LinuxQuestions.org - tcpdump help

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - tcpdump help (https://www.linuxquestions.org/questions/linux-newbie-8/tcpdump-help-4175460226/)

I did a tcpdump of my wireless network. I have no idea of where this ip 169.254.1.35 is from- how do i begin to find out the source of this IP?

Code:

casper@casper-laptop:~$ sudo tcpdump -A -n -i wlan1 host 169.254.1.35



tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on wlan1, link-type EN10MB (Ethernet), capture size 96 bytes

22:42:26.081614 IP 169.254.1.35.7500 > 169.254.1.255.7500: isakmp:

E..@sQ..@..=...#.....L.L.,.o.......'.........LH(...#$...........

22:42:26.602482 IP 169.254.1.35.21302 > 255.255.255.255.21302: UDP, length 1133

E...W...@.s....#....S6S6.u.5<HmaNetConfig>

 <MsgFmtRev>3</MsgFmtRev>

 <Msg

22:42:30.689500 IP 169.254.1.35.62905 > 169.254.1.255.5000: UDP, length 12

E..(:d..@..B...#..........k.CMD...............

wait...i think this i a link local address used in address assignment when there is no dhcp.

I just don't know why it keeps pinging each other. I guess there is no leasing.

Set full payload saving with "-s0" and write the packets to a file with "-w /path/to/file". When done run the saved "/path/to/file" through Wireshark or any other comprehensive network traffic analysis tool and find out what this (XML-like) it's payload is about.