Wireshark-users: Re: [Wireshark-users] LLC Sub-Layer Management
From: "E B" <ebnew1@xxxxxxxxx>
Date: Wed, 16 Jan 2008 15:16:40 -1000
What do you mean exactly when you say "mangled"?
Do you mean that Winblows somehow mangled the packet but otherwise its ok?
What I am trying to do is intrusion detection because I believe an illegitimate wireless host is sniffing packets.
I have copied and pasted the exported capture of the lines I took a snapshot of in Capture 3, which is the one where the spoofed MAC appears at IP 192.168.0.116.
In my next post, I will also export the 2 captures (Capture 1 and Capture 2) with the white-colored LLC protocols and I will also export and post the miscellaneous, "Capture_misc" with all the black colored TCP out of order and retransmission and dup frames.
But let me know if I do the first one correctly so I dont mess up the other 3.
Thank you again.
---------------------------------------------------------------------------------------------------------------
Capture 3 - Lines 167313 to 167354 (Suspected intruder using spoofed MAC)
---------------------------------------------------------------------------------------------------------------
No. Time Source Destination Protocol Info
167313 371.355337 218.83.77.47 192.168.0.121 TCP [TCP Dup ACK 166894#4] 8457 > 2358 [ACK] Seq=374 Ack=271920 Win=64487 Len=0 TSV=935900 TSER=140584 SLE=272444 SRE=273492
Frame 167313 (78 bytes on wire, 78 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.345780000
[Time delta from previous packet: 0.026333000 seconds]
[Time since reference or first frame: 371.355337000 seconds]
Frame Number: 167313
Packet Length: 78 bytes
Capture Length: 78 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: D-Link_14:f0:88 (00:13:46:14:f0:88), Dst: 192.168.0.116 (00:1b:fc:de:30:34)
Destination: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 218.83.77.47 (218.83.77.47), Dst: 192.168.0.121 ( 192.168.0.121)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 64
Identification: 0x4f54 (20308)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 117
Protocol: TCP (0x06)
Header checksum: 0xcdbf [correct]
[Good: True]
[Bad : False]
Source: 218.83.77.47 (218.83.77.47)
Destination: 192.168.0.121 (192.168.0.121)
Transmission Control Protocol, Src Port: 8457 (8457), Dst Port: 2358 (2358), Seq: 374, Ack: 271920, Len: 0
Source port: 8457 (8457)
Destination port: 2358 (2358)
Sequence number: 374 (relative sequence number)
Acknowledgement number: 271920 (relative ack number)
Header length: 44 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64487
Checksum: 0xb473 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (24 bytes)
NOP
NOP
Timestamps: TSval 935900, TSecr 140584
NOP
NOP
SACK: 272444-273492
left edge = 272444 (relative)
right edge = 273492 (relative)
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This is a TCP duplicate ack]
[Duplicate ACK #: 4]
[Duplicate to the ACK in frame: 166894]
0000 00 1b fc de 30 34 00 13 46 14 f0 88 08 00 45 00 ....04..F.....E.
0010 00 40 4f 54 40 00 75 06 cd bf da 53 4d 2f c0 a8 .@OT@xxxxxxxx/..
0020 00 79 21 09 09 36 ee b0 3a 7b d6 e1 1e 1b b0 10 .y!..6..:{......
0030 fb e7 b4 73 00 00 01 01 08 0a 00 0e 47 dc 00 02 ...s........G...
0040 25 28 01 01 05 0a d6 e1 20 27 d6 e1 24 3f %(...... '..$?
No. Time Source Destination Protocol Info
167314 371.361634 222.84.9.84 192.168.0.121 UDP Source port: 6881 Destination port: 10273
Frame 167314 (143 bytes on wire, 143 bytes captured)
Arrival Time: Jan 12, 2008 21:31: 17.352077000
[Time delta from previous packet: 0.006297000 seconds]
[Time since reference or first frame: 371.361634000 seconds]
Frame Number: 167314
Packet Length: 143 bytes
Capture Length: 143 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:data]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Destination: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 222.84.9.84 ( 222.84.9.84), Dst: 192.168.0.121 (192.168.0.121)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 129
Identification: 0xe0f6 (57590)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 116
Protocol: UDP (0x11)
Header checksum: 0xbcab [correct]
[Good: True]
[Bad : False]
Source: 222.84.9.84 (222.84.9.84)
Destination: 192.168.0.121 (192.168.0.121)
User Datagram Protocol, Src Port: 6881 (6881), Dst Port: 10273 (10273)
Source port: 6881 (6881)
Destination port: 10273 (10273)
Length: 109
Checksum: 0x583c [correct]
[Good Checksum: True]
[Bad Checksum: False]
Data (101 bytes)
0000 00 14 85 26 c7 6b 00 1b fc de 30 34 08 00 45 00 ...&.k....04..E.
0010 00 81 e0 f6 00 00 74 11 bc ab de 54 09 54 c0 a8 ......t....T.T..
0020 00 79 1a e1 28 21 00 6d 58 3c 64 31 3a 61 64 32 .y..(!.mX<d1:ad2
0030 3a 69 64 32 30 3a f6 48 43 07 02 75 7b 25 5e 65 :id20:.HC..u{%^e
0040 20 f9 43 cf a6 da 74 75 8c b9 36 3a 74 61 72 67 .C...tu..6:targ
0050 65 74 32 30 3a f6 48 5a 98 52 da 58 8a 59 6d 89 et20:.HZ.R.X.Ym.
0060 71 b6 71 ab cb 67 b5 8e b5 65 31 3a 71 39 3a 66 q.q..g...e1:q9:f
0070 69 6e 64 5f 6e 6f 64 65 31 3a 74 32 3a 06 a8 31 ind_node1:t2:..1
0080 3a 76 34 3a 4c 54 01 07 31 3a 79 31 3a 71 65 :v4:LT..1:y1:qe
No. Time Source Destination Protocol Info
167315 371.362048 192.168.0.116 192.168.0.1 TCP 2869 > 1148 [SYN, ACK] Seq=0 Ack=1 Win=64260 Len=0 MSS=1260
Frame 167315 (58 bytes on wire, 58 bytes captured)
Arrival Time: Jan 12, 2008 21:31: 17.352491000
[Time delta from previous packet: 0.000414000 seconds]
[Time since reference or first frame: 371.362048000 seconds]
Frame Number: 167315
Packet Length: 58 bytes
Capture Length: 58 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.116 (192.168.0.116), Dst: 192.168.0.1 (192.168.0.1 )
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 44
Identification: 0x27a0 (10144)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x5166 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.116 (192.168.0.116)
Destination: 192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 2869 (2869), Dst Port: 1148 (1148), Seq: 0, Ack: 1, Len: 0
Source port: 2869 (2869)
Destination port: 1148 (1148)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 24 bytes
Flags: 0x12 (SYN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 64260
Checksum: 0x8363 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (4 bytes)
Maximum segment size: 1260 bytes
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 2c 27 a0 40 00 80 06 51 66 c0 a8 00 74 c0 a8 .,'[email protected]..
0020 00 01 0b 35 04 7c 19 22 e5 dd 00 42 89 bd 60 12 ...5.|."...B..`.
0030 fb 04 83 63 00 00 02 04 04 ec ...c......
No. Time Source Destination Protocol Info
167316 371.362325 192.168.0.116 192.168.0.1 TCP 2869 > 1148 [SYN, ACK] Seq=0 Ack=1 Win=64260 Len=0 MSS=1260
Frame 167316 (58 bytes on wire, 58 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.352768000
[Time delta from previous packet: 0.000277000 seconds]
[Time since reference or first frame: 371.362325000 seconds]
Frame Number: 167316
Packet Length: 58 bytes
Capture Length: 58 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.116 (192.168.0.116), Dst: 192.168.0.1 ( 192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 44
Identification: 0x27a0 (10144)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x5166 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.116 (192.168.0.116)
Destination: 192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 2869 (2869), Dst Port: 1148 (1148), Seq: 0, Ack: 1, Len: 0
Source port: 2869 (2869)
Destination port: 1148 (1148)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 24 bytes
Flags: 0x12 (SYN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 64260
Checksum: 0x8363 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (4 bytes)
Maximum segment size: 1260 bytes
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 2c 27 a0 40 00 80 06 51 66 c0 a8 00 74 c0 a8 .,'[email protected]..
0020 00 01 0b 35 04 7c 19 22 e5 dd 00 42 89 bd 60 12 ...5.|."...B..`.
0030 fb 04 83 63 00 00 02 04 04 ec ...c......
No. Time Source Destination Protocol Info
167317 371.363983 222.84.9.84 192.168.0.121 UDP Source port: 6881 Destination port: 10273
Frame 167317 (143 bytes on wire, 143 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.354426000
[Time delta from previous packet: 0.001658000 seconds]
[Time since reference or first frame: 371.363983000 seconds]
Frame Number: 167317
Packet Length: 143 bytes
Capture Length: 143 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:data]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Destination: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 222.84.9.84 (222.84.9.84), Dst: 192.168.0.121 (192.168.0.121 )
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 129
Identification: 0xe0f6 (57590)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 116
Protocol: UDP (0x11)
Header checksum: 0xbcab [correct]
[Good: True]
[Bad : False]
Source: 222.84.9.84 (222.84.9.84)
Destination: 192.168.0.121 (192.168.0.121)
User Datagram Protocol, Src Port: 6881 (6881), Dst Port: 10273 (10273)
Source port: 6881 (6881)
Destination port: 10273 (10273)
Length: 109
Checksum: 0x583c [correct]
[Good Checksum: True]
[Bad Checksum: False]
Data (101 bytes)
0000 00 14 85 26 c7 6b 00 1b fc de 30 34 08 00 45 00 ...&.k....04..E.
0010 00 81 e0 f6 00 00 74 11 bc ab de 54 09 54 c0 a8 ......t....T.T..
0020 00 79 1a e1 28 21 00 6d 58 3c 64 31 3a 61 64 32 .y..(!.mX<d1:ad2
0030 3a 69 64 32 30 3a f6 48 43 07 02 75 7b 25 5e 65 :id20:.HC..u{%^e
0040 20 f9 43 cf a6 da 74 75 8c b9 36 3a 74 61 72 67 .C...tu..6:targ
0050 65 74 32 30 3a f6 48 5a 98 52 da 58 8a 59 6d 89 et20:.HZ.R.X.Ym.
0060 71 b6 71 ab cb 67 b5 8e b5 65 31 3a 71 39 3a 66 q.q..g...e1:q9:f
0070 69 6e 64 5f 6e 6f 64 65 31 3a 74 32 3a 06 a8 31 ind_node1:t2:..1
0080 3a 76 34 3a 4c 54 01 07 31 3a 79 31 3a 71 65 :v4:LT..1:y1:qe
No. Time Source Destination Protocol Info
167318 371.364569 192.168.0.1 192.168.0.116 TCP 1148 > 2869 [ACK] Seq=1 Ack=1 Win=8192 Len=0
Frame 167318 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.355012000
[Time delta from previous packet: 0.000586000 seconds]
[Time since reference or first frame: 371.364569000 seconds]
Frame Number: 167318
Packet Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: D-Link_14:f0:88 (00:13:46:14:f0:88), Dst: 192.168.0.116 (00:1b:fc:de:30:34)
Destination: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.1 (192.168.0.1), Dst: 192.168.0.116 ( 192.168.0.116)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x25ac (9644)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: TCP (0x06)
Header checksum: 0x945e [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.1 (192.168.0.1)
Destination: 192.168.0.116 (192.168.0.116)
Transmission Control Protocol, Src Port: 1148 (1148), Dst Port: 2869 (2869), Seq: 1, Ack: 1, Len: 0
Source port: 1148 (1148)
Destination port: 2869 (2869)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8192
Checksum: 0x755d [correct]
[Good Checksum: True]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 167307]
[The RTT to ACK the segment was: 0.314494000 seconds]
0000 00 1b fc de 30 34 00 13 46 14 f0 88 08 00 45 00 ....04..F.....E.
0010 00 28 25 ac 00 00 7f 06 94 5e c0 a8 00 01 c0 a8 .(%......^......
0020 00 74 04 7c 0b 35 00 42 89 bd 19 22 e5 de 50 10 .t.|.5.B..."..P.
0030 20 00 75 5d 00 00 .u]..
No. Time Source Destination Protocol Info
167319 371.364681 218.81.146.24 192.168.0.121 UDP Source port: 9262 Destination port: 10273
Frame 167319 (140 bytes on wire, 140 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.355124000
[Time delta from previous packet: 0.000112000 seconds]
[Time since reference or first frame: 371.364681000 seconds]
Frame Number: 167319
Packet Length: 140 bytes
Capture Length: 140 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:data]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Destination: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 218.81.146.24 ( 218.81.146.24), Dst: 192.168.0.121 (192.168.0.121)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 126
Identification: 0x6dd2 (28114)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 53
Protocol: UDP (0x11)
Header checksum: 0xea11 [correct]
[Good: True]
[Bad : False]
Source: 218.81.146.24 (218.81.146.24)
Destination: 192.168.0.121 (192.168.0.121)
User Datagram Protocol, Src Port: 9262 (9262), Dst Port: 10273 (10273)
Source port: 9262 (9262)
Destination port: 10273 (10273)
Length: 106
Checksum: 0x66ea [correct]
[Good Checksum: True]
[Bad Checksum: False]
Data (98 bytes)
0000 00 14 85 26 c7 6b 00 1b fc de 30 34 08 00 45 00 ...&.k....04..E.
0010 00 7e 6d d2 00 00 35 11 ea 11 da 51 92 18 c0 a8 .~m...5....Q....
0020 00 79 24 2e 28 21 00 6a 66 ea 64 31 3a 61 64 32 .y$.(!.jf.d1:ad2
0030 3a 69 64 32 30 3a 09 a3 3d ea 65 9c 71 37 06 61 :id20:..=.e.q7.a
0040 68 be 6a 8b 28 00 5f c0 91 eb 36 3a 74 61 72 67 h.j.(._...6:targ
0050 65 74 32 30 3a f6 5c c2 15 9a 63 8e c8 f9 9e 97 et20:.\...c.....
0060 41 95 74 d7 ff a0 3f 6e 13 65 31 3a 71 39 3a 66 A.t...?n.e1:q9:f
0070 69 6e 64 5f 6e 6f 64 65 31 3a 74 38 3a 2b 99 86 ind_node1:t8:+..
0080 2c a5 bc 76 48 31 3a 79 31 3a 71 65 ,..vH1:y1:qe
No. Time Source Destination Protocol Info
167320 371.365608 192.168.0.1 192.168.0.116 TCP 1148 > 2869 [PSH, ACK] Seq=1 Ack=1 Win=8192 Len=503
Frame 167320 (557 bytes on wire, 557 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.356051000
[Time delta from previous packet: 0.000927000 seconds]
[Time since reference or first frame: 371.365608000 seconds]
Frame Number: 167320
Packet Length: 557 bytes
Capture Length: 557 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:data]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: D-Link_14:f0:88 (00:13:46:14:f0:88), Dst: 192.168.0.116 (00:1b:fc:de:30:34)
Destination: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.1 (192.168.0.1), Dst: 192.168.0.116 ( 192.168.0.116)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 543
Identification: 0x25ad (9645)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: TCP (0x06)
Header checksum: 0x9266 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.1 (192.168.0.1)
Destination: 192.168.0.116 (192.168.0.116)
Transmission Control Protocol, Src Port: 1148 (1148), Dst Port: 2869 (2869), Seq: 1, Ack: 1, Len: 503
Source port: 1148 (1148)
Destination port: 2869 (2869)
Sequence number: 1 (relative sequence number)
[Next sequence number: 504 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8192
Checksum: 0xfb82 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Data (503 bytes)
0000 00 1b fc de 30 34 00 13 46 14 f0 88 08 00 45 00 ....04..F.....E.
0010 02 1f 25 ad 00 00 7f 06 92 66 c0 a8 00 01 c0 a8 ..%......f......
0020 00 74 04 7c 0b 35 00 42 89 bd 19 22 e5 de 50 18 .t.|.5.B..."..P.
0030 20 00 fb 82 00 00 4e 4f 54 49 46 59 20 2f 75 70 .....NOTIFY /up
0040 6e 70 2f 65 76 65 6e 74 69 6e 67 2f 6c 62 64 7a np/eventing/lbdz
0050 75 71 6e 70 6f 62 20 48 54 54 50 2f 31 2e 31 0d uqnpob HTTP/1.1.
0060 0a 48 4f 53 54 3a 20 31 39 32 2e 31 36 38 2e 30 .HOST: 192.168.0
0070 2e 31 31 36 3a 32 38 36 39 0d 0a 43 4f 4e 54 45 .116:2869..CONTE
0080 4e 54 2d 54 59 50 45 3a 20 74 65 78 74 2f 78 6d NT-TYPE: text/xm
0090 6c 0d 0a 43 4f 4e 54 45 4e 54 2d 4c 45 4e 47 54 l..CONTENT-LENGT
00a0 48 3a 20 32 39 38 0d 0a 4e 54 3a 20 75 70 6e 70 H: 298..NT: upnp
00b0 3a 65 76 65 6e 74 0d 0a 4e 54 53 3a 20 75 70 6e :event..NTS: upn
00c0 70 3a 70 72 6f 70 63 68 61 6e 67 65 0d 0a 53 49 p:propchange..SI
00d0 44 3a 20 75 75 69 64 3a 30 30 2d 31 33 2d 34 36 D: uuid:00-13-46
00e0 2d 31 34 2d 66 30 2d 38 38 2d 30 31 61 63 37 38 -14-f0-88-01ac78
00f0 34 37 63 65 65 31 0d 0a 53 45 51 3a 20 33 35 0d 47cee1..SEQ: 35.
0100 0a 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e ...<?xml version
0110 3d 22 31 2e 30 22 3f 3e 0d 0a 3c 65 3a 70 72 6f =" 1.0"?>..<e:pro
0120 70 65 72 74 79 73 65 74 20 78 6d 6c 6e 73 3a 65 pertyset xmlns:e
0130 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 ="urn:schemas-up
0140 6e 70 2d 6f 72 67 3a 65 76 65 6e 74 2d 31 2d 30 np-org:event-1-0
0150 22 20 78 6d 6c 6e 73 3a 73 3d 22 75 72 6e 3a 73 " xmlns:s="urn:s
0160 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a chemas-upnp-org:
0170 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e service:WANIPCon
0180 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 65 3a 70 72 nection:1"><e:pr
0190 6f 70 65 72 74 79 3e 3c 73 3a 50 6f 72 74 4d 61 operty><s:PortMa
01a0 70 70 69 6e 67 4e 75 6d 62 65 72 4f 66 45 6e 74 ppingNumberOfEnt
01b0 72 69 65 73 20 78 6d 6c 6e 73 3a 64 74 3d 22 75 ries xmlns:dt="u
01c0 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f rn:schemas-micro
01d0 73 6f 66 74 2d 63 6f 6d 3a 64 61 74 61 74 79 70 soft-com:datatyp
01e0 65 73 22 20 64 74 3a 64 74 3d 22 75 69 32 22 3e es" dt:dt="ui2">
01f0 30 3c 2f 73 3a 50 6f 72 74 4d 61 70 70 69 6e 67 0</s:PortMapping
0200 4e 75 6d 62 65 72 4f 66 45 6e 74 72 69 65 73 3e NumberOfEntries>
0210 3c 2f 65 3a 70 72 6f 70 65 72 74 79 3e 3c 2f 65 </e:property></e
0220 3a 70 72 6f 70 65 72 74 79 73 65 74 3e :propertyset>
No. Time Source Destination Protocol Info
167321 371.366456 61.173.111.180 192.168.0.121 UDP Source port: 1586 Destination port: 10273
Frame 167321 (140 bytes on wire, 140 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.356899000
[Time delta from previous packet: 0.000848000 seconds]
[Time since reference or first frame: 371.366456000 seconds]
Frame Number: 167321
Packet Length: 140 bytes
Capture Length: 140 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:data]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Destination: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 61.173.111.180 (61.173.111.180), Dst: 192.168.0.121 (192.168.0.121 )
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 126
Identification: 0xf30f (62223)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 116
Protocol: UDP (0x11)
Header checksum: 0xe4dc [correct]
[Good: True]
[Bad : False]
Source: 61.173.111.180 (61.173.111.180)
Destination: 192.168.0.121 (192.168.0.121)
User Datagram Protocol, Src Port: 1586 (1586), Dst Port: 10273 (10273)
Source port: 1586 (1586)
Destination port: 10273 (10273)
Length: 106
Checksum: 0x0f9d [correct]
[Good Checksum: True]
[Bad Checksum: False]
Data (98 bytes)
0000 00 14 85 26 c7 6b 00 1b fc de 30 34 08 00 45 00 ...&.k....04..E.
0010 00 7e f3 0f 00 00 74 11 e4 dc 3d ad 6f b4 c0 a8 .~....t...=.o...
0020 00 79 06 32 28 21 00 6a 0f 9d 64 31 3a 61 64 32 .y.2(!.j..d1:ad2
0030 3a 69 64 32 30 3a 09 ab 05 24 6c 19 39 53 c6 99 :id20:...$l.9S..
0040 4b a5 72 ef 80 a3 e7 7f 3b 6d 36 3a 74 61 72 67 K.r.....;m6:targ
0050 65 74 32 30 3a f6 54 fa db 93 e6 c6 ac 39 66 b4 et20:.T......9f.
0060 5a 8d 10 7f 5c 18 80 c4 91 65 31 3a 71 39 3a 66 Z...\....e1:q9:f
0070 69 6e 64 5f 6e 6f 64 65 31 3a 74 38 3a 71 44 93 ind_node1:t8:qD.
0080 97 e3 63 c0 36 31 3a 79 31 3a 71 65 ..c.61:y1:qe
No. Time Source Destination Protocol Info
167322 371.367993 192.168.0.1 192.168.0.116 TCP [TCP Dup ACK 167320#1] 1148 > 2869 [ACK] Seq=504 Ack=1 Win=8192 Len=0
Frame 167322 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.358436000
[Time delta from previous packet: 0.001537000 seconds]
[Time since reference or first frame: 371.367993000 seconds]
Frame Number: 167322
Packet Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: D-Link_14:f0:88 (00:13:46:14:f0:88), Dst: 192.168.0.116 (00:1b:fc:de:30:34)
Destination: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.1 (192.168.0.1), Dst: 192.168.0.116 ( 192.168.0.116)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x25ae (9646)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: TCP (0x06)
Header checksum: 0x945c [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.1 (192.168.0.1)
Destination: 192.168.0.116 (192.168.0.116)
Transmission Control Protocol, Src Port: 1148 (1148), Dst Port: 2869 (2869), Seq: 504, Ack: 1, Len: 0
Source port: 1148 (1148)
Destination port: 2869 (2869)
Sequence number: 504 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8192
Checksum: 0x7366 [correct]
[Good Checksum: True]
[Bad Checksum: False]
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This is a TCP duplicate ack]
[Duplicate ACK #: 1]
[Duplicate to the ACK in frame: 167320]
0000 00 1b fc de 30 34 00 13 46 14 f0 88 08 00 45 00 ....04..F.....E.
0010 00 28 25 ae 00 00 7f 06 94 5c c0 a8 00 01 c0 a8 .(%......\......
0020 00 74 04 7c 0b 35 00 42 8b b4 19 22 e5 de 50 10 .t.|.5.B..."..P.
0030 20 00 73 66 00 00 .sf..
No. Time Source Destination Protocol Info
167323 371.370087 218.83.77.47 192.168.0.121 TCP [TCP Dup ACK 166894#5] 8457 > 2358 [ACK] Seq=374 Ack=271920 Win=64487 Len=0 TSV=935900 TSER=140584 SLE=272444 SRE=273492
Frame 167323 (78 bytes on wire, 78 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.360530000
[Time delta from previous packet: 0.002094000 seconds]
[Time since reference or first frame: 371.370087000 seconds]
Frame Number: 167323
Packet Length: 78 bytes
Capture Length: 78 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Destination: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 218.83.77.47 (218.83.77.47), Dst: 192.168.0.121 ( 192.168.0.121)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 64
Identification: 0x4f54 (20308)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 117
Protocol: TCP (0x06)
Header checksum: 0xcdbf [correct]
[Good: True]
[Bad : False]
Source: 218.83.77.47 (218.83.77.47)
Destination: 192.168.0.121 (192.168.0.121)
Transmission Control Protocol, Src Port: 8457 (8457), Dst Port: 2358 (2358), Seq: 374, Ack: 271920, Len: 0
Source port: 8457 (8457)
Destination port: 2358 (2358)
Sequence number: 374 (relative sequence number)
Acknowledgement number: 271920 (relative ack number)
Header length: 44 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64487
Checksum: 0xb473 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (24 bytes)
NOP
NOP
Timestamps: TSval 935900, TSecr 140584
NOP
NOP
SACK: 272444-273492
left edge = 272444 (relative)
right edge = 273492 (relative)
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This is a TCP duplicate ack]
[Duplicate ACK #: 5]
[Duplicate to the ACK in frame: 166894]
0000 00 14 85 26 c7 6b 00 1b fc de 30 34 08 00 45 00 ...&.k....04..E.
0010 00 40 4f 54 40 00 75 06 cd bf da 53 4d 2f c0 a8 .@OT@xxxxxxxx/..
0020 00 79 21 09 09 36 ee b0 3a 7b d6 e1 1e 1b b0 10 .y!..6..:{......
0030 fb e7 b4 73 00 00 01 01 08 0a 00 0e 47 dc 00 02 ...s........G...
0040 25 28 01 01 05 0a d6 e1 20 27 d6 e1 24 3f %(...... '..$?
No. Time Source Destination Protocol Info
167324 371.373871 192.168.0.1 192.168.0.116 TCP 1148 > 2869 [ACK] Seq=1 Ack=1 Win=8192 Len=0
Frame 167324 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jan 12, 2008 21:31: 17.364314000
[Time delta from previous packet: 0.003784000 seconds]
[Time since reference or first frame: 371.373871000 seconds]
Frame Number: 167324
Packet Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: 0c:0c:0c:0c:0c:01 (0c:0c:0c:0c:0c:01)
Destination: 0c:0c:0c:0c:0c:01 (0c:0c:0c:0c:0c:01)
Address: 0c:0c:0c:0c:0c:01 (0c:0c:0c:0c:0c:01)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.1 ( 192.168.0.1), Dst: 192.168.0.116 (192.168.0.116)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x25ac (9644)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: TCP (0x06)
Header checksum: 0x945e [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.1 (192.168.0.1)
Destination: 192.168.0.116 (192.168.0.116)
Transmission Control Protocol, Src Port: 1148 (1148), Dst Port: 2869 (2869), Seq: 1, Ack: 1, Len: 0
Source port: 1148 (1148)
Destination port: 2869 (2869)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8192
Checksum: 0x755d [correct]
[Good Checksum: True]
[Bad Checksum: False]
0000 0c 0c 0c 0c 0c 01 00 1b fc de 30 34 08 00 45 00 ..........04..E.
0010 00 28 25 ac 00 00 7f 06 94 5e c0 a8 00 01 c0 a8 .(%......^......
0020 00 74 04 7c 0b 35 00 42 89 bd 19 22 e5 de 50 10 .t.|.5.B..."..P.
0030 20 00 75 5d 00 00 .u]..
No. Time Source Destination Protocol Info
167325 371.374204 192.168.0.1 192.168.0.116 TCP [TCP Retransmission] 1148 > 2869 [PSH, ACK] Seq=1 Ack=1 Win=8192 Len=503
Frame 167325 (557 bytes on wire, 557 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.364647000
[Time delta from previous packet: 0.000333000 seconds]
[Time since reference or first frame: 371.374204000 seconds]
Frame Number: 167325
Packet Length: 557 bytes
Capture Length: 557 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:data]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: 0c:0c:0c:0c:0c:01 (0c:0c:0c:0c:0c:01)
Destination: 0c:0c:0c:0c:0c:01 (0c:0c:0c:0c:0c:01)
Address: 0c:0c:0c:0c:0c:01 (0c:0c:0c:0c:0c:01)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.1 ( 192.168.0.1), Dst: 192.168.0.116 (192.168.0.116)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 543
Identification: 0x25ad (9645)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: TCP (0x06)
Header checksum: 0x9266 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.1 (192.168.0.1)
Destination: 192.168.0.116 (192.168.0.116)
Transmission Control Protocol, Src Port: 1148 (1148), Dst Port: 2869 (2869), Seq: 1, Ack: 1, Len: 503
Source port: 1148 (1148)
Destination port: 2869 (2869)
Sequence number: 1 (relative sequence number)
[Next sequence number: 504 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8192
Checksum: 0xfb82 [correct]
[Good Checksum: True]
[Bad Checksum: False]
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This frame is a (suspected) retransmission]
[The RTO for this segment was: 0.008596000 seconds]
[RTO based on delta from frame: 167320]
Data (503 bytes)
0000 0c 0c 0c 0c 0c 01 00 1b fc de 30 34 08 00 45 00 ..........04..E.
0010 02 1f 25 ad 00 00 7f 06 92 66 c0 a8 00 01 c0 a8 ..%......f......
0020 00 74 04 7c 0b 35 00 42 89 bd 19 22 e5 de 50 18 .t.|.5.B..."..P.
0030 20 00 fb 82 00 00 4e 4f 54 49 46 59 20 2f 75 70 .....NOTIFY /up
0040 6e 70 2f 65 76 65 6e 74 69 6e 67 2f 6c 62 64 7a np/eventing/lbdz
0050 75 71 6e 70 6f 62 20 48 54 54 50 2f 31 2e 31 0d uqnpob HTTP/1.1.
0060 0a 48 4f 53 54 3a 20 31 39 32 2e 31 36 38 2e 30 .HOST: 192.168.0
0070 2e 31 31 36 3a 32 38 36 39 0d 0a 43 4f 4e 54 45 .116:2869..CONTE
0080 4e 54 2d 54 59 50 45 3a 20 74 65 78 74 2f 78 6d NT-TYPE: text/xm
0090 6c 0d 0a 43 4f 4e 54 45 4e 54 2d 4c 45 4e 47 54 l..CONTENT-LENGT
00a0 48 3a 20 32 39 38 0d 0a 4e 54 3a 20 75 70 6e 70 H: 298..NT: upnp
00b0 3a 65 76 65 6e 74 0d 0a 4e 54 53 3a 20 75 70 6e :event..NTS: upn
00c0 70 3a 70 72 6f 70 63 68 61 6e 67 65 0d 0a 53 49 p:propchange..SI
00d0 44 3a 20 75 75 69 64 3a 30 30 2d 31 33 2d 34 36 D: uuid:00-13-46
00e0 2d 31 34 2d 66 30 2d 38 38 2d 30 31 61 63 37 38 -14-f0-88-01ac78
00f0 34 37 63 65 65 31 0d 0a 53 45 51 3a 20 33 35 0d 47cee1..SEQ: 35.
