tcpdump question: what do 'sap' and 'moprc' packets mean ?

tcpdump question: what do 'sap' and 'moprc' packets mean ?

Post by Ron » Wed, 13 Aug 1997 04:00:00



Hi All,

While running tcpdump, I'm receiving output like the following.
I can't figure out what 'sap' and 'moprc' means.
Can anyone illuminate what these packets are ?

TIA,
Ron.

---------------------------------------------------
09:30:50.722496 0:60:b0:51:6c:45 > ff:ff:ff:ff:ff:ff sap e0 ui/C len=96
                         ffff 0000 0000 0000 0000 ffff ffff ffff
                         0404 0000 0000 0000 b0b0 6c6c 0404 0000
                         0303 3030 3636 4242 3535 3636 3434 3838
                         4343 4c
09:30:51.203664 8:0:9:d0:1b:5c > ff:ff:ff:ff:ff:ff sap e0 ui/C len=96
                         ffff 0000 0000 0000 0000 ffff ffff ffff
                         0404 0000 0000 0808 0909 1b1b 0404 0000
                         0303 3030 3030 3030 4444 3131 3535 3838
                         4343 4c
09:30:55.587808 0:c0:26:38:a0:de > ff:ff:ff:ff:ff:ff sap e0 ui/C len=43
                         ffff 0000 0000 0000 0000 ffff ffff ffff
                         0404 0000 0000 0000 2626 a0a0 4040 0000
                         0000 2020 2020 2020 2020 20
09:34:07.947952 8:0:2b:e5:9d:6d ab:0:0:2:0:0 moprc 34:
                         2000 0700 0000 0100 0304 0000 0200 0241
                         0064 0001 cb90 0101 0107 0006 0800 2be5
                         9d6d

 
 
 

tcpdump question: what do 'sap' and 'moprc' packets mean ?

Post by Jim Denn » Tue, 19 Aug 1997 04:00:00




Quote:> Hi All,
> While running tcpdump, I'm receiving output like the following.
> I can't figure out what 'sap' and 'moprc' means.
> Can anyone illuminate what these packets are ?
> TIA,
> Ron.

        I don't know about the moprc -- but the sap's are almost
        certainly IPX (Novell Netware) SAP (service advertising
        packets).  You should see  them about every 60 seconds from
        every Novell server, printer, router, etc, on the LAN.

        SAP's are the mechanism by which IPX/SPX works without
        things like DHCP, DNS, NIS/NIS+, etc.  Every device that
        provides a service periodically announces itself.  On
        small LAN's of 25 to 100 devices with only a handful of
        servers this works fine -- but in today's VLAN environments
        using TCP/IP (where segmenting often leads to subnetting)
        and with hundreds of servers -- you find that a significant
        portion of your available bandwidth can be consumed by SAP's
        -- particularly if you allow them to be routed.
--

Proprietor, Starshine Technical Services:  http://www.starshine.org

        Key fingerprint =  2524E3FEF0922A84  A27BDEDB38EBB95A

 
 
 

1. linux/tcpdump: 'sap' packets?

Hi!

I have a linux RH6 firewall setup on a telus (Calgary) ADSL hookup. While
digging deep in the accounting setup I noticed that tcpdump shows tons of
incoming packets, all alike:

...
00:56:34.085028 10:1f:8d:c8:64:0 sap 80 > 0:0:0:80:0:0 sap 14 I
(s=0,r=0,C) len=42
                         50bd f3b8 5480 0802 0014 0002 000f 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000
...

Does anyone know what they are and what I can do to clock them out in the
firewall input rules (ipchains)?

Thx,

  Rudolf

--

2. CD ROM - How to Eject?

3. WHat is the meaning of load average from 'rup','uptime'?

4. Multiple routes

5. command 'identify', what does the '=>' means

6. xdm

7. What means 'load average' when executing 'uptime' ?

8. Where can I d/l mini linux?

9. WHat is the meaning of load average from 'rup','uptime'?

10. What 'LOGIN-root' means in 'sulog'?

11. Ethereal on cygwin - 'which Packet.dll' and 'which wpcap.dll' ??

12. starting off a dos-smtp-''project''

13. Is e2label 'dangerous' when done on a 'live' file system?