Security Incidents mailing list archives
Re: Whose is the traffic ?
From: Crist Clark <crist.clark () GLOBALSTAR COM>
Date: Wed, 15 Nov 2000 13:47:51 -0800
Dmitry Alyabyev wrote:
Hi Could anyone describe these packets ? It looks like Novell-produced traffic as for me but I'm not sure. Any details are welcome. # tcpdump -n ! tcp and ! udp 12:38:14.397840 0:2:b9:e2:1c:c7 > 1:80:c2:0:0:0 sap 42 ui/C len=43 0000 0000 0080 0000 02b9 e219 c000 0000 3980 0000 02b9 e21c c080 1303 0014 0002 000f 0000 0000 0000 0000 00 12:38:16.403918 0:2:b9:e2:1c:c7 > 1:80:c2:0:0:0 sap 42 ui/C len=43 0000 0000 0080 0000 02b9 e219 c000 0000 3980 0000 02b9 e21c c080 1303 0014 0002 000f 0000 0000 0000 0000 00
I believe those are Spanning Tree Protocol (STP) frames. At least that's what Ethereal interprets them as. My version of tcpdump (mis)identifies them as IPX. I did do research on what they were and they looked legit on the network I was checking out, but it was a while ago and do not recall the details right now. I think they are IEEE 802.3 frames. -- Crist J. Clark Network Security Engineer crist.clark () globalstar com Globalstar, L.P. (408) 933-4387 FAX: (408) 933-4926
Current thread:
- Whose is the traffic ? Dmitry Alyabyev (Nov 16)
- Re: Whose is the traffic ? Crist Clark (Nov 17)
- Re: Whose is the traffic ? Jan Marek (Nov 17)
- <Possible follow-ups>
- Re: Whose is the traffic ? Kris Boutilier (Nov 17)
- Re: Whose is the traffic ? Dmitry Alyabyev (Nov 17)