Re: arp packet payload

From: Russell Harding (hardingr_at_cunap.com)
Date: 10/31/03

  • Next message: Patryk Chmielewski: "Re: SunOS/Solaris malloc"
    Date: Fri, 31 Oct 2003 15:42:21 -0700 (MST)
    To: sebastian <reitenba@fh-brandenburg.de>
    
    

    Hello,

      I encountered similar data while wirless sniffing.

    However, this is not an accidental uninitialized padding. These packets
    are part of XP's Upnp service.

       -Russell

    On Fri, 31 Oct 2003, sebastian wrote:

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > hi list,
    >
    > don't know wheater it's mentioned anywhere or old news but here we go:
    >
    > captured following arp packet last night:
    >
    > 00:44:36.309866 arp who-has 192.168.5.254 tell 192.168.5.164
    > 0x0000 0001 0800 0604 0001 00c0 9f20 d3cd c0a8 ................
    > 0x0010 05a4 0000 0000 0000 c0a8 05fe 4d2d 5345 ............M-SE
    > 0x0020 4152 4348 202a 2048 5454 502f 312e ARCH.*.HTTP/1.
    >
    > nice packet, but what makes me curious is the payload. where is it taken from?
    > are there also passwords and other "secret" things, which may be
    > unintentionally sent out to the.
    > i think the source is a windows xp box.
    >
    > cheers
    > sebastian
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.2.2 (OpenBSD)
    >
    > iD8DBQE/ohE3Yk9OrbAUXswRAuyIAJsHy5/DQwoAKqEX+56w/H2jJQYoXgCfST1e
    > L5J+3WzSJZT+U1xjvGVZSMY=
    > =xiGy
    > -----END PGP SIGNATURE-----
    >
    >


  • Next message: Patryk Chmielewski: "Re: SunOS/Solaris malloc"