Date: Fri, 19 May 2006 13:12:56 +0100 From: Brian Candler <B.Candler@pobox.com> To: Ganbold <ganbold@micom.mng.net> Cc: freebsd-current@FreeBSD.org, Gleb Smirnoff <glebius@FreeBSD.org>, Harti Brandt <harti@FreeBSD.org> Subject: Re: small patch for ngctl Message-ID: <20060519121256.GA13356@uk.tiscali.com> In-Reply-To: <446D80EC.3010106@micom.mng.net> References: <446D7741.10102@micom.mng.net> <20060519095344.P13833@beagle.kn.op.dlr.de> <446D7C09.3090003@micom.mng.net> <20060519081215.GO84736@cell.sick.ru> <446D80EC.3010106@micom.mng.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, May 19, 2006 at 05:25:16PM +0900, Ganbold wrote: > Rec'd data packet on hook "qqqq": > 0000: ff ff ff ff ff ff 00 14 6c 2e 23 71 08 00 45 00 ........l.#q..E. > 0010: 00 4e 17 4e 00 00 80 11 a0 c6 c0 a8 00 3b c0 a8 .N.N.........;.. > 0020: 00 ff 00 89 00 89 00 3a b1 dc 80 8f 01 10 00 01 .......:........ > 0030: 00 00 00 00 00 00 20 45 4f 45 42 46 44 45 42 45 ...... EOEBFDEBE > 0040: 42 43 41 43 41 43 41 43 41 43 41 43 41 43 41 43 BCACACACACACACAC > ... > > Is it what it supposed to handle? Looks like a valid ethernet frame to me; ff:ff:ff:ff:ff:ff - destination MAC addr (broadcast) 00:14:6c:2e:23:71 - source MAC addr 0800 - protocol (IP) 45 00 - IPv4 00 4e - datagram length 17 4e 00 00 - ID, flags, frag offset 80 - TTL 11 - protocol (UDP) a0 c6 - header checksum c0 a8 00 3b - source IP: 192.168.0.59 c0 a8 00 ff - destination IP: 192.168.0.255 00 89 - source port 137 00 89 - destination port 137 00 3a - length b1 dc - UDP checksum ... - ... data So I'd say this is some Windows machine broadcasting NetBIOS crap around your network :-) Regards, Brian.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060519121256.GA13356>