Re: arp packet payload
From: Russell Harding (hardingr_at_cunap.com)
Date: 10/31/03
- Previous message: Bram Matthys (Syzop): "Re: arp packet payload"
- Maybe in reply to: Bram Matthys (Syzop): "Re: arp packet payload"
- Next in thread: Dave Korn: "Re: arp packet payload"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 31 Oct 2003 15:42:21 -0700 (MST) To: sebastian <reitenba@fh-brandenburg.de>
Hello,
I encountered similar data while wirless sniffing.
However, this is not an accidental uninitialized padding. These packets
are part of XP's Upnp service.
-Russell
On Fri, 31 Oct 2003, sebastian wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> hi list,
>
> don't know wheater it's mentioned anywhere or old news but here we go:
>
> captured following arp packet last night:
>
> 00:44:36.309866 arp who-has 192.168.5.254 tell 192.168.5.164
> 0x0000 0001 0800 0604 0001 00c0 9f20 d3cd c0a8 ................
> 0x0010 05a4 0000 0000 0000 c0a8 05fe 4d2d 5345 ............M-SE
> 0x0020 4152 4348 202a 2048 5454 502f 312e ARCH.*.HTTP/1.
>
> nice packet, but what makes me curious is the payload. where is it taken from?
> are there also passwords and other "secret" things, which may be
> unintentionally sent out to the.
> i think the source is a windows xp box.
>
> cheers
> sebastian
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (OpenBSD)
>
> iD8DBQE/ohE3Yk9OrbAUXswRAuyIAJsHy5/DQwoAKqEX+56w/H2jJQYoXgCfST1e
> L5J+3WzSJZT+U1xjvGVZSMY=
> =xiGy
> -----END PGP SIGNATURE-----
>
>
- Previous message: Bram Matthys (Syzop): "Re: arp packet payload"
- Maybe in reply to: Bram Matthys (Syzop): "Re: arp packet payload"
- Next in thread: Dave Korn: "Re: arp packet payload"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
