[Dshield] Some information regarding possible attack

Saurabh Dass Manandhar saurabh at ku.edu.np
Fri May 17 04:05:24 GMT 2002


Since I did not get any indication that this mail actually reached the 
list, i am sending it again. I am sorry if it is repeated.

-------------------------

I don't know if this is the right place to discuss it, but I have this problem.

One of the machines running in our network, 203.91.135.136, is continuously 
transmitting something to the Internet. I downloaded evaluation version of 
CommView 3.3 and saw that it was sending thousands of records to different 
IP addresses to TCP port 80. Upon analyzing the packets, found out that it 
had no data, just Ethernet, IP and TCP headers. Since it is sending tens of 
thousands, if not hundreds of thousands, packets per minute to different 
destinations -- all on port 80 of destination machines -- the rest of the 
network has become very very slow. I have checked for viruses using latest 
anti virus and latest patches, but found no viruses. As a last ditch 
effort, I have removed it from network, but it is not a permanent solution. 
I am attaching a file in txt format files with some packets.

Can anyone help?

Saurabh D. Manandhar
Dept. of Computer Science and Engineering
Kathmandu University 
-------------- next part --------------
Packet #690, Direction: Out, Time:14:08:56.312
Ethernet II
	Destination MAC: 00:06:28:0D:09:95
	Source MAC: 00:80:AD:06:80:26
	Ethertype: 0x0800 (2048) - IP
IP
	IP version: 0x04 (4)
	Header length: 0x05 (5) - 20 bytes
	Type of service: 0x00 (0)
		Precedence: 000 - Routine
		Delay: 0 - Normal delay
		Throughput: 0 - Normal throughput
		Reliability: 0 - Normal reliability
	Total length: 0x0030 (48)
	ID: 0xBAD8 (47832)
	Flags
		Don't fragment bit: 1 - Don't fragment
		More fragments bit: 0 - Last fragment
	Fragment offset: 0x0000 (0)
	Time to live: 0x80 (128)
	Protocol: 0x06 (6) - TCP
	Checksum: 0xA07A (41082) - correct
	Source IP: 203.91.135.136
	Destination IP: 29.22.47.123
	IP Options: None
TCP
	Source port: 3619
	Destination port: 80
	Sequence: 0xB61FE413 (3055543315)
	Acknowledgement: 0x00000000 (0)
	Header length: 0x07 (7) - 28 bytes
	Flags: SYN 
		URG: 0
		ACK: 0
		PSH: 0
		RST: 0
		SYN: 1
		FIN: 0
	Window: 0x4000 (16384)
	Checksum: 0xFB03 (64259) - correct
	Urgent Pointer: 0x0000 (0)
	TCP Options
		Maximum Segment Size: 0x05B4 (1460)
		Sack-Permitted
	Data length: 0x0 (0)
Raw Data:
THIS EVALUATION VERSION DISPLAYS ONLY HALF OF THE PACKETS

============================================================================

Packet #691, Direction: Out, Time:14:08:56.406
Ethernet II
	Destination MAC: 00:06:28:0D:09:95
	Source MAC: 00:80:AD:06:80:26
	Ethertype: 0x0800 (2048) - IP
IP
	IP version: 0x04 (4)
	Header length: 0x05 (5) - 20 bytes
	Type of service: 0x00 (0)
		Precedence: 000 - Routine
		Delay: 0 - Normal delay
		Throughput: 0 - Normal throughput
		Reliability: 0 - Normal reliability
	Total length: 0x0030 (48)
	ID: 0xBAD9 (47833)
	Flags
		Don't fragment bit: 1 - Don't fragment
		More fragments bit: 0 - Last fragment
	Fragment offset: 0x0000 (0)
	Time to live: 0x80 (128)
	Protocol: 0x06 (6) - TCP
	Checksum: 0x8A70 (35440) - correct
	Source IP: 203.91.135.136
	Destination IP: 208.62.146.91
	IP Options: None
TCP
	Source port: 3621
	Destination port: 80
	Sequence: 0xB621809D (3055648925)
	Acknowledgement: 0x00000000 (0)
	Header length: 0x07 (7) - 28 bytes
	Flags: SYN 
		URG: 0
		ACK: 0
		PSH: 0
		RST: 0
		SYN: 1
		FIN: 0
	Window: 0x4000 (16384)
	Checksum: 0x486D (18541) - correct
	Urgent Pointer: 0x0000 (0)
	TCP Options
		Maximum Segment Size: 0x05B4 (1460)
		Sack-Permitted
	Data length: 0x0 (0)
Raw Data:
0x0000   00 06 28 0D 09 95 00 80-AD 06 80 26 08 00 45 00   ..(..?.??.?&..E.
0x0010   00 30 BA D9 40 00 80 06-8A 70 CB 5B 87 88 D0 3E   .0??@.?.?p?[???>
0x0020   92 5B 0E 25 00 50 B6 21-80 9D 00 00 00 00 70 02   ?[.%.P?!??....p.
0x0030   40 00 48 6D 00 00 02 04-05 B4 01 01 04 02         @.Hm.....?....

