Re: dhcp script!

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 9 Sep 2009 16:19:10 -0600
David Fifield <david () bamsoftware com> wrote:
[...snip...]
> That looks right, but what I want is a pcap/tcpdump traffic capture
> like you sent before. What I'm looking for is the ARP packets sent by
> the operating system.
>
> Is this on Snow Leopard?
>
> David Fifield

Attached are 3 pcaps.

Here are the machines on the network:

In 192.168.50.0/24

.64 is a Snow Leopard box
.100 is Linux 2.6.30-gentoo-r5 and acting as the router
.101 doesn't exist
.123 doesn't exist
.250 is a Windows XP SP3 box

In sn_arp.pcap you will find the ARP requests sent by Nmap from the
Linux box to the SN box and vice-versa.

In sn_arpfirewall.pcap you will find the same requests, generated by
Nmap but with the SN firewall on fully with "stealth mode" turned on.

In sn_arpsendip.pcap you will find the same requests but Nmap was used
with --send-ip so the requests should have been generated by the OS.

I did not see any anomalies in these captures.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)

iEYEARECAAYFAkqoUj0ACgkQqaGPzAsl94KcbgCeNXWoXp2ZiXa9zOqd3W+ZaFd5
y4AAn0dKYdEzmyIftrAsQW2Ywl5avNw+
=T62c
-----END PGP SIGNATURE-----

Attachment: sn_arp.pcap
Description:

Attachment: sn_arpfirewall.pcap
Description:

Attachment: sn_arpsendip.pcap
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org