Date: Mon, 21 Mar 2005 12:17:37 -0600 From: Dan Nelson <dnelson@allantgroup.com> To: "Edwin D. Vinas" <xmisoy@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: tcpdump question Message-ID: <20050321181737.GH5243@dan.emsphone.com> In-Reply-To: <36f5bbba0503211004b66957a@mail.gmail.com> References: <36f5bbba0503211004b66957a@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Mar 22), Edwin D. Vinas said: > I've run a tcpdump on my FreeBSD-5.3 machine which is connected via > DSL connection (with fix IP add) passing through a DSL modem. I see > the following weird output, and Im wondering where does the > "192.168.2.1" came from if I disconnected the LAN from my BSD > machine. > > 01:59:04.157465 IP 192.168.2.1 > ALL-SYSTEMS.MCAST.NET: igmp query v2 > 01:59:04.157587 IP 192.168.2.1 > ALL-SYSTEMS.MCAST.NET: igmp query v2 > 01:59:04.318834 IP 192.168.2.1 > RIP2-ROUTERS.MCAST.NET: igmp v2 report RIP2-ROUTERS.MCAST.NET > 01:59:04.318875 IP 192.168.2.1 > 239.255.255.250: igmp v2 report 239.255.255.250 > 01:59:28.374428 IP 192.168.2.1.1900 > 239.255.255.250.1900: UDP, length: 306 Do you maybe have a Windows XP machine on your network? port 1900 is Simple Service Discovery Protocol (SSDP), used by XP to discover routers. The igmp packets are probably doing the same thing. > Another one, is there a GUI to visualize properly the output of > tcpdump? I mean a GUI which can be run as separate X Window > application whose job is to tabulate and display the output of > tcpdump in a human-readable form. ethereal is a good one. You can either run it on tcpdump capture files, or let it capture packets itself. -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050321181737.GH5243>