BTW, there are some packets in the server capture (such as the first
two) with an IP protocol type of 0xe0; any idea what they are? (There
are also some SNAP packets with an OUI of 0x00000c, for Cisco, and a
protocol ID of 0x2004; does anybody know what *those* are?)
Looks like Dynamic Trunking Protocol multicast
http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a0080094713.shtml
says:
Cisco has a reserved range of Ethernet MAC and protocol addresses as
shown below. Each one will be covered later in this document, however, a
summary is presented in the table below for convenience.
Feature SNAP HDLC Protocol Type Destination Multicast MAC
Port Aggregation Protocol (PAgP) 0x0104 01-00-0c-cc-cc-cc
Spanning Tree PVSTP+ 0x010b 01-00-0c-cc-cc-cd
VLAN Bridge 0x010c 01-00-0c-cd-cd-ce
Unidirectional Link Detection (UDLD) 0x0111 01-00-0c-cc-cc-cc
Cisco Discovery Protocol 0x2000 01-00-0c-cc-cc-cc
Dynamic Trunking (DTP) 0x2004 01-00-0c-cc-cc-cc
STP Uplink Fast 0x200a 01-00-0c-cd-cd-cd
IEEE Spanning Tree 802.1d N/A - DSAP 42 SSAP 42 01-80-c2-00-00-00
Inter Switch Link (ISL) N/A 01-00-0c-00-00-00
VLAN Trunking (VTP) 0x2003 01-00-0c-cc-cc-cc
IEEE Pause, 802.3x N/A - DSAP 81 SSAP 80 01-80-C2-00-00-00>0F
The majority of Cisco control protocols use an IEEE 802.3 SNAP enc
--
John McDermott
Writer, Educator, Consultant
jjm@xxxxxxxxxx http://www.jkintl.com
V +1 505/377-6293 F +1 505/377-6313
