ACID report: 04-02-02
Sorted by time
To: toot@sparky.finchhaven.net
Subject: ACID Incident Report
From: ACID Alert
Generated by ACID v0.9.6b21 on Thu April 04, 2002 06:12:07
------------------------------------------------------------------------------
#(19 - 1) [2002-04-02 06:57:20] UDP to 137 netBIOS ns
IPv4: 12.82.142.54 -> 12.82.142.90
hlen=5 TOS=0 dlen=78 ID=61449 flags=0 offset=0 TTL=127 chksum=5729
UDP: port=1059 -> dport: 137 len=58
Payload: length = 50
000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41 .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(19 - 2) [2002-04-02 07:51:18] TCP to 27374 SubSeven
IPv4: 200.28.185.115 -> 12.82.142.90
hlen=5 TOS=0 dlen=48 ID=19221 flags=0 offset=0 TTL=111 chksum=42102
TCP: port=3365 -> dport: 27374 flags=******S* seq=685290144
ack=0 off=7 res=0 win=2144 urp=0 chksum=3731
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(19 - 3) [2002-04-02 07:51:21] TCP to 27374 SubSeven
IPv4: 200.28.185.115 -> 12.82.142.90
hlen=5 TOS=0 dlen=48 ID=19288 flags=0 offset=0 TTL=111 chksum=42035
TCP: port=3365 -> dport: 27374 flags=******S* seq=685290144
ack=0 off=7 res=0 win=2144 urp=0 chksum=3731
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(19 - 4) [2002-04-02 07:51:27] TCP to 27374 SubSeven
IPv4: 200.28.185.115 -> 12.82.142.90
hlen=5 TOS=0 dlen=48 ID=19419 flags=0 offset=0 TTL=111 chksum=41904
TCP: port=3365 -> dport: 27374 flags=******S* seq=685290144
ack=0 off=7 res=0 win=2144 urp=0 chksum=3731
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(19 - 5) [2002-04-02 08:28:08] Potential CodeRed/Nimda probe
IPv4: 12.82.251.185 -> 12.82.142.90
hlen=5 TOS=0 dlen=48 ID=43085 flags=0 offset=0 TTL=117 chksum=47810
TCP: port=3182 -> dport: 80 flags=******S* seq=348374486
ack=0 off=7 res=0 win=8760 urp=0 chksum=54999
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(19 - 6) [2002-04-02 08:28:11] Potential CodeRed/Nimda probe
IPv4: 12.82.251.185 -> 12.82.142.90
hlen=5 TOS=0 dlen=48 ID=43379 flags=0 offset=0 TTL=117 chksum=47516
TCP: port=3182 -> dport: 80 flags=******S* seq=348374486
ack=0 off=7 res=0 win=8760 urp=0 chksum=54999
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(19 - 7) [2002-04-02 09:02:51] TCP to 21 ftp
IPv4: 203.204.23.75 -> 12.82.142.90
hlen=5 TOS=0 dlen=60 ID=10958 flags=0 offset=0 TTL=44 chksum=42538
TCP: port=4771 -> dport: 21 flags=******S* seq=2895005941
ack=0 off=10 res=0 win=31944 urp=0 chksum=1011
Options:
#1 - MSS len=4 data=0584
#2 - SACKOK len=0
#3 - TS len=10 data=35430C3900000000
#4 - NOP len=0
#5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
#(19 - 8) [2002-04-02 09:02:54] TCP to 21 ftp
IPv4: 203.204.23.75 -> 12.82.142.90
hlen=5 TOS=0 dlen=60 ID=11243 flags=0 offset=0 TTL=44 chksum=42253
TCP: port=4771 -> dport: 21 flags=******S* seq=2895005941
ack=0 off=10 res=0 win=31944 urp=0 chksum=711
Options:
#1 - MSS len=4 data=0584
#2 - SACKOK len=0
#3 - TS len=10 data=35430D6500000000
#4 - NOP len=0
#5 - WS len=3 data=00
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(19 - 9) [2002-04-02 09:11:51] TCP to 27374 SubSeven
IPv4: 62.11.12.160 -> 12.82.142.90
hlen=5 TOS=0 dlen=48 ID=60580 flags=0 offset=0 TTL=115 chksum=13772
TCP: port=4196 -> dport: 27374 flags=******S* seq=1639761193
ack=0 off=7 res=0 win=8760 urp=0 chksum=56563
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(19 - 10) [2002-04-02 09:11:54] TCP to 27374 SubSeven
IPv4: 62.11.12.160 -> 12.82.142.90
hlen=5 TOS=0 dlen=48 ID=60642 flags=0 offset=0 TTL=115 chksum=13710
TCP: port=4196 -> dport: 27374 flags=******S* seq=1639761193
ack=0 off=7 res=0 win=8760 urp=0 chksum=56563
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(19 - 11) [2002-04-02 09:12:02] TCP to 27374 SubSeven
IPv4: 62.11.12.160 -> 12.82.142.90
hlen=5 TOS=0 dlen=48 ID=60755 flags=0 offset=0 TTL=115 chksum=13597
TCP: port=4196 -> dport: 27374 flags=******S* seq=1639761193
ack=0 off=7 res=0 win=8760 urp=0 chksum=56563