0100 0a 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e ...<?xml version
0110 3d 22 31 2e 30 22 3f 3e 0d 0a 3c 65 3a 70 72 6f =" 1.0"?>..<e:pro
0120 70 65 72 74 79 73 65 74 20 78 6d 6c 6e 73 3a 65 pertyset xmlns:e
0130 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 ="urn:schemas-up
0140 6e 70 2d 6f 72 67 3a 65 76 65 6e 74 2d 31 2d 30 np-org:event-1-0
0150 22 20 78 6d 6c 6e 73 3a 73 3d 22 75 72 6e 3a 73 " xmlns:s="urn:s
0160 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a chemas-upnp-org:
0170 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e service:WANIPCon
0180 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 65 3a 70 72 nection:1"><e:pr
0190 6f 70 65 72 74 79 3e 3c 73 3a 50 6f 72 74 4d 61 operty><s:PortMa
01a0 70 70 69 6e 67 4e 75 6d 62 65 72 4f 66 45 6e 74 ppingNumberOfEnt
01b0 72 69 65 73 20 78 6d 6c 6e 73 3a 64 74 3d 22 75 ries xmlns:dt="u
01c0 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f rn:schemas-micro
01d0 73 6f 66 74 2d 63 6f 6d 3a 64 61 74 61 74 79 70 soft-com:datatyp
01e0 65 73 22 20 64 74 3a 64 74 3d 22 75 69 32 22 3e es" dt:dt="ui2">
01f0 30 3c 2f 73 3a 50 6f 72 74 4d 61 70 70 69 6e 67 0</s:PortMapping
0200 4e 75 6d 62 65 72 4f 66 45 6e 74 72 69 65 73 3e NumberOfEntries>
0210 3c 2f 65 3a 70 72 6f 70 65 72 74 79 3e 3c 2f 65 </e:property></e
0220 3a 70 72 6f 70 65 72 74 79 73 65 74 3e :propertyset>
No. Time Source Destination Protocol Info
167326 371.375265 192.168.0.121 218.83.77.47 TCP [TCP Fast Retransmission] 2358 > 8457 [ACK] Seq=271920 Ack=374 Win=8266 Len=512 TSV=140609 TSER=935900
Frame 167326 (578 bytes on wire, 578 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.365708000
[Time delta from previous packet: 0.001061000 seconds]
[Time since reference or first frame: 371.375265000 seconds]
Frame Number: 167326
Packet Length: 578 bytes
Capture Length: 578 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:data]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.121 (192.168.0.121), Dst: 218.83.77.47 ( 218.83.77.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 564
Identification: 0x1b54 (6996)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x74cc [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.121 (192.168.0.121)
Destination: 218.83.77.47 (218.83.77.47)
Transmission Control Protocol, Src Port: 2358 (2358), Dst Port: 8457 (8457), Seq: 271920, Ack: 374, Len: 512
Source port: 2358 (2358)
Destination port: 8457 (8457)
Sequence number: 271920 (relative sequence number)
[Next sequence number: 272432 (relative sequence number)]
Acknowledgement number: 374 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8266
Checksum: 0xff8c [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 140609, TSecr 935900
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 167313]
[The RTT to ACK the segment was: 0.019928000 seconds]
[TCP Analysis Flags]
[This frame is a (suspected) fast retransmission]
[This frame is a (suspected) retransmission]
Data (512 bytes)
0000 00 13 46 14 f0 88 00 14 85 26 c7 6b 08 00 45 00 ..F......&.k..E.
0010 02 34 1b 54 00 00 40 06 74 cc c0 a8 00 79 da 53 [email protected]
0020 4d 2f 09 36 21 09 d6 e1 1e 1b ee b0 3a 7b 80 10 M/.6!.......:{..
0030 20 4a ff 8c 00 00 01 01 08 0a 00 02 25 41 00 0e J..........%A..
0040 47 dc 29 af 99 3c ea 30 a7 78 e1 ac 4f 98 6b fb G.)..<.0.x..O.k.
0050 13 90 5f fc d2 b0 54 30 52 43 83 c5 52 36 1d d2 .._...T0RC..R6..
0060 4a 71 10 41 16 9e 54 a4 14 7b c9 77 c1 ac 40 75 Jq.A..T..{.w..@u
0070 14 20 f1 b2 4c ec 91 94 b3 ae 12 55 c2 3e 75 3d . ..L......U.>u=
0080 c0 69 52 95 85 d9 11 c0 6e 49 c2 d7 6e 78 05 99 .iR.....nI..nx..
0090 85 eb a8 3c ab 28 9b b4 23 c2 6e 79 fa 3a 11 74 ...<.(..#.ny.:.t
00a0 5f e1 01 a1 20 40 48 27 15 80 d4 45 e2 88 60 5e _... @H'...E..`^
00b0 c6 0d cc 3f 72 e4 2d a9 4a 39 59 b2 53 2c 8f c1 ...?r.-.J9Y.S,..
00c0 d3 36 ea 6c 1a a5 2a 6c 3c 40 ed 06 89 54 28 17 .6.l..*l<@...T(.
00d0 2c a4 84 c6 41 34 0d 42 9c 3f 4c f6 42 7e 2f bf ,...A4.B.?L.B~/.
00e0 02 b6 e6 d7 cc 37 c9 d7 c2 0c 3d ed f9 1b 28 7a .....7....=...(z
00f0 54 67 e4 c1 3f bd 7a c7 4d 8a 0b 67 ef 62 8f 96 Tg..?.z.M..g.b..
0100 4f 23 b1 38 5e 5c 97 20 c8 32 6d da 72 31 67 fe O#.8^\. .2m.r1g.
0110 a7 ee 87 ec c8 e3 99 77 80 07 d8 92 99 72 8d 8d .......w.....r..
0120 2f 64 87 f3 b0 32 78 aa 45 dc 25 bd af 27 8f 3f /d...2x.E.%..'.?
0130 b3 27 ba 38 da a8 74 14 9d ad 0e 25 86 28 a2 c4 .'.8..t....%.(..
0140 d1 2a 3c b0 9a 2f 66 37 36 85 bc 10 a5 1a be 45 .*<../f76......E
0150 98 1a b2 b3 54 33 89 2c aa c3 a5 63 38 30 f2 65 ....T3.,...c80.e
0160 a1 2b 2a 09 8d 29 85 27 b2 ee fa 6f 1a 67 12 60 .+*..).'...o.g.`
0170 94 d1 af 7b f2 dd d3 b4 0a ad 96 b8 8d 00 c7 d3 ...{............
0180 5f 65 60 02 33 8d ed 36 9b 93 39 31 ba 6c 36 eb _e`.3..6..91.l6.
0190 43 42 86 17 db 1d 3f 9f 6d 56 b1 e9 73 fa 63 0f CB....?.mV..s.c.
01a0 2f e1 a5 6d 57 ad bf 34 8e 14 47 cc 5f 8c 02 4a /..mW..4..G._..J
01b0 bb 16 c8 a2 05 48 64 49 23 87 3c a1 33 1c 19 e7 .....HdI#.<.3...
01c0 78 35 36 57 7d 5a 73 2a 92 76 a3 45 cd 76 0c 16 x56W}Zs*.v.E.v..
01d0 42 9c d1 95 2e 36 5e 55 36 04 b1 03 5a f3 a4 0a B....6^U6...Z...
01e0 4e 2f 41 79 cc cc 31 94 e7 78 27 d0 ac e2 91 11 N/Ay..1..x'.....
01f0 ed e0 d5 2d 9d 2c b2 52 99 88 eb 10 24 0c 88 20 ...-.,.R....$..
0200 56 bd 80 70 fa 6e 52 7d 9a df bd f3 f0 5d cd f3 V..p.nR}.....]..
0210 50 cf 7a ab 92 3d 79 d6 88 3e dc 79 e8 f8 ae a2 P.z..=y..>.y....
0220 01 24 68 f4 17 e3 e6 9d 9b 22 e6 ba 11 12 55 2a .$h......"....U*
0230 c9 ab 1f 61 09 4a 6c 1f f3 89 fb 85 d8 4c e6 b5 ...a.Jl......L..
0240 b1 ec ..
No. Time Source Destination Protocol Info
167327 371.375500 192.168.0.121 218.83.77.47 TCP [TCP Retransmission] 2358 > 8457 [ACK] Seq=272432 Ack=374 Win=8266 Len=12 TSV=140609 TSER=935900
Frame 167327 (78 bytes on wire, 78 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.365943000
[Time delta from previous packet: 0.000235000 seconds]
[Time since reference or first frame: 371.375500000 seconds]
Frame Number: 167327
Packet Length: 78 bytes
Capture Length: 78 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:data]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.121 (192.168.0.121), Dst: 218.83.77.47 ( 218.83.77.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 64
Identification: 0x1b55 (6997)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x76bf [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.121 (192.168.0.121)
Destination: 218.83.77.47 (218.83.77.47)
Transmission Control Protocol, Src Port: 2358 (2358), Dst Port: 8457 (8457), Seq: 272432, Ack: 374, Len: 12
Source port: 2358 (2358)
Destination port: 8457 (8457)
Sequence number: 272432 (relative sequence number)
[Next sequence number: 272444 (relative sequence number)]
Acknowledgement number: 374 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8266
Checksum: 0x9c6e [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 140609, TSecr 935900
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This frame is a (suspected) retransmission]
[The RTO for this segment was: 0.774594000 seconds]
[RTO based on delta from frame: 167271]
Data (12 bytes)
0000 00 13 46 14 f0 88 00 14 85 26 c7 6b 08 00 45 00 ..F......&.k..E.
0010 00 40 1b 55 00 00 40 06 76 bf c0 a8 00 79 da 53 [email protected][email protected]
0020 4d 2f 09 36 21 09 d6 e1 20 1b ee b0 3a 7b 80 10 M/.6!... ...:{..
0030 20 4a 9c 6e 00 00 01 01 08 0a 00 02 25 41 00 0e J.n........%A. .
0040 47 dc 39 62 89 7b a5 f4 43 5d 39 4b 34 44 G.9b.{..C]9K4D
No. Time Source Destination Protocol Info
167328 371.375579 192.168.0.1 192.168.0.116 TCP [TCP Dup ACK 167325#1] 1148 > 2869 [ACK] Seq=504 Ack=1 Win=8192 Len=0
Frame 167328 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jan 12, 2008 21:31: 17.366022000
[Time delta from previous packet: 0.000079000 seconds]
[Time since reference or first frame: 371.375579000 seconds]
Frame Number: 167328
Packet Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: 0c:0c:0c:0c:0c:01 (0c:0c:0c:0c:0c:01)
Destination: 0c:0c:0c:0c:0c:01 (0c:0c:0c:0c:0c:01)
Address: 0c:0c:0c:0c:0c:01 (0c:0c:0c:0c:0c:01)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.1 (192.168.0.1), Dst: 192.168.0.116 (192.168.0.116 )
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x25ae (9646)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: TCP (0x06)
Header checksum: 0x945c [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.1 (192.168.0.1)
Destination: 192.168.0.116 (192.168.0.116)
Transmission Control Protocol, Src Port: 1148 (1148), Dst Port: 2869 (2869), Seq: 504, Ack: 1, Len: 0
Source port: 1148 (1148)
Destination port: 2869 (2869)
Sequence number: 504 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8192
Checksum: 0x7366 [correct]
[Good Checksum: True]
[Bad Checksum: False]
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This is a TCP duplicate ack]
[Duplicate ACK #: 1]
[Duplicate to the ACK in frame: 167325]
0000 0c 0c 0c 0c 0c 01 00 1b fc de 30 34 08 00 45 00 ..........04..E.
0010 00 28 25 ae 00 00 7f 06 94 5c c0 a8 00 01 c0 a8 .(%......\......
0020 00 74 04 7c 0b 35 00 42 8b b4 19 22 e5 de 50 10 .t.|.5.B..."..P.
0030 20 00 73 66 00 00 .sf..
No. Time Source Destination Protocol Info
167329 371.397115 192.168.0.80 192.168.0.1 DNS Standard query PTR 7.56.210.221.in-addr.arpa
Frame 167329 (85 bytes on wire, 85 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.387558000
[Time delta from previous packet: 0.021536000 seconds]
[Time since reference or first frame: 371.397115000 seconds]
Frame Number: 167329
Packet Length: 85 bytes
Capture Length: 85 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 ( 192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 71
Identification: 0xf3c8 (62408)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc53b [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 51
Checksum: 0xe2df [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 167562]
Transaction ID: 0x4a4b
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
7.56.210.221.in-addr.arpa: type PTR, class IN
Name: 7.56.210.221.in-addr.arpa
Type: PTR (Domain name pointer)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 47 f3 c8 00 00 80 11 c5 3b c0 a8 00 50 c0 a8 .G.......;...P..
0020 00 01 04 9c 00 35 00 33 e2 df 4a 4b 01 00 00 01 .....5.3..JK....
0030 00 00 00 00 00 00 01 37 02 35 36 03 32 31 30 03 .......7.56.210.
0040 32 32 31 07 69 6e 2d 61 64 64 72 04 61 72 70 61 221.in-addr.arpa
0050 00 00 0c 00 01 .....
No. Time Source Destination Protocol Info
167330 371.426135 218.4.245.104 192.168.0.121 TCP 8492 > 2557 [ACK] Seq=89451 Ack=4919 Win=65417 Len=1440 TSV=1607158 TSER=140501
Frame 167330 (1506 bytes on wire, 1506 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.416578000
[Time delta from previous packet: 0.029020000 seconds]
[Time since reference or first frame: 371.426135000 seconds]
Frame Number: 167330
Packet Length: 1506 bytes
Capture Length: 1506 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:data]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: D-Link_14:f0:88 (00:13:46:14:f0:88), Dst: 192.168.0.116 (00:1b:fc:de:30:34)
Destination: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 218.4.245.104 (218.4.245.104), Dst: 192.168.0.121 ( 192.168.0.121)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1492
Identification: 0x0255 (597)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 115
Protocol: TCP (0x06)
Header checksum: 0x6f40 [correct]
[Good: True]
[Bad : False]
Source: 218.4.245.104 (218.4.245.104)
Destination: 192.168.0.121 (192.168.0.121)
Transmission Control Protocol, Src Port: 8492 (8492), Dst Port: 2557 (2557), Seq: 89451, Ack: 4919, Len: 1440
Source port: 8492 (8492)
Destination port: 2557 (2557)
Sequence number: 89451 (relative sequence number)
[Next sequence number: 90891 (relative sequence number)]
Acknowledgement number: 4919 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65417
Checksum: 0x9c21 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 1607158, TSecr 140501
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 162629]
[The RTT to ACK the segment was: 10.686461000 seconds]
Data (1440 bytes)
0000 00 1b fc de 30 34 00 13 46 14 f0 88 08 00 45 00 ....04..F.....E.
0010 05 d4 02 55 40 00 73 06 6f 40 da 04 f5 68 c0 a8 [email protected]@...h..
0020 00 79 21 2c 09 fd 5f e6 0b f2 0f 0e 24 91 80 10 .y!,.._.....$...
0030 ff 89 9c 21 00 00 01 01 08 0a 00 18 85 f6 00 02 ...!............
0040 24 d5 b6 ce b6 dd 8c d1 5c 8e 9e 79 a3 4c b0 65 $.......\..y.L.e
0050 b0 5a ab 3b 99 d0 ae 89 c9 ca 67 86 3a c4 82 59 .Z.;......g.:..Y
0060 b5 01 26 5b a8 8a ea 5c 05 cc 85 b8 ca b0 76 4a ..&[...\......vJ
0070 a0 25 24 b3 db 78 62 7a 97 3e b2 32 e6 74 9b 42 .%$..xbz.>.2.t.B
0080 67 5f 6c 9e 74 b0 79 1f eb f1 81 91 a7 36 94 49 g_l.t.y......6.I
0090 82 9c 68 aa 3c 11 c9 2c cd 5c e9 fb c2 7f dd 1f ..h.<..,.\......
00a0 a5 af ce 13 f5 36 9a cd 79 b8 9c 89 f9 6e 0a 15 .....6..y....n..
00b0 ee d7 28 e4 77 0b 77 b1 d1 b1 cc 36 c3 59 85 c7 ..(.w.w....6.Y..
00c0 ae 45 9d 73 7d 87 b4 ae 36 bc 01 9e ec 35 09 7c .E.s}...6....5.|
00d0 1b 86 51 d6 0b 4e e5 c4 05 a7 ce 64 38 03 7b 21 ..Q..N.....d8.{!
00e0 ad ca 54 1d ac 32 65 be 86 16 b9 a5 7a 85 f3 16 ..T..2e.....z...
00f0 d1 52 be 65 a3 3a 4b 7b 21 e9 8c 55 da ea 07 65 .R.e.:K{!..U...e
0100 c8 bf 76 c0 9a 4e f9 b5 b3 4d 5a fb 70 3f 90 35 ..v..N...MZ.p?.5
0110 f9 d0 16 af 99 3a 3e b2 c7 ab f0 81 ab 1f 99 35 .....:>........5
0120 21 75 ab aa 28 2c c6 d2 31 d4 68 19 7e 70 92 c4 !u..(,..1.h.~p..
0130 b9 10 2b b7 e2 cd 76 b5 fc 5d d7 87 4a 7f 67 eb ..+...v..]..J.g.
0140 13 ac 8f 78 0b 31 15 ff 26 e1 92 87 44 8e b0 0b ...x.1..&...D...
0150 1f 69 55 db 9f 3f 0d 9a 0f c3 08 ed db c8 53 24 .iU..?........S$
0160 30 b7 85 5d 69 45 5e 5e aa 2d 8b 51 2b b8 5f 38 0..]iE^^.-.Q+._8
0170 de ff f6 26 43 e9 d1 3b 63 fd 88 5e 00 73 4c ec ...&C..;c..^.sL.
0180 f4 fd a7 09 54 83 d8 dc e5 4a 77 44 c6 c3 29 c0 ....T....JwD..).
0190 91 ab 4d 69 62 7c ee 43 93 1e 12 e4 32 4b 99 ea ..Mib|.C....2K..
01a0 f8 8c 91 31 90 63 b7 9c 95 ce c6 1a 23 15 c7 fc ...1.c......#...
01b0 11 4e 56 86 73 63 f3 a0 00 d1 ed cf 03 81 75 05 .NV.sc........u.
01c0 95 a9 e2 fd 28 3f ff dd c6 09 40 5b c2 dd 82 e0 ....(?....@[....
01d0 55 8e 4a d3 33 36 d8 b4 0a e8 68 87 9e e4 a3 a6 U.J.36....h.... .
01e0 16 ca c6 0a 8b e2 17 c5 3d 18 60 5c 21 91 ea 59 ........=.`\!..Y
01f0 7e c1 e1 c2 0d fe 8e 50 dd 8a 15 37 77 d5 c0 28 ~......P...7w..(
0200 4d bf a7 10 37 b3 5e 54 47 30 25 3e 95 ca f4 f3 M...7.^TG0%>....
0210 dc 59 73 fe 55 d2 d2 07 79 ac 1e 3b c2 c7 05 bf .Ys.U...y..;....
0220 6e b8 54 ff e8 b7 7f 5d ef bf 0f 42 10 5d c9 3e n.T....]...B.].>
0230 80 5a 29 8f 12 a3 2a 7c 21 8b b2 65 38 7e eb 84 .Z)...*|!..e8~..
0240 74 15 f6 b3 c9 6f c7 62 1e c4 0b cd 27 58 e0 f4 t....o.b....'X..
0250 e9 56 60 76 a5 e4 16 4b 96 20 ec e9 1d fa 86 82 .V`v...K. ......
0260 2b ca 0d 17 ca 2b ad 40 8a 4d ed 8f 8d 89 a2 78 [email protected]
0270 dc 02 07 69 a6 8e 11 46 95 b2 0d f5 2d 16 78 86 ...i...F....-.x.
0280 39 39 33 04 7d a3 e3 a0 5c ba 09 6c d8 49 aa 12 993.}...\..l.I..
0290 0e a7 6d ee e0 20 05 8e 05 1d 96 87 af 7b 56 b7 ..m.. .......{V.
02a0 16 6e b3 ed 84 ef 3b 9f 11 47 af 2f 63 9d c0 7f .n....;..G./c...
02b0 76 30 18 66 77 54 36 ec 88 58 ad ed c8 33 51 2c v0.fwT6..X...3Q,
02c0 22 f2 7f 45 34 49 5b ae d2 68 eb 8f ec 68 57 14 "..E4I[..h...hW.
02d0 10 35 5a ef 5e b5 e6 a5 c9 d4 1e b9 ca b8 f7 a1 .5Z.^...........
02e0 b3 0e 81 c7 b8 1b 03 3e 54 86 cd 19 25 9d fa b3 .......>T...%...
02f0 be d2 d2 a1 8a 65 f0 55 e9 7d 8e 13 13 5a 2c f0 .....e.U.}...Z,.
0300 d4 a2 19 f1 5f a8 77 2e 55 45 81 25 b0 f6 52 91 ...._.w.UE.%..R.
0310 5d 2b 3b 73 d2 fd 0c 4a ba d6 38 06 cd f4 f9 96 ]+;s...J..8.....
0320 1e 20 d7 07 84 55 b0 ef 83 3d cc 72 80 d5 1a f6 . ...U...=.r....
0330 51 c1 63 f6 8c c6 28 42 ff 94 2a 1f 1d 1f 9a 66 Q.c...(B..*....f
0340 ee 2c b5 11 02 6a b6 12 0c 62 65 2c 1c 7b 88 9f .,...j...be,.{..
0350 2a 91 41 80 6c 43 c3 4a 6a 27 dd 7b e4 8f a8 72 *.A.lC.Jj'.{...r
0360 f2 2b bd 7b 46 46 3b 2d 83 38 06 66 47 09 d9 79 .+.{FF;-.8.fG..y
0370 af 85 ec 95 21 c0 4b e7 ad d8 8b 31 62 69 41 d7 ....!.K....1biA.
0380 7a 28 dc 9d d2 39 6f 38 6e a6 7d 6a 6e be 4c 01 z(...9o8n.}jn.L.
0390 75 1e dd 1a 8b 12 e5 c2 05 ba 75 39 7a 7a b6 a1 u.........u9zz..
03a0 20 98 9c 66 50 04 cf bb 87 43 b7 6f 98 50 db ac ..fP....C.o.P..
03b0 fc 34 1b a3 ba 96 18 71 cd 4b 2f 58 00 6b cd 66 .4.....q.K/X.k.f
03c0 7d 02 51 ae 0c b3 ba d6 87 60 88 05 0b 3d e8 73 }.Q......`...=.s
03d0 a4 dd 7e 7e f5 4d 31 5e b3 e8 ea 23 69 cc 52 89 ..~~.M1^...#i.R.
03e0 36 38 1d b2 5e e9 9b 02 35 c7 08 8e e5 e5 59 00 68..^...5.....Y.
03f0 2b f7 34 19 35 ad a4 df 4f 3b 52 ad 09 11 eb d7 +.4.5...O;R.....
0400 f2 fd 9a 2f 18 26 ce 68 ca bd 8e 1e fd 19 1c 81 .../.&.h........
0410 bb 06 c0 ee d9 61 13 f7 84 b0 9f d2 58 d4 c7 01 .....a......X...
0420 bd ba f8 e9 e5 ba 4e a1 e8 a4 b6 d5 3c 3a b8 6e ......N.....<:.n
0430 ee d5 7f 31 66 91 cc 9c 41 69 60 8a 60 57 f2 0b ...1f...Ai`.`W..
0440 07 95 b9 48 d6 e1 30 3b 4f d4 40 b9 a8 04 a8 2a ...H..0;O.@....*
0450 e8 bb d4 91 ea 90 71 a0 1a e5 ff ee bd 5b a4 8c ......q......[..
0460 73 55 53 a8 d9 7a 34 7f 5f de 4d 34 0c c4 d9 e5 sUS..z4._.M4....
0470 b8 e7 e0 1c 85 f8 62 d2 bf 17 88 d2 09 7a c6 9c ......b......z..
0480 2b 19 4d bf 57 ac c7 63 93 fc dd c2 e3 9e 8f 88 +.M.W..c........
0490 7f 1a b2 e0 54 61 d0 4d bb 56 d1 22 32 0c f9 94 ....Ta.M.V."2...
04a0 67 74 ec 94 0e dd db ea f6 44 b6 04 76 b5 3b bd gt.......D..v.;.
04b0 4a 5d e7 51 99 3f 7c 9f 7f ad b8 2f 0a 5a ac cf J].Q.?|..../.Z..
04c0 65 d4 6d 85 de ac 3e 36 be 09 76 68 01 db 5b 02 e.m...>6..vh..[.
04d0 74 2e da 45 58 61 b3 bd b0 80 22 58 0a af 95 e7 t..EXa...."X....
04e0 60 18 7e 96 a3 0d 38 ed 16 10 94 9c b3 9d 53 b1 `.~...8.......S.
04f0 d1 8d 0d 95 0c 9c 1f 61 a0 4f de 1d f1 4a 93 b0 .......a.O...J..
0500 aa 24 c8 41 39 75 db 4f 20 9c dc 39 08 6f 7e a6 .$.A9u.O ..9.o~.
0510 1c 94 59 92 fd d4 3f 38 7e 78 79 cb fb b9 e3 bd ..Y...?8~xy.....
0520 c3 97 de 53 7b 76 3b 4c 33 a7 4d ba 24 fb a6 28 ...S{v;L3.M.$..(
0530 f4 aa a2 58 89 a4 b3 bd c9 78 6f 00 57 4c 3f 75 ...X.....xo.WL?u
0540 97 41 97 59 cb 51 97 f2 a0 8e 92 13 f2 6f 96 78 .A.Y.Q.......o.x
0550 35 da 3c 88 d2 09 62 41 55 ee 49 f4 76 4f 4c 32 5.<...bAU.I.vOL2
0560 3c 68 e3 9f a4 7e 3d e8 07 c4 df b6 17 c9 6e 67 <h...~=.......ng
0570 87 19 c2 e0 7e a5 95 4c df 44 d6 68 f9 52 e6 45 ....~..L.D.h.R.E
0580 7d de 0a e7 56 c3 5e 45 ad ba 4f 42 e7 ba c2 27 }...V.^E..OB...'
0590 70 a4 22 de a6 4e c3 09 63 56 84 03 08 88 1e 22 p."..N..cV....."
05a0 23 2b 73 85 1c 99 1a cf 0e 16 d0 89 b7 98 ed 51 #+s............Q
05b0 a2 6d 01 a6 4c bb fc df 35 cd 7d 3d 40 55 bf 3e .m..L...5.}=@U.>
05c0 a0 c2 00 e9 d0 0f 55 f5 9f e1 73 54 95 80 2f 2c ......U...sT../,
05d0 18 74 ee 07 e8 fd 95 2d b4 2a 16 f8 8f c2 5c cc .t.....-.*....\.
05e0 d0 60 .`
No. Time Source Destination Protocol Info
167331 371.434958 218.4.245.104 192.168.0.121 TCP 8492 > 2557 [PSH, ACK] Seq=90891 Ack=4919 Win=65417 Len=641 TSV=1607158 TSER=140501
Frame 167331 (707 bytes on wire, 707 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.425401000
[Time delta from previous packet: 0.008823000 seconds]
[Time since reference or first frame: 371.434958000 seconds]
Frame Number: 167331
Packet Length: 707 bytes
Capture Length: 707 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:data]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: D-Link_14:f0:88 (00:13:46:14:f0:88), Dst: 192.168.0.116 (00:1b:fc:de:30:34)
Destination: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 218.4.245.104 (218.4.245.104), Dst: 192.168.0.121 ( 192.168.0.121)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 693
Identification: 0x0256 (598)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 115
Protocol: TCP (0x06)
Header checksum: 0x725e [correct]
[Good: True]
[Bad : False]
Source: 218.4.245.104 (218.4.245.104)
Destination: 192.168.0.121 (192.168.0.121)
Transmission Control Protocol, Src Port: 8492 (8492), Dst Port: 2557 (2557), Seq: 90891, Ack: 4919, Len: 641
Source port: 8492 (8492)
Destination port: 2557 (2557)
Sequence number: 90891 (relative sequence number)
[Next sequence number: 91532 (relative sequence number)]
Acknowledgement number: 4919 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65417
Checksum: 0x7e8d [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 1607158, TSecr 140501
Data (641 bytes)
0000 00 1b fc de 30 34 00 13 46 14 f0 88 08 00 45 00 ....04..F.....E.
0010 02 b5 02 56 40 00 73 06 72 5e da 04 f5 68 c0 a8 [email protected]^...h..
0020 00 79 21 2c 09 fd 5f e6 11 92 0f 0e 24 91 80 18 .y!,.._.....$...
0030 ff 89 7e 8d 00 00 01 01 08 0a 00 18 85 f6 00 02 ..~.............
0040 24 d5 ab 7b 63 8b c2 79 0b 33 93 b8 02 87 c6 ec $..{c..y.3......
0050 a9 ee f6 60 a3 a3 f7 c1 e7 2d 75 7c 65 39 c7 16 ...`.....-u|e9..
0060 9c d1 00 64 c9 85 0d fc 32 ad 10 33 ae c2 a6 8a ...d....2..3....
0070 b4 43 f1 35 e6 a5 fd 2e f1 99 da 60 42 b3 5a 2f .C.5.......`B.Z/
0080 7d bd 9a 1b dc 0c 12 c0 19 1a fc f1 0a bf bf ba }...............
0090 72 d1 bc c8 37 46 d8 43 07 2c 6a 83 18 63 82 e3 r...7F.C.,j..c..
00a0 f8 ee 96 0a e6 00 27 c7 3c c8 85 09 c4 de d1 06 ......'.<.......
00b0 fc f2 80 27 74 bb 07 8d 3e 84 d0 de cb b7 03 13 ...'t...>.......
00c0 91 4c 5b 94 b7 31 28 e2 86 e5 84 9a 80 58 cf 3b .L[..1(......X.;
00d0 bf 43 43 56 ec 67 75 ef 38 4b f4 2a 78 1c d9 4c .CCV.gu.8K.*x..L
00e0 b8 be 03 09 3b cf a0 35 54 ea ed 4f 4f 4b 60 34 ....;..5T..OOK`4
00f0 e3 9f 38 9d 1c 52 44 38 dd 59 25 40 75 0b 48 97 ..8..RD8.Y%@ u.H.
0100 ea e7 0e 87 6c a9 c9 3a b1 c6 d2 46 39 54 ee e5 ....l..:...F9T..
0110 f6 90 fe 98 07 73 19 d5 49 f0 1d 67 f4 12 03 c4 .....s..I..g....
0120 72 9a 04 f8 99 ea d1 f3 0d b6 68 2e 74 25 df 27 r.........h.t%.'
0130 f0 7a b8 6e da 02 74 29 bc 59 25 47 f2 96 bf fd .z.n..t).Y%G....
0140 ce 42 4e 4f 44 f4 42 52 04 bf 37 89 ff b1 31 2a .BNOD.BR..7...1*
0150 63 a3 04 5e 5f a9 9e bd 23 4d ee 8f ee d7 a5 b1 c..^_...#M......
0160 fe 94 8f d9 1b b5 86 60 ee f7 78 77 4a c8 82 69 .......`..xwJ..i
0170 1d ad cb 84 d9 22 fa b7 74 ef a2 6e ec 0f 91 ee ....."..t..n....
0180 ea 6a 2c 08 b2 d6 b0 23 5a 8c 7a 24 b5 f7 8e 37 .j,....#Z.z$...7
0190 0e e3 ec a0 31 b3 5b ea f9 73 76 83 2f 32 96 8a ....1.[..sv./2..
01a0 f8 df 46 0b a6 a6 16 d4 63 f9 11 7c 4b e4 58 25 ..F.....c..|K.X%
01b0 77 d6 dc 22 ae f3 b2 ea e3 d7 c9 f2 a9 65 64 76 w..".........edv
01c0 43 5e 48 9d a9 d5 f2 58 7b 7e 61 20 c9 c3 68 02 C^H....X{~a ..h.
01d0 35 15 c1 88 6e 93 ee 43 c7 2a 50 b5 a5 0c 62 24 5...n..C.*P...b$
01e0 a9 b0 70 76 3f e9 52 67 ca e9 65 53 5e ac 04 95 ..pv?.Rg..eS^...
01f0 33 e6 1e 59 9f 8c 18 59 7a 50 10 dc 06 53 84 fe 3..Y...YzP...S..
0200 67 11 c1 4c 8b f2 24 30 83 ef da 22 30 25 a5 d3 g..L..$0..."0%..
0210 d7 8e 62 5f d2 1c d7 73 de d3 30 0b 3b f5 f6 cf ..b_...s..0.;...
0220 7a fa 03 74 7e 81 2f 19 bf 0e 65 f2 8b e3 5b 54 z..t~./...e...[T
0230 03 f9 62 d0 8e ff bf 8d 97 9e c7 42 0b 45 4a 50 ..b........B.EJP
0240 e6 22 a9 48 d6 2f 10 e7 79 3f 54 2b 44 af 1a bf .".H./..y?T+D...
0250 4e 3f b0 3a 68 68 a8 d8 0e c2 fc df aa 89 59 84 N?.:hh........Y.
0260 f9 40 58 6a 9b 43 9d a5 0d db 31 90 ed 7d 1e f4 [email protected]..}..
0270 54 2b 2a 4c c8 c2 6f 62 82 48 a1 d3 23 46 41 6c T+*L..ob.H..#FAl
0280 8d e1 19 58 36 05 bd c6 d8 4d 52 ad 4d 35 87 66 ...X6....MR.M5.f
0290 62 ad 16 46 4c ec 97 f7 56 6c cd 2e 37 71 c1 1e b..FL...Vl..7q..
02a0 9b a8 c1 ac 7a dc 24 3e 44 ca 0f a8 06 ea ae 8f ....z.$>D.......
02b0 22 bf b4 6d 42 77 91 31 21 43 27 d2 a4 79 b1 14 "..mBw.1!C'..y..
02c0 b1 80 19 ...
No. Time Source Destination Protocol Info
167332 371.461806 192.168.0.101 192.168.0.1 TCP 3227 > 5678 [ACK] Seq=663 Ack=616 Win=16856 Len=0
Frame 167332 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.452249000
[Time delta from previous packet: 0.026848000 seconds]
[Time since reference or first frame: 371.461806000 seconds]
Frame Number: 167332
Packet Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: IntelCor_10:e0:39 (00:13:02:10:e0:39), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: IntelCor_10:e0:39 (00:13:02:10:e0:39)
Address: IntelCor_10:e0:39 (00:13:02:10:e0:39)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.101 (192.168.0.101), Dst: 192.168.0.1 ( 192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x3896 (14486)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x4083 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.101 (192.168.0.101)
Destination: 192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 3227 (3227), Dst Port: 5678 (5678), Seq: 663, Ack: 616, Len: 0
Source port: 3227 (3227)
Destination port: 5678 (5678)
Sequence number: 663 (relative sequence number)
Acknowledgement number: 616 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16856
Checksum: 0xb066 [correct]
[Good Checksum: True]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 167311]
[The RTT to ACK the segment was: 0.305973000 seconds]
0000 00 13 46 14 f0 88 00 13 02 10 e0 39 08 00 45 00 ..F........9..E.
0010 00 28 38 96 40 00 80 06 40 83 c0 a8 00 65 c0 a8 .(8.@[email protected]..
0020 00 01 0c 9b 16 2e 42 0d 3a 21 00 3f 9c a8 50 10 ......B.:!.?..P.
0030 41 d8 b0 66 00 00 A..f..
No. Time Source Destination Protocol Info
167333 371.461891 218.4.245.104 192.168.0.121 TCP [TCP Retransmission] 8492 > 2557 [ACK] Seq=89451 Ack=4919 Win=65417 Len=1440 TSV=1607158 TSER=140501
Frame 167333 (1506 bytes on wire, 1506 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.452334000
[Time delta from previous packet: 0.000085000 seconds]
[Time since reference or first frame: 371.461891000 seconds]
Frame Number: 167333
Packet Length: 1506 bytes
Capture Length: 1506 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:data]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Destination: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 218.4.245.104 ( 218.4.245.104), Dst: 192.168.0.121 (192.168.0.121)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1492
Identification: 0x0255 (597)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 115
Protocol: TCP (0x06)
Header checksum: 0x6f40 [correct]
[Good: True]
[Bad : False]
Source: 218.4.245.104 (218.4.245.104)
Destination: 192.168.0.121 (192.168.0.121)
Transmission Control Protocol, Src Port: 8492 (8492), Dst Port: 2557 (2557), Seq: 89451, Ack: 4919, Len: 1440
Source port: 8492 (8492)
Destination port: 2557 (2557)
Sequence number: 89451 (relative sequence number)
[Next sequence number: 90891 (relative sequence number)]
Acknowledgement number: 4919 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65417
Checksum: 0x9c21 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 1607158, TSecr 140501
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This frame is a (suspected) retransmission]
[The RTO for this segment was: 0.026933000 seconds]
[RTO based on delta from frame: 167331]
Data (1440 bytes)
0000 00 14 85 26 c7 6b 00 1b fc de 30 34 08 00 45 00 ...&.k....04..E.
0010 05 d4 02 55 40 00 73 06 6f 40 da 04 f5 68 c0 a8 [email protected]@...h..
0020 00 79 21 2c 09 fd 5f e6 0b f2 0f 0e 24 91 80 10 .y!,.._.....$...
0030 ff 89 9c 21 00 00 01 01 08 0a 00 18 85 f6 00 02 ...!............
0040 24 d5 b6 ce b6 dd 8c d1 5c 8e 9e 79 a3 4c b0 65 $.......\..y.L.e
0050 b0 5a ab 3b 99 d0 ae 89 c9 ca 67 86 3a c4 82 59 .Z.;......g.:..Y
0060 b5 01 26 5b a8 8a ea 5c 05 cc 85 b8 ca b0 76 4a ..&[...\......vJ
0070 a0 25 24 b3 db 78 62 7a 97 3e b2 32 e6 74 9b 42 .%$..xbz.>.2.t.B
0080 67 5f 6c 9e 74 b0 79 1f eb f1 81 91 a7 36 94 49 g_l.t.y......6.I
0090 82 9c 68 aa 3c 11 c9 2c cd 5c e9 fb c2 7f dd 1f ..h.<..,.\......
00a0 a5 af ce 13 f5 36 9a cd 79 b8 9c 89 f9 6e 0a 15 .....6..y....n..
00b0 ee d7 28 e4 77 0b 77 b1 d1 b1 cc 36 c3 59 85 c7 ..(.w.w....6.Y..
00c0 ae 45 9d 73 7d 87 b4 ae 36 bc 01 9e ec 35 09 7c .E.s}...6....5.|
00d0 1b 86 51 d6 0b 4e e5 c4 05 a7 ce 64 38 03 7b 21 ..Q..N.....d8.{!
00e0 ad ca 54 1d ac 32 65 be 86 16 b9 a5 7a 85 f3 16 ..T..2e.....z...
00f0 d1 52 be 65 a3 3a 4b 7b 21 e9 8c 55 da ea 07 65 .R.e.:K{!..U...e
0100 c8 bf 76 c0 9a 4e f9 b5 b3 4d 5a fb 70 3f 90 35 ..v..N...MZ.p?.5
0110 f9 d0 16 af 99 3a 3e b2 c7 ab f0 81 ab 1f 99 35 .....:>........5
0120 21 75 ab aa 28 2c c6 d2 31 d4 68 19 7e 70 92 c4 !u..(,..1.h.~p..
0130 b9 10 2b b7 e2 cd 76 b5 fc 5d d7 87 4a 7f 67 eb ..+...v..]..J.g.
0140 13 ac 8f 78 0b 31 15 ff 26 e1 92 87 44 8e b0 0b ...x.1..&...D...
0150 1f 69 55 db 9f 3f 0d 9a 0f c3 08 ed db c8 53 24 .iU..?........S$
0160 30 b7 85 5d 69 45 5e 5e aa 2d 8b 51 2b b8 5f 38 0..]iE^^.-.Q+._8
0170 de ff f6 26 43 e9 d1 3b 63 fd 88 5e 00 73 4c ec ...&C..;c..^.sL.
0180 f4 fd a7 09 54 83 d8 dc e5 4a 77 44 c6 c3 29 c0 ....T....JwD..).
0190 91 ab 4d 69 62 7c ee 43 93 1e 12 e4 32 4b 99 ea ..Mib|.C....2K..
01a0 f8 8c 91 31 90 63 b7 9c 95 ce c6 1a 23 15 c7 fc ...1.c......#...
01b0 11 4e 56 86 73 63 f3 a0 00 d1 ed cf 03 81 75 05 .NV.sc........u.
01c0 95 a9 e2 fd 28 3f ff dd c6 09 40 5b c2 dd 82 e0 ....(?....@[....
01d0 55 8e 4a d3 33 36 d8 b4 0a e8 68 87 9e e4 a3 a6 U.J.36....h.....
01e0 16 ca c6 0a 8b e2 17 c5 3d 18 60 5c 21 91 ea 59 ........=.`\!..Y
01f0 7e c1 e1 c2 0d fe 8e 50 dd 8a 15 37 77 d5 c0 28 ~......P...7w..(
0200 4d bf a7 10 37 b3 5e 54 47 30 25 3e 95 ca f4 f3 M...7.^TG0%>....
0210 dc 59 73 fe 55 d2 d2 07 79 ac 1e 3b c2 c7 05 bf .Ys.U...y..;....
0220 6e b8 54 ff e8 b7 7f 5d ef bf 0f 42 10 5d c9 3e n.T....]...B.].>
0230 80 5a 29 8f 12 a3 2a 7c 21 8b b2 65 38 7e eb 84 .Z)...*|!..e8~..
0240 74 15 f6 b3 c9 6f c7 62 1e c4 0b cd 27 58 e0 f4 t....o.b....'X..
0250 e9 56 60 76 a5 e4 16 4b 96 20 ec e9 1d fa 86 82 .V`v...K. ......
0260 2b ca 0d 17 ca 2b ad 40 8a 4d ed 8f 8d 89 a2 78 [email protected]
0270 dc 02 07 69 a6 8e 11 46 95 b2 0d f5 2d 16 78 86 ...i...F....-.x.
0280 39 39 33 04 7d a3 e3 a0 5c ba 09 6c d8 49 aa 12 993.}...\..l.I..
0290 0e a7 6d ee e0 20 05 8e 05 1d 96 87 af 7b 56 b7 ..m.. .......{V.
02a0 16 6e b3 ed 84 ef 3b 9f 11 47 af 2f 63 9d c0 7f .n....;..G./c...
02b0 76 30 18 66 77 54 36 ec 88 58 ad ed c8 33 51 2c v0.fwT6..X...3Q,
02c0 22 f2 7f 45 34 49 5b ae d2 68 eb 8f ec 68 57 14 "..E4I[..h...hW.
02d0 10 35 5a ef 5e b5 e6 a5 c9 d4 1e b9 ca b8 f7 a1 .5Z.^...........
02e0 b3 0e 81 c7 b8 1b 03 3e 54 86 cd 19 25 9d fa b3 .......>T...%...
02f0 be d2 d2 a1 8a 65 f0 55 e9 7d 8e 13 13 5a 2c f0 .....e.U.}...Z,.
0300 d4 a2 19 f1 5f a8 77 2e 55 45 81 25 b0 f6 52 91 ...._.w.UE.%..R.
0310 5d 2b 3b 73 d2 fd 0c 4a ba d6 38 06 cd f4 f9 96 ]+;s...J..8.....
0320 1e 20 d7 07 84 55 b0 ef 83 3d cc 72 80 d5 1a f6 . ...U...=.r....
0330 51 c1 63 f6 8c c6 28 42 ff 94 2a 1f 1d 1f 9a 66 Q.c...(B..*....f
0340 ee 2c b5 11 02 6a b6 12 0c 62 65 2c 1c 7b 88 9f .,...j...be,.{..
0350 2a 91 41 80 6c 43 c3 4a 6a 27 dd 7b e4 8f a8 72 *.A.lC.Jj'.{...r
0360 f2 2b bd 7b 46 46 3b 2d 83 38 06 66 47 09 d9 79 .+.{FF;-.8.fG..y
0370 af 85 ec 95 21 c0 4b e7 ad d8 8b 31 62 69 41 d7 ....!.K....1biA.
0380 7a 28 dc 9d d2 39 6f 38 6e a6 7d 6a 6e be 4c 01 z(...9o8n.}jn.L.
0390 75 1e dd 1a 8b 12 e5 c2 05 ba 75 39 7a 7a b6 a1 u.........u9zz..
03a0 20 98 9c 66 50 04 cf bb 87 43 b7 6f 98 50 db ac ..fP....C.o.P..
03b0 fc 34 1b a3 ba 96 18 71 cd 4b 2f 58 00 6b cd 66 .4.....q.K/X.k.f
03c0 7d 02 51 ae 0c b3 ba d6 87 60 88 05 0b 3d e8 73 }.Q......`...=.s
03d0 a4 dd 7e 7e f5 4d 31 5e b3 e8 ea 23 69 cc 52 89 ..~~.M1^...#i.R.
03e0 36 38 1d b2 5e e9 9b 02 35 c7 08 8e e5 e5 59 00 68..^...5.....Y.
03f0 2b f7 34 19 35 ad a4 df 4f 3b 52 ad 09 11 eb d7 +.4.5...O;R.....
0400 f2 fd 9a 2f 18 26 ce 68 ca bd 8e 1e fd 19 1c 81 .../.&.h........
0410 bb 06 c0 ee d9 61 13 f7 84 b0 9f d2 58 d4 c7 01 .....a......X...
0420 bd ba f8 e9 e5 ba 4e a1 e8 a4 b6 d5 3c 3a b8 6e ......N.....<:.n
0430 ee d5 7f 31 66 91 cc 9c 41 69 60 8a 60 57 f2 0b ...1f...Ai`.`W..
0440 07 95 b9 48 d6 e1 30 3b 4f d4 40 b9 a8 04 a8 2a ...H..0;O.@....*
0450 e8 bb d4 91 ea 90 71 a0 1a e5 ff ee bd 5b a4 8c ......q......[..
0460 73 55 53 a8 d9 7a 34 7f 5f de 4d 34 0c c4 d9 e5 sUS..z4._.M4....
0470 b8 e7 e0 1c 85 f8 62 d2 bf 17 88 d2 09 7a c6 9c ......b......z..
0480 2b 19 4d bf 57 ac c7 63 93 fc dd c2 e3 9e 8f 88 +.M.W..c........
0490 7f 1a b2 e0 54 61 d0 4d bb 56 d1 22 32 0c f9 94 ....Ta.M.V."2...
04a0 67 74 ec 94 0e dd db ea f6 44 b6 04 76 b5 3b bd gt.......D..v.;.
04b0 4a 5d e7 51 99 3f 7c 9f 7f ad b8 2f 0a 5a ac cf J].Q.?|..../.Z..
04c0 65 d4 6d 85 de ac 3e 36 be 09 76 68 01 db 5b 02 e.m...>6..vh..[.
04d0 74 2e da 45 58 61 b3 bd b0 80 22 58 0a af 95 e7 t..EXa...."X....
04e0 60 18 7e 96 a3 0d 38 ed 16 10 94 9c b3 9d 53 b1 `.~...8.......S.
04f0 d1 8d 0d 95 0c 9c 1f 61 a0 4f de 1d f1 4a 93 b0 .......a.O...J..
0500 aa 24 c8 41 39 75 db 4f 20 9c dc 39 08 6f 7e a6 .$.A9u.O ..9.o~.
0510 1c 94 59 92 fd d4 3f 38 7e 78 79 cb fb b9 e3 bd ..Y...?8~xy.....
0520 c3 97 de 53 7b 76 3b 4c 33 a7 4d ba 24 fb a6 28 ...S{v;L3.M.$..(
0530 f4 aa a2 58 89 a4 b3 bd c9 78 6f 00 57 4c 3f 75 ...X.....xo.WL?u
0540 97 41 97 59 cb 51 97 f2 a0 8e 92 13 f2 6f 96 78 .A.Y.Q.......o.x
0550 35 da 3c 88 d2 09 62 41 55 ee 49 f4 76 4f 4c 32 5.<...bAU.I.vOL2
0560 3c 68 e3 9f a4 7e 3d e8 07 c4 df b6 17 c9 6e 67 <h...~=.......ng
0570 87 19 c2 e0 7e a5 95 4c df 44 d6 68 f9 52 e6 45 ....~..L.D.h.R.E
0580 7d de 0a e7 56 c3 5e 45 ad ba 4f 42 e7 ba c2 27 }...V.^E..OB...'
0590 70 a4 22 de a6 4e c3 09 63 56 84 03 08 88 1e 22 p."..N..cV....."
05a0 23 2b 73 85 1c 99 1a cf 0e 16 d0 89 b7 98 ed 51 #+s............Q
05b0 a2 6d 01 a6 4c bb fc df 35 cd 7d 3d 40 55 bf 3e .m..L...5.}=@U.>
05c0 a0 c2 00 e9 d0 0f 55 f5 9f e1 73 54 95 80 2f 2c ......U...sT../,
05d0 18 74 ee 07 e8 fd 95 2d b4 2a 16 f8 8f c2 5c cc .t.....-.*....\.
05e0 d0 60 .`
No. Time Source Destination Protocol Info
167334 371.462924 192.168.0.121 222.84.9.84 UDP Source port: 10273 Destination port: 6881
Frame 167334 (308 bytes on wire, 308 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.453367000
[Time delta from previous packet: 0.001033000 seconds]
[Time since reference or first frame: 371.462924000 seconds]
Frame Number: 167334
Packet Length: 308 bytes
Capture Length: 308 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:data]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.121 (192.168.0.121), Dst: 222.84.9.84 ( 222.84.9.84)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 294
Identification: 0x1b56 (6998)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xb5a7 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.121 (192.168.0.121)
Destination: 222.84.9.84 (222.84.9.84)
User Datagram Protocol, Src Port: 10273 (10273), Dst Port: 6881 (6881)
Source port: 10273 (10273)
Destination port: 6881 (6881)
Length: 274
Checksum: 0xd147 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Data (266 bytes)
0000 00 13 46 14 f0 88 00 14 85 26 c7 6b 08 00 45 00 ..F......&.k..E.
0010 01 26 1b 56 00 00 40 11 b5 a7 c0 a8 00 79 de 54 .&[email protected]
0020 09 54 28 21 1a e1 01 12 d1 47 64 31 3a 72 64 32 .T(!.....Gd1:rd2
0030 3a 69 64 32 30 3a f6 48 73 bf e3 0d c3 31 a3 cc :id20:.Hs....1..
0040 c6 a9 fb c9 ff ad 25 e4 21 31 35 3a 6e 6f 64 65 ......%.!15:node
0050 73 32 30 38 3a f6 48 58 15 b3 87 11 ff 33 a4 89 s208:.HX.....3..
0060 23 45 9a 6e c2 ed 29 59 14 7c 96 74 16 cf 5a f6 #E.n..)Y.|.t..Z.
0070 48 4b ae 8c e1 88 15 e2 0e 44 b2 bf 64 04 20 be HK.......D..d. .
0080 91 cf bc 46 40 10 7f f6 f9 f6 48 45 63 ff b8 94 ...F@xxxxxxxx...
0090 d9 aa cb 5c b9 a7 42 f0 55 0a ae 2a 6f da bf 0c ...\..B.U..*o...
00a0 ee 50 95 f6 48 45 37 ba f1 a1 c4 f2 ed 3e ef b9 .P..HE7......>..
00b0 01 b1 ed d7 66 dd e8 51 63 d1 24 a7 66 f6 48 43 ....f..Qc.$.f.HC
00c0 7f e5 63 2d aa 74 12 e3 87 ca a3 aa 43 3c 50 57 ..c-.t......C<PW
00d0 96 57 dc 57 a7 ea 3e f6 48 4f f0 dd d8 12 91 7f .W.W..>.HO......
00e0 a2 e0 e4 8b ae 71 54 12 d4 36 58 7c 76 13 ea 3e .....qT..6X|v..>
00f0 81 f6 48 5e 6b 09 d2 bb a4 ac 3c c4 f3 c2 2e 94 ..H^k.....<.....
0100 d5 65 aa 2f 0f 3b ae dc 5b c6 4f f6 48 5d 71 ef .e./.;..[.O.H]q.
0110 34 57 86 e4 fb 4f fd a7 7c b3 55 4c c5 c0 0a 7d 4W...O..|.UL...}
0120 2d ca cb 21 21 65 31 3a 74 32 3a 06 a8 31 3a 79 -..!!e1:t2:..1:y
0130 31 3a 72 65 1:re
No. Time Source Destination Protocol Info
167335 371.463006 192.168.0.1 192.168.0.101 TCP 5678 > 3227 [FIN, ACK] Seq=616 Ack=663 Win=8192 Len=0
Frame 167335 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jan 12, 2008 21:31: 17.453449000
[Time delta from previous packet: 0.000082000 seconds]
[Time since reference or first frame: 371.463006000 seconds]
Frame Number: 167335
Packet Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: D-Link_14:f0:88 (00:13:46:14:f0:88), Dst: IntelCor_10:e0:39 (00:13:02:10:e0:39)
Destination: IntelCor_10:e0:39 (00:13:02:10:e0:39)
Address: IntelCor_10:e0:39 (00:13:02:10:e0:39)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.1 (192.168.0.1), Dst: 192.168.0.101 ( 192.168.0.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x25af (9647)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: TCP (0x06)
Header checksum: 0x946a [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.1 (192.168.0.1)
Destination: 192.168.0.101 (192.168.0.101)
Transmission Control Protocol, Src Port: 5678 (5678), Dst Port: 3227 (3227), Seq: 616, Ack: 663, Len: 0
Source port: 5678 (5678)
Destination port: 3227 (3227)
Sequence number: 616 (relative sequence number)
Acknowledgement number: 663 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...1 = Fin: Set
Window size: 8192
Checksum: 0xd23d [correct]
[Good Checksum: True]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 167332]
[The RTT to ACK the segment was: 0.001200000 seconds]
0000 00 13 02 10 e0 39 00 13 46 14 f0 88 08 00 45 00 .....9..F.....E.
0010 00 28 25 af 00 00 7f 06 94 6a c0 a8 00 01 c0 a8 .(%......j......
0020 00 65 16 2e 0c 9b 00 3f 9c a8 42 0d 3a 21 50 11 .e.....?..B.:!P.
0030 20 00 d2 3d 00 00 ..=..
No. Time Source Destination Protocol Info
167336 371.464043 192.168.0.101 192.168.0.1 TCP 3227 > 5678 [ACK] Seq=663 Ack=617 Win=16856 Len=0
Frame 167336 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.454486000
[Time delta from previous packet: 0.001037000 seconds]
[Time since reference or first frame: 371.464043000 seconds]
Frame Number: 167336
Packet Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: IntelCor_10:e0:39 (00:13:02:10:e0:39), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: IntelCor_10:e0:39 (00:13:02:10:e0:39)
Address: IntelCor_10:e0:39 (00:13:02:10:e0:39)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.101 ( 192.168.0.101), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x3897 (14487)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x4082 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.101 (192.168.0.101)
Destination: 192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 3227 (3227), Dst Port: 5678 (5678), Seq: 663, Ack: 617, Len: 0
Source port: 3227 (3227)
Destination port: 5678 (5678)
Sequence number: 663 (relative sequence number)
Acknowledgement number: 617 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16856
Checksum: 0xb065 [correct]
[Good Checksum: True]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 167335]
[The RTT to ACK the segment was: 0.001037000 seconds]
0000 00 13 46 14 f0 88 00 13 02 10 e0 39 08 00 45 00 ..F........9..E.
0010 00 28 38 97 40 00 80 06 40 82 c0 a8 00 65 c0 a8 .(8.@[email protected]..
0020 00 01 0c 9b 16 2e 42 0d 3a 21 00 3f 9c a9 50 10 ......B.:!.?..P.
0030 41 d8 b0 65 00 00 A..e..
No. Time Source Destination Protocol Info
167337 371.464296 192.168.0.101 192.168.0.1 TCP 3227 > 5678 [RST, ACK] Seq=663 Ack=617 Win=0 Len=0
Frame 167337 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.454739000
[Time delta from previous packet: 0.000253000 seconds]
[Time since reference or first frame: 371.464296000 seconds]
Frame Number: 167337
Packet Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP RST]
[Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: IntelCor_10:e0:39 (00:13:02:10:e0:39), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: IntelCor_10:e0:39 (00:13:02:10:e0:39)
Address: IntelCor_10:e0:39 (00:13:02:10:e0:39)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.101 (192.168.0.101), Dst: 192.168.0.1 ( 192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x3898 (14488)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x4081 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.101 (192.168.0.101)
Destination: 192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 3227 (3227), Dst Port: 5678 (5678), Seq: 663, Ack: 617, Len: 0
Source port: 3227 (3227)
Destination port: 5678 (5678)
Sequence number: 663 (relative sequence number)
Acknowledgement number: 617 (relative ack number)
Header length: 20 bytes
Flags: 0x14 (RST, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .1.. = Reset: Set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 0
Checksum: 0xf239 [correct]
[Good Checksum: True]
[Bad Checksum: False]
0000 00 13 46 14 f0 88 00 13 02 10 e0 39 08 00 45 00 ..F........9..E.
0010 00 28 38 98 40 00 80 06 40 81 c0 a8 00 65 c0 a8 .(8.@[email protected]..
0020 00 01 0c 9b 16 2e 42 0d 3a 21 00 3f 9c a9 50 14 ......B.:!.?..P.
0030 00 00 f2 39 00 00 ...9..
No. Time Source Destination Protocol Info
167338 371.465355 192.168.0.101 192.168.0.1 TCP 3228 > 5678 [SYN] Seq=0 Len=0 MSS=1460
Frame 167338 (62 bytes on wire, 62 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.455798000
[Time delta from previous packet: 0.001059000 seconds]
[Time since reference or first frame: 371.465355000 seconds]
Frame Number: 167338
Packet Length: 62 bytes
Capture Length: 62 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: IntelCor_10:e0:39 (00:13:02:10:e0:39), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: IntelCor_10:e0:39 (00:13:02:10:e0:39)
Address: IntelCor_10:e0:39 (00:13:02:10:e0:39)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.101 (192.168.0.101), Dst: 192.168.0.1 ( 192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 48
Identification: 0x3899 (14489)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x4078 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.101 (192.168.0.101)
Destination: 192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 3228 (3228), Dst Port: 5678 (5678), Seq: 0, Len: 0
Source port: 3228 (3228)
Destination port: 5678 (5678)
Sequence number: 0 (relative sequence number)
Header length: 28 bytes
Flags: 0x02 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 16384
Checksum: 0x0350 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (8 bytes)
Maximum segment size: 1460 bytes
NOP
NOP
SACK permitted
0000 00 13 46 14 f0 88 00 13 02 10 e0 39 08 00 45 00 ..F........9..E.
0010 00 30 38 99 40 00 80 06 40 78 c0 a8 00 65 c0 a8 .08.@[email protected]..
0020 00 01 0c 9c 16 2e bd 06 de 47 00 00 00 00 70 02 .........G....p.
0030 40 00 03 50 00 00 02 04 05 b4 01 01 04 02 @..P..........
No. Time Source Destination Protocol Info
167339 371.466207 218.4.245.104 192.168.0.121 TCP [TCP Retransmission] 8492 > 2557 [PSH, ACK] Seq=90891 Ack=4919 Win=65417 Len=641 TSV=1607158 TSER=140501
Frame 167339 (707 bytes on wire, 707 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.456650000
[Time delta from previous packet: 0.000852000 seconds]
[Time since reference or first frame: 371.466207000 seconds]
Frame Number: 167339
Packet Length: 707 bytes
Capture Length: 707 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:data]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Destination: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 218.4.245.104 (218.4.245.104), Dst: 192.168.0.121 (192.168.0.121 )
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 693
Identification: 0x0256 (598)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 115
Protocol: TCP (0x06)
Header checksum: 0x725e [correct]
[Good: True]
[Bad : False]
Source: 218.4.245.104 (218.4.245.104)
Destination: 192.168.0.121 (192.168.0.121)
Transmission Control Protocol, Src Port: 8492 (8492), Dst Port: 2557 (2557), Seq: 90891, Ack: 4919, Len: 641
Source port: 8492 (8492)
Destination port: 2557 (2557)
Sequence number: 90891 (relative sequence number)
[Next sequence number: 91532 (relative sequence number)]
Acknowledgement number: 4919 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65417
Checksum: 0x7e8d [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 1607158, TSecr 140501
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This frame is a (suspected) retransmission]
[The RTO for this segment was: 0.031249000 seconds]
[RTO based on delta from frame: 167331]
Data (641 bytes)
0000 00 14 85 26 c7 6b 00 1b fc de 30 34 08 00 45 00 ...&.k....04..E.
