Vulnerability Development mailing list archives

Re: arp packet payload

From: Russell Harding <hardingr () cunap com>
Date: Fri, 31 Oct 2003 15:42:21 -0700 (MST)

Hello,

  I encountered similar data while wirless sniffing.

However, this is not an accidental uninitialized padding. These packets
are part of XP's Upnp service.

   -Russell

On Fri, 31 Oct 2003, sebastian wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hi list,

don't know wheater it's mentioned anywhere or old news but here we go:

captured following arp packet last night:

00:44:36.309866 arp who-has 192.168.5.254 tell 192.168.5.164
0x0000   0001 0800 0604 0001 00c0 9f20 d3cd c0a8        ................
0x0010   05a4 0000 0000 0000 c0a8 05fe 4d2d 5345        ............M-SE
0x0020   4152 4348 202a 2048 5454 502f 312e             ARCH.*.HTTP/1.

nice packet, but what makes me curious is the payload. where is it taken from?
are there also passwords and other "secret" things, which may be
unintentionally sent out to the.
i think the source is a windows xp box.

cheers
sebastian

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (OpenBSD)

iD8DBQE/ohE3Yk9OrbAUXswRAuyIAJsHy5/DQwoAKqEX+56w/H2jJQYoXgCfST1e
L5J+3WzSJZT+U1xjvGVZSMY=
=xiGy
-----END PGP SIGNATURE-----

Current thread:

Re: arp packet payload Bram Matthys (Syzop) (Nov 01)
- <Possible follow-ups>
- Re: arp packet payload Russell Harding (Nov 01)
- Re: arp packet payload Dave Korn (Nov 03)