> I have been experimenting with writing a sniffer in Perl. While testing the > script I received the packet below. The ScrMac is of my layer3 switch and I > do not know the DestMAC. This has me worried.
It's a Cisco Discovery Protocol packet, and the destination MAC is a multicast MAC rather than a unicast MAC (CDP packets are multicast), so it won't be the MAC address of *any* of the machines on your network (or of any machine anywhere on the planet). > I have tried Analyzer, > Ethereal, Optimal, and Tcpdump but they drop the packet for some reason > (this is an assumption; I never see the packet in their output). There is no reason why Ethereal or tcpdump would drop that packet, unless they were run with a capture filter that would exclude CDP packets. Perhaps the packet gets lost somewhere else, but if your sniffer is using libpcap/WinPcap, it gets the same stuff that Analyzer, Ethereal, and tcpdump/WinDump would get when run on the same machine, if you capture on the same interface using the same packet filter. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
