Tcpdump problem....

[Ashley Thomas <athomas () cc gatech edu>]

Hi all,

On receiving a malicious packet with port 1812 (radius), tcpdump gave 
this problem.

-----------------------
tcpdump version 3.6.3
libpcap version 0.6
-----------------------

/usr/sbin/tcpdump -r 130-207-0-0.cap -n
15:43:32.257271 211.110.149.153.4156 > 130.207.0.0.4156:  udp 41 (DF)
15:44:52.545484 217.169.97.40.radius > 130.207.0.0.radius:  rad-#0 41 
[id 0] Attr[  Term_action Term_action Term_action Term_action 
Term_action Term_action Term_action Term_action Term_action Term_action 
Term_action Term_action Term_action Term_action Term_action Term_action 
Term_action


I downloaded the current tcpdump from tcpdump.org and that version has 
SOLVED this problem.

Is there any documentation regarding this problem, what change was done 
to correct it etc ?
Any pointers is appreciated.

----------------------------------------------------
tcpdump version current-cvs.tcpdump.org.2003.01.09
libpcap version 0.6
----------------------------------------------------

./tcpdump -r ../130-207-0-0.cap -n
15:43:32.257271 IP 211.110.149.153.4156 > 130.207.0.0.4156: udp 41 (DF)
15:44:52.545484 IP 217.169.97.40.1812 > 130.207.0.0.1812: [|radius] (DF)
15:45:59.832160 IP 61.219.204.60.1812 > 130.207.0.0.1812: [|radius] (DF)

Details on the packet that caused problem:

15:44:52.545484 IP 217.169.97.40.1812 > 130.207.0.0.1812: [|radius] (DF)
4500 0045 0000 4000 2b11 9207 d9a9 6128
82cf 0000 0714 0714 0031 af0b 0000 0000
6741 0000 fd95 8721 2600 0000 281d 8e31
1d00 0000 22ed 8b04 0105 0000 0000 0000
ee78 0200 00


Thanks a lot,








--
Ashley Thomas
Research scientist
College of Computing
Georgia Tech.


-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe