|
I am just on vacation at my parents place, and while doing some network maintenance, I came across these two mystery packets:
17:07:17.405771 IP 192.168.178.255 > 255.255.255.255: ip-proto-139 30 0x0000: 4500 0032 0003 0000 ff8b 8c57 c0a8 b2ff E..2.......W.... 0x0010: ffff ffff 0100 0200 0000 0000 0000 0000 ................ 0x0020: 0000 a2c0 d297 bcc3 6c40 1ad5 d0bf 382a ........l@....8* 0x0030: ab63 .c 17:07:17.406835 IP 192.168.178.255 > 255.255.255.255: ip-proto-139 30 0x0000: 4500 0032 0001 0000 ff8b 8c57 c0a8 b2ff E..2.......W.... 0x0010: ffff ffff 0100 0100 0000 0000 0000 0000 ................ 0x0020: 0000 1b3c 90a3 4ac1 50b7 930a b723 a181 ...<..J.P....#.. 0x0030: 431a C. A bit about the network: 3 PCs, 2 Macs running Leopard. Each Mac runs vmware with Windows XP. All the PCs run Windows XP. There is a "FritzBox" DSL router. Part of the network is wireless. Other then that, there isn't that much special about the network. The hosts run firewalls which are pretty much open locally. No idea so far why these packets show up. Kind of looks like they are corrupted netbios packets (port 139 > protocol 139?). But why broadcast like this? Please let us know if you have any ideas.
----- |
Johannes 4479 Posts ISC Handler Nov 20th 2007 |
| Thread locked Subscribe |
Nov 20th 2007 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
