Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Whose is the traffic ?

From: Kris Boutilier <Kris.Boutilier () SCRD BC CA>
Date: Wed, 15 Nov 2000 14:28:07 -0800
 It's probably some Spanning Tree traffic being emitted by a switch on
your segment. Take a look at
http://www.cavebear.com/CaveBear/Ethernet/multicast.html for the various
special MAC addresses and
http://www.google.com/search?q=01:80:c2:00:00:00+ for more info on STP

k.



-----Original Message-----
From: Dmitry Alyabyev [SMTP:dimitry () AL ORG UA]
Sent: Wednesday, November 15, 2000 3:38 AM
To:   INCIDENTS () SECURITYFOCUS COM
Subject:      Whose is the traffic ?

Hi

Could anyone describe these packets ?
It looks like Novell-produced traffic as for me but I'm not sure.
Any details are welcome.

# tcpdump -n ! tcp and ! udp

12:38:14.397840 0:2:b9:e2:1c:c7 > 1:80:c2:0:0:0 sap 42 ui/C len=43
                         0000 0000 0080 0000 02b9 e219 c000 0000
                         3980 0000 02b9 e21c c080 1303 0014 0002
                         000f 0000 0000 0000 0000 00
12:38:16.403918 0:2:b9:e2:1c:c7 > 1:80:c2:0:0:0 sap 42 ui/C len=43
                         0000 0000 0080 0000 02b9 e219 c000 0000
                         3980 0000 02b9 e21c c080 1303 0014 0002
                         000f 0000 0000 0000 0000 00

--
Dimitry
Previous By Date Next
Previous By Thread Next

Current thread: