You might want to try ethereal instead.
I think is is easier to interpret.
Frank Arnold
=====================================
http://ethereal.zing.org/
On Thu, 3 Feb 2000, Darren Eckhoff wrote:
> I'm using "tcpdump" to analyze some of the traffic on our network.
> Does anyone know a good resource for deciphering some of the data?
>
> For example:
>
> 11:48:04.274828 0:0:c:2:f7:30 Broadcast 8137 494:
> ffff 01e0 0004 0000 0012 ffff ffff ffff
> 0452 0000 0012 0000 0c02 f730 0452 0002
> 0107 5352 5645 4c45 3034 0000 0000 0000
> 0000 0000 0000
> 11:48:04.279953 0:50:da:72:b3:d9 Broadcast 8137 60:
> ffff 0028 0001 0000 0012 ffff ffff ffff
> 0453 0000 0012 0050 da72 b3d9 4000 0001
> 0000 012c ffff ffff 0000 0000 0000
> 11:48:04.291271 0:50:da:72:9e:8 Broadcast 8137 60:
> ffff 0028 0001 0000 0012 ffff ffff ffff
> 0453 0000 0012 0050 da72 9e08 4000 0001
> b0b0 b0b0 ffff ffff 0000 0000 0000
> 11:48:04.303450 0:50:da:72:a8:96 > Broadcast sap e0 ui/C len=43
> ffff 0028 0001 b0b0 b0b0 ffff ffff ffff
> 0453 b0b0 b0b0 0050 da72 a896 4000 0001
> 0000 4242 ffff ffff 0000 00
> 11:48:04.324417 arp who-has 206.154.227.143 tell 206.154.227.142
> 11:48:04.332792 0:50:da:72:a6:29 Broadcast 8137 60:
> ffff 0028 0001 0000 0012 ffff ffff ffff
> 0453 0000 0012 0050 da72 a629 4000 0001
> b0b0 b0b0 ffff ffff 0000 0000 0000
> 11:48:04.333641 0:0:c:2:f7:30 Broadcast 8137 494:
> ffff 01e0 0004 0000 0012 ffff ffff ffff
> 0452 0000 0012 0000 0c02 f730 0452 0002
> 030c 3130 3030 3930 4241 3630 4633 3030
> 4333 5059 5348
> 11:48:04.346228 0:10:7b:c5:c1:28 > 1:80:c2:0:0:0 802.1d ui/C len=43
> 0000 0000 0020 0000 906f 972c 0000 0000
> 0020 0000 906f 972c 0081 0100 000e 0002
> 000a 0000 0000 0000 0000 00
>
>
> Some of this is pretty obvious (SAP broadcast, netbios, arp requests),
> but a lot of it is cryptic to me.
>
> Darren Eckhoff
> [EMAIL PROTECTED]
>