0010 02 b5 02 56 40 00 73 06 72 5e da 04 f5 68 c0 a8 [email protected]^...h..
0020 00 79 21 2c 09 fd 5f e6 11 92 0f 0e 24 91 80 18 .y!,.._.....$...
0030 ff 89 7e 8d 00 00 01 01 08 0a 00 18 85 f6 00 02 ..~.............
0040 24 d5 ab 7b 63 8b c2 79 0b 33 93 b8 02 87 c6 ec $..{c..y.3......
0050 a9 ee f6 60 a3 a3 f7 c1 e7 2d 75 7c 65 39 c7 16 ...`.....-u|e9..
0060 9c d1 00 64 c9 85 0d fc 32 ad 10 33 ae c2 a6 8a ...d....2..3....
0070 b4 43 f1 35 e6 a5 fd 2e f1 99 da 60 42 b3 5a 2f .C.5.......`B.Z/
0080 7d bd 9a 1b dc 0c 12 c0 19 1a fc f1 0a bf bf ba }...............
0090 72 d1 bc c8 37 46 d8 43 07 2c 6a 83 18 63 82 e3 r...7F.C.,j..c..
00a0 f8 ee 96 0a e6 00 27 c7 3c c8 85 09 c4 de d1 06 ......'.<.......
00b0 fc f2 80 27 74 bb 07 8d 3e 84 d0 de cb b7 03 13 ...'t...>.......
00c0 91 4c 5b 94 b7 31 28 e2 86 e5 84 9a 80 58 cf 3b .L[..1(......X.;
00d0 bf 43 43 56 ec 67 75 ef 38 4b f4 2a 78 1c d9 4c .CCV.gu.8K.*x..L
00e0 b8 be 03 09 3b cf a0 35 54 ea ed 4f 4f 4b 60 34 ....;..5T..OOK`4
00f0 e3 9f 38 9d 1c 52 44 38 dd 59 25 40 75 0b 48 97 ..8..RD8.Y%@ u.H.
0100 ea e7 0e 87 6c a9 c9 3a b1 c6 d2 46 39 54 ee e5 ....l..:...F9T..
0110 f6 90 fe 98 07 73 19 d5 49 f0 1d 67 f4 12 03 c4 .....s..I..g....
0120 72 9a 04 f8 99 ea d1 f3 0d b6 68 2e 74 25 df 27 r.........h.t%.'
0130 f0 7a b8 6e da 02 74 29 bc 59 25 47 f2 96 bf fd .z.n..t).Y%G....
0140 ce 42 4e 4f 44 f4 42 52 04 bf 37 89 ff b1 31 2a .BNOD.BR..7...1*
0150 63 a3 04 5e 5f a9 9e bd 23 4d ee 8f ee d7 a5 b1 c..^_...#M......
0160 fe 94 8f d9 1b b5 86 60 ee f7 78 77 4a c8 82 69 .......`..xwJ..i
0170 1d ad cb 84 d9 22 fa b7 74 ef a2 6e ec 0f 91 ee ....."..t..n....
0180 ea 6a 2c 08 b2 d6 b0 23 5a 8c 7a 24 b5 f7 8e 37 .j,....#Z.z$...7
0190 0e e3 ec a0 31 b3 5b ea f9 73 76 83 2f 32 96 8a ....1.[..sv./2..
01a0 f8 df 46 0b a6 a6 16 d4 63 f9 11 7c 4b e4 58 25 ..F.....c..|K.X%
01b0 77 d6 dc 22 ae f3 b2 ea e3 d7 c9 f2 a9 65 64 76 w..".........edv
01c0 43 5e 48 9d a9 d5 f2 58 7b 7e 61 20 c9 c3 68 02 C^H....X{~a ..h.
01d0 35 15 c1 88 6e 93 ee 43 c7 2a 50 b5 a5 0c 62 24 5...n..C.*P...b$
01e0 a9 b0 70 76 3f e9 52 67 ca e9 65 53 5e ac 04 95 ..pv?.Rg..eS^...
01f0 33 e6 1e 59 9f 8c 18 59 7a 50 10 dc 06 53 84 fe 3..Y...YzP...S..
0200 67 11 c1 4c 8b f2 24 30 83 ef da 22 30 25 a5 d3 g..L..$0..."0%..
0210 d7 8e 62 5f d2 1c d7 73 de d3 30 0b 3b f5 f6 cf ..b_...s..0.;...
0220 7a fa 03 74 7e 81 2f 19 bf 0e 65 f2 8b e3 5b 54 z..t~./...e...[T
0230 03 f9 62 d0 8e ff bf 8d 97 9e c7 42 0b 45 4a 50 ..b........B.EJP
0240 e6 22 a9 48 d6 2f 10 e7 79 3f 54 2b 44 af 1a bf .".H./..y?T+D...
0250 4e 3f b0 3a 68 68 a8 d8 0e c2 fc df aa 89 59 84 N?.:hh........Y.
0260 f9 40 58 6a 9b 43 9d a5 0d db 31 90 ed 7d 1e f4 [email protected]..}..
0270 54 2b 2a 4c c8 c2 6f 62 82 48 a1 d3 23 46 41 6c T+*L..ob.H..#FAl
0280 8d e1 19 58 36 05 bd c6 d8 4d 52 ad 4d 35 87 66 ...X6....MR.M5.f
0290 62 ad 16 46 4c ec 97 f7 56 6c cd 2e 37 71 c1 1e b..FL...Vl..7q..
02a0 9b a8 c1 ac 7a dc 24 3e 44 ca 0f a8 06 ea ae 8f ....z.$>D.......
02b0 22 bf b4 6d 42 77 91 31 21 43 27 d2 a4 79 b1 14 "..mBw.1!C'..y..
02c0 b1 80 19 ...
No. Time Source Destination Protocol Info
167340 371.468178 192.168.0.101 192.168.0.1 TCP 3228 > 5678 [ACK] Seq=1 Ack=0 Win=17472 Len=0
Frame 167340 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.458621000
[Time delta from previous packet: 0.001971000 seconds]
[Time since reference or first frame: 371.468178000 seconds]
Frame Number: 167340
Packet Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: IntelCor_10:e0:39 (00:13:02:10:e0:39), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: IntelCor_10:e0:39 (00:13:02:10:e0:39)
Address: IntelCor_10:e0:39 (00:13:02:10:e0:39)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.101 (192.168.0.101), Dst: 192.168.0.1 ( 192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x389a (14490)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x407f [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.101 (192.168.0.101)
Destination: 192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 3228 (3228), Dst Port: 5678 (5678), Seq: 1, Ack: 0, Len: 0
Source port: 3228 (3228)
Destination port: 5678 (5678)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 0 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17472
Checksum: 0xacc4 [correct]
[Good Checksum: True]
[Bad Checksum: False]
0000 00 13 46 14 f0 88 00 13 02 10 e0 39 08 00 45 00 ..F........9..E.
0010 00 28 38 9a 40 00 80 06 40 7f c0 a8 00 65 c0 a8 .(8.@[email protected]..
0020 00 01 0c 9c 16 2e bd 06 de 48 00 44 7e bb 50 10 .........H.D~.P.
0030 44 40 ac c4 00 00 D@....
No. Time Source Destination Protocol Info
167341 371.469152 192.168.0.101 192.168.0.1 TCP 3228 > 5678 [PSH, ACK] Seq=1 Ack=0 Win=17472 Len=658
Frame 167341 (712 bytes on wire, 712 bytes captured)
Arrival Time: Jan 12, 2008 21:31: 17.459595000
[Time delta from previous packet: 0.000974000 seconds]
[Time since reference or first frame: 371.469152000 seconds]
Frame Number: 167341
Packet Length: 712 bytes
Capture Length: 712 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:data]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: IntelCor_10:e0:39 (00:13:02:10:e0:39), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: IntelCor_10:e0:39 (00:13:02:10:e0:39)
Address: IntelCor_10:e0:39 (00:13:02:10:e0:39)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.101 (192.168.0.101), Dst: 192.168.0.1 ( 192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 698
Identification: 0x389b (14491)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x3dec [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.101 (192.168.0.101)
Destination: 192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 3228 (3228), Dst Port: 5678 (5678), Seq: 1, Ack: 0, Len: 658
Source port: 3228 (3228)
Destination port: 5678 (5678)
Sequence number: 1 (relative sequence number)
[Next sequence number: 659 (relative sequence number)]
Acknowledgement number: 0 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17472
Checksum: 0x26ab [correct]
[Good Checksum: True]
[Bad Checksum: False]
Data (658 bytes)
0000 00 13 46 14 f0 88 00 13 02 10 e0 39 08 00 45 00 ..F........9..E.
0010 02 ba 38 9b 40 00 80 06 3d ec c0 a8 00 65 c0 a8 ..8.@...=....e..
0020 00 01 0c 9c 16 2e bd 06 de 48 00 44 7e bb 50 18 .........H.D~.P.
0030 44 40 26 ab 00 00 50 4f 53 54 20 2f 57 41 4e 43 D@&...POST /WANC
0040 6f 6d 6d 6f 6e 49 6e 74 65 72 66 61 63 65 43 6f ommonInterfaceCo
0050 6e 66 69 67 20 48 54 54 50 2f 31 2e 31 0d 0a 43 nfig HTTP/1.1..C
0060 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 ontent-Type: tex
0070 74 2f 78 6d 6c 3b 20 63 68 61 72 73 65 74 3d 22 t/xml; charset="
0080 75 74 66 2d 38 22 0d 0a 53 4f 41 50 41 63 74 69 utf-8"..SOAPActi
0090 6f 6e 3a 20 22 75 72 6e 3a 73 63 68 65 6d 61 73 on: "urn:schemas
00a0 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 -upnp-org:servic
00b0 65 3a 57 41 4e 43 6f 6d 6d 6f 6e 49 6e 74 65 72 e:WANCommonInter
00c0 66 61 63 65 43 6f 6e 66 69 67 3a 31 23 47 65 74 faceConfig:1#Get
00d0 54 6f 74 61 6c 50 61 63 6b 65 74 73 53 65 6e 74 TotalPacketsSent
00e0 22 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d "..User-Agent: M
00f0 6f 7a 69 6c 6c 61 2f 34 2e 30 20 28 63 6f 6d 70 ozilla/4.0 (comp
0100 61 74 69 62 6c 65 3b 20 55 50 6e 50 2f 31 2e 30 atible; UPnP/1.0
0110 3b 20 57 69 6e 64 6f 77 73 20 39 78 29 0d 0a 48 ; Windows 9x)..H
0120 6f 73 74 3a 20 31 39 32 2e 31 36 38 2e 30 2e 31 ost: 192.168.0.1
0130 3a 35 36 37 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c :5678..Content-L
0140 65 6e 67 74 68 3a 20 33 31 31 0d 0a 43 6f 6e 6e ength: 311..Conn
0150 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 ection: Keep-Ali
0160 76 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f ve..Cache-Contro
0170 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 l: no-cache..Pra
0180 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 0d gma: no-cache...
0190 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 .<?xml version="
01a0 31 2e 30 22 3f 3e 0d 0a 3c 53 4f 41 50 2d 45 4e 1.0 "?>..<SOAP-EN
01b0 56 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 V:Envelope xmlns
01c0 3a 53 4f 41 50 2d 45 4e 56 3d 22 68 74 74 70 3a :SOAP-ENV="http:
01d0 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 //schemas.xmlsoa
01e0 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c p.org/soap/envel
01f0 6f 70 65 2f 22 20 53 4f 41 50 2d 45 4e 56 3a 65 ope/" SOAP-ENV:e
0200 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 ncodingStyle="ht
0210 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c tp://schemas.xml
0220 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e soap.org/soap/en
0230 63 6f 64 69 6e 67 2f 22 3e 3c 53 4f 41 50 2d 45 coding/"><SOAP-E
0240 4e 56 3a 42 6f 64 79 3e 3c 6d 3a 47 65 74 54 6f NV:Body><m:GetTo
0250 74 61 6c 50 61 63 6b 65 74 73 53 65 6e 74 20 78 talPacketsSent x
0260 6d 6c 6e 73 3a 6d 3d 22 75 72 6e 3a 73 63 68 65 mlns:m="urn:sche
0270 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 mas-upnp-org:ser
0280 76 69 63 65 3a 57 41 4e 43 6f 6d 6d 6f 6e 49 6e vice:WANCommonIn
0290 74 65 72 66 61 63 65 43 6f 6e 66 69 67 3a 31 22 terfaceConfig:1"
02a0 2f 3e 3c 2f 53 4f 41 50 2d 45 4e 56 3a 42 6f 64 /></SOAP-ENV:Bod
02b0 79 3e 3c 2f 53 4f 41 50 2d 45 4e 56 3a 45 6e 76 y></SOAP-ENV:Env
02c0 65 6c 6f 70 65 3e 0d 0a elope>..
No. Time Source Destination Protocol Info
167342 371.469199 192.168.0.121 218.4.245.104 TCP 2557 > 8492 [ACK] Seq=4919 Ack=91532 Win=8712 Len=0 TSV=140609 TSER=1607158
Frame 167342 (66 bytes on wire, 66 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.459642000
[Time delta from previous packet: 0.000047000 seconds]
[Time since reference or first frame: 371.469199000 seconds]
Frame Number: 167342
Packet Length: 66 bytes
Capture Length: 66 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.121 ( 192.168.0.121), Dst: 218.4.245.104 (218.4.245.104)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0x1b57 (6999)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x8ede [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.121 (192.168.0.121)
Destination: 218.4.245.104 (218.4.245.104)
Transmission Control Protocol, Src Port: 2557 (2557), Dst Port: 8492 (8492), Seq: 4919, Ack: 91532, Len: 0
Source port: 2557 (2557)
Destination port: 8492 (8492)
Sequence number: 4919 (relative sequence number)
Acknowledgement number: 91532 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8712
Checksum: 0x4613 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 140609, TSecr 1607158
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 167331]
[The RTT to ACK the segment was: 0.034241000 seconds]
0000 00 13 46 14 f0 88 00 14 85 26 c7 6b 08 00 45 00 ..F......&.k..E.
0010 00 34 1b 57 40 00 40 06 8e de c0 a8 00 79 da 04 .4.W@[email protected]..
0020 f5 68 09 fd 21 2c 0f 0e 24 91 5f e6 14 13 80 10 .h..!,..$._.....
0030 22 08 46 13 00 00 01 01 08 0a 00 02 25 41 00 18 ".F.........%A..
0040 85 f6 ..
No. Time Source Destination Protocol Info
167343 371.473762 192.168.0.80 192.168.0.1 DNS Standard query PTR 177.1.53.59.in-addr.arpa
Frame 167343 (84 bytes on wire, 84 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464205000
[Time delta from previous packet: 0.004563000 seconds]
[Time since reference or first frame: 371.473762000 seconds]
Frame Number: 167343
Packet Length: 84 bytes
Capture Length: 84 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 ( 192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 70
Identification: 0xf3c9 (62409)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc53b [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 50
Checksum: 0x74ab [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 167528]
Transaction ID: 0x4a15
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
177.1.53.59.in-addr.arpa: type PTR, class IN
Name: 177.1.53.59.in-addr.arpa
Type: PTR (Domain name pointer)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 46 f3 c9 00 00 80 11 c5 3b c0 a8 00 50 c0 a8 .F.......;...P..
0020 00 01 04 9c 00 35 00 32 74 ab 4a 15 01 00 00 01 .....5.2t.J.....
0030 00 00 00 00 00 00 03 31 37 37 01 31 02 35 33 02 .......177.1.53.
0040 35 39 07 69 6e 2d 61 64 64 72 04 61 72 70 61 00 59.in-addr.arpa.
0050 00 0c 00 01 ....
No. Time Source Destination Protocol Info
167344 371.473801 192.168.0.80 192.168.0.1 DNS Standard query PTR 118.172.51.61.in-addr.arpa
Frame 167344 (86 bytes on wire, 86 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464244000
[Time delta from previous packet: 0.000039000 seconds]
[Time since reference or first frame: 371.473801000 seconds]
Frame Number: 167344
Packet Length: 86 bytes
Capture Length: 86 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 (192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 72
Identification: 0xf3ca (62410)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc538 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 52
Checksum: 0x42b8 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 169218]
Transaction ID: 0x49d9
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
118.172.51.61.in-addr.arpa: type PTR, class IN
Name: 118.172.51.61.in-addr.arpa
Type: PTR (Domain name pointer)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 48 f3 ca 00 00 80 11 c5 38 c0 a8 00 50 c0 a8 .H.......8...P..
0020 00 01 04 9c 00 35 00 34 42 b8 49 d9 01 00 00 01 .....5.4B.I.....
0030 00 00 00 00 00 00 03 31 31 38 03 31 37 32 02 35 .......118.172.5
0040 31 02 36 31 07 69 6e 2d 61 64 64 72 04 61 72 70 1.61.in-addr.arp
0050 61 00 00 0c 00 01 a.....
No. Time Source Destination Protocol Info
167345 371.473820 192.168.0.80 192.168.0.1 DNS Standard query PTR 70.138.50.60.in-addr.arpa
Frame 167345 (85 bytes on wire, 85 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464263000
[Time delta from previous packet: 0.000019000 seconds]
[Time since reference or first frame: 371.473820000 seconds]
Frame Number: 167345
Packet Length: 85 bytes
Capture Length: 85 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 ( 192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 71
Identification: 0xf3cb (62411)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc538 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 51
Checksum: 0xdfb7 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 168371]
Transaction ID: 0x4973
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
70.138.50.60.in-addr.arpa: type PTR, class IN
Name: 70.138.50.60.in-addr.arpa
Type: PTR (Domain name pointer)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 47 f3 cb 00 00 80 11 c5 38 c0 a8 00 50 c0 a8 .G.......8...P..
0020 00 01 04 9c 00 35 00 33 df b7 49 73 01 00 00 01 .....5.3..Is....
0030 00 00 00 00 00 00 02 37 30 03 31 33 38 02 35 30 .......70.138.50
0040 02 36 30 07 69 6e 2d 61 64 64 72 04 61 72 70 61 .60.in-addr.arpa
0050 00 00 0c 00 01 .....
No. Time Source Destination Protocol Info
167346 371.473841 192.168.0.80 192.168.0.1 DNS Standard query A i59F6BFDD.versanet.de
Frame 167346 (81 bytes on wire, 81 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464284000
[Time delta from previous packet: 0.000021000 seconds]
[Time since reference or first frame: 371.473841000 seconds]
Frame Number: 167346
Packet Length: 81 bytes
Capture Length: 81 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 ( 192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 67
Identification: 0xf3cc (62412)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc53b [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 47
Checksum: 0xfa03 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 170114]
Transaction ID: 0x489e
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
i59F6BFDD.versanet.de: type A, class IN
Name: i59F6BFDD.versanet.de
Type: A (Host address)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 43 f3 cc 00 00 80 11 c5 3b c0 a8 00 50 c0 a8 .C.......;...P..
0020 00 01 04 9c 00 35 00 2f fa 03 48 9e 01 00 00 01 .....5./..H.....
0030 00 00 00 00 00 00 09 69 35 39 46 36 42 46 44 44 .......i59F6BFDD
0040 08 76 65 72 73 61 6e 65 74 02 64 65 00 00 01 00 .versanet.de....
0050 01 .
No. Time Source Destination Protocol Info
167347 371.473860 192.168.0.80 192.168.0.1 DNS Standard query A alf94-7-82-228-221-32.fbx.proxad.net
Frame 167347 (96 bytes on wire, 96 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464303000
[Time delta from previous packet: 0.000019000 seconds]
[Time since reference or first frame: 371.473860000 seconds]
Frame Number: 167347
Packet Length: 96 bytes
Capture Length: 96 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 ( 192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 82
Identification: 0xf3cd (62413)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc52b [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 62
Checksum: 0x494b [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 168372]
Transaction ID: 0x489f
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
alf94-7-82-228-221-32.fbx.proxad.net: type A, class IN
Name: alf94-7-82-228-221-32.fbx.proxad.net
Type: A (Host address)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 52 f3 cd 00 00 80 11 c5 2b c0 a8 00 50 c0 a8 .R.......+...P..
0020 00 01 04 9c 00 35 00 3e 49 4b 48 9f 01 00 00 01 .....5.>IKH.....
0030 00 00 00 00 00 00 15 61 6c 66 39 34 2d 37 2d 38 .......alf94-7-8
0040 32 2d 32 32 38 2d 32 32 31 2d 33 32 03 66 62 78 2-228-221-32.fbx
0050 06 70 72 6f 78 61 64 03 6e 65 74 00 00 01 00 01 .proxad.net.....
No. Time Source Destination Protocol Info
167348 371.473879 192.168.0.80 192.168.0.1 DNS Standard query A CPE-121-208-179-8.qld.bigpond.net.au
Frame 167348 (96 bytes on wire, 96 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464322000
[Time delta from previous packet: 0.000019000 seconds]
[Time since reference or first frame: 371.473879000 seconds]
Frame Number: 167348
Packet Length: 96 bytes
Capture Length: 96 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 (192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 82
Identification: 0xf3ce (62414)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc52a [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 62
Checksum: 0xdfad [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 170083]
Transaction ID: 0x48a0
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
CPE-121-208-179-8.qld.bigpond.net.au: type A, class IN
Name: CPE-121-208-179-8.qld.bigpond.net.au
Type: A (Host address)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 52 f3 ce 00 00 80 11 c5 2a c0 a8 00 50 c0 a8 .R.......*...P..
0020 00 01 04 9c 00 35 00 3e df ad 48 a0 01 00 00 01 .....5.>..H.....
0030 00 00 00 00 00 00 11 43 50 45 2d 31 32 31 2d 32 .......CPE-121-2
0040 30 38 2d 31 37 39 2d 38 03 71 6c 64 07 62 69 67 08-179-8.qld.big
0050 70 6f 6e 64 03 6e 65 74 02 61 75 00 00 01 00 01 pond.net.au.....
No. Time Source Destination Protocol Info
167349 371.473898 192.168.0.80 192.168.0.1 DNS Standard query PTR 139.42.186.80.in-addr.arpa
Frame 167349 (86 bytes on wire, 86 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464341000
[Time delta from previous packet: 0.000019000 seconds]
[Time since reference or first frame: 371.473898000 seconds]
Frame Number: 167349
Packet Length: 86 bytes
Capture Length: 86 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 (192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 72
Identification: 0xf3cf (62415)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc533 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 52
Checksum: 0x1215 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 169187]
Transaction ID: 0x48a5
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
139.42.186.80.in-addr.arpa: type PTR, class IN
Name: 139.42.186.80.in-addr.arpa
Type: PTR (Domain name pointer)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 48 f3 cf 00 00 80 11 c5 33 c0 a8 00 50 c0 a8 .H.......3...P..
0020 00 01 04 9c 00 35 00 34 12 15 48 a5 01 00 00 01 .....5.4..H.....
0030 00 00 00 00 00 00 03 31 33 39 02 34 32 03 31 38 .......139.42.18
0040 36 02 38 30 07 69 6e 2d 61 64 64 72 04 61 72 70 6.80.in-addr.arp
0050 61 00 00 0c 00 01 a.....
No. Time Source Destination Protocol Info
167350 371.473915 192.168.0.80 192.168.0.1 DNS Standard query PTR 203.165.4.189.in-addr.arpa
Frame 167350 (86 bytes on wire, 86 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464358000
[Time delta from previous packet: 0.000017000 seconds]
[Time since reference or first frame: 371.473915000 seconds]
Frame Number: 167350
Packet Length: 86 bytes
Capture Length: 86 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 ( 192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 72
Identification: 0xf3d0 (62416)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc532 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 52
Checksum: 0x72b5 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 171041]
Transaction ID: 0x48a7
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
203.165.4.189.in-addr.arpa: type PTR, class IN
Name: 203.165.4.189.in-addr.arpa
Type: PTR (Domain name pointer)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 48 f3 d0 00 00 80 11 c5 32 c0 a8 00 50 c0 a8 .H.......2...P..
0020 00 01 04 9c 00 35 00 34 72 b5 48 a7 01 00 00 01 .....5.4r.H.....
0030 00 00 00 00 00 00 03 32 30 33 03 31 36 35 01 34 .......203.165.4
0040 03 31 38 39 07 69 6e 2d 61 64 64 72 04 61 72 70 .189.in-addr.arp
0050 61 00 00 0c 00 01 a.....
No. Time Source Destination Protocol Info
167351 371.473931 192.168.0.80 192.168.0.1 DNS Standard query PTR 116.237.82.190.in-addr.arpa
Frame 167351 (87 bytes on wire, 87 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464374000
[Time delta from previous packet: 0.000016000 seconds]
[Time since reference or first frame: 371.473931000 seconds]
Frame Number: 167351
Packet Length: 87 bytes
Capture Length: 87 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 (192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 73
Identification: 0xf3d1 (62417)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc530 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 53
Checksum: 0xe30f [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 168374]
Transaction ID: 0x48a8
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
116.237.82.190.in-addr.arpa: type PTR, class IN
Name: 116.237.82.190.in-addr.arpa
Type: PTR (Domain name pointer)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 49 f3 d1 00 00 80 11 c5 30 c0 a8 00 50 c0 a8 .I.......0...P..
0020 00 01 04 9c 00 35 00 35 e3 0f 48 a8 01 00 00 01 .....5.5..H.....
0030 00 00 00 00 00 00 03 31 31 36 03 32 33 37 02 38 .......116.237.8
0040 32 03 31 39 30 07 69 6e 2d 61 64 64 72 04 61 72 2.190.in-addr.ar
0050 70 61 00 00 0c 00 01 pa.....
No. Time Source Destination Protocol Info
167352 371.473947 192.168.0.80 192.168.0.1 DNS Standard query PTR 225.0.21.86.in-addr.arpa
Frame 167352 (84 bytes on wire, 84 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464390000
[Time delta from previous packet: 0.000016000 seconds]
[Time since reference or first frame: 371.473947000 seconds]
Frame Number: 167352
Packet Length: 84 bytes
Capture Length: 84 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 ( 192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 70
Identification: 0xf3d2 (62418)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc532 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 50
Checksum: 0x7a1e [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 171084]
Transaction ID: 0x48aa
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
225.0.21.86.in-addr.arpa: type PTR, class IN
Name: 225.0.21.86.in-addr.arpa
Type: PTR (Domain name pointer)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 46 f3 d2 00 00 80 11 c5 32 c0 a8 00 50 c0 a8 .F.......2...P..
0020 00 01 04 9c 00 35 00 32 7a 1e 48 aa 01 00 00 01 .....5.2z.H.....
0030 00 00 00 00 00 00 03 32 32 35 01 30 02 32 31 02 .......225.0.21.
0040 38 36 07 69 6e 2d 61 64 64 72 04 61 72 70 61 00 86.in-addr.arpa.
0050 00 0c 00 01 ....
No. Time Source Destination Protocol Info
167353 371.473964 192.168.0.80 192.168.0.1 DNS Standard query PTR 157.2.225.61.in-addr.arpa
Frame 167353 (85 bytes on wire, 85 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464407000
[Time delta from previous packet: 0.000017000 seconds]
[Time since reference or first frame: 371.473964000 seconds]
Frame Number: 167353
Packet Length: 85 bytes
Capture Length: 85 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 (192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 71
Identification: 0xf3d3 (62419)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc530 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 51
Checksum: 0x411b [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 171825]
Transaction ID: 0x48ae
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
157.2.225.61.in-addr.arpa: type PTR, class IN
Name: 157.2.225.61.in-addr.arpa
Type: PTR (Domain name pointer)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 47 f3 d3 00 00 80 11 c5 30 c0 a8 00 50 c0 a8 .G.......0...P..
0020 00 01 04 9c 00 35 00 33 41 1b 48 ae 01 00 00 01 .....5.3A.H.....
0030 00 00 00 00 00 00 03 31 35 37 01 32 03 32 32 35 .......157.2.225
0040 02 36 31 07 69 6e 2d 61 64 64 72 04 61 72 70 61 .61.in-addr.arpa
0050 00 00 0c 00 01 .....
No. Time Source Destination Protocol Info
167354 371.473980 192.168.0.80 192.168.0.1 DNS Standard query PTR 132.28.121.87.in-addr.arpa
Frame 167354 (86 bytes on wire, 86 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464423000
[Time delta from previous packet: 0.000016000 seconds]
[Time since reference or first frame: 371.473980000 seconds]
Frame Number: 167354
Packet Length: 86 bytes
Capture Length: 86 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 ( 192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 72
Identification: 0xf3d4 (62420)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc52e [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 52
Checksum: 0x1113 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 171790]
Transaction ID: 0x48af
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
132.28.121.87.in-addr.arpa: type PTR, class IN
Name: 132.28.121.87.in-addr.arpa
Type: PTR (Domain name pointer)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 48 f3 d4 00 00 80 11 c5 2e c0 a8 00 50 c0 a8 .H...........P..
0020 00 01 04 9c 00 35 00 34 11 13 48 af 01 00 00 01 .....5.4..H.....
0030 00 00 00 00 00 00 03 31 33 32 02 32 38 03 31 32 .......132.28.12
0040 31 02 38 37 07 69 6e 2d 61 64 64 72 04 61 72 70 1.87.in-addr.arp
0050 61 00 00 0c 00 01 a.....
Do you mean that Winblows somehow mangled the packet but otherwise its ok?
What I am trying to do is intrusion detection because I believe an illegitimate wireless host is sniffing packets.
I have copied and pasted the exported capture of the lines I took a snapshot of in Capture 3, which is the one where the spoofed MAC appears at IP 192.168.0.116.
In my next post, I will also export the 2 captures (Capture 1 and Capture 2) with the white-colored LLC protocols and I will also export and post the miscellaneous, "Capture_misc" with all the black colored TCP out of order and retransmission and dup frames.
But let me know if I do the first one correctly so I dont mess up the other 3.
Thank you again.
---------------------------------------------------------------------------------------------------------------
Capture 3 - Lines 167313 to 167354 (Suspected intruder using spoofed MAC)
---------------------------------------------------------------------------------------------------------------
No. Time Source Destination Protocol Info
167313 371.355337 218.83.77.47 192.168.0.121 TCP [TCP Dup ACK 166894#4] 8457 > 2358 [ACK] Seq=374 Ack=271920 Win=64487 Len=0 TSV=935900 TSER=140584 SLE=272444 SRE=273492
Frame 167313 (78 bytes on wire, 78 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.345780000
[Time delta from previous packet: 0.026333000 seconds]
[Time since reference or first frame: 371.355337000 seconds]
Frame Number: 167313
Packet Length: 78 bytes
Capture Length: 78 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: D-Link_14:f0:88 (00:13:46:14:f0:88), Dst: 192.168.0.116 (00:1b:fc:de:30:34)
Destination: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 218.83.77.47 (218.83.77.47), Dst: 192.168.0.121 ( 192.168.0.121)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 64
Identification: 0x4f54 (20308)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 117
Protocol: TCP (0x06)
Header checksum: 0xcdbf [correct]
[Good: True]
[Bad : False]
Source: 218.83.77.47 (218.83.77.47)
Destination: 192.168.0.121 (192.168.0.121)
Transmission Control Protocol, Src Port: 8457 (8457), Dst Port: 2358 (2358), Seq: 374, Ack: 271920, Len: 0
Source port: 8457 (8457)
Destination port: 2358 (2358)
Sequence number: 374 (relative sequence number)
Acknowledgement number: 271920 (relative ack number)
Header length: 44 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64487
Checksum: 0xb473 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (24 bytes)
NOP
NOP
Timestamps: TSval 935900, TSecr 140584
NOP
NOP
SACK: 272444-273492
left edge = 272444 (relative)
right edge = 273492 (relative)
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This is a TCP duplicate ack]
[Duplicate ACK #: 4]
[Duplicate to the ACK in frame: 166894]
0000 00 1b fc de 30 34 00 13 46 14 f0 88 08 00 45 00 ....04..F.....E.
0010 00 40 4f 54 40 00 75 06 cd bf da 53 4d 2f c0 a8 .@OT@xxxxxxxx/..
0020 00 79 21 09 09 36 ee b0 3a 7b d6 e1 1e 1b b0 10 .y!..6..:{......
0030 fb e7 b4 73 00 00 01 01 08 0a 00 0e 47 dc 00 02 ...s........G...
0040 25 28 01 01 05 0a d6 e1 20 27 d6 e1 24 3f %(...... '..$?
No. Time Source Destination Protocol Info
167314 371.361634 222.84.9.84 192.168.0.121 UDP Source port: 6881 Destination port: 10273
Frame 167314 (143 bytes on wire, 143 bytes captured)
Arrival Time: Jan 12, 2008 21:31: 17.352077000
[Time delta from previous packet: 0.006297000 seconds]
[Time since reference or first frame: 371.361634000 seconds]
Frame Number: 167314
Packet Length: 143 bytes
Capture Length: 143 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:data]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Destination: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 222.84.9.84 ( 222.84.9.84), Dst: 192.168.0.121 (192.168.0.121)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 129
Identification: 0xe0f6 (57590)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 116
Protocol: UDP (0x11)
Header checksum: 0xbcab [correct]
[Good: True]
[Bad : False]
Source: 222.84.9.84 (222.84.9.84)
Destination: 192.168.0.121 (192.168.0.121)
User Datagram Protocol, Src Port: 6881 (6881), Dst Port: 10273 (10273)
Source port: 6881 (6881)
Destination port: 10273 (10273)
Length: 109
Checksum: 0x583c [correct]
[Good Checksum: True]
[Bad Checksum: False]
Data (101 bytes)
0000 00 14 85 26 c7 6b 00 1b fc de 30 34 08 00 45 00 ...&.k....04..E.
0010 00 81 e0 f6 00 00 74 11 bc ab de 54 09 54 c0 a8 ......t....T.T..
0020 00 79 1a e1 28 21 00 6d 58 3c 64 31 3a 61 64 32 .y..(!.mX<d1:ad2
0030 3a 69 64 32 30 3a f6 48 43 07 02 75 7b 25 5e 65 :id20:.HC..u{%^e
0040 20 f9 43 cf a6 da 74 75 8c b9 36 3a 74 61 72 67 .C...tu..6:targ
0050 65 74 32 30 3a f6 48 5a 98 52 da 58 8a 59 6d 89 et20:.HZ.R.X.Ym.
0060 71 b6 71 ab cb 67 b5 8e b5 65 31 3a 71 39 3a 66 q.q..g...e1:q9:f
0070 69 6e 64 5f 6e 6f 64 65 31 3a 74 32 3a 06 a8 31 ind_node1:t2:..1
0080 3a 76 34 3a 4c 54 01 07 31 3a 79 31 3a 71 65 :v4:LT..1:y1:qe
No. Time Source Destination Protocol Info
167315 371.362048 192.168.0.116 192.168.0.1 TCP 2869 > 1148 [SYN, ACK] Seq=0 Ack=1 Win=64260 Len=0 MSS=1260
Frame 167315 (58 bytes on wire, 58 bytes captured)
Arrival Time: Jan 12, 2008 21:31: 17.352491000
[Time delta from previous packet: 0.000414000 seconds]
[Time since reference or first frame: 371.362048000 seconds]
Frame Number: 167315
Packet Length: 58 bytes
Capture Length: 58 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.116 (192.168.0.116), Dst: 192.168.0.1 (192.168.0.1 )
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 44
Identification: 0x27a0 (10144)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x5166 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.116 (192.168.0.116)
Destination: 192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 2869 (2869), Dst Port: 1148 (1148), Seq: 0, Ack: 1, Len: 0
Source port: 2869 (2869)
Destination port: 1148 (1148)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 24 bytes
Flags: 0x12 (SYN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 64260
Checksum: 0x8363 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (4 bytes)
Maximum segment size: 1260 bytes
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 2c 27 a0 40 00 80 06 51 66 c0 a8 00 74 c0 a8 .,'[email protected]..
0020 00 01 0b 35 04 7c 19 22 e5 dd 00 42 89 bd 60 12 ...5.|."...B..`.
0030 fb 04 83 63 00 00 02 04 04 ec ...c......
No. Time Source Destination Protocol Info
167316 371.362325 192.168.0.116 192.168.0.1 TCP 2869 > 1148 [SYN, ACK] Seq=0 Ack=1 Win=64260 Len=0 MSS=1260
Frame 167316 (58 bytes on wire, 58 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.352768000
[Time delta from previous packet: 0.000277000 seconds]
[Time since reference or first frame: 371.362325000 seconds]
Frame Number: 167316
Packet Length: 58 bytes
Capture Length: 58 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.116 (192.168.0.116), Dst: 192.168.0.1 ( 192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 44
Identification: 0x27a0 (10144)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x5166 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.116 (192.168.0.116)
Destination: 192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 2869 (2869), Dst Port: 1148 (1148), Seq: 0, Ack: 1, Len: 0
Source port: 2869 (2869)
Destination port: 1148 (1148)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 24 bytes
Flags: 0x12 (SYN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 64260
Checksum: 0x8363 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (4 bytes)
Maximum segment size: 1260 bytes
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 2c 27 a0 40 00 80 06 51 66 c0 a8 00 74 c0 a8 .,'[email protected]..
0020 00 01 0b 35 04 7c 19 22 e5 dd 00 42 89 bd 60 12 ...5.|."...B..`.
0030 fb 04 83 63 00 00 02 04 04 ec ...c......
No. Time Source Destination Protocol Info
167317 371.363983 222.84.9.84 192.168.0.121 UDP Source port: 6881 Destination port: 10273
Frame 167317 (143 bytes on wire, 143 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.354426000
[Time delta from previous packet: 0.001658000 seconds]
[Time since reference or first frame: 371.363983000 seconds]
Frame Number: 167317
Packet Length: 143 bytes
Capture Length: 143 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:data]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Destination: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 222.84.9.84 (222.84.9.84), Dst: 192.168.0.121 (192.168.0.121 )
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 129
Identification: 0xe0f6 (57590)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 116
Protocol: UDP (0x11)
Header checksum: 0xbcab [correct]
[Good: True]
[Bad : False]
Source: 222.84.9.84 (222.84.9.84)
Destination: 192.168.0.121 (192.168.0.121)
User Datagram Protocol, Src Port: 6881 (6881), Dst Port: 10273 (10273)
Source port: 6881 (6881)
Destination port: 10273 (10273)
Length: 109
Checksum: 0x583c [correct]
[Good Checksum: True]
[Bad Checksum: False]
Data (101 bytes)
0000 00 14 85 26 c7 6b 00 1b fc de 30 34 08 00 45 00 ...&.k....04..E.
0010 00 81 e0 f6 00 00 74 11 bc ab de 54 09 54 c0 a8 ......t....T.T..
0020 00 79 1a e1 28 21 00 6d 58 3c 64 31 3a 61 64 32 .y..(!.mX<d1:ad2
0030 3a 69 64 32 30 3a f6 48 43 07 02 75 7b 25 5e 65 :id20:.HC..u{%^e
0040 20 f9 43 cf a6 da 74 75 8c b9 36 3a 74 61 72 67 .C...tu..6:targ
0050 65 74 32 30 3a f6 48 5a 98 52 da 58 8a 59 6d 89 et20:.HZ.R.X.Ym.
0060 71 b6 71 ab cb 67 b5 8e b5 65 31 3a 71 39 3a 66 q.q..g...e1:q9:f
0070 69 6e 64 5f 6e 6f 64 65 31 3a 74 32 3a 06 a8 31 ind_node1:t2:..1
0080 3a 76 34 3a 4c 54 01 07 31 3a 79 31 3a 71 65 :v4:LT..1:y1:qe
No. Time Source Destination Protocol Info
167318 371.364569 192.168.0.1 192.168.0.116 TCP 1148 > 2869 [ACK] Seq=1 Ack=1 Win=8192 Len=0
Frame 167318 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.355012000
[Time delta from previous packet: 0.000586000 seconds]
[Time since reference or first frame: 371.364569000 seconds]
Frame Number: 167318
Packet Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: D-Link_14:f0:88 (00:13:46:14:f0:88), Dst: 192.168.0.116 (00:1b:fc:de:30:34)
Destination: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.1 (192.168.0.1), Dst: 192.168.0.116 ( 192.168.0.116)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x25ac (9644)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: TCP (0x06)
Header checksum: 0x945e [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.1 (192.168.0.1)
Destination: 192.168.0.116 (192.168.0.116)
Transmission Control Protocol, Src Port: 1148 (1148), Dst Port: 2869 (2869), Seq: 1, Ack: 1, Len: 0
Source port: 1148 (1148)
Destination port: 2869 (2869)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8192
Checksum: 0x755d [correct]
[Good Checksum: True]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 167307]
[The RTT to ACK the segment was: 0.314494000 seconds]
0000 00 1b fc de 30 34 00 13 46 14 f0 88 08 00 45 00 ....04..F.....E.
0010 00 28 25 ac 00 00 7f 06 94 5e c0 a8 00 01 c0 a8 .(%......^......
0020 00 74 04 7c 0b 35 00 42 89 bd 19 22 e5 de 50 10 .t.|.5.B..."..P.
0030 20 00 75 5d 00 00 .u]..
No. Time Source Destination Protocol Info
167319 371.364681 218.81.146.24 192.168.0.121 UDP Source port: 9262 Destination port: 10273
Frame 167319 (140 bytes on wire, 140 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.355124000
[Time delta from previous packet: 0.000112000 seconds]
[Time since reference or first frame: 371.364681000 seconds]
Frame Number: 167319
Packet Length: 140 bytes
Capture Length: 140 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:data]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Destination: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 218.81.146.24 ( 218.81.146.24), Dst: 192.168.0.121 (192.168.0.121)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 126
Identification: 0x6dd2 (28114)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 53
Protocol: UDP (0x11)
Header checksum: 0xea11 [correct]
[Good: True]
[Bad : False]
Source: 218.81.146.24 (218.81.146.24)
Destination: 192.168.0.121 (192.168.0.121)
User Datagram Protocol, Src Port: 9262 (9262), Dst Port: 10273 (10273)
Source port: 9262 (9262)
Destination port: 10273 (10273)
Length: 106
Checksum: 0x66ea [correct]
[Good Checksum: True]
[Bad Checksum: False]
Data (98 bytes)
0000 00 14 85 26 c7 6b 00 1b fc de 30 34 08 00 45 00 ...&.k....04..E.
0010 00 7e 6d d2 00 00 35 11 ea 11 da 51 92 18 c0 a8 .~m...5....Q....
0020 00 79 24 2e 28 21 00 6a 66 ea 64 31 3a 61 64 32 .y$.(!.jf.d1:ad2
0030 3a 69 64 32 30 3a 09 a3 3d ea 65 9c 71 37 06 61 :id20:..=.e.q7.a
0040 68 be 6a 8b 28 00 5f c0 91 eb 36 3a 74 61 72 67 h.j.(._...6:targ
0050 65 74 32 30 3a f6 5c c2 15 9a 63 8e c8 f9 9e 97 et20:.\...c.....
0060 41 95 74 d7 ff a0 3f 6e 13 65 31 3a 71 39 3a 66 A.t...?n.e1:q9:f
0070 69 6e 64 5f 6e 6f 64 65 31 3a 74 38 3a 2b 99 86 ind_node1:t8:+..
0080 2c a5 bc 76 48 31 3a 79 31 3a 71 65 ,..vH1:y1:qe
No. Time Source Destination Protocol Info
167320 371.365608 192.168.0.1 192.168.0.116 TCP 1148 > 2869 [PSH, ACK] Seq=1 Ack=1 Win=8192 Len=503
Frame 167320 (557 bytes on wire, 557 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.356051000
[Time delta from previous packet: 0.000927000 seconds]
[Time since reference or first frame: 371.365608000 seconds]
Frame Number: 167320
Packet Length: 557 bytes
Capture Length: 557 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:data]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: D-Link_14:f0:88 (00:13:46:14:f0:88), Dst: 192.168.0.116 (00:1b:fc:de:30:34)
Destination: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.1 (192.168.0.1), Dst: 192.168.0.116 ( 192.168.0.116)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 543
Identification: 0x25ad (9645)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: TCP (0x06)
Header checksum: 0x9266 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.1 (192.168.0.1)
Destination: 192.168.0.116 (192.168.0.116)
Transmission Control Protocol, Src Port: 1148 (1148), Dst Port: 2869 (2869), Seq: 1, Ack: 1, Len: 503
Source port: 1148 (1148)
Destination port: 2869 (2869)
Sequence number: 1 (relative sequence number)
[Next sequence number: 504 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8192
Checksum: 0xfb82 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Data (503 bytes)
0000 00 1b fc de 30 34 00 13 46 14 f0 88 08 00 45 00 ....04..F.....E.
0010 02 1f 25 ad 00 00 7f 06 92 66 c0 a8 00 01 c0 a8 ..%......f......
0020 00 74 04 7c 0b 35 00 42 89 bd 19 22 e5 de 50 18 .t.|.5.B..."..P.
0030 20 00 fb 82 00 00 4e 4f 54 49 46 59 20 2f 75 70 .....NOTIFY /up
0040 6e 70 2f 65 76 65 6e 74 69 6e 67 2f 6c 62 64 7a np/eventing/lbdz
0050 75 71 6e 70 6f 62 20 48 54 54 50 2f 31 2e 31 0d uqnpob HTTP/1.1.
0060 0a 48 4f 53 54 3a 20 31 39 32 2e 31 36 38 2e 30 .HOST: 192.168.0
0070 2e 31 31 36 3a 32 38 36 39 0d 0a 43 4f 4e 54 45 .116:2869..CONTE
0080 4e 54 2d 54 59 50 45 3a 20 74 65 78 74 2f 78 6d NT-TYPE: text/xm
0090 6c 0d 0a 43 4f 4e 54 45 4e 54 2d 4c 45 4e 47 54 l..CONTENT-LENGT
00a0 48 3a 20 32 39 38 0d 0a 4e 54 3a 20 75 70 6e 70 H: 298..NT: upnp
00b0 3a 65 76 65 6e 74 0d 0a 4e 54 53 3a 20 75 70 6e :event..NTS: upn
00c0 70 3a 70 72 6f 70 63 68 61 6e 67 65 0d 0a 53 49 p:propchange..SI
00d0 44 3a 20 75 75 69 64 3a 30 30 2d 31 33 2d 34 36 D: uuid:00-13-46
00e0 2d 31 34 2d 66 30 2d 38 38 2d 30 31 61 63 37 38 -14-f0-88-01ac78
00f0 34 37 63 65 65 31 0d 0a 53 45 51 3a 20 33 35 0d 47cee1..SEQ: 35.
0100 0a 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e ...<?xml version
0110 3d 22 31 2e 30 22 3f 3e 0d 0a 3c 65 3a 70 72 6f =" 1.0"?>..<e:pro
0120 70 65 72 74 79 73 65 74 20 78 6d 6c 6e 73 3a 65 pertyset xmlns:e
0130 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 ="urn:schemas-up
0140 6e 70 2d 6f 72 67 3a 65 76 65 6e 74 2d 31 2d 30 np-org:event-1-0
0150 22 20 78 6d 6c 6e 73 3a 73 3d 22 75 72 6e 3a 73 " xmlns:s="urn:s
0160 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a chemas-upnp-org:
0170 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e service:WANIPCon
0180 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 65 3a 70 72 nection:1"><e:pr
0190 6f 70 65 72 74 79 3e 3c 73 3a 50 6f 72 74 4d 61 operty><s:PortMa
01a0 70 70 69 6e 67 4e 75 6d 62 65 72 4f 66 45 6e 74 ppingNumberOfEnt
01b0 72 69 65 73 20 78 6d 6c 6e 73 3a 64 74 3d 22 75 ries xmlns:dt="u
01c0 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f rn:schemas-micro
01d0 73 6f 66 74 2d 63 6f 6d 3a 64 61 74 61 74 79 70 soft-com:datatyp
01e0 65 73 22 20 64 74 3a 64 74 3d 22 75 69 32 22 3e es" dt:dt="ui2">
01f0 30 3c 2f 73 3a 50 6f 72 74 4d 61 70 70 69 6e 67 0</s:PortMapping
0200 4e 75 6d 62 65 72 4f 66 45 6e 74 72 69 65 73 3e NumberOfEntries>
0210 3c 2f 65 3a 70 72 6f 70 65 72 74 79 3e 3c 2f 65 </e:property></e
0220 3a 70 72 6f 70 65 72 74 79 73 65 74 3e :propertyset>
No. Time Source Destination Protocol Info
167321 371.366456 61.173.111.180 192.168.0.121 UDP Source port: 1586 Destination port: 10273
Frame 167321 (140 bytes on wire, 140 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.356899000
[Time delta from previous packet: 0.000848000 seconds]
[Time since reference or first frame: 371.366456000 seconds]
Frame Number: 167321
Packet Length: 140 bytes
Capture Length: 140 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:data]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Destination: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 61.173.111.180 (61.173.111.180), Dst: 192.168.0.121 (192.168.0.121 )
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 126
Identification: 0xf30f (62223)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 116
Protocol: UDP (0x11)
Header checksum: 0xe4dc [correct]
[Good: True]
[Bad : False]
Source: 61.173.111.180 (61.173.111.180)
Destination: 192.168.0.121 (192.168.0.121)
User Datagram Protocol, Src Port: 1586 (1586), Dst Port: 10273 (10273)
Source port: 1586 (1586)
Destination port: 10273 (10273)
Length: 106
Checksum: 0x0f9d [correct]
[Good Checksum: True]
[Bad Checksum: False]
Data (98 bytes)
0000 00 14 85 26 c7 6b 00 1b fc de 30 34 08 00 45 00 ...&.k....04..E.
0010 00 7e f3 0f 00 00 74 11 e4 dc 3d ad 6f b4 c0 a8 .~....t...=.o...
0020 00 79 06 32 28 21 00 6a 0f 9d 64 31 3a 61 64 32 .y.2(!.j..d1:ad2
0030 3a 69 64 32 30 3a 09 ab 05 24 6c 19 39 53 c6 99 :id20:...$l.9S..
0040 4b a5 72 ef 80 a3 e7 7f 3b 6d 36 3a 74 61 72 67 K.r.....;m6:targ
0050 65 74 32 30 3a f6 54 fa db 93 e6 c6 ac 39 66 b4 et20:.T......9f.
0060 5a 8d 10 7f 5c 18 80 c4 91 65 31 3a 71 39 3a 66 Z...\....e1:q9:f
0070 69 6e 64 5f 6e 6f 64 65 31 3a 74 38 3a 71 44 93 ind_node1:t8:qD.
0080 97 e3 63 c0 36 31 3a 79 31 3a 71 65 ..c.61:y1:qe
No. Time Source Destination Protocol Info
167322 371.367993 192.168.0.1 192.168.0.116 TCP [TCP Dup ACK 167320#1] 1148 > 2869 [ACK] Seq=504 Ack=1 Win=8192 Len=0
Frame 167322 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.358436000
[Time delta from previous packet: 0.001537000 seconds]
[Time since reference or first frame: 371.367993000 seconds]
Frame Number: 167322
Packet Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: D-Link_14:f0:88 (00:13:46:14:f0:88), Dst: 192.168.0.116 (00:1b:fc:de:30:34)
Destination: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.1 (192.168.0.1), Dst: 192.168.0.116 ( 192.168.0.116)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x25ae (9646)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: TCP (0x06)
Header checksum: 0x945c [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.1 (192.168.0.1)
Destination: 192.168.0.116 (192.168.0.116)
Transmission Control Protocol, Src Port: 1148 (1148), Dst Port: 2869 (2869), Seq: 504, Ack: 1, Len: 0
Source port: 1148 (1148)
Destination port: 2869 (2869)
Sequence number: 504 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8192
Checksum: 0x7366 [correct]
[Good Checksum: True]
[Bad Checksum: False]
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This is a TCP duplicate ack]
[Duplicate ACK #: 1]
[Duplicate to the ACK in frame: 167320]
0000 00 1b fc de 30 34 00 13 46 14 f0 88 08 00 45 00 ....04..F.....E.
0010 00 28 25 ae 00 00 7f 06 94 5c c0 a8 00 01 c0 a8 .(%......\......
0020 00 74 04 7c 0b 35 00 42 8b b4 19 22 e5 de 50 10 .t.|.5.B..."..P.
0030 20 00 73 66 00 00 .sf..
No. Time Source Destination Protocol Info
167323 371.370087 218.83.77.47 192.168.0.121 TCP [TCP Dup ACK 166894#5] 8457 > 2358 [ACK] Seq=374 Ack=271920 Win=64487 Len=0 TSV=935900 TSER=140584 SLE=272444 SRE=273492
Frame 167323 (78 bytes on wire, 78 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.360530000
[Time delta from previous packet: 0.002094000 seconds]
[Time since reference or first frame: 371.370087000 seconds]
Frame Number: 167323
Packet Length: 78 bytes
Capture Length: 78 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Destination: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 218.83.77.47 (218.83.77.47), Dst: 192.168.0.121 ( 192.168.0.121)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 64
Identification: 0x4f54 (20308)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 117
Protocol: TCP (0x06)
Header checksum: 0xcdbf [correct]
[Good: True]
[Bad : False]
Source: 218.83.77.47 (218.83.77.47)
Destination: 192.168.0.121 (192.168.0.121)
Transmission Control Protocol, Src Port: 8457 (8457), Dst Port: 2358 (2358), Seq: 374, Ack: 271920, Len: 0
Source port: 8457 (8457)
Destination port: 2358 (2358)
Sequence number: 374 (relative sequence number)
Acknowledgement number: 271920 (relative ack number)
Header length: 44 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 64487
Checksum: 0xb473 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (24 bytes)
NOP
NOP
Timestamps: TSval 935900, TSecr 140584
NOP
NOP
SACK: 272444-273492
left edge = 272444 (relative)
right edge = 273492 (relative)
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This is a TCP duplicate ack]
[Duplicate ACK #: 5]
[Duplicate to the ACK in frame: 166894]
0000 00 14 85 26 c7 6b 00 1b fc de 30 34 08 00 45 00 ...&.k....04..E.
0010 00 40 4f 54 40 00 75 06 cd bf da 53 4d 2f c0 a8 .@OT@xxxxxxxx/..
0020 00 79 21 09 09 36 ee b0 3a 7b d6 e1 1e 1b b0 10 .y!..6..:{......
0030 fb e7 b4 73 00 00 01 01 08 0a 00 0e 47 dc 00 02 ...s........G...
0040 25 28 01 01 05 0a d6 e1 20 27 d6 e1 24 3f %(...... '..$?
No. Time Source Destination Protocol Info
167324 371.373871 192.168.0.1 192.168.0.116 TCP 1148 > 2869 [ACK] Seq=1 Ack=1 Win=8192 Len=0
Frame 167324 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jan 12, 2008 21:31: 17.364314000
[Time delta from previous packet: 0.003784000 seconds]
[Time since reference or first frame: 371.373871000 seconds]
Frame Number: 167324
Packet Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: 0c:0c:0c:0c:0c:01 (0c:0c:0c:0c:0c:01)
Destination: 0c:0c:0c:0c:0c:01 (0c:0c:0c:0c:0c:01)
Address: 0c:0c:0c:0c:0c:01 (0c:0c:0c:0c:0c:01)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.1 ( 192.168.0.1), Dst: 192.168.0.116 (192.168.0.116)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x25ac (9644)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: TCP (0x06)
Header checksum: 0x945e [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.1 (192.168.0.1)
Destination: 192.168.0.116 (192.168.0.116)
Transmission Control Protocol, Src Port: 1148 (1148), Dst Port: 2869 (2869), Seq: 1, Ack: 1, Len: 0
Source port: 1148 (1148)
Destination port: 2869 (2869)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8192
Checksum: 0x755d [correct]
[Good Checksum: True]
[Bad Checksum: False]
0000 0c 0c 0c 0c 0c 01 00 1b fc de 30 34 08 00 45 00 ..........04..E.
0010 00 28 25 ac 00 00 7f 06 94 5e c0 a8 00 01 c0 a8 .(%......^......
0020 00 74 04 7c 0b 35 00 42 89 bd 19 22 e5 de 50 10 .t.|.5.B..."..P.
0030 20 00 75 5d 00 00 .u]..
No. Time Source Destination Protocol Info
167325 371.374204 192.168.0.1 192.168.0.116 TCP [TCP Retransmission] 1148 > 2869 [PSH, ACK] Seq=1 Ack=1 Win=8192 Len=503
Frame 167325 (557 bytes on wire, 557 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.364647000
[Time delta from previous packet: 0.000333000 seconds]
[Time since reference or first frame: 371.374204000 seconds]
Frame Number: 167325
Packet Length: 557 bytes
Capture Length: 557 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:data]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: 0c:0c:0c:0c:0c:01 (0c:0c:0c:0c:0c:01)
Destination: 0c:0c:0c:0c:0c:01 (0c:0c:0c:0c:0c:01)
Address: 0c:0c:0c:0c:0c:01 (0c:0c:0c:0c:0c:01)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.1 ( 192.168.0.1), Dst: 192.168.0.116 (192.168.0.116)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 543
Identification: 0x25ad (9645)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: TCP (0x06)
Header checksum: 0x9266 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.1 (192.168.0.1)
Destination: 192.168.0.116 (192.168.0.116)
Transmission Control Protocol, Src Port: 1148 (1148), Dst Port: 2869 (2869), Seq: 1, Ack: 1, Len: 503
Source port: 1148 (1148)
Destination port: 2869 (2869)
Sequence number: 1 (relative sequence number)
[Next sequence number: 504 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8192
Checksum: 0xfb82 [correct]
[Good Checksum: True]
[Bad Checksum: False]
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This frame is a (suspected) retransmission]
[The RTO for this segment was: 0.008596000 seconds]
[RTO based on delta from frame: 167320]
Data (503 bytes)
0000 0c 0c 0c 0c 0c 01 00 1b fc de 30 34 08 00 45 00 ..........04..E.
0010 02 1f 25 ad 00 00 7f 06 92 66 c0 a8 00 01 c0 a8 ..%......f......
0020 00 74 04 7c 0b 35 00 42 89 bd 19 22 e5 de 50 18 .t.|.5.B..."..P.
0030 20 00 fb 82 00 00 4e 4f 54 49 46 59 20 2f 75 70 .....NOTIFY /up
0040 6e 70 2f 65 76 65 6e 74 69 6e 67 2f 6c 62 64 7a np/eventing/lbdz
0050 75 71 6e 70 6f 62 20 48 54 54 50 2f 31 2e 31 0d uqnpob HTTP/1.1.
0060 0a 48 4f 53 54 3a 20 31 39 32 2e 31 36 38 2e 30 .HOST: 192.168.0
0070 2e 31 31 36 3a 32 38 36 39 0d 0a 43 4f 4e 54 45 .116:2869..CONTE
0080 4e 54 2d 54 59 50 45 3a 20 74 65 78 74 2f 78 6d NT-TYPE: text/xm
0090 6c 0d 0a 43 4f 4e 54 45 4e 54 2d 4c 45 4e 47 54 l..CONTENT-LENGT
00a0 48 3a 20 32 39 38 0d 0a 4e 54 3a 20 75 70 6e 70 H: 298..NT: upnp
00b0 3a 65 76 65 6e 74 0d 0a 4e 54 53 3a 20 75 70 6e :event..NTS: upn
00c0 70 3a 70 72 6f 70 63 68 61 6e 67 65 0d 0a 53 49 p:propchange..SI
00d0 44 3a 20 75 75 69 64 3a 30 30 2d 31 33 2d 34 36 D: uuid:00-13-46
00e0 2d 31 34 2d 66 30 2d 38 38 2d 30 31 61 63 37 38 -14-f0-88-01ac78
00f0 34 37 63 65 65 31 0d 0a 53 45 51 3a 20 33 35 0d 47cee1..SEQ: 35.
