current-users: Strange packets on local ethernet

Subject: Strange packets on local ethernet
To: None <current-users@sun-lamp.cs.berkeley.edu>
From: Michael Graff <explorer@vorpal.com>
List: current-users
Date: 05/24/1994 18:20:45
My net config has a slip line from campus to home, with three NetBSD-currentish
machines on the local side.  I was playing with network protocols and used
tcpdump to see what was going on today, and I happened upon some strange (at
least to me) packets:

18:15:52.198994 0:d0:8e:95:0:0 2:0:0:0:45:0 4011 198: 
                         cf78 c685 c704 c685 c7ff 0201 0201 00bc
                         f5f3 0101 0000 2de2 8aa8 0000 0000 7061
                         636b 7261 7400 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0003 0000 0002 0000 0000 7667
                         6100 0000 0000 6578 706c 6f72 6572 2de2
                         4d27 0000 0000 7474 7970 3000 0000 6578
                         706c 6f72 6572 2de2 4e40 0000 056f 7474
                         7970 3100 0000 6578 706c 6f72 6572 2de2
                         5284 0000 000b 7474 7970 3200 0000 6578
                         706c 6f72 6572 2de2 7ae0 0000 016a 7474
                         7970 3500 0000 6578 706c 6f72 6572 2de2
                         6e48 0000 0461
18:18:52.919020 0:d0:8e:9e:0:0 2:0:0:0:45:0 4011 198: 
                         cf6f c685 c704 c685 c7ff 0201 0201 00bc
                         f328 0101 0000 2de2 8b5c 0000 0000 7061
                         636b 7261 7400 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0007 0000 0003 0000 0001 0000 0000 7667
                         6100 0000 0000 6578 706c 6f72 6572 2de2
                         4d27 0000 0000 7474 7970 3000 0000 6578
                         706c 6f72 6572 2de2 4e40 0000 0623 7474
                         7970 3100 0000 6578 706c 6f72 6572 2de2
                         5284 0000 0000 7474 7970 3200 0000 6578
                         706c 6f72 6572 2de2 7ae0 0000 021e 7474
                         7970 3500 0000 6578 706c 6f72 6572 2de2
                         6e48 0000 0515
18:18:55.890284 1:28:8e:a3:0:0 2:0:0:0:45:0 4011 286: 
                         cf12 c685 c704 c685 c7ff 020d 020d 0114
                         4bda 1801 d868 0a6f 7270 616c 2e63 7061
                         636b 7261 742e 766f 7270 616c 2e63 6f6d
                         0000 0700 0000 12bf 0010 6070 0110 0000
                         0710 c0d0 0110 18a3 0610 55da 0610 5fbf
                         0010 12bf 0010 6070 0110 0000 0710 c0d0
                         0110 78a9 0610 bcde 0610 5f70 0110 1000
                         0000 88d4 0610 507d 0610 789a 0610 c0d0
                         0110 0000 0000 3cda bff7 f1c2 0010 2803
                         0710 2803 0710 b41e 0610 6000 0710 2803
                         0710 ecdb bff7 789a 0610 3300 0000 afde
                         0610 c0d0 0110 6cda bff7 6cb0 0010 2803
                         0710 3300 0000 ecdb bff7 c8db bff7 6cda
                         bff7 6cda bff7 6000 0710 94da bff7 6c6e
                         0710 88da bff7 8cda bff7 b41e 0610 7e88
                         0410 0100 0000 0000 0000 88da bff7 0000
                         0000 0000 0000 40df bff7 0000 0000 a0da
                         bff7 1277 0000 0000 0000 0000 0000

Now, the real questions is, what the hell are these?  I don't think the
slip iface can route these to me (since it checks for AF_INET and rejects
all others in the code) but I can't see where these would be coming from
if not the slip link.

Anyone else seeing this type of thing?  Kinda scarry.

------------------------------------------------------------------------------