Hello,
this:
Frame 8: 1150 bytes on wire (9200 bits), 1150 bytes captured (9200 bits) on interface 0 Interface id: 0 (\Device\NPF_{EB78E5CC-8C54-44E3-AF76-341489CAFF61}) Interface name: \Device\NPF_{EB78E5CC-8C54-44E3-AF76-341489CAFF61} Encapsulation type: Ethernet (1) Arrival Time: Jan 24, 2019 13:02:10.038214000 Mitteleuropäische Zeit [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1548331330.038214000 seconds [Time delta from previous captured frame: 0.001969000 seconds] [Time delta from previous displayed frame: 0.001969000 seconds] [Time since reference or first frame: 0.013085000 seconds] Frame Number: 8 Frame Length: 1150 bytes (9200 bits) Capture Length: 1150 bytes (9200 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:cpha] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: 00:00:00_00:fe:00 (00:00:00:00:fe:00), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Destination: Broadcast (ff:ff:ff:ff:ff:ff) Address: Broadcast (ff:ff:ff:ff:ff:ff) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: 00:00:00_00:fe:00 (00:00:00:00:fe:00) Address: 00:00:00_00:fe:00 (00:00:00:00:fe:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 0.0.0.0, Dst: 10.100.116.0 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1136 Identification: 0x0000 (0) Flags: 0x0000 0... .... .... .... = Reserved bit: Not set .0.. .... .... .... = Don't fragment: Not set ..0. .... .... .... = More fragments: Not set ...0 0000 0000 0000 = Fragment offset: 0 Time to live: 255 Protocol: UDP (17) Header checksum: 0x3919 [validation disabled] [Header checksum status: Unverified] Source: 0.0.0.0 Destination: 10.100.116.0 User Datagram Protocol, Src Port: 8116, Dst Port: 8116 Source Port: 8116 Destination Port: 8116 Length: 1116 Checksum: 0x1d12 [unverified] [Checksum Status: Unverified] [Stream index: 0] Check Point High Availability Protocol Magic Number: 0x1a90 Protocol Version: R77.30 64-bit (2921) Cluster Number: 3302 HA OpCode: FWHAP_SYNC - New Sync packet (10) Source Interface: 14 Random ID: 266 Source Machine ID: 0 Destination Machine ID: 65535 Policy ID: 9398 Filler: 0 Payload - FWHAP_SYNC - New Sync packet Data: 0003000200002c300000000000bbf0bd0000010181850013...
makes 70/Frame 8: 1150 bytes on wire (9200 bits), 1150 bytes captured (9200 bits) on interface 0 Interface id: 0 (\Device\NPF_{EB78E5CC-8C54-44E3-AF76-341489CAFF61}) Interface name: \Device\NPF_{EB78E5CC-8C54-44E3-AF76-341489CAFF61} Encapsulation type: Ethernet (1) Arrival Time: Jan 24, 2019 13:02:10.038214000 Mitteleuropäische Zeit [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1548331330.038214000 seconds [Time delta from previous captured frame: 0.001969000 seconds] [Time delta from previous displayed frame: 0.001969000 seconds] [Time since reference or first frame: 0.013085000 seconds] Frame Number: 8 Frame Length: 1150 bytes (9200 bits) Capture Length: 1150 bytes (9200 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:cpha] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: 00:00:00_00:fe:00 (00:00:00:00:fe:00), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Destination: Broadcast (ff:ff:ff:ff:ff:ff) Address: Broadcast (ff:ff:ff:ff:ff:ff) .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default) .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast) Source: 00:00:00_00:fe:00 (00:00:00:00:fe:00) Address: 00:00:00_00:fe:00 (00:00:00:00:fe:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 0.0.0.0, Dst: 10.100.116.0 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1136 Identification: 0x0000 (0) Flags: 0x0000 0... .... .... .... = Reserved bit: Not set .0.. .... .... .... = Don't fragment: Not set ..0. .... .... .... = More fragments: Not set ...0 0000 0000 0000 = Fragment offset: 0 Time to live: 255 Protocol: UDP (17) Header checksum: 0x3919 [validation disabled] [Header checksum status: Unverified] Source: 0.0.0.0 Destination: 10.100.116.0 User Datagram Protocol, Src Port: 8116, Dst Port: 8116 Source Port: 8116 Destination Port: 8116 Length: 1116 Checksum: 0x1d12 [unverified] [Checksum Status: Unverified] [Stream index: 0] Check Point High Availability Protocol Magic Number: 0x1a90 Protocol Version: R77.30 64-bit (2921) Cluster Number: 3302 HA OpCode: FWHAP_SYNC - New Sync packet (10) Source Interface: 14 Random ID: 266 Source Machine ID: 0 Destination Machine ID: 65535 Policy ID: 9398 Filler: 0 Payload - FWHAP_SYNC - New Sync packet Data: 0003000200002c300000000000bbf0bd0000010181850013
is making 70% of traffic in a PLC network.
My question ....what is the source of that traffic?
Thanks
Sebastian
