[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: arp packet payload



Hello,

  I encountered similar data while wirless sniffing.

However, this is not an accidental uninitialized padding. These packets
are part of XP's Upnp service.

   -Russell

On Fri, 31 Oct 2003, sebastian wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> hi list,
>
> don't know wheater it's mentioned anywhere or old news but here we go:
>
> captured following arp packet last night:
>
> 00:44:36.309866 arp who-has 192.168.5.254 tell 192.168.5.164
> 0x0000   0001 0800 0604 0001 00c0 9f20 d3cd c0a8        ................
> 0x0010   05a4 0000 0000 0000 c0a8 05fe 4d2d 5345        ............M-SE
> 0x0020   4152 4348 202a 2048 5454 502f 312e             ARCH.*.HTTP/1.
>
> nice packet, but what makes me curious is the payload. where is it taken from?
> are there also passwords and other "secret" things, which may be
> unintentionally sent out to the.
> i think the source is a windows xp box.
>
> cheers
> sebastian
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.2 (OpenBSD)
>
> iD8DBQE/ohE3Yk9OrbAUXswRAuyIAJsHy5/DQwoAKqEX+56w/H2jJQYoXgCfST1e
> L5J+3WzSJZT+U1xjvGVZSMY=
> =xiGy
> -----END PGP SIGNATURE-----
>
>