============================================================================

Packet #692, Direction: Out, Time:14:08:56.421
Ethernet II
	Destination MAC: 00:06:28:0D:09:95
	Source MAC: 00:80:AD:06:80:26
	Ethertype: 0x0800 (2048) - IP
IP
	IP version: 0x04 (4)
	Header length: 0x05 (5) - 20 bytes
	Type of service: 0x00 (0)
		Precedence: 000 - Routine
		Delay: 0 - Normal delay
		Throughput: 0 - Normal throughput
		Reliability: 0 - Normal reliability
	Total length: 0x0030 (48)
	ID: 0xBADA (47834)
	Flags
		Don't fragment bit: 1 - Don't fragment
		More fragments bit: 0 - Last fragment
	Fragment offset: 0x0000 (0)
	Time to live: 0x80 (128)
	Protocol: 0x06 (6) - TCP
	Checksum: 0x5BA9 (23465) - correct
	Source IP: 203.91.135.136
	Destination IP: 158.155.242.196
	IP Options: None
TCP
	Source port: 3623
	Destination port: 80
	Sequence: 0xB622AFDE (3055726558)
	Acknowledgement: 0x00000000 (0)
	Header length: 0x07 (7) - 28 bytes
	Flags: SYN 
		URG: 0
		ACK: 0
		PSH: 0
		RST: 0
		SYN: 1
		FIN: 0
	Window: 0x4000 (16384)
	Checksum: 0xEA62 (60002) - correct
	Urgent Pointer: 0x0000 (0)
	TCP Options
		Maximum Segment Size: 0x05B4 (1460)
		Sack-Permitted
	Data length: 0x0 (0)
Raw Data:
THIS EVALUATION VERSION DISPLAYS ONLY HALF OF THE PACKETS

============================================================================

Packet #693, Direction: Out, Time:14:08:56.421
Ethernet II
	Destination MAC: 00:06:28:0D:09:95
	Source MAC: 00:80:AD:06:80:26
	Ethertype: 0x0800 (2048) - IP
IP
	IP version: 0x04 (4)
	Header length: 0x05 (5) - 20 bytes
	Type of service: 0x00 (0)
		Precedence: 000 - Routine
		Delay: 0 - Normal delay
		Throughput: 0 - Normal throughput
		Reliability: 0 - Normal reliability
	Total length: 0x0030 (48)
	ID: 0xBADB (47835)
	Flags
		Don't fragment bit: 1 - Don't fragment
		More fragments bit: 0 - Last fragment
	Fragment offset: 0x0000 (0)
	Time to live: 0x80 (128)
	Protocol: 0x06 (6) - TCP
	Checksum: 0x5595 (21909) - correct
	Source IP: 203.91.135.136
	Destination IP: 147.87.4.28
	IP Options: None
TCP
	Source port: 3622
	Destination port: 80
	Sequence: 0xB6220FE1 (3055685601)
	Acknowledgement: 0x00000000 (0)
	Header length: 0x07 (7) - 28 bytes
	Flags: SYN 
		URG: 0
		ACK: 0
		PSH: 0
		RST: 0
		SYN: 1
		FIN: 0
	Window: 0x4000 (16384)
	Checksum: 0x844E (33870) - correct
	Urgent Pointer: 0x0000 (0)
	TCP Options
		Maximum Segment Size: 0x05B4 (1460)
		Sack-Permitted
	Data length: 0x0 (0)
Raw Data:
0x0000   00 06 28 0D 09 95 00 80-AD 06 80 26 08 00 45 00   ..(..?.??.?&..E.
0x0010   00 30 BA DB 40 00 80 06-55 95 CB 5B 87 88 93 57   .0??@.?.U??[???W
0x0020   04 1C 0E 26 00 50 B6 22-0F E1 00 00 00 00 70 02   ...&.P?".?....p.
0x0030   40 00 84 4E 00 00 02 04-05 B4 01 01 04 02         @.?N.....?....

============================================================================

Packet #694, Direction: Out, Time:14:08:56.421
Ethernet II
	Destination MAC: 00:06:28:0D:09:95
	Source MAC: 00:80:AD:06:80:26
	Ethertype: 0x0800 (2048) - IP
IP
	IP version: 0x04 (4)
	Header length: 0x05 (5) - 20 bytes
	Type of service: 0x00 (0)
		Precedence: 000 - Routine
		Delay: 0 - Normal delay
		Throughput: 0 - Normal throughput
		Reliability: 0 - Normal reliability
	Total length: 0x0030 (48)
	ID: 0xBADC (47836)
	Flags
		Don't fragment bit: 1 - Don't fragment
		More fragments bit: 0 - Last fragment
	Fragment offset: 0x0000 (0)
	Time to live: 0x80 (128)
	Protocol: 0x06 (6) - TCP
	Checksum: 0x419B (16795) - correct
	Source IP: 203.91.135.136
	Destination IP: 107.126.63.238
	IP Options: None
TCP
	Source port: 3620
	Destination port: 80
	Sequence: 0xB620D84F (3055605839)
	Acknowledgement: 0x00000000 (0)
	Header length: 0x07 (7) - 28 bytes
	Flags: SYN 
		URG: 0
		ACK: 0
		PSH: 0
		RST: 0
		SYN: 1
		FIN: 0
	Window: 0x4000 (16384)
	Checksum: 0xA7EA (42986) - correct
	Urgent Pointer: 0x0000 (0)
	TCP Options
		Maximum Segment Size: 0x05B4 (1460)
		Sack-Permitted
	Data length: 0x0 (0)
Raw Data:
THIS EVALUATION VERSION DISPLAYS ONLY HALF OF THE PACKETS