0100 0a 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e ...<?xml version
0110 3d 22 31 2e 30 22 3f 3e 0d 0a 3c 65 3a 70 72 6f =" 1.0"?>..<e:pro
0120 70 65 72 74 79 73 65 74 20 78 6d 6c 6e 73 3a 65 pertyset xmlns:e
0130 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 75 70 ="urn:schemas-up
0140 6e 70 2d 6f 72 67 3a 65 76 65 6e 74 2d 31 2d 30 np-org:event-1-0
0150 22 20 78 6d 6c 6e 73 3a 73 3d 22 75 72 6e 3a 73 " xmlns:s="urn:s
0160 63 68 65 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a chemas-upnp-org:
0170 73 65 72 76 69 63 65 3a 57 41 4e 49 50 43 6f 6e service:WANIPCon
0180 6e 65 63 74 69 6f 6e 3a 31 22 3e 3c 65 3a 70 72 nection:1"><e:pr
0190 6f 70 65 72 74 79 3e 3c 73 3a 50 6f 72 74 4d 61 operty><s:PortMa
01a0 70 70 69 6e 67 4e 75 6d 62 65 72 4f 66 45 6e 74 ppingNumberOfEnt
01b0 72 69 65 73 20 78 6d 6c 6e 73 3a 64 74 3d 22 75 ries xmlns:dt="u
01c0 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f rn:schemas-micro
01d0 73 6f 66 74 2d 63 6f 6d 3a 64 61 74 61 74 79 70 soft-com:datatyp
01e0 65 73 22 20 64 74 3a 64 74 3d 22 75 69 32 22 3e es" dt:dt="ui2">
01f0 30 3c 2f 73 3a 50 6f 72 74 4d 61 70 70 69 6e 67 0</s:PortMapping
0200 4e 75 6d 62 65 72 4f 66 45 6e 74 72 69 65 73 3e NumberOfEntries>
0210 3c 2f 65 3a 70 72 6f 70 65 72 74 79 3e 3c 2f 65 </e:property></e
0220 3a 70 72 6f 70 65 72 74 79 73 65 74 3e :propertyset>
No. Time Source Destination Protocol Info
167326 371.375265 192.168.0.121 218.83.77.47 TCP [TCP Fast Retransmission] 2358 > 8457 [ACK] Seq=271920 Ack=374 Win=8266 Len=512 TSV=140609 TSER=935900
Frame 167326 (578 bytes on wire, 578 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.365708000
[Time delta from previous packet: 0.001061000 seconds]
[Time since reference or first frame: 371.375265000 seconds]
Frame Number: 167326
Packet Length: 578 bytes
Capture Length: 578 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:data]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.121 (192.168.0.121), Dst: 218.83.77.47 ( 218.83.77.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 564
Identification: 0x1b54 (6996)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x74cc [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.121 (192.168.0.121)
Destination: 218.83.77.47 (218.83.77.47)
Transmission Control Protocol, Src Port: 2358 (2358), Dst Port: 8457 (8457), Seq: 271920, Ack: 374, Len: 512
Source port: 2358 (2358)
Destination port: 8457 (8457)
Sequence number: 271920 (relative sequence number)
[Next sequence number: 272432 (relative sequence number)]
Acknowledgement number: 374 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8266
Checksum: 0xff8c [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 140609, TSecr 935900
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 167313]
[The RTT to ACK the segment was: 0.019928000 seconds]
[TCP Analysis Flags]
[This frame is a (suspected) fast retransmission]
[This frame is a (suspected) retransmission]
Data (512 bytes)
0000 00 13 46 14 f0 88 00 14 85 26 c7 6b 08 00 45 00 ..F......&.k..E.
0010 02 34 1b 54 00 00 40 06 74 cc c0 a8 00 79 da 53 [email protected]
0020 4d 2f 09 36 21 09 d6 e1 1e 1b ee b0 3a 7b 80 10 M/.6!.......:{..
0030 20 4a ff 8c 00 00 01 01 08 0a 00 02 25 41 00 0e J..........%A..
0040 47 dc 29 af 99 3c ea 30 a7 78 e1 ac 4f 98 6b fb G.)..<.0.x..O.k.
0050 13 90 5f fc d2 b0 54 30 52 43 83 c5 52 36 1d d2 .._...T0RC..R6..
0060 4a 71 10 41 16 9e 54 a4 14 7b c9 77 c1 ac 40 75 Jq.A..T..{.w..@u
0070 14 20 f1 b2 4c ec 91 94 b3 ae 12 55 c2 3e 75 3d . ..L......U.>u=
0080 c0 69 52 95 85 d9 11 c0 6e 49 c2 d7 6e 78 05 99 .iR.....nI..nx..
0090 85 eb a8 3c ab 28 9b b4 23 c2 6e 79 fa 3a 11 74 ...<.(..#.ny.:.t
00a0 5f e1 01 a1 20 40 48 27 15 80 d4 45 e2 88 60 5e _... @H'...E..`^
00b0 c6 0d cc 3f 72 e4 2d a9 4a 39 59 b2 53 2c 8f c1 ...?r.-.J9Y.S,..
00c0 d3 36 ea 6c 1a a5 2a 6c 3c 40 ed 06 89 54 28 17 .6.l..*l<@...T(.
00d0 2c a4 84 c6 41 34 0d 42 9c 3f 4c f6 42 7e 2f bf ,...A4.B.?L.B~/.
00e0 02 b6 e6 d7 cc 37 c9 d7 c2 0c 3d ed f9 1b 28 7a .....7....=...(z
00f0 54 67 e4 c1 3f bd 7a c7 4d 8a 0b 67 ef 62 8f 96 Tg..?.z.M..g.b..
0100 4f 23 b1 38 5e 5c 97 20 c8 32 6d da 72 31 67 fe O#.8^\. .2m.r1g.
0110 a7 ee 87 ec c8 e3 99 77 80 07 d8 92 99 72 8d 8d .......w.....r..
0120 2f 64 87 f3 b0 32 78 aa 45 dc 25 bd af 27 8f 3f /d...2x.E.%..'.?
0130 b3 27 ba 38 da a8 74 14 9d ad 0e 25 86 28 a2 c4 .'.8..t....%.(..
0140 d1 2a 3c b0 9a 2f 66 37 36 85 bc 10 a5 1a be 45 .*<../f76......E
0150 98 1a b2 b3 54 33 89 2c aa c3 a5 63 38 30 f2 65 ....T3.,...c80.e
0160 a1 2b 2a 09 8d 29 85 27 b2 ee fa 6f 1a 67 12 60 .+*..).'...o.g.`
0170 94 d1 af 7b f2 dd d3 b4 0a ad 96 b8 8d 00 c7 d3 ...{............
0180 5f 65 60 02 33 8d ed 36 9b 93 39 31 ba 6c 36 eb _e`.3..6..91.l6.
0190 43 42 86 17 db 1d 3f 9f 6d 56 b1 e9 73 fa 63 0f CB....?.mV..s.c.
01a0 2f e1 a5 6d 57 ad bf 34 8e 14 47 cc 5f 8c 02 4a /..mW..4..G._..J
01b0 bb 16 c8 a2 05 48 64 49 23 87 3c a1 33 1c 19 e7 .....HdI#.<.3...
01c0 78 35 36 57 7d 5a 73 2a 92 76 a3 45 cd 76 0c 16 x56W}Zs*.v.E.v..
01d0 42 9c d1 95 2e 36 5e 55 36 04 b1 03 5a f3 a4 0a B....6^U6...Z...
01e0 4e 2f 41 79 cc cc 31 94 e7 78 27 d0 ac e2 91 11 N/Ay..1..x'.....
01f0 ed e0 d5 2d 9d 2c b2 52 99 88 eb 10 24 0c 88 20 ...-.,.R....$..
0200 56 bd 80 70 fa 6e 52 7d 9a df bd f3 f0 5d cd f3 V..p.nR}.....]..
0210 50 cf 7a ab 92 3d 79 d6 88 3e dc 79 e8 f8 ae a2 P.z..=y..>.y....
0220 01 24 68 f4 17 e3 e6 9d 9b 22 e6 ba 11 12 55 2a .$h......"....U*
0230 c9 ab 1f 61 09 4a 6c 1f f3 89 fb 85 d8 4c e6 b5 ...a.Jl......L..
0240 b1 ec ..
No. Time Source Destination Protocol Info
167327 371.375500 192.168.0.121 218.83.77.47 TCP [TCP Retransmission] 2358 > 8457 [ACK] Seq=272432 Ack=374 Win=8266 Len=12 TSV=140609 TSER=935900
Frame 167327 (78 bytes on wire, 78 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.365943000
[Time delta from previous packet: 0.000235000 seconds]
[Time since reference or first frame: 371.375500000 seconds]
Frame Number: 167327
Packet Length: 78 bytes
Capture Length: 78 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:data]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.121 (192.168.0.121), Dst: 218.83.77.47 ( 218.83.77.47)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 64
Identification: 0x1b55 (6997)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x76bf [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.121 (192.168.0.121)
Destination: 218.83.77.47 (218.83.77.47)
Transmission Control Protocol, Src Port: 2358 (2358), Dst Port: 8457 (8457), Seq: 272432, Ack: 374, Len: 12
Source port: 2358 (2358)
Destination port: 8457 (8457)
Sequence number: 272432 (relative sequence number)
[Next sequence number: 272444 (relative sequence number)]
Acknowledgement number: 374 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8266
Checksum: 0x9c6e [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 140609, TSecr 935900
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This frame is a (suspected) retransmission]
[The RTO for this segment was: 0.774594000 seconds]
[RTO based on delta from frame: 167271]
Data (12 bytes)
0000 00 13 46 14 f0 88 00 14 85 26 c7 6b 08 00 45 00 ..F......&.k..E.
0010 00 40 1b 55 00 00 40 06 76 bf c0 a8 00 79 da 53 [email protected][email protected]
0020 4d 2f 09 36 21 09 d6 e1 20 1b ee b0 3a 7b 80 10 M/.6!... ...:{..
0030 20 4a 9c 6e 00 00 01 01 08 0a 00 02 25 41 00 0e J.n........%A. .
0040 47 dc 39 62 89 7b a5 f4 43 5d 39 4b 34 44 G.9b.{..C]9K4D
No. Time Source Destination Protocol Info
167328 371.375579 192.168.0.1 192.168.0.116 TCP [TCP Dup ACK 167325#1] 1148 > 2869 [ACK] Seq=504 Ack=1 Win=8192 Len=0
Frame 167328 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jan 12, 2008 21:31: 17.366022000
[Time delta from previous packet: 0.000079000 seconds]
[Time since reference or first frame: 371.375579000 seconds]
Frame Number: 167328
Packet Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: 0c:0c:0c:0c:0c:01 (0c:0c:0c:0c:0c:01)
Destination: 0c:0c:0c:0c:0c:01 (0c:0c:0c:0c:0c:01)
Address: 0c:0c:0c:0c:0c:01 (0c:0c:0c:0c:0c:01)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.1 (192.168.0.1), Dst: 192.168.0.116 (192.168.0.116 )
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x25ae (9646)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: TCP (0x06)
Header checksum: 0x945c [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.1 (192.168.0.1)
Destination: 192.168.0.116 (192.168.0.116)
Transmission Control Protocol, Src Port: 1148 (1148), Dst Port: 2869 (2869), Seq: 504, Ack: 1, Len: 0
Source port: 1148 (1148)
Destination port: 2869 (2869)
Sequence number: 504 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8192
Checksum: 0x7366 [correct]
[Good Checksum: True]
[Bad Checksum: False]
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This is a TCP duplicate ack]
[Duplicate ACK #: 1]
[Duplicate to the ACK in frame: 167325]
0000 0c 0c 0c 0c 0c 01 00 1b fc de 30 34 08 00 45 00 ..........04..E.
0010 00 28 25 ae 00 00 7f 06 94 5c c0 a8 00 01 c0 a8 .(%......\......
0020 00 74 04 7c 0b 35 00 42 8b b4 19 22 e5 de 50 10 .t.|.5.B..."..P.
0030 20 00 73 66 00 00 .sf..
No. Time Source Destination Protocol Info
167329 371.397115 192.168.0.80 192.168.0.1 DNS Standard query PTR 7.56.210.221.in-addr.arpa
Frame 167329 (85 bytes on wire, 85 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.387558000
[Time delta from previous packet: 0.021536000 seconds]
[Time since reference or first frame: 371.397115000 seconds]
Frame Number: 167329
Packet Length: 85 bytes
Capture Length: 85 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 ( 192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 71
Identification: 0xf3c8 (62408)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc53b [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 51
Checksum: 0xe2df [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 167562]
Transaction ID: 0x4a4b
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
7.56.210.221.in-addr.arpa: type PTR, class IN
Name: 7.56.210.221.in-addr.arpa
Type: PTR (Domain name pointer)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 47 f3 c8 00 00 80 11 c5 3b c0 a8 00 50 c0 a8 .G.......;...P..
0020 00 01 04 9c 00 35 00 33 e2 df 4a 4b 01 00 00 01 .....5.3..JK....
0030 00 00 00 00 00 00 01 37 02 35 36 03 32 31 30 03 .......7.56.210.
0040 32 32 31 07 69 6e 2d 61 64 64 72 04 61 72 70 61 221.in-addr.arpa
0050 00 00 0c 00 01 .....
No. Time Source Destination Protocol Info
167330 371.426135 218.4.245.104 192.168.0.121 TCP 8492 > 2557 [ACK] Seq=89451 Ack=4919 Win=65417 Len=1440 TSV=1607158 TSER=140501
Frame 167330 (1506 bytes on wire, 1506 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.416578000
[Time delta from previous packet: 0.029020000 seconds]
[Time since reference or first frame: 371.426135000 seconds]
Frame Number: 167330
Packet Length: 1506 bytes
Capture Length: 1506 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:data]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: D-Link_14:f0:88 (00:13:46:14:f0:88), Dst: 192.168.0.116 (00:1b:fc:de:30:34)
Destination: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 218.4.245.104 (218.4.245.104), Dst: 192.168.0.121 ( 192.168.0.121)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1492
Identification: 0x0255 (597)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 115
Protocol: TCP (0x06)
Header checksum: 0x6f40 [correct]
[Good: True]
[Bad : False]
Source: 218.4.245.104 (218.4.245.104)
Destination: 192.168.0.121 (192.168.0.121)
Transmission Control Protocol, Src Port: 8492 (8492), Dst Port: 2557 (2557), Seq: 89451, Ack: 4919, Len: 1440
Source port: 8492 (8492)
Destination port: 2557 (2557)
Sequence number: 89451 (relative sequence number)
[Next sequence number: 90891 (relative sequence number)]
Acknowledgement number: 4919 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65417
Checksum: 0x9c21 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 1607158, TSecr 140501
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 162629]
[The RTT to ACK the segment was: 10.686461000 seconds]
Data (1440 bytes)
0000 00 1b fc de 30 34 00 13 46 14 f0 88 08 00 45 00 ....04..F.....E.
0010 05 d4 02 55 40 00 73 06 6f 40 da 04 f5 68 c0 a8 [email protected]@...h..
0020 00 79 21 2c 09 fd 5f e6 0b f2 0f 0e 24 91 80 10 .y!,.._.....$...
0030 ff 89 9c 21 00 00 01 01 08 0a 00 18 85 f6 00 02 ...!............
0040 24 d5 b6 ce b6 dd 8c d1 5c 8e 9e 79 a3 4c b0 65 $.......\..y.L.e
0050 b0 5a ab 3b 99 d0 ae 89 c9 ca 67 86 3a c4 82 59 .Z.;......g.:..Y
0060 b5 01 26 5b a8 8a ea 5c 05 cc 85 b8 ca b0 76 4a ..&[...\......vJ
0070 a0 25 24 b3 db 78 62 7a 97 3e b2 32 e6 74 9b 42 .%$..xbz.>.2.t.B
0080 67 5f 6c 9e 74 b0 79 1f eb f1 81 91 a7 36 94 49 g_l.t.y......6.I
0090 82 9c 68 aa 3c 11 c9 2c cd 5c e9 fb c2 7f dd 1f ..h.<..,.\......
00a0 a5 af ce 13 f5 36 9a cd 79 b8 9c 89 f9 6e 0a 15 .....6..y....n..
00b0 ee d7 28 e4 77 0b 77 b1 d1 b1 cc 36 c3 59 85 c7 ..(.w.w....6.Y..
00c0 ae 45 9d 73 7d 87 b4 ae 36 bc 01 9e ec 35 09 7c .E.s}...6....5.|
00d0 1b 86 51 d6 0b 4e e5 c4 05 a7 ce 64 38 03 7b 21 ..Q..N.....d8.{!
00e0 ad ca 54 1d ac 32 65 be 86 16 b9 a5 7a 85 f3 16 ..T..2e.....z...
00f0 d1 52 be 65 a3 3a 4b 7b 21 e9 8c 55 da ea 07 65 .R.e.:K{!..U...e
0100 c8 bf 76 c0 9a 4e f9 b5 b3 4d 5a fb 70 3f 90 35 ..v..N...MZ.p?.5
0110 f9 d0 16 af 99 3a 3e b2 c7 ab f0 81 ab 1f 99 35 .....:>........5
0120 21 75 ab aa 28 2c c6 d2 31 d4 68 19 7e 70 92 c4 !u..(,..1.h.~p..
0130 b9 10 2b b7 e2 cd 76 b5 fc 5d d7 87 4a 7f 67 eb ..+...v..]..J.g.
0140 13 ac 8f 78 0b 31 15 ff 26 e1 92 87 44 8e b0 0b ...x.1..&...D...
0150 1f 69 55 db 9f 3f 0d 9a 0f c3 08 ed db c8 53 24 .iU..?........S$
0160 30 b7 85 5d 69 45 5e 5e aa 2d 8b 51 2b b8 5f 38 0..]iE^^.-.Q+._8
0170 de ff f6 26 43 e9 d1 3b 63 fd 88 5e 00 73 4c ec ...&C..;c..^.sL.
0180 f4 fd a7 09 54 83 d8 dc e5 4a 77 44 c6 c3 29 c0 ....T....JwD..).
0190 91 ab 4d 69 62 7c ee 43 93 1e 12 e4 32 4b 99 ea ..Mib|.C....2K..
01a0 f8 8c 91 31 90 63 b7 9c 95 ce c6 1a 23 15 c7 fc ...1.c......#...
01b0 11 4e 56 86 73 63 f3 a0 00 d1 ed cf 03 81 75 05 .NV.sc........u.
01c0 95 a9 e2 fd 28 3f ff dd c6 09 40 5b c2 dd 82 e0 ....(?....@[....
01d0 55 8e 4a d3 33 36 d8 b4 0a e8 68 87 9e e4 a3 a6 U.J.36....h.... .
01e0 16 ca c6 0a 8b e2 17 c5 3d 18 60 5c 21 91 ea 59 ........=.`\!..Y
01f0 7e c1 e1 c2 0d fe 8e 50 dd 8a 15 37 77 d5 c0 28 ~......P...7w..(
0200 4d bf a7 10 37 b3 5e 54 47 30 25 3e 95 ca f4 f3 M...7.^TG0%>....
0210 dc 59 73 fe 55 d2 d2 07 79 ac 1e 3b c2 c7 05 bf .Ys.U...y..;....
0220 6e b8 54 ff e8 b7 7f 5d ef bf 0f 42 10 5d c9 3e n.T....]...B.].>
0230 80 5a 29 8f 12 a3 2a 7c 21 8b b2 65 38 7e eb 84 .Z)...*|!..e8~..
0240 74 15 f6 b3 c9 6f c7 62 1e c4 0b cd 27 58 e0 f4 t....o.b....'X..
0250 e9 56 60 76 a5 e4 16 4b 96 20 ec e9 1d fa 86 82 .V`v...K. ......
0260 2b ca 0d 17 ca 2b ad 40 8a 4d ed 8f 8d 89 a2 78 [email protected]
0270 dc 02 07 69 a6 8e 11 46 95 b2 0d f5 2d 16 78 86 ...i...F....-.x.
0280 39 39 33 04 7d a3 e3 a0 5c ba 09 6c d8 49 aa 12 993.}...\..l.I..
0290 0e a7 6d ee e0 20 05 8e 05 1d 96 87 af 7b 56 b7 ..m.. .......{V.
02a0 16 6e b3 ed 84 ef 3b 9f 11 47 af 2f 63 9d c0 7f .n....;..G./c...
02b0 76 30 18 66 77 54 36 ec 88 58 ad ed c8 33 51 2c v0.fwT6..X...3Q,
02c0 22 f2 7f 45 34 49 5b ae d2 68 eb 8f ec 68 57 14 "..E4I[..h...hW.
02d0 10 35 5a ef 5e b5 e6 a5 c9 d4 1e b9 ca b8 f7 a1 .5Z.^...........
02e0 b3 0e 81 c7 b8 1b 03 3e 54 86 cd 19 25 9d fa b3 .......>T...%...
02f0 be d2 d2 a1 8a 65 f0 55 e9 7d 8e 13 13 5a 2c f0 .....e.U.}...Z,.
0300 d4 a2 19 f1 5f a8 77 2e 55 45 81 25 b0 f6 52 91 ...._.w.UE.%..R.
0310 5d 2b 3b 73 d2 fd 0c 4a ba d6 38 06 cd f4 f9 96 ]+;s...J..8.....
0320 1e 20 d7 07 84 55 b0 ef 83 3d cc 72 80 d5 1a f6 . ...U...=.r....
0330 51 c1 63 f6 8c c6 28 42 ff 94 2a 1f 1d 1f 9a 66 Q.c...(B..*....f
0340 ee 2c b5 11 02 6a b6 12 0c 62 65 2c 1c 7b 88 9f .,...j...be,.{..
0350 2a 91 41 80 6c 43 c3 4a 6a 27 dd 7b e4 8f a8 72 *.A.lC.Jj'.{...r
0360 f2 2b bd 7b 46 46 3b 2d 83 38 06 66 47 09 d9 79 .+.{FF;-.8.fG..y
0370 af 85 ec 95 21 c0 4b e7 ad d8 8b 31 62 69 41 d7 ....!.K....1biA.
0380 7a 28 dc 9d d2 39 6f 38 6e a6 7d 6a 6e be 4c 01 z(...9o8n.}jn.L.
0390 75 1e dd 1a 8b 12 e5 c2 05 ba 75 39 7a 7a b6 a1 u.........u9zz..
03a0 20 98 9c 66 50 04 cf bb 87 43 b7 6f 98 50 db ac ..fP....C.o.P..
03b0 fc 34 1b a3 ba 96 18 71 cd 4b 2f 58 00 6b cd 66 .4.....q.K/X.k.f
03c0 7d 02 51 ae 0c b3 ba d6 87 60 88 05 0b 3d e8 73 }.Q......`...=.s
03d0 a4 dd 7e 7e f5 4d 31 5e b3 e8 ea 23 69 cc 52 89 ..~~.M1^...#i.R.
03e0 36 38 1d b2 5e e9 9b 02 35 c7 08 8e e5 e5 59 00 68..^...5.....Y.
03f0 2b f7 34 19 35 ad a4 df 4f 3b 52 ad 09 11 eb d7 +.4.5...O;R.....
0400 f2 fd 9a 2f 18 26 ce 68 ca bd 8e 1e fd 19 1c 81 .../.&.h........
0410 bb 06 c0 ee d9 61 13 f7 84 b0 9f d2 58 d4 c7 01 .....a......X...
0420 bd ba f8 e9 e5 ba 4e a1 e8 a4 b6 d5 3c 3a b8 6e ......N.....<:.n
0430 ee d5 7f 31 66 91 cc 9c 41 69 60 8a 60 57 f2 0b ...1f...Ai`.`W..
0440 07 95 b9 48 d6 e1 30 3b 4f d4 40 b9 a8 04 a8 2a ...H..0;O.@....*
0450 e8 bb d4 91 ea 90 71 a0 1a e5 ff ee bd 5b a4 8c ......q......[..
0460 73 55 53 a8 d9 7a 34 7f 5f de 4d 34 0c c4 d9 e5 sUS..z4._.M4....
0470 b8 e7 e0 1c 85 f8 62 d2 bf 17 88 d2 09 7a c6 9c ......b......z..
0480 2b 19 4d bf 57 ac c7 63 93 fc dd c2 e3 9e 8f 88 +.M.W..c........
0490 7f 1a b2 e0 54 61 d0 4d bb 56 d1 22 32 0c f9 94 ....Ta.M.V."2...
04a0 67 74 ec 94 0e dd db ea f6 44 b6 04 76 b5 3b bd gt.......D..v.;.
04b0 4a 5d e7 51 99 3f 7c 9f 7f ad b8 2f 0a 5a ac cf J].Q.?|..../.Z..
04c0 65 d4 6d 85 de ac 3e 36 be 09 76 68 01 db 5b 02 e.m...>6..vh..[.
04d0 74 2e da 45 58 61 b3 bd b0 80 22 58 0a af 95 e7 t..EXa...."X....
04e0 60 18 7e 96 a3 0d 38 ed 16 10 94 9c b3 9d 53 b1 `.~...8.......S.
04f0 d1 8d 0d 95 0c 9c 1f 61 a0 4f de 1d f1 4a 93 b0 .......a.O...J..
0500 aa 24 c8 41 39 75 db 4f 20 9c dc 39 08 6f 7e a6 .$.A9u.O ..9.o~.
0510 1c 94 59 92 fd d4 3f 38 7e 78 79 cb fb b9 e3 bd ..Y...?8~xy.....
0520 c3 97 de 53 7b 76 3b 4c 33 a7 4d ba 24 fb a6 28 ...S{v;L3.M.$..(
0530 f4 aa a2 58 89 a4 b3 bd c9 78 6f 00 57 4c 3f 75 ...X.....xo.WL?u
0540 97 41 97 59 cb 51 97 f2 a0 8e 92 13 f2 6f 96 78 .A.Y.Q.......o.x
0550 35 da 3c 88 d2 09 62 41 55 ee 49 f4 76 4f 4c 32 5.<...bAU.I.vOL2
0560 3c 68 e3 9f a4 7e 3d e8 07 c4 df b6 17 c9 6e 67 <h...~=.......ng
0570 87 19 c2 e0 7e a5 95 4c df 44 d6 68 f9 52 e6 45 ....~..L.D.h.R.E
0580 7d de 0a e7 56 c3 5e 45 ad ba 4f 42 e7 ba c2 27 }...V.^E..OB...'
0590 70 a4 22 de a6 4e c3 09 63 56 84 03 08 88 1e 22 p."..N..cV....."
05a0 23 2b 73 85 1c 99 1a cf 0e 16 d0 89 b7 98 ed 51 #+s............Q
05b0 a2 6d 01 a6 4c bb fc df 35 cd 7d 3d 40 55 bf 3e .m..L...5.}=@U.>
05c0 a0 c2 00 e9 d0 0f 55 f5 9f e1 73 54 95 80 2f 2c ......U...sT../,
05d0 18 74 ee 07 e8 fd 95 2d b4 2a 16 f8 8f c2 5c cc .t.....-.*....\.
05e0 d0 60 .`
No. Time Source Destination Protocol Info
167331 371.434958 218.4.245.104 192.168.0.121 TCP 8492 > 2557 [PSH, ACK] Seq=90891 Ack=4919 Win=65417 Len=641 TSV=1607158 TSER=140501
Frame 167331 (707 bytes on wire, 707 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.425401000
[Time delta from previous packet: 0.008823000 seconds]
[Time since reference or first frame: 371.434958000 seconds]
Frame Number: 167331
Packet Length: 707 bytes
Capture Length: 707 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:data]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: D-Link_14:f0:88 (00:13:46:14:f0:88), Dst: 192.168.0.116 (00:1b:fc:de:30:34)
Destination: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 218.4.245.104 (218.4.245.104), Dst: 192.168.0.121 ( 192.168.0.121)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 693
Identification: 0x0256 (598)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 115
Protocol: TCP (0x06)
Header checksum: 0x725e [correct]
[Good: True]
[Bad : False]
Source: 218.4.245.104 (218.4.245.104)
Destination: 192.168.0.121 (192.168.0.121)
Transmission Control Protocol, Src Port: 8492 (8492), Dst Port: 2557 (2557), Seq: 90891, Ack: 4919, Len: 641
Source port: 8492 (8492)
Destination port: 2557 (2557)
Sequence number: 90891 (relative sequence number)
[Next sequence number: 91532 (relative sequence number)]
Acknowledgement number: 4919 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65417
Checksum: 0x7e8d [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 1607158, TSecr 140501
Data (641 bytes)
0000 00 1b fc de 30 34 00 13 46 14 f0 88 08 00 45 00 ....04..F.....E.
0010 02 b5 02 56 40 00 73 06 72 5e da 04 f5 68 c0 a8 [email protected]^...h..
0020 00 79 21 2c 09 fd 5f e6 11 92 0f 0e 24 91 80 18 .y!,.._.....$...
0030 ff 89 7e 8d 00 00 01 01 08 0a 00 18 85 f6 00 02 ..~.............
0040 24 d5 ab 7b 63 8b c2 79 0b 33 93 b8 02 87 c6 ec $..{c..y.3......
0050 a9 ee f6 60 a3 a3 f7 c1 e7 2d 75 7c 65 39 c7 16 ...`.....-u|e9..
0060 9c d1 00 64 c9 85 0d fc 32 ad 10 33 ae c2 a6 8a ...d....2..3....
0070 b4 43 f1 35 e6 a5 fd 2e f1 99 da 60 42 b3 5a 2f .C.5.......`B.Z/
0080 7d bd 9a 1b dc 0c 12 c0 19 1a fc f1 0a bf bf ba }...............
0090 72 d1 bc c8 37 46 d8 43 07 2c 6a 83 18 63 82 e3 r...7F.C.,j..c..
00a0 f8 ee 96 0a e6 00 27 c7 3c c8 85 09 c4 de d1 06 ......'.<.......
00b0 fc f2 80 27 74 bb 07 8d 3e 84 d0 de cb b7 03 13 ...'t...>.......
00c0 91 4c 5b 94 b7 31 28 e2 86 e5 84 9a 80 58 cf 3b .L[..1(......X.;
00d0 bf 43 43 56 ec 67 75 ef 38 4b f4 2a 78 1c d9 4c .CCV.gu.8K.*x..L
00e0 b8 be 03 09 3b cf a0 35 54 ea ed 4f 4f 4b 60 34 ....;..5T..OOK`4
00f0 e3 9f 38 9d 1c 52 44 38 dd 59 25 40 75 0b 48 97 ..8..RD8.Y%@ u.H.
0100 ea e7 0e 87 6c a9 c9 3a b1 c6 d2 46 39 54 ee e5 ....l..:...F9T..
0110 f6 90 fe 98 07 73 19 d5 49 f0 1d 67 f4 12 03 c4 .....s..I..g....
0120 72 9a 04 f8 99 ea d1 f3 0d b6 68 2e 74 25 df 27 r.........h.t%.'
0130 f0 7a b8 6e da 02 74 29 bc 59 25 47 f2 96 bf fd .z.n..t).Y%G....
0140 ce 42 4e 4f 44 f4 42 52 04 bf 37 89 ff b1 31 2a .BNOD.BR..7...1*
0150 63 a3 04 5e 5f a9 9e bd 23 4d ee 8f ee d7 a5 b1 c..^_...#M......
0160 fe 94 8f d9 1b b5 86 60 ee f7 78 77 4a c8 82 69 .......`..xwJ..i
0170 1d ad cb 84 d9 22 fa b7 74 ef a2 6e ec 0f 91 ee ....."..t..n....
