Vulnerability Development mailing list archives
Re: arp packet payload
From: Russell Harding <hardingr () cunap com>
Date: Fri, 31 Oct 2003 15:42:21 -0700 (MST)
Hello, I encountered similar data while wirless sniffing. However, this is not an accidental uninitialized padding. These packets are part of XP's Upnp service. -Russell On Fri, 31 Oct 2003, sebastian wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi list, don't know wheater it's mentioned anywhere or old news but here we go: captured following arp packet last night: 00:44:36.309866 arp who-has 192.168.5.254 tell 192.168.5.164 0x0000 0001 0800 0604 0001 00c0 9f20 d3cd c0a8 ................ 0x0010 05a4 0000 0000 0000 c0a8 05fe 4d2d 5345 ............M-SE 0x0020 4152 4348 202a 2048 5454 502f 312e ARCH.*.HTTP/1. nice packet, but what makes me curious is the payload. where is it taken from? are there also passwords and other "secret" things, which may be unintentionally sent out to the. i think the source is a windows xp box. cheers sebastian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (OpenBSD) iD8DBQE/ohE3Yk9OrbAUXswRAuyIAJsHy5/DQwoAKqEX+56w/H2jJQYoXgCfST1e L5J+3WzSJZT+U1xjvGVZSMY= =xiGy -----END PGP SIGNATURE-----
Current thread:
- Re: arp packet payload Bram Matthys (Syzop) (Nov 01)
- <Possible follow-ups>
- Re: arp packet payload Russell Harding (Nov 01)
- Re: arp packet payload Dave Korn (Nov 03)