Re: can someone tell me what this means

[Uncle George <gatgul () gatworks com>]

Hummm, I might expect that these "snap" messages to get inserted between 
the stacks associated with the Mac Addresses of the wireless products. 
The laptop ( of which this dump is taken )  has an eth/wired connection 
between it and the wireless Access Point/router.  I would think that the 
AP would strip off such info before presenting it over the local wired net.

I will have to try again the Windows system that works ( tomm ) to see 
if I also get snap messages when I send pings from M$.


Guy Harris wrote:

> On Sat, Jul 19, 2003 at 09:39:54PM -0400, Uncle George wrote:
>  
>
> > 1) the "snap 0:0:f8:8:6"
> > 2) the "(0:2:2d:91:3a:82)" of the arp reply ?
> >
> > With regular wired tcp i do not get the snap mesages. The wireless 
> > connections appear to get these added ( snap ) codes.
> >    
>
> The wired TCP is probably running over Ethernet, without IEEE 802.2. 
> 802.11, however, always uses 802.2, so there will be a SNAP header.
>
> The fact that it's 0:0:f8:8:6, which means a SNAP OUI of 0000f8 and a
> protocol ID of 0806 (ARP), means it's some type of Cisco bridging
> (0000f8 is one of Cisco's OUIs).
>
> The "(0:2:2d:91:3a:82)" in the ARP reply probably means it's trying to
> print both the MAC address and the name in the ARP reply but it couldn't
> or didn't try to translate the address to a name.  (What version of
> tcpdump is this?)
> -
> This is the TCPDUMP workers list. It is archived at
> http://www.tcpdump.org/lists/workers/index.html
> To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
>
>
>  


-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe