Can some one explain the output of this tcpdump command

(output of tcpdump -s 0 -nv).

Each line need to be explained what it means

15:53:29.820318 arp who-has 213.203.210.22 tell 213.203.210.1
15:55:08.427549 802.1d config 8000.00:30:ab:25:09:49.800f root
8000.00:30:ab:25:09:49 pathcost 0 age 0 max 20 hello 2 fdelay 15
15:56:25.581614 213.203.194.125.138 > 213.203.194.255.138: [udp sum ok]
NBT UDP PACKET(138) (ttl 128, id 34667, len 239)
15:56:28.004868 72.25.72.3.32952 > 213.131.229.150.161: [udp sum ok]  {
SNMPv3 { F=r } { USM B=0 T=0 U= } { ScopedPDU E=  C= { GetRequest(14)
R=1210222193 } } }  (DF) (ttl 52, id 0, len 92)
LVL 10
gg234Asked:
Who is Participating?
 
grsteedCommented:
I'll give it a shot

15:53:29.820318 arp who-has 213.203.210.22 tell 213.203.210.1
This is an ARP broadcast from 213.203.210.1 (Server/router) looking for the MAC address from 213.203.210.22

15:55:08.427549 802.1d config 8000.00:30:ab:25:09:49.800f root
8000.00:30:ab:25:09:49 pathcost 0 age 0 max 20 hello 2 fdelay 15
This is from STP (Spanning Tree Protocol - 802.1d) probably part of the root switch election/update process.

15:56:25.581614 213.203.194.125.138 > 213.203.194.255.138: [udp sum ok]
NBT UDP PACKET(138) (ttl 128, id 34667, len 239)
This is a NetBios broadcast from 213.203.194.125 on port 138 (NetBIOS Datagram) Could be part of the Computer Browser Service.

15:56:28.004868 72.25.72.3.32952 > 213.131.229.150.161: [udp sum ok]  {
SNMPv3 { F=r } { USM B=0 T=0 U= } { ScopedPDU E=  C= { GetRequest(14)
R=1210222193 } } }  (DF) (ttl 52, id 0, len 92)
This is an SNMP request from 72.25.72.3 (possibly a network management server) making an information request (GET) to 213.131.229.150


Hope this helps.

Gary


0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.