Sincerely
John
--
Ing. Jan Marek
mailto:jmarek () pf jcu cz, tel.:038/777 30 72
Pedagogical Faculty of University of South Bohemia
Jeronymova 10, 370 01 Ceske Budejovice
Motto: Kazda snaha bude po zasluze potrestana: z Murphyho zakonu

Current thread:

Whose is the traffic ? Dmitry Alyabyev (Nov 16)
- Re: Whose is the traffic ? Crist Clark (Nov 17)
- Re: Whose is the traffic ? Jan Marek (Nov 17)
- <Possible follow-ups>
- Re: Whose is the traffic ? Kris Boutilier (Nov 17)
  - Re: Whose is the traffic ? Dmitry Alyabyev (Nov 17)