As the 1st byte of the destination MAC address is even it is not multicast/broadcast packet, but directed directly to your host. Clearly neither tshark or tcpdump have a dissector for it so it probably is a proprietory heartbeat of some sort. You could verify if it is wireless specfic of you can check if you don't see this when plugged into the ethernet on the netgear port. You could always hassle Netgear to see if they can provide more info on it - it would be hard to write a dissector for it without any information on what it contains.
But I really wouldn't worry too much, as it isn't IP it is likely to be link local. Also if your wireless ethernet is like most there are also sub-ethernet frames like beacon packets broadcast every 100ms or so that you won't normally see (as a user) unless your turn your wireless NIC into monitor mode and capture packets with wireshark. Martin Martin Visser Technology Consultant Technology Solutions Group - HP Services 410 Concord Road Rhodes NSW 2138 Australia Mobile: +61-411-254-513 Fax: +61-2-9022-1800 E-mail: martin.visserAThp.com This email (including any attachments) is intended only for the use of the individual or entity named above and may contain information that is confidential, proprietary or privileged. If you are not the intended recipient, please notify HP immediately by return email and then delete the email, destroy any printed copy and do not disclose or use the information in it. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Zenaan Harkness Sent: Sunday, 14 October 2007 12:24 PM To: slug Subject: [SLUG] endless packets from my wireless router Hi, can anyone explain what these packets coming from my wireless router are? These are the lines from tshark: 0.000000 Netgear_a0:1a:fc -> IntelCor_80:3f:54 LLC I, N(R)=0, N(S)=0; DSAP NULL LSAP Individual, SSAP NULL LSAP Command and from tcpdump: 12:23:12.489965 00:14:6c:a0:1a:fc (oui Unknown) > 00:12:f0:80:3f:54 (oui Unknown) Null Information, send seq 0, rcv seq 0, Flags [Command], length 1476 The data payload is all zeros. Any ideas why I'm getting 4.8kB/s continuous incoming, with zero outgoing packets, would be appreciated. TIA Zen -- Homepage: www.SoulSound.net -- Free Australia: www.UPMART.org Please respect the confidentiality of this email as sensibly warranted. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
