[Tfug] Weird info in a tcpdump
Brian Murphy
murphy at coppershadow.com
Sat Sep 1 10:56:10 MST 2007
Steven Bowers wrote:
> I'm doing some work for a local non-profit entity and came across
> something completely bizarre. While running tcpdump to look for
> something else I saw:
>
> #tcpdump -n -ttt -i fxp1
> Aug 30 22:52:55.989160 255.89.1.6 > 0.0.6: at-#6 25
> Aug 30 22:52:56.087302 255.89.1.6 > 0.0.6: at-#6 25
> Aug 30 22:52:56.185906 255.89.1.6 > 0.0.6: at-#6 25
> Aug 30 22:52:56.284358 255.89.1.6 > 0.0.6: at-#6 25
> Aug 30 22:52:56.382958 255.89.1.6 > 0.0.6: at-#6 25
>
> in the dump. It's unlike anything I have ever seen and the destination
> address, if you can call it that, makes no sense. Google has about a
> half dozen hits from others asking what is it, but no one responded.
> Has anyone here seen anything like it, or know what it is?
That is appletalk DDP. It looks weird because appletalk addresses are
different than IP addresses.
Brian
More information about the tfug
mailing list