Ethereal-dev: Re: [Ethereal-dev] Windows Message Box Packet --- Is it really IPv6 encapsulated

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Fri, 25 Feb 2005 14:13:09 +1100
Disable the TEREDO protocol and ethereal will dissect it properly as 
a DCE/RPC Messenger packet.




On Thu, 24 Feb 2005 14:41:18 -0500, Julian Grizzard <grizzard@xxxxxxxxx> wrote:
> Hi,
> 
> Attached is a packet we logged on our honeynet.  The packet seems to
> be a spam message that pops up a window on a MS Windows based machine
> with the spam advertisement.  Ethereal v. 0.10.3 attempts to decode
> the packet as an IPv6 packet encapsulated inside a UDP packet.  I
> believe this interpretation is wrong, but I am not sure.  Thoughts?
> 
> Note MAC addresses and IPv4 addresses have been anonymized.
> 
> -Julian
> 
> 
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev
> 
> 
> 
>