Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 5 Jun 2000 01:01:11 +0100
From:      Ben Smithurst <ben@scientia.demon.co.uk>
To:        questions@FreeBSD.org
Subject:   corrupt duplicates with tcpdump + broadcast address
Message-ID:  <20000605010111.D42325@strontium.scientia.demon.co.uk>
next in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
Can someone give a likely explanation of what could case this:

00:48:19.321320 ff:ff:ff:ff:0:e0 2:0:0:0:ff:ff 7d81 102: 
			 749d 0800 4500 0054 a32d 0000 ff01 e0d6
			 c0a8 5b24 c0a8 5b2f 0800 aeb4 0e3e 0000
			 c3ea 3a39 4de6 0400 0809 0a0b 0c0d 0e0f
			 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f
			 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f
			 3031 3233 3435 3637
00:48:19.321356 0:e0:7d:81:74:9d ff:ff:ff:ff:ff:ff 0800 98: 192.168.91.36 > 192.168.91.47: icmp: echo request
			 4500 0054 a32d 0000 ff01 e0d6 c0a8 5b24
			 c0a8 5b2f 0800 aeb4 0e3e 0000 c3ea 3a39
			 4de6 0400 0809 0a0b 0c0d 0e0f 1011 1213
			 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
			 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
			 3435 3637

The second packet is what I actually sent: an echo request to my LAN's
broadcast address.  Can anyone explain where the junk before the first
packet has come from?  The packet is just a copy of the real packet but
with the four bytes "02 00 00 00" added to the front (tcpdump hides
this slightly by printing the source ethernet address first, though the
destination address is first in the ethernet header).  This bogus packet
doesn't appear if I run tcpdump on another host (i.e. the packet isn't
on the wire), which is what I'd expected (I've noticed it's normal for
broadcast packets to show twice on the source host, but this time it
just has some junk in front).

This is on a 4.0-stable machine, it also happens on 5.0-current.  The raw
dump file is attached.

-- 
Ben Smithurst / ben@scientia.demon.co.uk / PGP: 0x99392F7D

[-- Attachment #2 --]
ò:9(ff}tET-[$[/>:9M	

 !"#$%&'()*+,-./01234567:9Lbb}tET-[$[/>:9M	

 !"#$%&'()*+,-./01234567:9d	ff}tET.[$[/>:9:		

 !"#$%&'()*+,-./01234567:9	bb}tET.[$[/>:9:		

 !"#$%&'()*+,-./01234567:9z0ff}tET/[$[/j>:9U0	

 !"#$%&'()*+,-./01234567:90bb}tET/[$[/j>:9U0	

 !"#$%&'()*+,-./01234567

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000605010111.D42325>