tcpdump question
Dan Nelson
dnelson at allantgroup.com
Mon Mar 21 10:17:38 PST 2005
In the last episode (Mar 22), Edwin D. Vinas said:
> I've run a tcpdump on my FreeBSD-5.3 machine which is connected via
> DSL connection (with fix IP add) passing through a DSL modem. I see
> the following weird output, and Im wondering where does the
> "192.168.2.1" came from if I disconnected the LAN from my BSD
> machine.
>
> 01:59:04.157465 IP 192.168.2.1 > ALL-SYSTEMS.MCAST.NET: igmp query v2
> 01:59:04.157587 IP 192.168.2.1 > ALL-SYSTEMS.MCAST.NET: igmp query v2
> 01:59:04.318834 IP 192.168.2.1 > RIP2-ROUTERS.MCAST.NET: igmp v2 report RIP2-ROUTERS.MCAST.NET
> 01:59:04.318875 IP 192.168.2.1 > 239.255.255.250: igmp v2 report 239.255.255.250
> 01:59:28.374428 IP 192.168.2.1.1900 > 239.255.255.250.1900: UDP, length: 306
Do you maybe have a Windows XP machine on your network? port 1900 is
Simple Service Discovery Protocol (SSDP), used by XP to discover
routers. The igmp packets are probably doing the same thing.
> Another one, is there a GUI to visualize properly the output of
> tcpdump? I mean a GUI which can be run as separate X Window
> application whose job is to tabulate and display the output of
> tcpdump in a human-readable form.
ethereal is a good one. You can either run it on tcpdump capture
files, or let it capture packets itself.
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-questions
mailing list