unknown (for me) traffic

asked 2019-01-24 14:03:55 +0000

shess
1 ●1 ●1 ●1

updated 2019-01-24 14:35:55 +0000

grahamb

flag of United Kingdom of Great Britain and Northern Ireland

23790 ●4 ●950 ●227 https://www.wireshark.org

Hello,

this:

Frame 8: 1150 bytes on wire (9200 bits), 1150 bytes captured (9200 bits) on interface 0
    Interface id: 0 (\Device\NPF_{EB78E5CC-8C54-44E3-AF76-341489CAFF61})
        Interface name: \Device\NPF_{EB78E5CC-8C54-44E3-AF76-341489CAFF61}
    Encapsulation type: Ethernet (1)
    Arrival Time: Jan 24, 2019 13:02:10.038214000 Mitteleuropäische Zeit
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1548331330.038214000 seconds
    [Time delta from previous captured frame: 0.001969000 seconds]
    [Time delta from previous displayed frame: 0.001969000 seconds]
    [Time since reference or first frame: 0.013085000 seconds]
    Frame Number: 8
    Frame Length: 1150 bytes (9200 bits)
    Capture Length: 1150 bytes (9200 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:udp:cpha]
    [Coloring Rule Name: UDP]
    [Coloring Rule String: udp]
Ethernet II, Src: 00:00:00_00:fe:00 (00:00:00:00:fe:00), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
    Destination: Broadcast (ff:ff:ff:ff:ff:ff)
        Address: Broadcast (ff:ff:ff:ff:ff:ff)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
    Source: 00:00:00_00:fe:00 (00:00:00:00:fe:00)
        Address: 00:00:00_00:fe:00 (00:00:00:00:fe:00)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 0.0.0.0, Dst: 10.100.116.0
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 1136
    Identification: 0x0000 (0)
    Flags: 0x0000
        0... .... .... .... = Reserved bit: Not set
        .0.. .... .... .... = Don't fragment: Not set
        ..0. .... .... .... = More fragments: Not set
        ...0 0000 0000 0000 = Fragment offset: 0
    Time to live: 255
    Protocol: UDP (17)
    Header checksum: 0x3919 [validation disabled]
    [Header checksum status: Unverified]
    Source: 0.0.0.0
    Destination: 10.100.116.0
User Datagram Protocol, Src Port: 8116, Dst Port: 8116
    Source Port: 8116
    Destination Port: 8116
    Length: 1116
    Checksum: 0x1d12 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 0]
Check Point High Availability Protocol
    Magic Number: 0x1a90
    Protocol Version: R77.30 64-bit (2921)
    Cluster Number: 3302
    HA OpCode: FWHAP_SYNC - New Sync packet (10)
    Source Interface: 14
    Random ID: 266
    Source Machine ID: 0
    Destination Machine ID: 65535
    Policy ID: 9398
    Filler: 0
    Payload - FWHAP_SYNC - New Sync packet
        Data: 0003000200002c300000000000bbf0bd0000010181850013...

is making 70% of traffic in a PLC network.

My question ....what is the source of that traffic?

Thanks

Sebastian

edit retag flag offensive close merge delete

add a comment

unknown (for me) traffic

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

unknown (for me) traffic edit

1 Answer

Comments