Rather than the usual 14 bytes, you've got 18 bytes prepended to your IP
packets.
The confusing part is the 2 bytes in front of the MAC addresses and the
2 bytes between the MAC addresses and the ethernet type.
These all appear to be broadcast packets of one type or another.
Antoon Huiskens wrote:
$ pfexec tcpdump -v -X -s 1536 -c 3 -i iwk0
tcpdump: listening on iwk0, link-type EN10MB (Ethernet), capture size 1536 bytes
13:00:08.382924 ff:ff:ff:ff:00:0b (oui Unknown) > 08:22:00:00:ff:ff (oui Unknown), ethertype Unknown (0x0e9e), length 110:
0x0000: 4340 001d e019 ead1 7054 aaaa 0300 0000 [email protected]......
0x0010: 0800 4500 004e 7c19 0000 8011 c689 0a00 ..E..N|.........
0x0020: e3fc 0a00 ffff 0089 0089 003a f94c 87a1 ...........:.L..
0x0030: 0110 0001 0000 0000 0000 2046 4446 4645 ...........FDFFE
0x0040: 4f43 4e45 4244 4644 4a44 4145 4444 4845 OCNEBDFDJDAEDDHE
0x0050: 4345 4344 4945 4745 4341 4100 0020 0001 CECDIEGECAA.....
13:00:08.383053 ff:ff:ff:ff:00:0b (oui Unknown) > 08:02:00:00:ff:ff (oui Unknown), ethertype Unknown (0x0e9e), length 110:
0x0000: 4340 001f 3bc0 37bd 8054 aaaa 0300 0000 c...@..;.7..T......
0x0010: 0800 4500 004e 0071 0000 8011 3266 0a00 ..E..N.q....2f..
0x0020: f3c8 0a00 ffff 0089 0089 003a 2f19 8013 ...........:/...
0x0030: 0110 0001 0000 0000 0000 2045 4a46 4445 ...........EJFDE
0x0040: 4246 4545 4246 4143 4143 4143 4143 4143 BFEEBFACACACACAC
0x0050: 4143 4143 4143 4143 4141 4100 0020 0001 ACACACACAAA.....
13:00:08.485307 00:00:00:02:00:0b (oui Ethernet) > 08:02:00:00:33:33 (oui Unknown), ethertype Unknown (0x0e9e), length 88:
0x0000: 4340 001f 5bbe 892b a054 aaaa 0300 0000 c...@..[..+.t......
0x0010: 86dd 6000 0000 0010 3aff fe80 0000 0000 ..`.....:.......
0x0020: 0000 021f 5bff febe 892b ff02 0000 0000 ....[....+......
0x0030: 0000 0000 0000 0000 0002 8500 b11c 0000 ................
0x0040: 0000 0101 001f 5bbe 892b ......[..+
_______________________________________________
networking-discuss mailing list
[email protected]
