Sounds like a program Ill check out too. Although its freshmeat.net.
Kirk
At 05:33 PM 2/3/00 +0000, you wrote:
>You could try SPY an excellent sniffer. Look at freshmeat.com for it.
>
>Jorge.
>
>
>
>
>
>
>MIME:[EMAIL PROTECTED] con fecha 03/02/2000 15:07:23
>Destinatarios: [EMAIL PROTECTED] @ INTERNET
>CC: (cci: Jorge Carminati/BNP)
>Asunto: [expert] tcpdump info
>
>I'm using "tcpdump" to analyze some of the traffic on our network.
>Does anyone know a good resource for deciphering some of the data?
>
>For example:
>
>11:48:04.274828 0:0:c:2:f7:30 Broadcast 8137 494:
> ffff 01e0 0004 0000 0012 ffff ffff ffff
> 0452 0000 0012 0000 0c02 f730 0452 0002
> 0107 5352 5645 4c45 3034 0000 0000 0000
> 0000 0000 0000
>11:48:04.279953 0:50:da:72:b3:d9 Broadcast 8137 60:
> ffff 0028 0001 0000 0012 ffff ffff ffff
> 0453 0000 0012 0050 da72 b3d9 4000 0001
> 0000 012c ffff ffff 0000 0000 0000
>11:48:04.291271 0:50:da:72:9e:8 Broadcast 8137 60:
> ffff 0028 0001 0000 0012 ffff ffff ffff
> 0453 0000 0012 0050 da72 9e08 4000 0001
> b0b0 b0b0 ffff ffff 0000 0000 0000
>11:48:04.303450 0:50:da:72:a8:96 > Broadcast sap e0 ui/C len=43
> ffff 0028 0001 b0b0 b0b0 ffff ffff ffff
> 0453 b0b0 b0b0 0050 da72 a896 4000 0001
> 0000 4242 ffff ffff 0000 00
>11:48:04.324417 arp who-has 206.154.227.143 tell 206.154.227.142
>11:48:04.332792 0:50:da:72:a6:29 Broadcast 8137 60:
> ffff 0028 0001 0000 0012 ffff ffff ffff
> 0453 0000 0012 0050 da72 a629 4000 0001
> b0b0 b0b0 ffff ffff 0000 0000 0000
>11:48:04.333641 0:0:c:2:f7:30 Broadcast 8137 494:
> ffff 01e0 0004 0000 0012 ffff ffff ffff
> 0452 0000 0012 0000 0c02 f730 0452 0002
> 030c 3130 3030 3930 4241 3630 4633 3030
> 4333 5059 5348
>11:48:04.346228 0:10:7b:c5:c1:28 > 1:80:c2:0:0:0 802.1d ui/C len=43
> 0000 0000 0020 0000 906f 972c 0000 0000
> 0020 0000 906f 972c 0081 0100 000e 0002
> 000a 0000 0000 0000 0000 00
>
>
>Some of this is pretty obvious (SAP broadcast, netbios, arp requests),
>but a lot of it is cryptic to me.
>
>Darren Eckhoff
>[EMAIL PROTECTED]
>
>
>
>
>
>
