You could try SPY an excellent sniffer. Look at freshmeat.com for it.
Jorge.
MIME:[EMAIL PROTECTED] con fecha 03/02/2000 15:07:23
Destinatarios: [EMAIL PROTECTED] @ INTERNET
CC: (cci: Jorge Carminati/BNP)
Asunto: [expert] tcpdump info
I'm using "tcpdump" to analyze some of the traffic on our network.
Does anyone know a good resource for deciphering some of the data?
For example:
11:48:04.274828 0:0:c:2:f7:30 Broadcast 8137 494:
ffff 01e0 0004 0000 0012 ffff ffff ffff
0452 0000 0012 0000 0c02 f730 0452 0002
0107 5352 5645 4c45 3034 0000 0000 0000
0000 0000 0000
11:48:04.279953 0:50:da:72:b3:d9 Broadcast 8137 60:
ffff 0028 0001 0000 0012 ffff ffff ffff
0453 0000 0012 0050 da72 b3d9 4000 0001
0000 012c ffff ffff 0000 0000 0000
11:48:04.291271 0:50:da:72:9e:8 Broadcast 8137 60:
ffff 0028 0001 0000 0012 ffff ffff ffff
0453 0000 0012 0050 da72 9e08 4000 0001
b0b0 b0b0 ffff ffff 0000 0000 0000
11:48:04.303450 0:50:da:72:a8:96 > Broadcast sap e0 ui/C len=43
ffff 0028 0001 b0b0 b0b0 ffff ffff ffff
0453 b0b0 b0b0 0050 da72 a896 4000 0001
0000 4242 ffff ffff 0000 00
11:48:04.324417 arp who-has 206.154.227.143 tell 206.154.227.142
11:48:04.332792 0:50:da:72:a6:29 Broadcast 8137 60:
ffff 0028 0001 0000 0012 ffff ffff ffff
0453 0000 0012 0050 da72 a629 4000 0001
b0b0 b0b0 ffff ffff 0000 0000 0000
11:48:04.333641 0:0:c:2:f7:30 Broadcast 8137 494:
ffff 01e0 0004 0000 0012 ffff ffff ffff
0452 0000 0012 0000 0c02 f730 0452 0002
030c 3130 3030 3930 4241 3630 4633 3030
4333 5059 5348
11:48:04.346228 0:10:7b:c5:c1:28 > 1:80:c2:0:0:0 802.1d ui/C len=43
0000 0000 0020 0000 906f 972c 0000 0000
0020 0000 906f 972c 0081 0100 000e 0002
000a 0000 0000 0000 0000 00
Some of this is pretty obvious (SAP broadcast, netbios, arp requests),
but a lot of it is cryptic to me.
Darren Eckhoff
[EMAIL PROTECTED]
