Security Incidents mailing list archives
Re: Whose is the traffic ?
From: Kris Boutilier <Kris.Boutilier () SCRD BC CA>
Date: Wed, 15 Nov 2000 14:28:07 -0800
It's probably some Spanning Tree traffic being emitted by a switch on your segment. Take a look at http://www.cavebear.com/CaveBear/Ethernet/multicast.html for the various special MAC addresses and http://www.google.com/search?q=01:80:c2:00:00:00+ for more info on STP k.
-----Original Message----- From: Dmitry Alyabyev [SMTP:dimitry () AL ORG UA] Sent: Wednesday, November 15, 2000 3:38 AM To: INCIDENTS () SECURITYFOCUS COM Subject: Whose is the traffic ? Hi Could anyone describe these packets ? It looks like Novell-produced traffic as for me but I'm not sure. Any details are welcome. # tcpdump -n ! tcp and ! udp 12:38:14.397840 0:2:b9:e2:1c:c7 > 1:80:c2:0:0:0 sap 42 ui/C len=43 0000 0000 0080 0000 02b9 e219 c000 0000 3980 0000 02b9 e21c c080 1303 0014 0002 000f 0000 0000 0000 0000 00 12:38:16.403918 0:2:b9:e2:1c:c7 > 1:80:c2:0:0:0 sap 42 ui/C len=43 0000 0000 0080 0000 02b9 e219 c000 0000 3980 0000 02b9 e21c c080 1303 0014 0002 000f 0000 0000 0000 0000 00 -- Dimitry
Current thread:
- Whose is the traffic ? Dmitry Alyabyev (Nov 16)
- Re: Whose is the traffic ? Crist Clark (Nov 17)
- Re: Whose is the traffic ? Jan Marek (Nov 17)
- <Possible follow-ups>
- Re: Whose is the traffic ? Kris Boutilier (Nov 17)
- Re: Whose is the traffic ? Dmitry Alyabyev (Nov 17)