0180 ea 6a 2c 08 b2 d6 b0 23 5a 8c 7a 24 b5 f7 8e 37 .j,....#Z.z$...7
0190 0e e3 ec a0 31 b3 5b ea f9 73 76 83 2f 32 96 8a ....1.[..sv./2..
01a0 f8 df 46 0b a6 a6 16 d4 63 f9 11 7c 4b e4 58 25 ..F.....c..|K.X%
01b0 77 d6 dc 22 ae f3 b2 ea e3 d7 c9 f2 a9 65 64 76 w..".........edv
01c0 43 5e 48 9d a9 d5 f2 58 7b 7e 61 20 c9 c3 68 02 C^H....X{~a ..h.
01d0 35 15 c1 88 6e 93 ee 43 c7 2a 50 b5 a5 0c 62 24 5...n..C.*P...b$
01e0 a9 b0 70 76 3f e9 52 67 ca e9 65 53 5e ac 04 95 ..pv?.Rg..eS^...
01f0 33 e6 1e 59 9f 8c 18 59 7a 50 10 dc 06 53 84 fe 3..Y...YzP...S..
0200 67 11 c1 4c 8b f2 24 30 83 ef da 22 30 25 a5 d3 g..L..$0..."0%..
0210 d7 8e 62 5f d2 1c d7 73 de d3 30 0b 3b f5 f6 cf ..b_...s..0.;...
0220 7a fa 03 74 7e 81 2f 19 bf 0e 65 f2 8b e3 5b 54 z..t~./...e...[T
0230 03 f9 62 d0 8e ff bf 8d 97 9e c7 42 0b 45 4a 50 ..b........B.EJP
0240 e6 22 a9 48 d6 2f 10 e7 79 3f 54 2b 44 af 1a bf .".H./..y?T+D...
0250 4e 3f b0 3a 68 68 a8 d8 0e c2 fc df aa 89 59 84 N?.:hh........Y.
0260 f9 40 58 6a 9b 43 9d a5 0d db 31 90 ed 7d 1e f4 [email protected]..}..
0270 54 2b 2a 4c c8 c2 6f 62 82 48 a1 d3 23 46 41 6c T+*L..ob.H..#FAl
0280 8d e1 19 58 36 05 bd c6 d8 4d 52 ad 4d 35 87 66 ...X6....MR.M5.f
0290 62 ad 16 46 4c ec 97 f7 56 6c cd 2e 37 71 c1 1e b..FL...Vl..7q..
02a0 9b a8 c1 ac 7a dc 24 3e 44 ca 0f a8 06 ea ae 8f ....z.$>D.......
02b0 22 bf b4 6d 42 77 91 31 21 43 27 d2 a4 79 b1 14 "..mBw.1!C'..y..
02c0 b1 80 19 ...
No. Time Source Destination Protocol Info
167332 371.461806 192.168.0.101 192.168.0.1 TCP 3227 > 5678 [ACK] Seq=663 Ack=616 Win=16856 Len=0
Frame 167332 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.452249000
[Time delta from previous packet: 0.026848000 seconds]
[Time since reference or first frame: 371.461806000 seconds]
Frame Number: 167332
Packet Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: IntelCor_10:e0:39 (00:13:02:10:e0:39), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: IntelCor_10:e0:39 (00:13:02:10:e0:39)
Address: IntelCor_10:e0:39 (00:13:02:10:e0:39)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.101 (192.168.0.101), Dst: 192.168.0.1 ( 192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x3896 (14486)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x4083 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.101 (192.168.0.101)
Destination: 192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 3227 (3227), Dst Port: 5678 (5678), Seq: 663, Ack: 616, Len: 0
Source port: 3227 (3227)
Destination port: 5678 (5678)
Sequence number: 663 (relative sequence number)
Acknowledgement number: 616 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16856
Checksum: 0xb066 [correct]
[Good Checksum: True]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 167311]
[The RTT to ACK the segment was: 0.305973000 seconds]
0000 00 13 46 14 f0 88 00 13 02 10 e0 39 08 00 45 00 ..F........9..E.
0010 00 28 38 96 40 00 80 06 40 83 c0 a8 00 65 c0 a8 .(8.@[email protected]..
0020 00 01 0c 9b 16 2e 42 0d 3a 21 00 3f 9c a8 50 10 ......B.:!.?..P.
0030 41 d8 b0 66 00 00 A..f..
No. Time Source Destination Protocol Info
167333 371.461891 218.4.245.104 192.168.0.121 TCP [TCP Retransmission] 8492 > 2557 [ACK] Seq=89451 Ack=4919 Win=65417 Len=1440 TSV=1607158 TSER=140501
Frame 167333 (1506 bytes on wire, 1506 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.452334000
[Time delta from previous packet: 0.000085000 seconds]
[Time since reference or first frame: 371.461891000 seconds]
Frame Number: 167333
Packet Length: 1506 bytes
Capture Length: 1506 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:data]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Destination: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 218.4.245.104 ( 218.4.245.104), Dst: 192.168.0.121 (192.168.0.121)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 1492
Identification: 0x0255 (597)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 115
Protocol: TCP (0x06)
Header checksum: 0x6f40 [correct]
[Good: True]
[Bad : False]
Source: 218.4.245.104 (218.4.245.104)
Destination: 192.168.0.121 (192.168.0.121)
Transmission Control Protocol, Src Port: 8492 (8492), Dst Port: 2557 (2557), Seq: 89451, Ack: 4919, Len: 1440
Source port: 8492 (8492)
Destination port: 2557 (2557)
Sequence number: 89451 (relative sequence number)
[Next sequence number: 90891 (relative sequence number)]
Acknowledgement number: 4919 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65417
Checksum: 0x9c21 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 1607158, TSecr 140501
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This frame is a (suspected) retransmission]
[The RTO for this segment was: 0.026933000 seconds]
[RTO based on delta from frame: 167331]
Data (1440 bytes)
0000 00 14 85 26 c7 6b 00 1b fc de 30 34 08 00 45 00 ...&.k....04..E.
0010 05 d4 02 55 40 00 73 06 6f 40 da 04 f5 68 c0 a8 [email protected]@...h..
0020 00 79 21 2c 09 fd 5f e6 0b f2 0f 0e 24 91 80 10 .y!,.._.....$...
0030 ff 89 9c 21 00 00 01 01 08 0a 00 18 85 f6 00 02 ...!............
0040 24 d5 b6 ce b6 dd 8c d1 5c 8e 9e 79 a3 4c b0 65 $.......\..y.L.e
0050 b0 5a ab 3b 99 d0 ae 89 c9 ca 67 86 3a c4 82 59 .Z.;......g.:..Y
0060 b5 01 26 5b a8 8a ea 5c 05 cc 85 b8 ca b0 76 4a ..&[...\......vJ
0070 a0 25 24 b3 db 78 62 7a 97 3e b2 32 e6 74 9b 42 .%$..xbz.>.2.t.B
0080 67 5f 6c 9e 74 b0 79 1f eb f1 81 91 a7 36 94 49 g_l.t.y......6.I
0090 82 9c 68 aa 3c 11 c9 2c cd 5c e9 fb c2 7f dd 1f ..h.<..,.\......
00a0 a5 af ce 13 f5 36 9a cd 79 b8 9c 89 f9 6e 0a 15 .....6..y....n..
00b0 ee d7 28 e4 77 0b 77 b1 d1 b1 cc 36 c3 59 85 c7 ..(.w.w....6.Y..
00c0 ae 45 9d 73 7d 87 b4 ae 36 bc 01 9e ec 35 09 7c .E.s}...6....5.|
00d0 1b 86 51 d6 0b 4e e5 c4 05 a7 ce 64 38 03 7b 21 ..Q..N.....d8.{!
00e0 ad ca 54 1d ac 32 65 be 86 16 b9 a5 7a 85 f3 16 ..T..2e.....z...
00f0 d1 52 be 65 a3 3a 4b 7b 21 e9 8c 55 da ea 07 65 .R.e.:K{!..U...e
0100 c8 bf 76 c0 9a 4e f9 b5 b3 4d 5a fb 70 3f 90 35 ..v..N...MZ.p?.5
0110 f9 d0 16 af 99 3a 3e b2 c7 ab f0 81 ab 1f 99 35 .....:>........5
0120 21 75 ab aa 28 2c c6 d2 31 d4 68 19 7e 70 92 c4 !u..(,..1.h.~p..
0130 b9 10 2b b7 e2 cd 76 b5 fc 5d d7 87 4a 7f 67 eb ..+...v..]..J.g.
0140 13 ac 8f 78 0b 31 15 ff 26 e1 92 87 44 8e b0 0b ...x.1..&...D...
0150 1f 69 55 db 9f 3f 0d 9a 0f c3 08 ed db c8 53 24 .iU..?........S$
0160 30 b7 85 5d 69 45 5e 5e aa 2d 8b 51 2b b8 5f 38 0..]iE^^.-.Q+._8
0170 de ff f6 26 43 e9 d1 3b 63 fd 88 5e 00 73 4c ec ...&C..;c..^.sL.
0180 f4 fd a7 09 54 83 d8 dc e5 4a 77 44 c6 c3 29 c0 ....T....JwD..).
0190 91 ab 4d 69 62 7c ee 43 93 1e 12 e4 32 4b 99 ea ..Mib|.C....2K..
01a0 f8 8c 91 31 90 63 b7 9c 95 ce c6 1a 23 15 c7 fc ...1.c......#...
01b0 11 4e 56 86 73 63 f3 a0 00 d1 ed cf 03 81 75 05 .NV.sc........u.
01c0 95 a9 e2 fd 28 3f ff dd c6 09 40 5b c2 dd 82 e0 ....(?....@[....
01d0 55 8e 4a d3 33 36 d8 b4 0a e8 68 87 9e e4 a3 a6 U.J.36....h.....
01e0 16 ca c6 0a 8b e2 17 c5 3d 18 60 5c 21 91 ea 59 ........=.`\!..Y
01f0 7e c1 e1 c2 0d fe 8e 50 dd 8a 15 37 77 d5 c0 28 ~......P...7w..(
0200 4d bf a7 10 37 b3 5e 54 47 30 25 3e 95 ca f4 f3 M...7.^TG0%>....
0210 dc 59 73 fe 55 d2 d2 07 79 ac 1e 3b c2 c7 05 bf .Ys.U...y..;....
0220 6e b8 54 ff e8 b7 7f 5d ef bf 0f 42 10 5d c9 3e n.T....]...B.].>
0230 80 5a 29 8f 12 a3 2a 7c 21 8b b2 65 38 7e eb 84 .Z)...*|!..e8~..
0240 74 15 f6 b3 c9 6f c7 62 1e c4 0b cd 27 58 e0 f4 t....o.b....'X..
0250 e9 56 60 76 a5 e4 16 4b 96 20 ec e9 1d fa 86 82 .V`v...K. ......
0260 2b ca 0d 17 ca 2b ad 40 8a 4d ed 8f 8d 89 a2 78 [email protected]
0270 dc 02 07 69 a6 8e 11 46 95 b2 0d f5 2d 16 78 86 ...i...F....-.x.
0280 39 39 33 04 7d a3 e3 a0 5c ba 09 6c d8 49 aa 12 993.}...\..l.I..
0290 0e a7 6d ee e0 20 05 8e 05 1d 96 87 af 7b 56 b7 ..m.. .......{V.
02a0 16 6e b3 ed 84 ef 3b 9f 11 47 af 2f 63 9d c0 7f .n....;..G./c...
02b0 76 30 18 66 77 54 36 ec 88 58 ad ed c8 33 51 2c v0.fwT6..X...3Q,
02c0 22 f2 7f 45 34 49 5b ae d2 68 eb 8f ec 68 57 14 "..E4I[..h...hW.
02d0 10 35 5a ef 5e b5 e6 a5 c9 d4 1e b9 ca b8 f7 a1 .5Z.^...........
02e0 b3 0e 81 c7 b8 1b 03 3e 54 86 cd 19 25 9d fa b3 .......>T...%...
02f0 be d2 d2 a1 8a 65 f0 55 e9 7d 8e 13 13 5a 2c f0 .....e.U.}...Z,.
0300 d4 a2 19 f1 5f a8 77 2e 55 45 81 25 b0 f6 52 91 ...._.w.UE.%..R.
0310 5d 2b 3b 73 d2 fd 0c 4a ba d6 38 06 cd f4 f9 96 ]+;s...J..8.....
0320 1e 20 d7 07 84 55 b0 ef 83 3d cc 72 80 d5 1a f6 . ...U...=.r....
0330 51 c1 63 f6 8c c6 28 42 ff 94 2a 1f 1d 1f 9a 66 Q.c...(B..*....f
0340 ee 2c b5 11 02 6a b6 12 0c 62 65 2c 1c 7b 88 9f .,...j...be,.{..
0350 2a 91 41 80 6c 43 c3 4a 6a 27 dd 7b e4 8f a8 72 *.A.lC.Jj'.{...r
0360 f2 2b bd 7b 46 46 3b 2d 83 38 06 66 47 09 d9 79 .+.{FF;-.8.fG..y
0370 af 85 ec 95 21 c0 4b e7 ad d8 8b 31 62 69 41 d7 ....!.K....1biA.
0380 7a 28 dc 9d d2 39 6f 38 6e a6 7d 6a 6e be 4c 01 z(...9o8n.}jn.L.
0390 75 1e dd 1a 8b 12 e5 c2 05 ba 75 39 7a 7a b6 a1 u.........u9zz..
03a0 20 98 9c 66 50 04 cf bb 87 43 b7 6f 98 50 db ac ..fP....C.o.P..
03b0 fc 34 1b a3 ba 96 18 71 cd 4b 2f 58 00 6b cd 66 .4.....q.K/X.k.f
03c0 7d 02 51 ae 0c b3 ba d6 87 60 88 05 0b 3d e8 73 }.Q......`...=.s
03d0 a4 dd 7e 7e f5 4d 31 5e b3 e8 ea 23 69 cc 52 89 ..~~.M1^...#i.R.
03e0 36 38 1d b2 5e e9 9b 02 35 c7 08 8e e5 e5 59 00 68..^...5.....Y.
03f0 2b f7 34 19 35 ad a4 df 4f 3b 52 ad 09 11 eb d7 +.4.5...O;R.....
0400 f2 fd 9a 2f 18 26 ce 68 ca bd 8e 1e fd 19 1c 81 .../.&.h........
0410 bb 06 c0 ee d9 61 13 f7 84 b0 9f d2 58 d4 c7 01 .....a......X...
0420 bd ba f8 e9 e5 ba 4e a1 e8 a4 b6 d5 3c 3a b8 6e ......N.....<:.n
0430 ee d5 7f 31 66 91 cc 9c 41 69 60 8a 60 57 f2 0b ...1f...Ai`.`W..
0440 07 95 b9 48 d6 e1 30 3b 4f d4 40 b9 a8 04 a8 2a ...H..0;O.@....*
0450 e8 bb d4 91 ea 90 71 a0 1a e5 ff ee bd 5b a4 8c ......q......[..
0460 73 55 53 a8 d9 7a 34 7f 5f de 4d 34 0c c4 d9 e5 sUS..z4._.M4....
0470 b8 e7 e0 1c 85 f8 62 d2 bf 17 88 d2 09 7a c6 9c ......b......z..
0480 2b 19 4d bf 57 ac c7 63 93 fc dd c2 e3 9e 8f 88 +.M.W..c........
0490 7f 1a b2 e0 54 61 d0 4d bb 56 d1 22 32 0c f9 94 ....Ta.M.V."2...
04a0 67 74 ec 94 0e dd db ea f6 44 b6 04 76 b5 3b bd gt.......D..v.;.
04b0 4a 5d e7 51 99 3f 7c 9f 7f ad b8 2f 0a 5a ac cf J].Q.?|..../.Z..
04c0 65 d4 6d 85 de ac 3e 36 be 09 76 68 01 db 5b 02 e.m...>6..vh..[.
04d0 74 2e da 45 58 61 b3 bd b0 80 22 58 0a af 95 e7 t..EXa...."X....
04e0 60 18 7e 96 a3 0d 38 ed 16 10 94 9c b3 9d 53 b1 `.~...8.......S.
04f0 d1 8d 0d 95 0c 9c 1f 61 a0 4f de 1d f1 4a 93 b0 .......a.O...J..
0500 aa 24 c8 41 39 75 db 4f 20 9c dc 39 08 6f 7e a6 .$.A9u.O ..9.o~.
0510 1c 94 59 92 fd d4 3f 38 7e 78 79 cb fb b9 e3 bd ..Y...?8~xy.....
0520 c3 97 de 53 7b 76 3b 4c 33 a7 4d ba 24 fb a6 28 ...S{v;L3.M.$..(
0530 f4 aa a2 58 89 a4 b3 bd c9 78 6f 00 57 4c 3f 75 ...X.....xo.WL?u
0540 97 41 97 59 cb 51 97 f2 a0 8e 92 13 f2 6f 96 78 .A.Y.Q.......o.x
0550 35 da 3c 88 d2 09 62 41 55 ee 49 f4 76 4f 4c 32 5.<...bAU.I.vOL2
0560 3c 68 e3 9f a4 7e 3d e8 07 c4 df b6 17 c9 6e 67 <h...~=.......ng
0570 87 19 c2 e0 7e a5 95 4c df 44 d6 68 f9 52 e6 45 ....~..L.D.h.R.E
0580 7d de 0a e7 56 c3 5e 45 ad ba 4f 42 e7 ba c2 27 }...V.^E..OB...'
0590 70 a4 22 de a6 4e c3 09 63 56 84 03 08 88 1e 22 p."..N..cV....."
05a0 23 2b 73 85 1c 99 1a cf 0e 16 d0 89 b7 98 ed 51 #+s............Q
05b0 a2 6d 01 a6 4c bb fc df 35 cd 7d 3d 40 55 bf 3e .m..L...5.}=@U.>
05c0 a0 c2 00 e9 d0 0f 55 f5 9f e1 73 54 95 80 2f 2c ......U...sT../,
05d0 18 74 ee 07 e8 fd 95 2d b4 2a 16 f8 8f c2 5c cc .t.....-.*....\.
05e0 d0 60 .`
No. Time Source Destination Protocol Info
167334 371.462924 192.168.0.121 222.84.9.84 UDP Source port: 10273 Destination port: 6881
Frame 167334 (308 bytes on wire, 308 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.453367000
[Time delta from previous packet: 0.001033000 seconds]
[Time since reference or first frame: 371.462924000 seconds]
Frame Number: 167334
Packet Length: 308 bytes
Capture Length: 308 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:data]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.121 (192.168.0.121), Dst: 222.84.9.84 ( 222.84.9.84)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 294
Identification: 0x1b56 (6998)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xb5a7 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.121 (192.168.0.121)
Destination: 222.84.9.84 (222.84.9.84)
User Datagram Protocol, Src Port: 10273 (10273), Dst Port: 6881 (6881)
Source port: 10273 (10273)
Destination port: 6881 (6881)
Length: 274
Checksum: 0xd147 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Data (266 bytes)
0000 00 13 46 14 f0 88 00 14 85 26 c7 6b 08 00 45 00 ..F......&.k..E.
0010 01 26 1b 56 00 00 40 11 b5 a7 c0 a8 00 79 de 54 .&[email protected]
0020 09 54 28 21 1a e1 01 12 d1 47 64 31 3a 72 64 32 .T(!.....Gd1:rd2
0030 3a 69 64 32 30 3a f6 48 73 bf e3 0d c3 31 a3 cc :id20:.Hs....1..
0040 c6 a9 fb c9 ff ad 25 e4 21 31 35 3a 6e 6f 64 65 ......%.!15:node
0050 73 32 30 38 3a f6 48 58 15 b3 87 11 ff 33 a4 89 s208:.HX.....3..
0060 23 45 9a 6e c2 ed 29 59 14 7c 96 74 16 cf 5a f6 #E.n..)Y.|.t..Z.
0070 48 4b ae 8c e1 88 15 e2 0e 44 b2 bf 64 04 20 be HK.......D..d. .
0080 91 cf bc 46 40 10 7f f6 f9 f6 48 45 63 ff b8 94 ...F@xxxxxxxx...
0090 d9 aa cb 5c b9 a7 42 f0 55 0a ae 2a 6f da bf 0c ...\..B.U..*o...
00a0 ee 50 95 f6 48 45 37 ba f1 a1 c4 f2 ed 3e ef b9 .P..HE7......>..
00b0 01 b1 ed d7 66 dd e8 51 63 d1 24 a7 66 f6 48 43 ....f..Qc.$.f.HC
00c0 7f e5 63 2d aa 74 12 e3 87 ca a3 aa 43 3c 50 57 ..c-.t......C<PW
00d0 96 57 dc 57 a7 ea 3e f6 48 4f f0 dd d8 12 91 7f .W.W..>.HO......
00e0 a2 e0 e4 8b ae 71 54 12 d4 36 58 7c 76 13 ea 3e .....qT..6X|v..>
00f0 81 f6 48 5e 6b 09 d2 bb a4 ac 3c c4 f3 c2 2e 94 ..H^k.....<.....
0100 d5 65 aa 2f 0f 3b ae dc 5b c6 4f f6 48 5d 71 ef .e./.;..[.O.H]q.
0110 34 57 86 e4 fb 4f fd a7 7c b3 55 4c c5 c0 0a 7d 4W...O..|.UL...}
0120 2d ca cb 21 21 65 31 3a 74 32 3a 06 a8 31 3a 79 -..!!e1:t2:..1:y
0130 31 3a 72 65 1:re
No. Time Source Destination Protocol Info
167335 371.463006 192.168.0.1 192.168.0.101 TCP 5678 > 3227 [FIN, ACK] Seq=616 Ack=663 Win=8192 Len=0
Frame 167335 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jan 12, 2008 21:31: 17.453449000
[Time delta from previous packet: 0.000082000 seconds]
[Time since reference or first frame: 371.463006000 seconds]
Frame Number: 167335
Packet Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: D-Link_14:f0:88 (00:13:46:14:f0:88), Dst: IntelCor_10:e0:39 (00:13:02:10:e0:39)
Destination: IntelCor_10:e0:39 (00:13:02:10:e0:39)
Address: IntelCor_10:e0:39 (00:13:02:10:e0:39)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.1 (192.168.0.1), Dst: 192.168.0.101 ( 192.168.0.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x25af (9647)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 127
Protocol: TCP (0x06)
Header checksum: 0x946a [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.1 (192.168.0.1)
Destination: 192.168.0.101 (192.168.0.101)
Transmission Control Protocol, Src Port: 5678 (5678), Dst Port: 3227 (3227), Seq: 616, Ack: 663, Len: 0
Source port: 5678 (5678)
Destination port: 3227 (3227)
Sequence number: 616 (relative sequence number)
Acknowledgement number: 663 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...1 = Fin: Set
Window size: 8192
Checksum: 0xd23d [correct]
[Good Checksum: True]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 167332]
[The RTT to ACK the segment was: 0.001200000 seconds]
0000 00 13 02 10 e0 39 00 13 46 14 f0 88 08 00 45 00 .....9..F.....E.
0010 00 28 25 af 00 00 7f 06 94 6a c0 a8 00 01 c0 a8 .(%......j......
0020 00 65 16 2e 0c 9b 00 3f 9c a8 42 0d 3a 21 50 11 .e.....?..B.:!P.
0030 20 00 d2 3d 00 00 ..=..
No. Time Source Destination Protocol Info
167336 371.464043 192.168.0.101 192.168.0.1 TCP 3227 > 5678 [ACK] Seq=663 Ack=617 Win=16856 Len=0
Frame 167336 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.454486000
[Time delta from previous packet: 0.001037000 seconds]
[Time since reference or first frame: 371.464043000 seconds]
Frame Number: 167336
Packet Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: IntelCor_10:e0:39 (00:13:02:10:e0:39), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: IntelCor_10:e0:39 (00:13:02:10:e0:39)
Address: IntelCor_10:e0:39 (00:13:02:10:e0:39)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.101 ( 192.168.0.101), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x3897 (14487)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x4082 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.101 (192.168.0.101)
Destination: 192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 3227 (3227), Dst Port: 5678 (5678), Seq: 663, Ack: 617, Len: 0
Source port: 3227 (3227)
Destination port: 5678 (5678)
Sequence number: 663 (relative sequence number)
Acknowledgement number: 617 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 16856
Checksum: 0xb065 [correct]
[Good Checksum: True]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 167335]
[The RTT to ACK the segment was: 0.001037000 seconds]
0000 00 13 46 14 f0 88 00 13 02 10 e0 39 08 00 45 00 ..F........9..E.
0010 00 28 38 97 40 00 80 06 40 82 c0 a8 00 65 c0 a8 .(8.@[email protected]..
0020 00 01 0c 9b 16 2e 42 0d 3a 21 00 3f 9c a9 50 10 ......B.:!.?..P.
0030 41 d8 b0 65 00 00 A..e..
No. Time Source Destination Protocol Info
167337 371.464296 192.168.0.101 192.168.0.1 TCP 3227 > 5678 [RST, ACK] Seq=663 Ack=617 Win=0 Len=0
Frame 167337 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.454739000
[Time delta from previous packet: 0.000253000 seconds]
[Time since reference or first frame: 371.464296000 seconds]
Frame Number: 167337
Packet Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP RST]
[Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: IntelCor_10:e0:39 (00:13:02:10:e0:39), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: IntelCor_10:e0:39 (00:13:02:10:e0:39)
Address: IntelCor_10:e0:39 (00:13:02:10:e0:39)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.101 (192.168.0.101), Dst: 192.168.0.1 ( 192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x3898 (14488)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x4081 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.101 (192.168.0.101)
Destination: 192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 3227 (3227), Dst Port: 5678 (5678), Seq: 663, Ack: 617, Len: 0
Source port: 3227 (3227)
Destination port: 5678 (5678)
Sequence number: 663 (relative sequence number)
Acknowledgement number: 617 (relative ack number)
Header length: 20 bytes
Flags: 0x14 (RST, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .1.. = Reset: Set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 0
Checksum: 0xf239 [correct]
[Good Checksum: True]
[Bad Checksum: False]
0000 00 13 46 14 f0 88 00 13 02 10 e0 39 08 00 45 00 ..F........9..E.
0010 00 28 38 98 40 00 80 06 40 81 c0 a8 00 65 c0 a8 .(8.@[email protected]..
0020 00 01 0c 9b 16 2e 42 0d 3a 21 00 3f 9c a9 50 14 ......B.:!.?..P.
0030 00 00 f2 39 00 00 ...9..
No. Time Source Destination Protocol Info
167338 371.465355 192.168.0.101 192.168.0.1 TCP 3228 > 5678 [SYN] Seq=0 Len=0 MSS=1460
Frame 167338 (62 bytes on wire, 62 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.455798000
[Time delta from previous packet: 0.001059000 seconds]
[Time since reference or first frame: 371.465355000 seconds]
Frame Number: 167338
Packet Length: 62 bytes
Capture Length: 62 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: IntelCor_10:e0:39 (00:13:02:10:e0:39), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: IntelCor_10:e0:39 (00:13:02:10:e0:39)
Address: IntelCor_10:e0:39 (00:13:02:10:e0:39)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.101 (192.168.0.101), Dst: 192.168.0.1 ( 192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 48
Identification: 0x3899 (14489)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x4078 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.101 (192.168.0.101)
Destination: 192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 3228 (3228), Dst Port: 5678 (5678), Seq: 0, Len: 0
Source port: 3228 (3228)
Destination port: 5678 (5678)
Sequence number: 0 (relative sequence number)
Header length: 28 bytes
Flags: 0x02 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Window size: 16384
Checksum: 0x0350 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (8 bytes)
Maximum segment size: 1460 bytes
NOP
NOP
SACK permitted
0000 00 13 46 14 f0 88 00 13 02 10 e0 39 08 00 45 00 ..F........9..E.
0010 00 30 38 99 40 00 80 06 40 78 c0 a8 00 65 c0 a8 .08.@[email protected]..
0020 00 01 0c 9c 16 2e bd 06 de 47 00 00 00 00 70 02 .........G....p.
0030 40 00 03 50 00 00 02 04 05 b4 01 01 04 02 @..P..........
No. Time Source Destination Protocol Info
167339 371.466207 218.4.245.104 192.168.0.121 TCP [TCP Retransmission] 8492 > 2557 [PSH, ACK] Seq=90891 Ack=4919 Win=65417 Len=641 TSV=1607158 TSER=140501
Frame 167339 (707 bytes on wire, 707 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.456650000
[Time delta from previous packet: 0.000852000 seconds]
[Time since reference or first frame: 371.466207000 seconds]
Frame Number: 167339
Packet Length: 707 bytes
Capture Length: 707 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:data]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Destination: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 218.4.245.104 (218.4.245.104), Dst: 192.168.0.121 (192.168.0.121 )
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 693
Identification: 0x0256 (598)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 115
Protocol: TCP (0x06)
Header checksum: 0x725e [correct]
[Good: True]
[Bad : False]
Source: 218.4.245.104 (218.4.245.104)
Destination: 192.168.0.121 (192.168.0.121)
Transmission Control Protocol, Src Port: 8492 (8492), Dst Port: 2557 (2557), Seq: 90891, Ack: 4919, Len: 641
Source port: 8492 (8492)
Destination port: 2557 (2557)
Sequence number: 90891 (relative sequence number)
[Next sequence number: 91532 (relative sequence number)]
Acknowledgement number: 4919 (relative ack number)
Header length: 32 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65417
Checksum: 0x7e8d [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 1607158, TSecr 140501
[SEQ/ACK analysis]
[TCP Analysis Flags]
[This frame is a (suspected) retransmission]
[The RTO for this segment was: 0.031249000 seconds]
[RTO based on delta from frame: 167331]
Data (641 bytes)
0000 00 14 85 26 c7 6b 00 1b fc de 30 34 08 00 45 00 ...&.k....04..E.
0010 02 b5 02 56 40 00 73 06 72 5e da 04 f5 68 c0 a8 [email protected]^...h..
0020 00 79 21 2c 09 fd 5f e6 11 92 0f 0e 24 91 80 18 .y!,.._.....$...
0030 ff 89 7e 8d 00 00 01 01 08 0a 00 18 85 f6 00 02 ..~.............
0040 24 d5 ab 7b 63 8b c2 79 0b 33 93 b8 02 87 c6 ec $..{c..y.3......
0050 a9 ee f6 60 a3 a3 f7 c1 e7 2d 75 7c 65 39 c7 16 ...`.....-u|e9..
