Hi does anyone have a reference for the Eth. Protocol codes in the torch tool?
I’m trying to figure out what the “7a7a” traffic is. Ether4 is part of a bridge with a single host attached to it (a sensor relay that should see almost no traffic). I assumed it was some kind of broadcast traffic but I’m struggling to identify it. I couldn’t see it at all with the torch tool until I disabled hardware offloading in the bridge port config for that port.
Thanks for any help.
One possibility is wikipedia article about ethertype. A more official one is IANA assignment table.
Neither list ethertype 0x7a7a … so some device uses some proprietary protocol on top of ethernet.
Thanks for the help.
For anyone else who comes across this, I don’t know for sure, but my primary suspect is SKY-Q boxes exchanging video streams.
You can use sniffer to capture only 7a7a ethertype (The sniffer uses name “MAC protocol”)
See Mikro Tip MikroTik packet sniffer basics at offset 01:33
You should be able to capture only 7a7a with this setting:
Then you should be able to see what mac addresses are involved, and if you have managed switches, you could determine which port those mac addresses were connected through.
I really don’t know exactly how this post got here. My guess is it was accidental.
You may ask how could you accidentally make a post? That’s a valid question.
I post on this and the Ubiquiti forums frequently, and on Tom Lawrence’s forum to a much lower extent. Each uses a different forum software, and each has its own quirks. phpbb (this software) at least when using allenstyle-SUBSILVER, when you make a post, you loose the ability to see other posts in the thread, so if you are wanting to reference another post in the same thread (even the immediately preceding post), or to quote parts of it, the only way I know to do that is to open another tab with the thread in it. The way I usually do that is to right click the current browser tab (I use Chrome) and then duplicate the tab. And if you want to be able to copy links, then you must either quote it of edit it, otherwise you will get non-functioning links if they exceed the max length before phpbb “reformats” them. This need to be in quote or edit mode is also true if you want to copy anything with special formatting, (colors, code blocks), etc. Then you end up with many extra tabs that appear may not have been posted.
Another thing I dislike about phpbb is that if you are editing a post and refresh the tab, you can lose the post you were editing. My guess is that is what happened in this post.
Sorry, for cluttering up the thread, it wasn’t intentional.
Why uselessly autoquote yourself?
Also on image 7679, 7374, and… 4?
Not intentional. I edited the post, phpbb won't allow me to delete it once there is a following post. (That's another difference between phpbb and other forum software I use).
Was that for me? Here is an example of when quoting makes sense, to provide context. I thought you were referring to the image I posted, but after puzzling over it, I went back to the original post and see that you were referring to the image in post #1
Really… when nothing specific is quoted,
each time it refers to the first post or to the immediately preceding post… 
Sorry, is not my intention confusing you…