Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) Re: NetBios Filters
> Then I used the debug method to determine the packet that causes the
> dial-out (debug mode/wdd). It looked like:
>
> WD_DIALOUT_DISP: chunk 25B6DE type OLD-STYLE-PADDED.
> : 44 octets @ 2864A8
>
> 00 C0 7B 5C DD A7 destination MAC
> 00 00 C0 D3 9D AD source MAC
> 08 00 type IP
> 45 00 00 2C 8B 54 ???
> 40 00 1F 06 13 B1 ???
> FF D9 61 12 149.xxx.97.18 <NT host>
> FF D9 30 02 149.xxx.48.2 <DNS name server>
> 06 C8 00 6E 2E CC ???
> 4F 59 00 00 ???
This can be fully decoded, either by reading the RFCs or a book like
TCP Illustrated, Volume 1 by W. Richard Stevens.
Ethernet header
00 C0 7B 5C DD A7 00 00 C0 D3 9D AD 08 00
^ ^ ^
| | + EtherType 0800 = Internet IP (IPv4)
| + src hardware address 00 00 C0 = Western Digital
+ dst hardware address 00 C0 7B = Ascend
IP header
45 00 00 2C 8B 54 40 00 1F 06 13 B1 FF D9 61 12 FF D9 30 02
^^ ^ ^ ^ ^ ^ ^ ^ ^ ^
|| | | | | | | | | + IP dst address
|| | | | | | | | + IP src address
|| | | | | | | + IP header checksum
|| | | | | | + IP protocol 6 = TCP
|| | | | | + IP TTL
|| | | | + IP flags 4 = don't fragment + fragment offset
|| | | + IP identification
|| | + IP total length (8-bit bytes) 44
|| + IP Type of Service
|+ IP header length (32-bit words)
+ IP version
TCP header [partial]
06 C8 00 6E 2E CC 4F 59 00 00 .. .. .. .. .. .. .. .. .. .. .. .. .. ..
^ ^ ^ ^
| | | + TCP ack number [partial]
| | + TCP sequence number
| + TCP dst port 110 = pop3, Post Office Protocol - Version 3
+ TCP src port 1736
In this case the packet that brought up the link appears to have been
an attempt to access a remote mailbox using POP (Eudora and Netscape
both support POP3 and can be configured to periodically check the mailbox
for new mail).
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>