Ethereal-users: RE: [ethereal-users] UDP broadcasts - what are these?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "McNutt, Justin M." <McNuttJ@xxxxxxxxxxxx>
Date: Tue, 25 Jul 2000 15:15:00 -0500
(In response to an old post).

Note the string "public" in the payload, which is the default read-only
string used by SNMP.  Coincidence?

--J

> -----Original Message-----
> From: Gerald Combs [mailto:gerald@xxxxxxxx]
> Sent: Sunday, June 04, 2000 11:24 AM
> To: John J. LeMay Jr.
> Cc: ethereal-users@xxxxxxxx
> Subject: Re: [ethereal-users] UDP broadcasts - what are these?
> 
> 
> On Sun, 4 Jun 2000, John J. LeMay Jr. wrote:
> 
> > Can anyone help me identify the following?
> > 
> > My Mandrake 7.0 (2.2.14) machine is equipped with a 
> eepro100 adapter. I am
> > seeing a continuous series of UDP packets being bradcast 
> from this machine.
> > Packets are being sent from my machine at 192.168.1.1:1069 
> (logan) to
> > 255.255.255.255:5456. 
> 
> The port numbers list at
> http://www.isi.edu/in-notes/iana/assignments/port-numbers lists port
> 5456 as belonging to 'apc-tcp-udp-6', followed by a contact address at
> APC, the UPS manufacturer.  Are you running any sort of UPS software?
> 
> The unchanging source port indicates that a process is 
> hanging around with
> the socket open.  If you have 'lsof' or 'fuser' installed, 
> you should be
> able to track it down with 'lsof -i udp:1069' or 'fuser -n 
> udp 1069'.  I
> believe newer versions of 'netstat' under Linux can also show 
> the PID of
> each socket's owner.
> 
> > 
> > TCPDUMP shows the packets as:
> > 
> > 11:35:42.119078 logan.1069 > 255.255.255.255.5456: udp 256
> > 11:35:47.373467 logan.1069 > 255.255.255.255.5456: udp 256
> > 
> > I captured the payload using Ethereal:
> > 
> > 0000  ff ff ff ff ff ff 00 d0  b7 1d d8 6c 08 00 45 00   
> ........ ...l..E. 
> > 0010  01 1c bf 2b 00 00 40 11  f8 ca c0 a8 01 33 ff ff   
> ...+..@. .....3.. 
> > 0020  ff ff 04 2d 15 50 01 08  72 f1 30 33 31 7c 31 7c   
> ...-.P.. r.031|1| 
> > 0030  70 75 62 6c 69 63 7c 39  7c 33 31 36 37 33 7c 30   
> public|9 |31673|0 
> > 0040  7c 30 7c 32 30 31 30 7e  7c 00 d8 23 35 08 00 00   
> |0|2010~ |..#5... 
> > 0050  00 00 03 00 00 00 18 00  00 00 18 00 00 00 60 98   
> ........ ......`. 
> > 0060  29 00 00 00 00 00 03 00  00 00 18 00 00 00 18 00   
> )....... ........ 
> > 0070  00 00 60 98 29 00 38 f5  ff bf ca b1 20 00 04 7a   
> ..`.).8. .......z 
> > 0080  19 00 14 00 00 00 18 8f  18 00 30 fa 27 08 38 d5   
> ........ ..0.'.8. 
> > 0090  38 08 18 34 3c 08 4c f5  ff bf 44 f5 ff bf 30 fa   
> 8..4<.L. ..D...0. 
> > 00a0  27 08 08 6d 39 08 40 4a  31 08 b8 48 31 08 98 49   
> '..m9.@J 1..H1..I 
> > 00b0  31 08 84 f5 ff bf 96 8a  08 08 84 f5 ff bf d0 8a   
> 1....... ........ 
> > 00c0  08 08 f0 2f 39 08 08 6d  39 08 40 4a 31 08 b8 48   
> .../9..m 9.@J1..H 
> > 00d0  31 08 38 f6 ff bf 08 6d  39 08 44 cd 09 08 c0 34   
> 1.8....m 9.D....4 
> > 00e0  3c 08 08 6d 39 08 88 f5  ff bf 6b 69 08 08 98 49   
> <..m9... ..ki...I 
> > 00f0  31 08 40 4a 31 08 b8 f5  ff bf 3f c0 09 08 b0 49   
> 1.@J1... ..?....I 
> > 0100  31 08 40 4a 31 08 8c bf  09 08 38 f6 ff bf 5c 69   
> 1.@J1... ..8...\i 
> > 0110  08 08 90 89 08 08 c0 64  08 08 54 c8 09 08 e8 4a   
> .......d ..T....J 
> > 0120  31 08 00 00 00 00 d4 f5  ff bf                     
> 1....... ..       
> > 
> > 
> > John LeMay Jr.
> > Senior Enterprise Consultant
> > NJMC, LLC.
> > 
> > The rules have changed... Get paid to surf the web!!!
> > http://www.alladvantage.com/go.asp?refid=bdc893
> > 
>