('binary' encoding is not supported, stored as-is) In-Reply-To: <20020823131552.871DE3951at_private> Hey Seren, looks like you have the tcpdump file of the happening. In this case u should look not for the IPs but for the MAC. I had a case like this and all the IPs had the same MAC. So take for exemple "ettercap" in file offline mode and sniff only in MAC mode. Might be that clear up something. Will Tell <20020823131552.871DE3951at_private> > >Hello all, > >I've had this same pattern of traffic appear inside my network on four different occasions and I've found no answer as to what it is, I'm hoping someone here has seen something similar. > >This always happens over the midnight hour. The only things that vary are the length of time and number of different destination IPs. The destinations are always #.0.1.15. The source is usually 218 or 65.0.1.0, but always #.0.1.0. The packet data is always the same. > >Samples follow. Any thoughts are greatly appreciated. > >Thanks! > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Aug 23 2002 - 12:59:39 PDT