[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

tcpdump fields Y: G: and C:

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: tcpdump fields Y: G: and C:
From: Jason Houx <coldiso_(_at_)_houx_(_dot_)_org>
Date: Thu, 5 Sep 2002 16:33:07 -0400 (EDT)

Hi list,

	I was wondering if anyone on this list could enlighten me as to 
what tcpdump fields Y: G: and C: are.  I am assuming that G: is gateway.  
The other 2 I can't really figure out.  They seem to come accross in a 
bootp packet.  

<snip>
Sep 05 14:12:24.027007 rule 8/0(match): block in on rl0: 10.45.160.1.67 > 
255.255.255.255.68:  xid:0x8f255815 flags:0x8000 Y:24.123.225.84 
G:10.45.160.1 ether 0:90:83:6d:7c:b6 [|bootp] (ttl 255, id 14343)
Sep 05 14:18:49.767267 rule 8/0(match): block in on rl0: 10.45.160.1.67 > 
255.255.255.255.68:  xid:0x921da65f flags:0x8000 Y:24.210.151.45 
G:10.45.160.1 ether 0:2:e3:17:9c:cf [|bootp] (ttl 255, id 14527)
Sep 05 14:18:49.830373 rule 8/0(match): block in on rl0: 10.45.160.1.67 > 
255.255.255.255.68:  xid:0x921da65f flags:0x8000 Y:24.210.151.45 
G:10.45.160.1 ether 0:2:e3:17:9c:cf [|bootp] (ttl 255, id 14529)
Sep 05 14:21:45.936688 rule 8/0(match): block in on rl0: 10.45.160.1.67 > 
255.255.255.255.68:  xid:0x837c10c flags:0x8000 Y:24.123.225.84 
G:10.45.160.1 ether 0:90:83:6d:7c:b6 [|bootp] (ttl 255, id 14653)
Sep 05 14:21:48.905020 rule 8/0(match): block in on rl0: 10.45.160.1.67 > 
255.255.255.255.68:  xid:0x837c10c flags:0x8000 Y:24.123.225.84 
G:10.45.160.1 ether 0:90:83:6d:7c:b6 [|bootp] (ttl 255, id 14655)
Sep 05 14:21:55.936422 rule 8/0(match): block in on rl0: 10.45.160.1.67 > 
255.255.255.255.68:  xid:0x837c10c flags:0x8000 Y:24.123.225.84 
G:10.45.160.1 ether 0:90:83:6d:7c:b6 [|bootp] (ttl 255, id 14663)
Sep 05 14:22:10.903688 rule 8/0(match): block in on rl0: 10.45.160.1.67 > 
255.255.255.255.68:  xid:0x837c10c flags:0x8000 Y:24.123.225.84 
G:10.45.160.1 ether 0:90:83:6d:7c:b6 [|bootp] (ttl 255, id 14671)
Sep 05 14:23:32.123297 rule 8/0(match): block in on rl0: 10.45.160.1.67 > 
255.255.255.255.68:  xid:0x6f443322 flags:0x8000 C:24.145.154.224 
Y:24.145.154.224 G:10.45.160.1 ether 0:1:2:8e:a3:81 [|bootp] (ttl 255, id 
14709)

</snip>

My guess is this is a DHCP lease/renewal that i am blocking from my 
provider ;)  but i would like someone to confirm this, and explain Y: and 
G:

Thanks in advance

Jason Houx

Follow-Ups:
- Re: tcpdump fields Y: G: and C:
  - From: Jason Houx

Prev by Date: Re: secure pop or imap server
Next by Date: Re: tcpdump fields Y: G: and C:
Previous by thread: Re: portmap
Next by thread: Re: tcpdump fields Y: G: and C:
Index(es):
- Date
- Thread

Visit your host, monkey.org