tcpdump mailing list archives

Re: can someone tell me what this means

From: Guy Harris <guy () alum mit edu>
Date: Sat, 19 Jul 2003 19:18:39 -0700

On Sat, Jul 19, 2003 at 09:39:54PM -0400, Uncle George wrote:

1) the "snap 0:0:f8:8:6"
2) the "(0:2:2d:91:3a:82)" of the arp reply ?

With regular wired tcp i do not get the snap mesages. The wireless 
connections appear to get these added ( snap ) codes.


The wired TCP is probably running over Ethernet, without IEEE 802.2. 
802.11, however, always uses 802.2, so there will be a SNAP header.

The fact that it's 0:0:f8:8:6, which means a SNAP OUI of 0000f8 and a
protocol ID of 0806 (ARP), means it's some type of Cisco bridging
(0000f8 is one of Cisco's OUIs).

The "(0:2:2d:91:3a:82)" in the ARP reply probably means it's trying to
print both the MAC address and the name in the ARP reply but it couldn't
or didn't try to translate the address to a name.  (What version of
tcpdump is this?)
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

Current thread:

can someone tell me what this means Uncle George (Jul 19)
- Re: can someone tell me what this means Guy Harris (Jul 19)
  - Re: can someone tell me what this means Uncle George (Jul 19)
  - Re: can someone tell me what this means Andrew Brown (Jul 23)
- Re: can someone tell me what this means David Young (Jul 19)