0060 9c d1 00 64 c9 85 0d fc 32 ad 10 33 ae c2 a6 8a ...d....2..3....
0070 b4 43 f1 35 e6 a5 fd 2e f1 99 da 60 42 b3 5a 2f .C.5.......`B.Z/
0080 7d bd 9a 1b dc 0c 12 c0 19 1a fc f1 0a bf bf ba }...............
0090 72 d1 bc c8 37 46 d8 43 07 2c 6a 83 18 63 82 e3 r...7F.C.,j..c..
00a0 f8 ee 96 0a e6 00 27 c7 3c c8 85 09 c4 de d1 06 ......'.<.......
00b0 fc f2 80 27 74 bb 07 8d 3e 84 d0 de cb b7 03 13 ...'t...>.......
00c0 91 4c 5b 94 b7 31 28 e2 86 e5 84 9a 80 58 cf 3b .L[..1(......X.;
00d0 bf 43 43 56 ec 67 75 ef 38 4b f4 2a 78 1c d9 4c .CCV.gu.8K.*x..L
00e0 b8 be 03 09 3b cf a0 35 54 ea ed 4f 4f 4b 60 34 ....;..5T..OOK`4
00f0 e3 9f 38 9d 1c 52 44 38 dd 59 25 40 75 0b 48 97 ..8..RD8.Y%@ u.H.
0100 ea e7 0e 87 6c a9 c9 3a b1 c6 d2 46 39 54 ee e5 ....l..:...F9T..
0110 f6 90 fe 98 07 73 19 d5 49 f0 1d 67 f4 12 03 c4 .....s..I..g....
0120 72 9a 04 f8 99 ea d1 f3 0d b6 68 2e 74 25 df 27 r.........h.t%.'
0130 f0 7a b8 6e da 02 74 29 bc 59 25 47 f2 96 bf fd .z.n..t).Y%G....
0140 ce 42 4e 4f 44 f4 42 52 04 bf 37 89 ff b1 31 2a .BNOD.BR..7...1*
0150 63 a3 04 5e 5f a9 9e bd 23 4d ee 8f ee d7 a5 b1 c..^_...#M......
0160 fe 94 8f d9 1b b5 86 60 ee f7 78 77 4a c8 82 69 .......`..xwJ..i
0170 1d ad cb 84 d9 22 fa b7 74 ef a2 6e ec 0f 91 ee ....."..t..n....
0180 ea 6a 2c 08 b2 d6 b0 23 5a 8c 7a 24 b5 f7 8e 37 .j,....#Z.z$...7
0190 0e e3 ec a0 31 b3 5b ea f9 73 76 83 2f 32 96 8a ....1.[..sv./2..
01a0 f8 df 46 0b a6 a6 16 d4 63 f9 11 7c 4b e4 58 25 ..F.....c..|K.X%
01b0 77 d6 dc 22 ae f3 b2 ea e3 d7 c9 f2 a9 65 64 76 w..".........edv
01c0 43 5e 48 9d a9 d5 f2 58 7b 7e 61 20 c9 c3 68 02 C^H....X{~a ..h.
01d0 35 15 c1 88 6e 93 ee 43 c7 2a 50 b5 a5 0c 62 24 5...n..C.*P...b$
01e0 a9 b0 70 76 3f e9 52 67 ca e9 65 53 5e ac 04 95 ..pv?.Rg..eS^...
01f0 33 e6 1e 59 9f 8c 18 59 7a 50 10 dc 06 53 84 fe 3..Y...YzP...S..
0200 67 11 c1 4c 8b f2 24 30 83 ef da 22 30 25 a5 d3 g..L..$0..."0%..
0210 d7 8e 62 5f d2 1c d7 73 de d3 30 0b 3b f5 f6 cf ..b_...s..0.;...
0220 7a fa 03 74 7e 81 2f 19 bf 0e 65 f2 8b e3 5b 54 z..t~./...e...[T
0230 03 f9 62 d0 8e ff bf 8d 97 9e c7 42 0b 45 4a 50 ..b........B.EJP
0240 e6 22 a9 48 d6 2f 10 e7 79 3f 54 2b 44 af 1a bf .".H./..y?T+D...
0250 4e 3f b0 3a 68 68 a8 d8 0e c2 fc df aa 89 59 84 N?.:hh........Y.
0260 f9 40 58 6a 9b 43 9d a5 0d db 31 90 ed 7d 1e f4 [email protected]..}..
0270 54 2b 2a 4c c8 c2 6f 62 82 48 a1 d3 23 46 41 6c T+*L..ob.H..#FAl
0280 8d e1 19 58 36 05 bd c6 d8 4d 52 ad 4d 35 87 66 ...X6....MR.M5.f
0290 62 ad 16 46 4c ec 97 f7 56 6c cd 2e 37 71 c1 1e b..FL...Vl..7q..
02a0 9b a8 c1 ac 7a dc 24 3e 44 ca 0f a8 06 ea ae 8f ....z.$>D.......
02b0 22 bf b4 6d 42 77 91 31 21 43 27 d2 a4 79 b1 14 "..mBw.1!C'..y..
02c0 b1 80 19 ...
No. Time Source Destination Protocol Info
167340 371.468178 192.168.0.101 192.168.0.1 TCP 3228 > 5678 [ACK] Seq=1 Ack=0 Win=17472 Len=0
Frame 167340 (54 bytes on wire, 54 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.458621000
[Time delta from previous packet: 0.001971000 seconds]
[Time since reference or first frame: 371.468178000 seconds]
Frame Number: 167340
Packet Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: IntelCor_10:e0:39 (00:13:02:10:e0:39), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: IntelCor_10:e0:39 (00:13:02:10:e0:39)
Address: IntelCor_10:e0:39 (00:13:02:10:e0:39)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.101 (192.168.0.101), Dst: 192.168.0.1 ( 192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x389a (14490)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x407f [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.101 (192.168.0.101)
Destination: 192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 3228 (3228), Dst Port: 5678 (5678), Seq: 1, Ack: 0, Len: 0
Source port: 3228 (3228)
Destination port: 5678 (5678)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 0 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17472
Checksum: 0xacc4 [correct]
[Good Checksum: True]
[Bad Checksum: False]
0000 00 13 46 14 f0 88 00 13 02 10 e0 39 08 00 45 00 ..F........9..E.
0010 00 28 38 9a 40 00 80 06 40 7f c0 a8 00 65 c0 a8 .(8.@[email protected]..
0020 00 01 0c 9c 16 2e bd 06 de 48 00 44 7e bb 50 10 .........H.D~.P.
0030 44 40 ac c4 00 00 D@....
No. Time Source Destination Protocol Info
167341 371.469152 192.168.0.101 192.168.0.1 TCP 3228 > 5678 [PSH, ACK] Seq=1 Ack=0 Win=17472 Len=658
Frame 167341 (712 bytes on wire, 712 bytes captured)
Arrival Time: Jan 12, 2008 21:31: 17.459595000
[Time delta from previous packet: 0.000974000 seconds]
[Time since reference or first frame: 371.469152000 seconds]
Frame Number: 167341
Packet Length: 712 bytes
Capture Length: 712 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp:data]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: IntelCor_10:e0:39 (00:13:02:10:e0:39), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: IntelCor_10:e0:39 (00:13:02:10:e0:39)
Address: IntelCor_10:e0:39 (00:13:02:10:e0:39)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.101 (192.168.0.101), Dst: 192.168.0.1 ( 192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 698
Identification: 0x389b (14491)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x3dec [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.101 (192.168.0.101)
Destination: 192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 3228 (3228), Dst Port: 5678 (5678), Seq: 1, Ack: 0, Len: 658
Source port: 3228 (3228)
Destination port: 5678 (5678)
Sequence number: 1 (relative sequence number)
[Next sequence number: 659 (relative sequence number)]
Acknowledgement number: 0 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17472
Checksum: 0x26ab [correct]
[Good Checksum: True]
[Bad Checksum: False]
Data (658 bytes)
0000 00 13 46 14 f0 88 00 13 02 10 e0 39 08 00 45 00 ..F........9..E.
0010 02 ba 38 9b 40 00 80 06 3d ec c0 a8 00 65 c0 a8 ..8.@...=....e..
0020 00 01 0c 9c 16 2e bd 06 de 48 00 44 7e bb 50 18 .........H.D~.P.
0030 44 40 26 ab 00 00 50 4f 53 54 20 2f 57 41 4e 43 D@&...POST /WANC
0040 6f 6d 6d 6f 6e 49 6e 74 65 72 66 61 63 65 43 6f ommonInterfaceCo
0050 6e 66 69 67 20 48 54 54 50 2f 31 2e 31 0d 0a 43 nfig HTTP/1.1..C
0060 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 ontent-Type: tex
0070 74 2f 78 6d 6c 3b 20 63 68 61 72 73 65 74 3d 22 t/xml; charset="
0080 75 74 66 2d 38 22 0d 0a 53 4f 41 50 41 63 74 69 utf-8"..SOAPActi
0090 6f 6e 3a 20 22 75 72 6e 3a 73 63 68 65 6d 61 73 on: "urn:schemas
00a0 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 76 69 63 -upnp-org:servic
00b0 65 3a 57 41 4e 43 6f 6d 6d 6f 6e 49 6e 74 65 72 e:WANCommonInter
00c0 66 61 63 65 43 6f 6e 66 69 67 3a 31 23 47 65 74 faceConfig:1#Get
00d0 54 6f 74 61 6c 50 61 63 6b 65 74 73 53 65 6e 74 TotalPacketsSent
00e0 22 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d "..User-Agent: M
00f0 6f 7a 69 6c 6c 61 2f 34 2e 30 20 28 63 6f 6d 70 ozilla/4.0 (comp
0100 61 74 69 62 6c 65 3b 20 55 50 6e 50 2f 31 2e 30 atible; UPnP/1.0
0110 3b 20 57 69 6e 64 6f 77 73 20 39 78 29 0d 0a 48 ; Windows 9x)..H
0120 6f 73 74 3a 20 31 39 32 2e 31 36 38 2e 30 2e 31 ost: 192.168.0.1
0130 3a 35 36 37 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c :5678..Content-L
0140 65 6e 67 74 68 3a 20 33 31 31 0d 0a 43 6f 6e 6e ength: 311..Conn
0150 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 ection: Keep-Ali
0160 76 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f ve..Cache-Contro
0170 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 l: no-cache..Pra
0180 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 0d gma: no-cache...
0190 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 .<?xml version="
01a0 31 2e 30 22 3f 3e 0d 0a 3c 53 4f 41 50 2d 45 4e 1.0 "?>..<SOAP-EN
01b0 56 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 V:Envelope xmlns
01c0 3a 53 4f 41 50 2d 45 4e 56 3d 22 68 74 74 70 3a :SOAP-ENV="http:
01d0 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 //schemas.xmlsoa
01e0 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c p.org/soap/envel
01f0 6f 70 65 2f 22 20 53 4f 41 50 2d 45 4e 56 3a 65 ope/" SOAP-ENV:e
0200 6e 63 6f 64 69 6e 67 53 74 79 6c 65 3d 22 68 74 ncodingStyle="ht
0210 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c tp://schemas.xml
0220 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e soap.org/soap/en
0230 63 6f 64 69 6e 67 2f 22 3e 3c 53 4f 41 50 2d 45 coding/"><SOAP-E
0240 4e 56 3a 42 6f 64 79 3e 3c 6d 3a 47 65 74 54 6f NV:Body><m:GetTo
0250 74 61 6c 50 61 63 6b 65 74 73 53 65 6e 74 20 78 talPacketsSent x
0260 6d 6c 6e 73 3a 6d 3d 22 75 72 6e 3a 73 63 68 65 mlns:m="urn:sche
0270 6d 61 73 2d 75 70 6e 70 2d 6f 72 67 3a 73 65 72 mas-upnp-org:ser
0280 76 69 63 65 3a 57 41 4e 43 6f 6d 6d 6f 6e 49 6e vice:WANCommonIn
0290 74 65 72 66 61 63 65 43 6f 6e 66 69 67 3a 31 22 terfaceConfig:1"
02a0 2f 3e 3c 2f 53 4f 41 50 2d 45 4e 56 3a 42 6f 64 /></SOAP-ENV:Bod
02b0 79 3e 3c 2f 53 4f 41 50 2d 45 4e 56 3a 45 6e 76 y></SOAP-ENV:Env
02c0 65 6c 6f 70 65 3e 0d 0a elope>..
No. Time Source Destination Protocol Info
167342 371.469199 192.168.0.121 218.4.245.104 TCP 2557 > 8492 [ACK] Seq=4919 Ack=91532 Win=8712 Len=0 TSV=140609 TSER=1607158
Frame 167342 (66 bytes on wire, 66 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.459642000
[Time delta from previous packet: 0.000047000 seconds]
[Time since reference or first frame: 371.469199000 seconds]
Frame Number: 167342
Packet Length: 66 bytes
Capture Length: 66 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
Address: Giga-Byt_26:c7:6b (00:14:85:26:c7:6b)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.121 ( 192.168.0.121), Dst: 218.4.245.104 (218.4.245.104)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 52
Identification: 0x1b57 (6999)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x8ede [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.121 (192.168.0.121)
Destination: 218.4.245.104 (218.4.245.104)
Transmission Control Protocol, Src Port: 2557 (2557), Dst Port: 8492 (8492), Seq: 4919, Ack: 91532, Len: 0
Source port: 2557 (2557)
Destination port: 8492 (8492)
Sequence number: 4919 (relative sequence number)
Acknowledgement number: 91532 (relative ack number)
Header length: 32 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8712
Checksum: 0x4613 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Options: (12 bytes)
NOP
NOP
Timestamps: TSval 140609, TSecr 1607158
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 167331]
[The RTT to ACK the segment was: 0.034241000 seconds]
0000 00 13 46 14 f0 88 00 14 85 26 c7 6b 08 00 45 00 ..F......&.k..E.
0010 00 34 1b 57 40 00 40 06 8e de c0 a8 00 79 da 04 .4.W@[email protected]..
0020 f5 68 09 fd 21 2c 0f 0e 24 91 5f e6 14 13 80 10 .h..!,..$._.....
0030 22 08 46 13 00 00 01 01 08 0a 00 02 25 41 00 18 ".F.........%A..
0040 85 f6 ..
No. Time Source Destination Protocol Info
167343 371.473762 192.168.0.80 192.168.0.1 DNS Standard query PTR 177.1.53.59.in-addr.arpa
Frame 167343 (84 bytes on wire, 84 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464205000
[Time delta from previous packet: 0.004563000 seconds]
[Time since reference or first frame: 371.473762000 seconds]
Frame Number: 167343
Packet Length: 84 bytes
Capture Length: 84 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 ( 192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 70
Identification: 0xf3c9 (62409)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc53b [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 50
Checksum: 0x74ab [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 167528]
Transaction ID: 0x4a15
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
177.1.53.59.in-addr.arpa: type PTR, class IN
Name: 177.1.53.59.in-addr.arpa
Type: PTR (Domain name pointer)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 46 f3 c9 00 00 80 11 c5 3b c0 a8 00 50 c0 a8 .F.......;...P..
0020 00 01 04 9c 00 35 00 32 74 ab 4a 15 01 00 00 01 .....5.2t.J.....
0030 00 00 00 00 00 00 03 31 37 37 01 31 02 35 33 02 .......177.1.53.
0040 35 39 07 69 6e 2d 61 64 64 72 04 61 72 70 61 00 59.in-addr.arpa.
0050 00 0c 00 01 ....
No. Time Source Destination Protocol Info
167344 371.473801 192.168.0.80 192.168.0.1 DNS Standard query PTR 118.172.51.61.in-addr.arpa
Frame 167344 (86 bytes on wire, 86 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464244000
[Time delta from previous packet: 0.000039000 seconds]
[Time since reference or first frame: 371.473801000 seconds]
Frame Number: 167344
Packet Length: 86 bytes
Capture Length: 86 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 (192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 72
Identification: 0xf3ca (62410)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc538 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 52
Checksum: 0x42b8 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 169218]
Transaction ID: 0x49d9
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
118.172.51.61.in-addr.arpa: type PTR, class IN
Name: 118.172.51.61.in-addr.arpa
Type: PTR (Domain name pointer)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 48 f3 ca 00 00 80 11 c5 38 c0 a8 00 50 c0 a8 .H.......8...P..
0020 00 01 04 9c 00 35 00 34 42 b8 49 d9 01 00 00 01 .....5.4B.I.....
0030 00 00 00 00 00 00 03 31 31 38 03 31 37 32 02 35 .......118.172.5
0040 31 02 36 31 07 69 6e 2d 61 64 64 72 04 61 72 70 1.61.in-addr.arp
0050 61 00 00 0c 00 01 a.....
No. Time Source Destination Protocol Info
167345 371.473820 192.168.0.80 192.168.0.1 DNS Standard query PTR 70.138.50.60.in-addr.arpa
Frame 167345 (85 bytes on wire, 85 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464263000
[Time delta from previous packet: 0.000019000 seconds]
[Time since reference or first frame: 371.473820000 seconds]
Frame Number: 167345
Packet Length: 85 bytes
Capture Length: 85 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 ( 192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 71
Identification: 0xf3cb (62411)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc538 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 51
Checksum: 0xdfb7 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 168371]
Transaction ID: 0x4973
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
70.138.50.60.in-addr.arpa: type PTR, class IN
Name: 70.138.50.60.in-addr.arpa
Type: PTR (Domain name pointer)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 47 f3 cb 00 00 80 11 c5 38 c0 a8 00 50 c0 a8 .G.......8...P..
0020 00 01 04 9c 00 35 00 33 df b7 49 73 01 00 00 01 .....5.3..Is....
0030 00 00 00 00 00 00 02 37 30 03 31 33 38 02 35 30 .......70.138.50
0040 02 36 30 07 69 6e 2d 61 64 64 72 04 61 72 70 61 .60.in-addr.arpa
0050 00 00 0c 00 01 .....
No. Time Source Destination Protocol Info
167346 371.473841 192.168.0.80 192.168.0.1 DNS Standard query A i59F6BFDD.versanet.de
Frame 167346 (81 bytes on wire, 81 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464284000
[Time delta from previous packet: 0.000021000 seconds]
[Time since reference or first frame: 371.473841000 seconds]
Frame Number: 167346
Packet Length: 81 bytes
Capture Length: 81 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 ( 192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 67
Identification: 0xf3cc (62412)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc53b [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 47
Checksum: 0xfa03 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 170114]
Transaction ID: 0x489e
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
i59F6BFDD.versanet.de: type A, class IN
Name: i59F6BFDD.versanet.de
Type: A (Host address)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 43 f3 cc 00 00 80 11 c5 3b c0 a8 00 50 c0 a8 .C.......;...P..
0020 00 01 04 9c 00 35 00 2f fa 03 48 9e 01 00 00 01 .....5./..H.....
0030 00 00 00 00 00 00 09 69 35 39 46 36 42 46 44 44 .......i59F6BFDD
0040 08 76 65 72 73 61 6e 65 74 02 64 65 00 00 01 00 .versanet.de....
0050 01 .
No. Time Source Destination Protocol Info
167347 371.473860 192.168.0.80 192.168.0.1 DNS Standard query A alf94-7-82-228-221-32.fbx.proxad.net
Frame 167347 (96 bytes on wire, 96 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464303000
[Time delta from previous packet: 0.000019000 seconds]
[Time since reference or first frame: 371.473860000 seconds]
Frame Number: 167347
Packet Length: 96 bytes
Capture Length: 96 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 ( 192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 82
Identification: 0xf3cd (62413)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc52b [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 62
Checksum: 0x494b [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 168372]
Transaction ID: 0x489f
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
alf94-7-82-228-221-32.fbx.proxad.net: type A, class IN
Name: alf94-7-82-228-221-32.fbx.proxad.net
Type: A (Host address)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 52 f3 cd 00 00 80 11 c5 2b c0 a8 00 50 c0 a8 .R.......+...P..
0020 00 01 04 9c 00 35 00 3e 49 4b 48 9f 01 00 00 01 .....5.>IKH.....
0030 00 00 00 00 00 00 15 61 6c 66 39 34 2d 37 2d 38 .......alf94-7-8
0040 32 2d 32 32 38 2d 32 32 31 2d 33 32 03 66 62 78 2-228-221-32.fbx
0050 06 70 72 6f 78 61 64 03 6e 65 74 00 00 01 00 01 .proxad.net.....
No. Time Source Destination Protocol Info
167348 371.473879 192.168.0.80 192.168.0.1 DNS Standard query A CPE-121-208-179-8.qld.bigpond.net.au
Frame 167348 (96 bytes on wire, 96 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464322000
[Time delta from previous packet: 0.000019000 seconds]
[Time since reference or first frame: 371.473879000 seconds]
Frame Number: 167348
Packet Length: 96 bytes
Capture Length: 96 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 (192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 82
Identification: 0xf3ce (62414)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc52a [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 62
Checksum: 0xdfad [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 170083]
Transaction ID: 0x48a0
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
CPE-121-208-179-8.qld.bigpond.net.au: type A, class IN
Name: CPE-121-208-179-8.qld.bigpond.net.au
Type: A (Host address)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 52 f3 ce 00 00 80 11 c5 2a c0 a8 00 50 c0 a8 .R.......*...P..
0020 00 01 04 9c 00 35 00 3e df ad 48 a0 01 00 00 01 .....5.>..H.....
0030 00 00 00 00 00 00 11 43 50 45 2d 31 32 31 2d 32 .......CPE-121-2
0040 30 38 2d 31 37 39 2d 38 03 71 6c 64 07 62 69 67 08-179-8.qld.big
0050 70 6f 6e 64 03 6e 65 74 02 61 75 00 00 01 00 01 pond.net.au.....
No. Time Source Destination Protocol Info
167349 371.473898 192.168.0.80 192.168.0.1 DNS Standard query PTR 139.42.186.80.in-addr.arpa
Frame 167349 (86 bytes on wire, 86 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464341000
[Time delta from previous packet: 0.000019000 seconds]
[Time since reference or first frame: 371.473898000 seconds]
Frame Number: 167349
Packet Length: 86 bytes
Capture Length: 86 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 (192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 72
Identification: 0xf3cf (62415)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc533 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 52
Checksum: 0x1215 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 169187]
Transaction ID: 0x48a5
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
139.42.186.80.in-addr.arpa: type PTR, class IN
Name: 139.42.186.80.in-addr.arpa
Type: PTR (Domain name pointer)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 48 f3 cf 00 00 80 11 c5 33 c0 a8 00 50 c0 a8 .H.......3...P..
0020 00 01 04 9c 00 35 00 34 12 15 48 a5 01 00 00 01 .....5.4..H.....
0030 00 00 00 00 00 00 03 31 33 39 02 34 32 03 31 38 .......139.42.18
0040 36 02 38 30 07 69 6e 2d 61 64 64 72 04 61 72 70 6.80.in-addr.arp
0050 61 00 00 0c 00 01 a.....
No. Time Source Destination Protocol Info
167350 371.473915 192.168.0.80 192.168.0.1 DNS Standard query PTR 203.165.4.189.in-addr.arpa
Frame 167350 (86 bytes on wire, 86 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464358000
[Time delta from previous packet: 0.000017000 seconds]
[Time since reference or first frame: 371.473915000 seconds]
Frame Number: 167350
Packet Length: 86 bytes
Capture Length: 86 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 ( 192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 72
Identification: 0xf3d0 (62416)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc532 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 52
Checksum: 0x72b5 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 171041]
Transaction ID: 0x48a7
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
203.165.4.189.in-addr.arpa: type PTR, class IN
Name: 203.165.4.189.in-addr.arpa
Type: PTR (Domain name pointer)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 48 f3 d0 00 00 80 11 c5 32 c0 a8 00 50 c0 a8 .H.......2...P..
0020 00 01 04 9c 00 35 00 34 72 b5 48 a7 01 00 00 01 .....5.4r.H.....
0030 00 00 00 00 00 00 03 32 30 33 03 31 36 35 01 34 .......203.165.4
0040 03 31 38 39 07 69 6e 2d 61 64 64 72 04 61 72 70 .189.in-addr.arp
0050 61 00 00 0c 00 01 a.....
No. Time Source Destination Protocol Info
167351 371.473931 192.168.0.80 192.168.0.1 DNS Standard query PTR 116.237.82.190.in-addr.arpa
Frame 167351 (87 bytes on wire, 87 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464374000
[Time delta from previous packet: 0.000016000 seconds]
[Time since reference or first frame: 371.473931000 seconds]
Frame Number: 167351
Packet Length: 87 bytes
Capture Length: 87 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 (192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 73
Identification: 0xf3d1 (62417)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc530 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 53
Checksum: 0xe30f [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 168374]
Transaction ID: 0x48a8
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
116.237.82.190.in-addr.arpa: type PTR, class IN
Name: 116.237.82.190.in-addr.arpa
Type: PTR (Domain name pointer)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 49 f3 d1 00 00 80 11 c5 30 c0 a8 00 50 c0 a8 .I.......0...P..
0020 00 01 04 9c 00 35 00 35 e3 0f 48 a8 01 00 00 01 .....5.5..H.....
0030 00 00 00 00 00 00 03 31 31 36 03 32 33 37 02 38 .......116.237.8
0040 32 03 31 39 30 07 69 6e 2d 61 64 64 72 04 61 72 2.190.in-addr.ar
0050 70 61 00 00 0c 00 01 pa.....
No. Time Source Destination Protocol Info
167352 371.473947 192.168.0.80 192.168.0.1 DNS Standard query PTR 225.0.21.86.in-addr.arpa
Frame 167352 (84 bytes on wire, 84 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464390000
[Time delta from previous packet: 0.000016000 seconds]
[Time since reference or first frame: 371.473947000 seconds]
Frame Number: 167352
Packet Length: 84 bytes
Capture Length: 84 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 ( 192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 70
Identification: 0xf3d2 (62418)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc532 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 50
Checksum: 0x7a1e [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 171084]
Transaction ID: 0x48aa
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
225.0.21.86.in-addr.arpa: type PTR, class IN
Name: 225.0.21.86.in-addr.arpa
Type: PTR (Domain name pointer)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 46 f3 d2 00 00 80 11 c5 32 c0 a8 00 50 c0 a8 .F.......2...P..
0020 00 01 04 9c 00 35 00 32 7a 1e 48 aa 01 00 00 01 .....5.2z.H.....
0030 00 00 00 00 00 00 03 32 32 35 01 30 02 32 31 02 .......225.0.21.
0040 38 36 07 69 6e 2d 61 64 64 72 04 61 72 70 61 00 86.in-addr.arpa.
0050 00 0c 00 01 ....
No. Time Source Destination Protocol Info
167353 371.473964 192.168.0.80 192.168.0.1 DNS Standard query PTR 157.2.225.61.in-addr.arpa
Frame 167353 (85 bytes on wire, 85 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464407000
[Time delta from previous packet: 0.000017000 seconds]
[Time since reference or first frame: 371.473964000 seconds]
Frame Number: 167353
Packet Length: 85 bytes
Capture Length: 85 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 (192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 71
Identification: 0xf3d3 (62419)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc530 [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 51
Checksum: 0x411b [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 171825]
Transaction ID: 0x48ae
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
157.2.225.61.in-addr.arpa: type PTR, class IN
Name: 157.2.225.61.in-addr.arpa
Type: PTR (Domain name pointer)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 47 f3 d3 00 00 80 11 c5 30 c0 a8 00 50 c0 a8 .G.......0...P..
0020 00 01 04 9c 00 35 00 33 41 1b 48 ae 01 00 00 01 .....5.3A.H.....
0030 00 00 00 00 00 00 03 31 35 37 01 32 03 32 32 35 .......157.2.225
0040 02 36 31 07 69 6e 2d 61 64 64 72 04 61 72 70 61 .61.in-addr.arpa
0050 00 00 0c 00 01 .....
No. Time Source Destination Protocol Info
167354 371.473980 192.168.0.80 192.168.0.1 DNS Standard query PTR 132.28.121.87.in-addr.arpa
Frame 167354 (86 bytes on wire, 86 bytes captured)
Arrival Time: Jan 12, 2008 21:31:17.464423000
[Time delta from previous packet: 0.000016000 seconds]
[Time since reference or first frame: 371.473980000 seconds]
Frame Number: 167354
Packet Length: 86 bytes
Capture Length: 86 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 192.168.0.116 (00:1b:fc:de:30:34), Dst: D-Link_14:f0:88 (00:13:46:14:f0:88)
Destination: D-Link_14:f0:88 (00:13:46:14:f0:88)
Address: D-Link_14:f0:88 (00:13:46:14:f0:88)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 192.168.0.116 (00:1b:fc:de:30:34)
Address: 192.168.0.116 (00:1b:fc:de:30:34)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.80 ( 192.168.0.80), Dst: 192.168.0.1 (192.168.0.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 72
Identification: 0xf3d4 (62420)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xc52e [correct]
[Good: True]
[Bad : False]
Source: 192.168.0.80 (192.168.0.80)
Destination: 192.168.0.1 (192.168.0.1)
User Datagram Protocol, Src Port: 1180 (1180), Dst Port: domain (53)
Source port: 1180 (1180)
Destination port: domain (53)
Length: 52
Checksum: 0x1113 [correct]
[Good Checksum: True]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 171790]
Transaction ID: 0x48af
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
132.28.121.87.in-addr.arpa: type PTR, class IN
Name: 132.28.121.87.in-addr.arpa
Type: PTR (Domain name pointer)
Class: IN (0x0001)
0000 00 13 46 14 f0 88 00 1b fc de 30 34 08 00 45 00 ..F.......04..E.
0010 00 48 f3 d4 00 00 80 11 c5 2e c0 a8 00 50 c0 a8 .H...........P..
0020 00 01 04 9c 00 35 00 34 11 13 48 af 01 00 00 01 .....5.4..H.....
0030 00 00 00 00 00 00 03 31 33 32 02 32 38 03 31 32 .......132.28.12
0040 31 02 38 37 07 69 6e 2d 61 64 64 72 04 61 72 70 1.87.in-addr.arp
0050 61 00 00 0c 00 01 a.....
- Follow-Ups:
- Re: [Wireshark-users] LLC Sub-Layer Management
- From: Guy Harris
- Re: [Wireshark-users] LLC Sub-Layer Management
- Prev by Date: Re: [Wireshark-users] Real Hub in stores?
- Next by Date: Re: [Wireshark-users] LLC Sub-Layer Management
- Previous by thread: Re: [Wireshark-users] LLC Sub-Layer Management
- Next by thread: Re: [Wireshark-users] LLC Sub-Layer Management
- Index(es):