============================================================================

Packet #695, Direction: Out, Time:14:08:56.515
Ethernet II
	Destination MAC: 00:06:28:0D:09:95
	Source MAC: 00:80:AD:06:80:26
	Ethertype: 0x0800 (2048) - IP
IP
	IP version: 0x04 (4)
	Header length: 0x05 (5) - 20 bytes
	Type of service: 0x00 (0)
		Precedence: 000 - Routine
		Delay: 0 - Normal delay
		Throughput: 0 - Normal throughput
		Reliability: 0 - Normal reliability
	Total length: 0x0030 (48)
	ID: 0xBADD (47837)
	Flags
		Don't fragment bit: 1 - Don't fragment
		More fragments bit: 0 - Last fragment
	Fragment offset: 0x0000 (0)
	Time to live: 0x80 (128)
	Protocol: 0x06 (6) - TCP
	Checksum: 0x41A9 (16809) - correct
	Source IP: 203.91.135.136
	Destination IP: 222.223.204.125
	IP Options: None
TCP
	Source port: 3626
	Destination port: 80
	Sequence: 0xB62568B7 (3055904951)
	Acknowledgement: 0x00000000 (0)
	Header length: 0x07 (7) - 28 bytes
	Flags: SYN 
		URG: 0
		ACK: 0
		PSH: 0
		RST: 0
		SYN: 1
		FIN: 0
	Window: 0x4000 (16384)
	Checksum: 0x1787 (6023) - correct
	Urgent Pointer: 0x0000 (0)
	TCP Options
		Maximum Segment Size: 0x05B4 (1460)
		Sack-Permitted
	Data length: 0x0 (0)
Raw Data:
0x0000   00 06 28 0D 09 95 00 80-AD 06 80 26 08 00 45 00   ..(..?.??.?&..E.
0x0010   00 30 BA DD 40 00 80 06-41 A9 CB 5B 87 88 DE DF   .0??@.?.A??[????
0x0020   CC 7D 0E 2A 00 50 B6 25-68 B7 00 00 00 00 70 02   ?}.*.P?%h?....p.
0x0030   40 00 17 87 00 00 02 04-05 B4 01 01 04 02         @..?.....?....

============================================================================

Packet #696, Direction: Out, Time:14:08:56.531
Ethernet II
	Destination MAC: 00:06:28:0D:09:95
	Source MAC: 00:80:AD:06:80:26
	Ethertype: 0x0800 (2048) - IP
IP
	IP version: 0x04 (4)
	Header length: 0x05 (5) - 20 bytes
	Type of service: 0x00 (0)
		Precedence: 000 - Routine
		Delay: 0 - Normal delay
		Throughput: 0 - Normal throughput
		Reliability: 0 - Normal reliability
	Total length: 0x0030 (48)
	ID: 0xBADE (47838)
	Flags
		Don't fragment bit: 1 - Don't fragment
		More fragments bit: 0 - Last fragment
	Fragment offset: 0x0000 (0)
	Time to live: 0x80 (128)
	Protocol: 0x06 (6) - TCP
	Checksum: 0x3128 (12584) - correct
	Source IP: 203.91.135.136
	Destination IP: 19.247.167.230
	IP Options: None
TCP
	Source port: 3627
	Destination port: 80
	Sequence: 0xB625ED42 (3055938882)
	Acknowledgement: 0x00000000 (0)
	Header length: 0x07 (7) - 28 bytes
	Flags: SYN 
		URG: 0
		ACK: 0
		PSH: 0
		RST: 0
		SYN: 1
		FIN: 0
	Window: 0x4000 (16384)
	Checksum: 0x827A (33402) - correct
	Urgent Pointer: 0x0000 (0)
	TCP Options
		Maximum Segment Size: 0x05B4 (1460)
		Sack-Permitted
	Data length: 0x0 (0)
Raw Data:
THIS EVALUATION VERSION DISPLAYS ONLY HALF OF THE PACKETS

============================================================================

Packet #697, Direction: Out, Time:14:08:56.531
Ethernet II
	Destination MAC: 00:06:28:0D:09:95
	Source MAC: 00:80:AD:06:80:26
	Ethertype: 0x0800 (2048) - IP
IP
	IP version: 0x04 (4)
	Header length: 0x05 (5) - 20 bytes
	Type of service: 0x00 (0)
		Precedence: 000 - Routine
		Delay: 0 - Normal delay
		Throughput: 0 - Normal throughput
		Reliability: 0 - Normal reliability
	Total length: 0x0030 (48)
	ID: 0xBADF (47839)
	Flags
		Don't fragment bit: 1 - Don't fragment
		More fragments bit: 0 - Last fragment
	Fragment offset: 0x0000 (0)
	Time to live: 0x80 (128)
	Protocol: 0x06 (6) - TCP
	Checksum: 0xA299 (41625) - correct
	Source IP: 203.91.135.136
	Destination IP: 142.231.187.131
	IP Options: None
TCP
	Source port: 3625
	Destination port: 80
	Sequence: 0xB624DA86 (3055868550)
	Acknowledgement: 0x00000000 (0)
	Header length: 0x07 (7) - 28 bytes
	Flags: SYN 
		URG: 0
		ACK: 0
		PSH: 0
		RST: 0
		SYN: 1
		FIN: 0
	Window: 0x4000 (16384)
	Checksum: 0x06AC (1708) - correct
	Urgent Pointer: 0x0000 (0)
	TCP Options
		Maximum Segment Size: 0x05B4 (1460)
		Sack-Permitted
	Data length: 0x0 (0)
Raw Data:
0x0000   00 06 28 0D 09 95 00 80-AD 06 80 26 08 00 45 00   ..(..?.??.?&..E.
0x0010   00 30 BA DF 40 00 80 06-A2 99 CB 5B 87 88 8E E7   .0??@.?.???[????
0x0020   BB 83 0E 29 00 50 B6 24-DA 86 00 00 00 00 70 02   ??.).P?$??....p.
0x0030   40 00 06 AC 00 00 02 04-05 B4 01 01 04 02         @..?.....?....

============================================================================

Packet #698, Direction: Out, Time:14:08:56.531
Ethernet II
	Destination MAC: 00:06:28:0D:09:95
	Source MAC: 00:80:AD:06:80:26
	Ethertype: 0x0800 (2048) - IP
IP
	IP version: 0x04 (4)
	Header length: 0x05 (5) - 20 bytes
	Type of service: 0x00 (0)
		Precedence: 000 - Routine
		Delay: 0 - Normal delay
		Throughput: 0 - Normal throughput
		Reliability: 0 - Normal reliability
	Total length: 0x0030 (48)
	ID: 0xBAE0 (47840)
	Flags
		Don't fragment bit: 1 - Don't fragment
		More fragments bit: 0 - Last fragment
	Fragment offset: 0x0000 (0)
	Time to live: 0x80 (128)
	Protocol: 0x06 (6) - TCP
	Checksum: 0xE71A (59162) - correct
	Source IP: 203.91.135.136
	Destination IP: 40.171.221.61
	IP Options: None
TCP
	Source port: 3628
	Destination port: 80
	Sequence: 0xB626A927 (3055986983)
	Acknowledgement: 0x00000000 (0)
	Header length: 0x07 (7) - 28 bytes
	Flags: SYN 
		URG: 0
		ACK: 0
		PSH: 0
		RST: 0
		SYN: 1
		FIN: 0
	Window: 0x4000 (16384)
	Checksum: 0x7C88 (31880) - correct
	Urgent Pointer: 0x0000 (0)
	TCP Options
		Maximum Segment Size: 0x05B4 (1460)
		Sack-Permitted
	Data length: 0x0 (0)
Raw Data:
THIS EVALUATION VERSION DISPLAYS ONLY HALF OF THE PACKETS

============================================================================

Packet #699, Direction: Out, Time:14:08:56.531
Ethernet II
	Destination MAC: 00:06:28:0D:09:95
	Source MAC: 00:80:AD:06:80:26
	Ethertype: 0x0800 (2048) - IP
IP
	IP version: 0x04 (4)
	Header length: 0x05 (5) - 20 bytes
	Type of service: 0x00 (0)
		Precedence: 000 - Routine
		Delay: 0 - Normal delay
		Throughput: 0 - Normal throughput
		Reliability: 0 - Normal reliability
	Total length: 0x0030 (48)
	ID: 0xBAE1 (47841)
	Flags
		Don't fragment bit: 1 - Don't fragment
		More fragments bit: 0 - Last fragment
	Fragment offset: 0x0000 (0)
	Time to live: 0x80 (128)
	Protocol: 0x06 (6) - TCP
	Checksum: 0x9A46 (39494) - correct
	Source IP: 203.91.135.136
	Destination IP: 128.30.210.157
	IP Options: None
TCP
	Source port: 3624
	Destination port: 80
	Sequence: 0xB623E294 (3055805076)
	Acknowledgement: 0x00000000 (0)
	Header length: 0x07 (7) - 28 bytes
	Flags: SYN 
		URG: 0
		ACK: 0
		PSH: 0
		RST: 0
		SYN: 1
		FIN: 0
	Window: 0x4000 (16384)
	Checksum: 0xF64E (63054) - correct
	Urgent Pointer: 0x0000 (0)
	TCP Options
		Maximum Segment Size: 0x05B4 (1460)
		Sack-Permitted
	Data length: 0x0 (0)
Raw Data:
0x0000   00 06 28 0D 09 95 00 80-AD 06 80 26 08 00 45 00   ..(..?.??.?&..E.
0x0010   00 30 BA E1 40 00 80 06-9A 46 CB 5B 87 88 80 1E   .0??@.?.?F?[???.
0x0020   D2 9D 0E 28 00 50 B6 23-E2 94 00 00 00 00 70 02   ??.(.P?#??....p.
0x0030   40 00 F6 4E 00 00 02 04-05 B4 01 01 04 02         @.?N.....?....

============================================================================

Packet #701, Direction: Out, Time:14:08:56.625
Ethernet II
	Destination MAC: 00:06:28:0D:09:95
	Source MAC: 00:80:AD:06:80:26
	Ethertype: 0x0800 (2048) - IP
IP
	IP version: 0x04 (4)
	Header length: 0x05 (5) - 20 bytes
	Type of service: 0x00 (0)
		Precedence: 000 - Routine
		Delay: 0 - Normal delay
		Throughput: 0 - Normal throughput
		Reliability: 0 - Normal reliability
	Total length: 0x0030 (48)
	ID: 0xBAE3 (47843)
	Flags
		Don't fragment bit: 1 - Don't fragment
		More fragments bit: 0 - Last fragment
	Fragment offset: 0x0000 (0)
	Time to live: 0x80 (128)
	Protocol: 0x06 (6) - TCP
	Checksum: 0xDD1D (56605) - correct
	Source IP: 203.91.135.136
	Destination IP: 27.77.244.149
	IP Options: None
TCP
	Source port: 3630
	Destination port: 80
	Sequence: 0xB6281756 (3056080726)
	Acknowledgement: 0x00000000 (0)
	Header length: 0x07 (7) - 28 bytes
	Flags: SYN 
		URG: 0
		ACK: 0
		PSH: 0
		RST: 0
		SYN: 1
		FIN: 0
	Window: 0x4000 (16384)
	Checksum: 0x045C (1116) - correct
	Urgent Pointer: 0x0000 (0)
	TCP Options
		Maximum Segment Size: 0x05B4 (1460)
		Sack-Permitted
	Data length: 0x0 (0)
Raw Data:
0x0000   00 06 28 0D 09 95 00 80-AD 06 80 26 08 00 45 00   ..(..?.??.?&..E.
0x0010   00 30 BA E3 40 00 80 06-DD 1D CB 5B 87 88 1B 4D   .0??@.?.?.?[??.M
0x0020   F4 95 0E 2E 00 50 B6 28-17 56 00 00 00 00 70 02   ??...P?(.V....p.
0x0030   40 00 04 5C 00 00 02 04-05 B4 01 01 04 02         @..\.....?....

============================================================================

Packet #702, Direction: Out, Time:14:08:56.640
Ethernet II
	Destination MAC: 00:06:28:0D:09:95
	Source MAC: 00:80:AD:06:80:26
	Ethertype: 0x0800 (2048) - IP
IP
	IP version: 0x04 (4)
	Header length: 0x05 (5) - 20 bytes
	Type of service: 0x00 (0)
		Precedence: 000 - Routine
		Delay: 0 - Normal delay
		Throughput: 0 - Normal throughput
		Reliability: 0 - Normal reliability
	Total length: 0x0030 (48)
	ID: 0xBAE4 (47844)
	Flags
		Don't fragment bit: 1 - Don't fragment
		More fragments bit: 0 - Last fragment
	Fragment offset: 0x0000 (0)
	Time to live: 0x80 (128)
	Protocol: 0x06 (6) - TCP
	Checksum: 0x816D (33133) - correct
	Source IP: 203.91.135.136
	Destination IP: 36.81.71.65
	IP Options: None
TCP
	Source port: 3631
	Destination port: 80
	Sequence: 0xB628C41B (3056124955)
	Acknowledgement: 0x00000000 (0)
	Header length: 0x07 (7) - 28 bytes
	Flags: SYN 
		URG: 0
		ACK: 0
		PSH: 0
		RST: 0
		SYN: 1
		FIN: 0
	Window: 0x4000 (16384)
	Checksum: 0xFBE5 (64485) - correct
	Urgent Pointer: 0x0000 (0)
	TCP Options
		Maximum Segment Size: 0x05B4 (1460)
		Sack-Permitted
	Data length: 0x0 (0)
Raw Data:
THIS EVALUATION VERSION DISPLAYS ONLY HALF OF THE PACKETS

============================================================================

Packet #703, Direction: Out, Time:14:08:56.640
Ethernet II
	Destination MAC: 00:06:28:0D:09:95
	Source MAC: 00:80:AD:06:80:26
	Ethertype: 0x0800 (2048) - IP
IP
	IP version: 0x04 (4)
	Header length: 0x05 (5) - 20 bytes
	Type of service: 0x00 (0)
		Precedence: 000 - Routine
		Delay: 0 - Normal delay
		Throughput: 0 - Normal throughput
		Reliability: 0 - Normal reliability
	Total length: 0x0030 (48)
	ID: 0xBAE5 (47845)
	Flags
		Don't fragment bit: 1 - Don't fragment
		More fragments bit: 0 - Last fragment
	Fragment offset: 0x0000 (0)
	Time to live: 0x80 (128)
	Protocol: 0x06 (6) - TCP
	Checksum: 0x2398 (9112) - correct
	Source IP: 203.91.135.136
	Destination IP: 54.129.146.229
	IP Options: None
TCP
	Source port: 3632
	Destination port: 80
	Sequence: 0xB62974AB (3056170155)
	Acknowledgement: 0x00000000 (0)
	Header length: 0x07 (7) - 28 bytes
	Flags: SYN 
		URG: 0
		ACK: 0
		PSH: 0
		RST: 0
		SYN: 1
		FIN: 0
	Window: 0x4000 (16384)
	Checksum: 0xED7F (60799) - correct
	Urgent Pointer: 0x0000 (0)
	TCP Options
		Maximum Segment Size: 0x05B4 (1460)
		Sack-Permitted
	Data length: 0x0 (0)
Raw Data:
0x0000   00 06 28 0D 09 95 00 80-AD 06 80 26 08 00 45 00   ..(..?.??.?&..E.
0x0010   00 30 BA E5 40 00 80 06-23 98 CB 5B 87 88 36 81   .0??@.?.#??[??6?
0x0020   92 E5 0E 30 00 50 B6 29-74 AB 00 00 00 00 70 02   ??.0.P?)t?....p.
0x0030   40 00 ED 7F 00 00 02 04-05 B4 01 01 04 02         @.?.....?....

============================================================================

Packet #704, Direction: Out, Time:14:08:56.640
Ethernet II
	Destination MAC: 00:06:28:0D:09:95
	Source MAC: 00:80:AD:06:80:26
	Ethertype: 0x0800 (2048) - IP
IP
	IP version: 0x04 (4)
	Header length: 0x05 (5) - 20 bytes
	Type of service: 0x00 (0)
		Precedence: 000 - Routine
		Delay: 0 - Normal delay
		Throughput: 0 - Normal throughput
		Reliability: 0 - Normal reliability
	Total length: 0x0030 (48)
	ID: 0xBAE6 (47846)
	Flags
		Don't fragment bit: 1 - Don't fragment
		More fragments bit: 0 - Last fragment
	Fragment offset: 0x0000 (0)
	Time to live: 0x80 (128)
	Protocol: 0x06 (6) - TCP
	Checksum: 0x3DEC (15852) - correct
	Source IP: 203.91.135.136
	Destination IP: 202.170.228.102
	IP Options: None
TCP
	Source port: 3629
	Destination port: 80
	Sequence: 0xB62790AD (3056046253)
	Acknowledgement: 0x00000000 (0)
	Header length: 0x07 (7) - 28 bytes
	Flags: SYN 
		URG: 0
		ACK: 0
		PSH: 0
		RST: 0
		SYN: 1
		FIN: 0
	Window: 0x4000 (16384)
	Checksum: 0xEBD7 (60375) - correct
	Urgent Pointer: 0x0000 (0)
	TCP Options
		Maximum Segment Size: 0x05B4 (1460)
		Sack-Permitted
	Data length: 0x0 (0)
Raw Data:
THIS EVALUATION VERSION DISPLAYS ONLY HALF OF THE PACKETS

============================================================================

Packet #705, Direction: Out, Time:14:08:56.734
Ethernet II
	Destination MAC: 00:06:28:0D:09:95
	Source MAC: 00:80:AD:06:80:26
	Ethertype: 0x0800 (2048) - IP
IP
	IP version: 0x04 (4)
	Header length: 0x05 (5) - 20 bytes
	Type of service: 0x00 (0)
		Precedence: 000 - Routine
		Delay: 0 - Normal delay
		Throughput: 0 - Normal throughput
		Reliability: 0 - Normal reliability
	Total length: 0x0030 (48)
	ID: 0xBAE7 (47847)
	Flags
		Don't fragment bit: 1 - Don't fragment
		More fragments bit: 0 - Last fragment
	Fragment offset: 0x0000 (0)
	Time to live: 0x80 (128)
	Protocol: 0x06 (6) - TCP
	Checksum: 0x5769 (22377) - correct
	Source IP: 203.91.135.136
	Destination IP: 65.206.83.197
	IP Options: None
TCP
	Source port: 3635
	Destination port: 80
	Sequence: 0xB62C24C5 (3056346309)
	Acknowledgement: 0x00000000 (0)
	Header length: 0x07 (7) - 28 bytes
	Flags: SYN 
		URG: 0
		ACK: 0
		PSH: 0
		RST: 0
		SYN: 1
		FIN: 0
	Window: 0x4000 (16384)
	Checksum: 0x7133 (28979) - correct
	Urgent Pointer: 0x0000 (0)
	TCP Options
		Maximum Segment Size: 0x05B4 (1460)
		Sack-Permitted
	Data length: 0x0 (0)
Raw Data:
0x0000   00 06 28 0D 09 95 00 80-AD 06 80 26 08 00 45 00   ..(..?.??.?&..E.
0x0010   00 30 BA E7 40 00 80 06-57 69 CB 5B 87 88 41 CE   .0??@.?.Wi?[??A?
0x0020   53 C5 0E 33 00 50 B6 2C-24 C5 00 00 00 00 70 02   S?.3.P?,$?....p.
0x0030   40 00 71 33 00 00 02 04-05 B4 01 01 04 02         @.q3.....?....

============================================================================

Packet #706, Direction: Out, Time:14:08:56.750
Ethernet II
	Destination MAC: 00:06:28:0D:09:95
	Source MAC: 00:80:AD:06:80:26
	Ethertype: 0x0800 (2048) - IP
IP
	IP version: 0x04 (4)
	Header length: 0x05 (5) - 20 bytes
	Type of service: 0x00 (0)
		Precedence: 000 - Routine
		Delay: 0 - Normal delay
		Throughput: 0 - Normal throughput
		Reliability: 0 - Normal reliability
	Total length: 0x0030 (48)
	ID: 0xBAE8 (47848)
	Flags
		Don't fragment bit: 1 - Don't fragment
		More fragments bit: 0 - Last fragment
	Fragment offset: 0x0000 (0)
	Time to live: 0x80 (128)
	Protocol: 0x06 (6) - TCP
	Checksum: 0x923A (37434) - correct
	Source IP: 203.91.135.136
	Destination IP: 2.80.88.113
	IP Options: None
TCP
	Source port: 3634
	Destination port: 80
	Sequence: 0xB62B9D19 (3056311577)
	Acknowledgement: 0x00000000 (0)
	Header length: 0x07 (7) - 28 bytes
	Flags: SYN 
		URG: 0
		ACK: 0
		PSH: 0
		RST: 0
		SYN: 1
		FIN: 0
	Window: 0x4000 (16384)
	Checksum: 0x33B3 (13235) - correct
	Urgent Pointer: 0x0000 (0)
	TCP Options
		Maximum Segment Size: 0x05B4 (1460)
		Sack-Permitted
	Data length: 0x0 (0)
Raw Data:
THIS EVALUATION VERSION DISPLAYS ONLY HALF OF THE PACKETS

============================================================================

Packet #707, Direction: Out, Time:14:08:56.750
Ethernet II
	Destination MAC: 00:06:28:0D:09:95
	Source MAC: 00:80:AD:06:80:26
	Ethertype: 0x0800 (2048) - IP
IP
	IP version: 0x04 (4)
	Header length: 0x05 (5) - 20 bytes
	Type of service: 0x00 (0)
		Precedence: 000 - Routine
		Delay: 0 - Normal delay
		Throughput: 0 - Normal throughput
		Reliability: 0 - Normal reliability
	Total length: 0x0030 (48)
	ID: 0xBAE9 (47849)
	Flags
		Don't fragment bit: 1 - Don't fragment
		More fragments bit: 0 - Last fragment
	Fragment offset: 0x0000 (0)
	Time to live: 0x80 (128)
	Protocol: 0x06 (6) - TCP
	Checksum: 0x3B72 (15218) - correct
	Source IP: 203.91.135.136
	Destination IP: 101.235.75.157
	IP Options: None
TCP
	Source port: 3633
	Destination port: 80
	Sequence: 0xB62AD198 (3056259480)
	Acknowledgement: 0x00000000 (0)
	Header length: 0x07 (7) - 28 bytes
	Flags: SYN 
		URG: 0
		ACK: 0
		PSH: 0
		RST: 0
		SYN: 1
		FIN: 0
	Window: 0x4000 (16384)
	Checksum: 0xA86E (43118) - correct
	Urgent Pointer: 0x0000 (0)
	TCP Options
		Maximum Segment Size: 0x05B4 (1460)
		Sack-Permitted
	Data length: 0x0 (0)
Raw Data:
0x0000   00 06 28 0D 09 95 00 80-AD 06 80 26 08 00 45 00   ..(..?.??.?&..E.
0x0010   00 30 BA E9 40 00 80 06-3B 72 CB 5B 87 88 65 EB   .0??@.?.;r?[??e?
0x0020   4B 9D 0E 31 00 50 B6 2A-D1 98 00 00 00 00 70 02   K?.1.P?*??....p.
0x0030   40 00 A8 6E 00 00 02 04-05 B4 01 01 04 02         @.?n.....?....

============================================================================

Packet #708, Direction: Out, Time:14:08:56.843
Ethernet II
	Destination MAC: 00:06:28:0D:09:95
	Source MAC: 00:80:AD:06:80:26
	Ethertype: 0x0800 (2048) - IP
IP
	IP version: 0x04 (4)
	Header length: 0x05 (5) - 20 bytes
	Type of service: 0x00 (0)
		Precedence: 000 - Routine
		Delay: 0 - Normal delay
		Throughput: 0 - Normal throughput
		Reliability: 0 - Normal reliability
	Total length: 0x0030 (48)
	ID: 0xBAEA (47850)
	Flags
		Don't fragment bit: 1 - Don't fragment
		More fragments bit: 0 - Last fragment
	Fragment offset: 0x0000 (0)
	Time to live: 0x80 (128)
	Protocol: 0x06 (6) - TCP
	Checksum: 0x80F8 (33016) - correct
	Source IP: 203.91.135.136
	Destination IP: 142.99.221.157
	IP Options: None
TCP
	Source port: 3636
	Destination port: 80
	Sequence: 0xB62D3573 (3056416115)
	Acknowledgement: 0x00000000 (0)
	Header length: 0x07 (7) - 28 bytes
	Flags: SYN 
		URG: 0
		ACK: 0
		PSH: 0
		RST: 0
		SYN: 1
		FIN: 0
	Window: 0x4000 (16384)
	Checksum: 0x8A15 (35349) - correct
	Urgent Pointer: 0x0000 (0)
	TCP Options
		Maximum Segment Size: 0x05B4 (1460)
		Sack-Permitted
	Data length: 0x0 (0)
Raw Data:
THIS EVALUATION VERSION DISPLAYS ONLY HALF OF THE PACKETS

============================================================================

Packet #709, Direction: Out, Time:14:08:56.859
Ethernet II
	Destination MAC: 00:06:28:0D:09:95
	Source MAC: 00:80:AD:06:80:26
	Ethertype: 0x0800 (2048) - IP
IP
	IP version: 0x04 (4)
	Header length: 0x05 (5) - 20 bytes
	Type of service: 0x00 (0)
		Precedence: 000 - Routine
		Delay: 0 - Normal delay
		Throughput: 0 - Normal throughput
		Reliability: 0 - Normal reliability
	Total length: 0x0030 (48)
	ID: 0xBAEB (47851)
	Flags
		Don't fragment bit: 1 - Don't fragment
		More fragments bit: 0 - Last fragment
	Fragment offset: 0x0000 (0)
	Time to live: 0x80 (128)
	Protocol: 0x06 (6) - TCP
	Checksum: 0x1DA6 (7590) - correct
	Source IP: 203.91.135.136
	Destination IP: 196.205.10.133
	IP Options: None
TCP
	Source port: 3637
	Destination port: 80
	Sequence: 0xB62E0D0C (3056471308)
	Acknowledgement: 0x00000000 (0)
	Header length: 0x07 (7) - 28 bytes
	Flags: SYN 
		URG: 0
		ACK: 0
		PSH: 0
		RST: 0
		SYN: 1
		FIN: 0
	Window: 0x4000 (16384)
	Checksum: 0x4F29 (20265) - correct
	Urgent Pointer: 0x0000 (0)
	TCP Options
		Maximum Segment Size: 0x05B4 (1460)
		Sack-Permitted
	Data length: 0x0 (0)
Raw Data:
0x0000   00 06 28 0D 09 95 00 80-AD 06 80 26 08 00 45 00   ..(..?.??.?&..E.
0x0010   00 30 BA EB 40 00 80 06-1D A6 CB 5B 87 88 C4 CD   .0??@.?..??[????
0x0020   0A 85 0E 35 00 50 B6 2E-0D 0C 00 00 00 00 70 02   .?.5.P?.......p.
0x0030   40 00 4F 29 00 00 02 04-05 B4 01 01 04 02         @.O).....?....

============================================================================

Packet #710, Direction: Out, Time:14:08:56.859
Ethernet II
	Destination MAC: 00:06:28:0D:09:95
	Source MAC: 00:80:AD:06:80:26
	Ethertype: 0x0800 (2048) - IP
IP
	IP version: 0x04 (4)
	Header length: 0x05 (5) - 20 bytes
	Type of service: 0x00 (0)
		Precedence: 000 - Routine
		Delay: 0 - Normal delay
		Throughput: 0 - Normal throughput
		Reliability: 0 - Normal reliability
	Total length: 0x0030 (48)
	ID: 0xBAEC (47852)
	Flags
		Don't fragment bit: 1 - Don't fragment
		More fragments bit: 0 - Last fragment
	Fragment offset: 0x0000 (0)
	Time to live: 0x80 (128)
	Protocol: 0x06 (6) - TCP
	Checksum: 0xC0A5 (49317) - correct
	Source IP: 203.91.135.136
	Destination IP: 19.66.25.16
	IP Options: None
TCP
	Source port: 3638
	Destination port: 80
	Sequence: 0xB62EE034 (3056525364)
	Acknowledgement: 0x00000000 (0)
	Header length: 0x07 (7) - 28 bytes
	Flags: SYN 
		URG: 0
		ACK: 0
		PSH: 0
		RST: 0
		SYN: 1
		FIN: 0
	Window: 0x4000 (16384)
	Checksum: 0x1F00 (7936) - correct
	Urgent Pointer: 0x0000 (0)
	TCP Options
		Maximum Segment Size: 0x05B4 (1460)
		Sack-Permitted
	Data length: 0x0 (0)
Raw Data:
THIS EVALUATION VERSION DISPLAYS ONLY HALF OF THE PACKETS

============================================================================



More information about the list mailing list