这个 UDP 5002 广播是什么?

网络工程 IPv4 以太网 局域网 pcap 播送
2022-02-26 07:47:05

我希望这是一个合适的地方问这个问题。

我很困惑,因为它是第 2 层的广播,但它是 VLAN 内的 UDP,其目的地是单播地址 (YYYY)。

我只是想知道是否有人可以告诉我在什么情况下可能会看到这样的标本。我看到“虚拟桌面”和“vmware”,所以我最好的猜测是它是一个使用虚拟适配器的虚拟机发出的广播,因此被封装在 VLAN 1101 中。我还看到端口 5002,无线以太网。

Frame 1: 348 bytes on wire (2784 bits), 348 bytes captured (2784 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 14, 2014 09:56:22.074016230 EDT
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1394805382.074016230 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 348 bytes (2784 bits)
Capture Length: 348 bytes (2784 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:vlan:ip:udp:data]
Ethernet II, Src: Vmware_80:39:6f (00:50:56:80:39:6f), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
    Address: Broadcast (ff:ff:ff:ff:ff:ff)
    .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
    .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
Source: Vmware_80:39:6f (00:50:56:80:39:6f)
    Address: Vmware_80:39:6f (00:50:56:80:39:6f)
    .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 1101
000. .... .... .... = Priority: Best Effort (default) (0)
...0 .... .... .... = CFI: Canonical (0)
.... 0100 0100 1101 = ID: 1101
Type: IP (0x0800)
Internet Protocol Version 4, Src: X.X.X.X (X.X.X.X), Dst: Y.Y.Y.Y (Y.Y.Y.Y)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 334
Identification: 0x58f0 (22768)
Flags: 0x00
    0... .... = Reserved bit: Not set
    .0.. .... = Don't fragment: Not set
    ..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (17)
Header checksum: 0x0ed6 [correct]
    [Good: True]
    [Bad: False]
Source: X.X.X.X (X.X.X.X)
Destination: Y.Y.Y.Y (Y.Y.Y.Y)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
User Datagram Protocol, Src Port: 57787 (57787), Dst Port: rfe (5002)
Source port: 57787 (57787)
Destination port: rfe (5002)
Length: 314 (bogus, payload length 310)
    [Expert Info (Error/Malformed): Bad length value 314 > IP payload length]
        [Message: Bad length value 314 > IP payload length]
        [Severity level: Error]
        [Group: Malformed]
Checksum: 0x507f [unchecked, not all data available]
    [Good Checksum: False]
    [Bad Checksum: False]
Data (302 bytes)

0000  44 52 49 4e 45 54 54 4d d1 de 97 0c c6 b9 00 00   DRINETTM........
0010  00 1e 9b 74 1c 1a 78 da fe ff ff ff 22 15 99 74   ...t..x....."..t
0020  50 99 b4 77 00 00 99 74 02 00 00 00 00 00 00 00   P..w...t........
0030  01 00 69 71 6e 2e 31 39 39 31 2d 30 35 2e 63 6f   ..iqn.1991-05.co
0040  6d 2e 6d 69 63 72 6f 73 6f 66 74 3a 64 65 73 6b   m.microsoft:desk
0050  74 6f 70 30 30 32 2e 63 6f 72 70 2e 76 69 72 74   top002.corp.virt
0060  75 61 70 72 69 73 65 2e 63 6f 6d 00 00 00 00 00   uaprise.com.....
0070  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0080  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0090  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
00a0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
00b0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
00c0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
00d0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
00e0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
00f0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0100  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0110  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0120  00 00 00 00 00 00 00 00 00 00 00 00 00 00         ..............
Data: 4452494e4554544dd1de970cc6b90000001e9b741c1a78da...
[Length: 302]
1个回答

您似乎有一个运行Drobo Dashboard的 VMware 来宾,它正在为名为 iqn.1991-05.com.microsoft:desktop002.corp.virtuaprise.com 的 iSCSI 卷寻找 Drobo NAS。在这种情况下,端口 5002 只是 Drobo 为该会话选择的随机端口。

全局广播 MAC 地址只是您的交换机将帧泛洪到所有端口,因为 Drobo 的 MAC 地址不在其 CAM 表中(或已过期)。一旦交换机观察到来自 Drobo 的响应,它将使用目标的 MAC 地址更新其 CAM 表,以便后续帧可以正确地定向到它。

其它你可能感兴趣的问题
上一篇如果无线电是半双工的,我们如何才能实现超过 50% 的链路速率的吞吐量? 下一篇NAT 路由器连接到哪里?