Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Whose is the traffic ?

From: Dmitry Alyabyev <dimitry () al org ua>
Date: Thu, 16 Nov 2000 12:17:42 +0200
Hi

Thursday, November 16, 2000, 12:28:07 AM, Kris wrote:


 It's probably some Spanning Tree traffic being emitted by a switch on
your segment. Take a look at
http://www.cavebear.com/CaveBear/Ethernet/multicast.html for the various
special MAC addresses and
http://www.google.com/search?q=01:80:c2:00:00:00+ for more info on STP


Yes, sure, you're right.
Thanks to everyone who has provided a recomendations.

--
Dimitry



-----Original Message-----
From: Dmitry Alyabyev [SMTP:dimitry () AL ORG UA]
Sent: Wednesday, November 15, 2000 3:38 AM
To:   INCIDENTS () SECURITYFOCUS COM
Subject:      Whose is the traffic ?

Hi

Could anyone describe these packets ?
It looks like Novell-produced traffic as for me but I'm not sure.
Any details are welcome.

# tcpdump -n ! tcp and ! udp

12:38:14.397840 0:2:b9:e2:1c:c7 > 1:80:c2:0:0:0 sap 42 ui/C len=43
                         0000 0000 0080 0000 02b9 e219 c000 0000
                         3980 0000 02b9 e21c c080 1303 0014 0002
                         000f 0000 0000 0000 0000 00
12:38:16.403918 0:2:b9:e2:1c:c7 > 1:80:c2:0:0:0 sap 42 ui/C len=43
                         0000 0000 0080 0000 02b9 e219 c000 0000
                         3980 0000 02b9 e21c c080 1303 0014 0002
                         000f 0000 0000 0000 0000 00

--
Dimitry
Previous By Date Next
Previous By Thread Next

Current thread: