Ethereal-users: [Ethereal-users] UDP Packets everywhere
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
Date: Wed, 1 Jun 2005 12:01:31 +1000
Hi all.. I am new to Ethereal so please excuse my lack of knowledge. I am also unsure if this is the right list for this kind of question, if not can someone point me in the right direction??
A slow network lead me to install Ethereal and see if it could find the problem. When I did the first capture I saw 70% UDP packets all of which looked like the following:-
Source : 10.0.xxx.xxx (most PCs on our network)
Destination : 232.47.16.89 (always)
Protocol : UDP
Source port : 1117 (appears to be random, not always 1117)
Destination port : 47713 (always)
Length 71
Can anyone help? I have slowed it a bit by implementing filtering on our switch but while that stops the broadcasts it still slows the PCs. No viruses or spyware found either.
I have attached a text file with 2 packets exported from Ethereal.
Thanks
Paul ***************************************************************** "This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of Bathurst Regional Council, unless otherwise stated. For the purposes of the Copyright Act, the permission of the holder of copyright in this communication may be taken to have been granted, unless stated otherwise, for the copying or forwarding of this message, as long as both the content of this communication and the purpose for which it is copied or forwarded are work related." *****************************************************************
No. Time Source Destination Protocol Info
6470 476.588043 10.0.200.173 232.47.16.89 UDP Source port: 1124 Destination port: 47713
Frame 6470 (105 bytes on wire, 105 bytes captured)
Arrival Time: Jun 1, 2005 08:09:57.864801000
Time delta from previous packet: 0.054458000 seconds
Time since reference or first frame: 476.588043000 seconds
Frame Number: 6470
Packet Length: 105 bytes
Capture Length: 105 bytes
Protocols in frame: eth:ip:udp:data
Ethernet II, Src: 00:0e:7f:74:d1:10, Dst: 01:00:5e:2f:10:59
Destination: 01:00:5e:2f:10:59 (01:00:5e:2f:10:59)
Source: 00:0e:7f:74:d1:10 (10.0.200.173)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.0.200.173 (10.0.200.173), Dst Addr: 232.47.16.89 (232.47.16.89)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 91
Identification: 0xa3dc (41948)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x0b80 (correct)
Source: 10.0.200.173 (10.0.200.173)
Destination: 232.47.16.89 (232.47.16.89)
User Datagram Protocol, Src Port: 1124 (1124), Dst Port: 47713 (47713)
Source port: 1124 (1124)
Destination port: 47713 (47713)
Length: 71
Checksum: 0x2034 (correct)
Data (63 bytes)
0000 01 00 5e 2f 10 59 00 0e 7f 74 d1 10 08 00 45 00 ..^/.Y...t....E.
0010 00 5b a3 dc 00 00 40 11 0b 80 0a 00 c8 ad e8 2f .[....@......../
0020 10 59 04 64 ba 61 00 47 20 34 3f 00 7a c8 7a 76 .Y.d.a.G 4?.z.zv
0030 f5 16 7e 83 3a 6a af 75 fb 3e ac 24 a5 89 8a 97 ..~.:j.u.>.$....
0040 33 1b 39 89 72 ad c3 7f 1a 53 81 bc 6c 9f 1f 71 3.9.r....S..l..q
0050 f5 f2 cc 7b 3a 5a 53 59 0c a2 32 00 bb f7 77 4d ...{:ZSY..2...wM
0060 b8 ce bc cd 55 2d 82 2c 12 ....U-.,.
No. Time Source Destination Protocol Info
6494 478.304270 10.0.200.91 232.47.16.89 UDP Source port: 1129 Destination port: 47713
Frame 6494 (92 bytes on wire, 92 bytes captured)
Arrival Time: Jun 1, 2005 08:09:59.581028000
Time delta from previous packet: 0.041803000 seconds
Time since reference or first frame: 478.304270000 seconds
Frame Number: 6494
Packet Length: 92 bytes
Capture Length: 92 bytes
Protocols in frame: eth:ip:udp:data
Ethernet II, Src: 00:0c:76:fd:02:7f, Dst: 01:00:5e:2f:10:59
Destination: 01:00:5e:2f:10:59 (01:00:5e:2f:10:59)
Source: 00:0c:76:fd:02:7f (10.0.200.91)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.0.200.91 (10.0.200.91), Dst Addr: 232.47.16.89 (232.47.16.89)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 78
Identification: 0xc8b6 (51382)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xe704 (correct)
Source: 10.0.200.91 (10.0.200.91)
Destination: 232.47.16.89 (232.47.16.89)
User Datagram Protocol, Src Port: 1129 (1129), Dst Port: 47713 (47713)
Source port: 1129 (1129)
Destination port: 47713 (47713)
Length: 58
Checksum: 0xefe6 (correct)
Data (50 bytes)
0000 01 00 5e 2f 10 59 00 0c 76 fd 02 7f 08 00 45 00 ..^/.Y..v.....E.
0010 00 4e c8 b6 00 00 40 11 e7 04 0a 00 c8 5b e8 2f .N....@......[./
0020 10 59 04 69 ba 61 00 3a ef e6 32 00 7a cd 7a 76 .Y.i.a.:..2.z.zv
0030 f5 14 7e 83 89 ad a7 e7 c4 27 2b 55 24 33 e1 da ..~......'+U$3..
0040 cd 0f fe 98 4a 46 62 78 18 2f 39 c7 48 65 85 f0 ....JFbx./9.He..
0050 ab ed e5 ff 4a c1 ff 7a 03 2a 4b e0 ....J..z.*K.
- Prev by Date: Re: [Ethereal-users] lan configuration for ethereal
- Next by Date: Re: [Ethereal-users] UDP Packets everywhere
- Previous by thread: [Ethereal-users] Run time problem with 10.11
- Next by thread: Re: [Ethereal-users] UDP Packets everywhere
- Index(es):