Options:
#1 - MSS len=4 data=0218
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(19 - 12) [2002-04-02 09:48:36] Potential CodeRed/Nimda probe
IPv4: 12.82.130.54 -> 12.82.142.90
hlen=5 TOS=0 dlen=48 ID=14537 flags=0 offset=0 TTL=125 chksum=39882
TCP: port=2006 -> dport: 80 flags=******S* seq=749869028
ack=0 off=7 res=0 win=16384 urp=0 chksum=52526
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(19 - 13) [2002-04-02 09:48:39] Potential CodeRed/Nimda probe
IPv4: 12.82.130.54 -> 12.82.142.90
hlen=5 TOS=0 dlen=48 ID=14839 flags=0 offset=0 TTL=125 chksum=39580
TCP: port=2006 -> dport: 80 flags=******S* seq=749869028
ack=0 off=7 res=0 win=16384 urp=0 chksum=52526
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(19 - 14) [2002-04-02 10:03:31] UDP to 137 netBIOS ns
IPv4: 216.122.111.229 -> 12.82.142.90
hlen=5 TOS=0 dlen=78 ID=11431 flags=0 offset=0 TTL=113 chksum=14828
UDP: port=137 -> dport: 137 len=58
Payload: length = 50
000 : C2 9D 00 00 00 01 00 00 00 00 00 00 20 43 4B 41 ............ CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
#(19 - 15) [2002-04-02 10:03:32] UDP to 137 netBIOS ns
IPv4: 216.122.111.229 -> 12.82.142.90
hlen=5 TOS=0 dlen=78 ID=11712 flags=0 offset=0 TTL=114 chksum=14291
UDP: port=137 -> dport: 137 len=58
Payload: length = 50
000 : C3 A3 00 00 00 01 00 00 00 00 00 00 20 43 4B 41 ............ CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
#(19 - 16) [2002-04-02 10:03:34] UDP to 137 netBIOS ns
IPv4: 216.122.111.229 -> 12.82.142.90
hlen=5 TOS=0 dlen=78 ID=11992 flags=0 offset=0 TTL=114 chksum=14011
UDP: port=137 -> dport: 137 len=58
Payload: length = 50
000 : C4 A7 00 00 00 01 00 00 00 00 00 00 20 43 4B 41 ............ CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(19 - 17) [2002-04-02 10:34:24] Potential CodeRed/Nimda probe
IPv4: 12.82.130.54 -> 12.82.142.90
hlen=5 TOS=0 dlen=48 ID=15064 flags=0 offset=0 TTL=125 chksum=39355
TCP: port=2280 -> dport: 80 flags=******S* seq=2624555313
ack=0 off=7 res=0 win=16384 urp=0 chksum=60177
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(19 - 18) [2002-04-02 10:34:27] Potential CodeRed/Nimda probe
IPv4: 12.82.130.54 -> 12.82.142.90
hlen=5 TOS=0 dlen=48 ID=15308 flags=0 offset=0 TTL=125 chksum=39111
TCP: port=2280 -> dport: 80 flags=******S* seq=2624555313
ack=0 off=7 res=0 win=16384 urp=0 chksum=60177
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(19 - 19) [2002-04-02 12:02:46] UDP to 137 netBIOS ns
IPv4: 204.146.163.205 -> 12.82.142.90
hlen=5 TOS=0 dlen=78 ID=26268 flags=0 offset=0 TTL=119 chksum=53750
UDP: port=137 -> dport: 137 len=58
Payload: length = 50
000 : C9 70 00 00 00 01 00 00 00 00 00 00 20 43 4B 41 .p.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
#(19 - 20) [2002-04-02 12:02:47] UDP to 137 netBIOS ns
IPv4: 204.146.163.205 -> 12.82.142.90
hlen=5 TOS=0 dlen=78 ID=26424 flags=0 offset=0 TTL=119 chksum=53594
UDP: port=137 -> dport: 137 len=58
Payload: length = 50
000 : C9 94 00 00 00 01 00 00 00 00 00 00 20 43 4B 41 ............ CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
#(19 - 21) [2002-04-02 12:02:49] UDP to 137 netBIOS ns
IPv4: 204.146.163.205 -> 12.82.142.90
hlen=5 TOS=0 dlen=78 ID=26591 flags=0 offset=0 TTL=119 chksum=53427
UDP: port=137 -> dport: 137 len=58
Payload: length = 50
000 : C9 C0 00 00 00 01 00 00 00 00 00 00 20 43 4B 41 ............ CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(19 - 22) [2002-04-02 12:17:44] Potential CodeRed/Nimda probe
IPv4: 208.176.24.225 -> 12.82.142.90
hlen=5 TOS=0 dlen=48 ID=64003 flags=0 offset=0 TTL=115 chksum=35206
TCP: port=31718 -> dport: 80 flags=******S* seq=1354961068
ack=0 off=7 res=0 win=16384 urp=0 chksum=57659
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(19 - 23) [2002-04-02 12:17:47] Potential CodeRed/Nimda probe
IPv4: 208.176.24.225 -> 12.82.142.90
hlen=5 TOS=0 dlen=48 ID=64395 flags=0 offset=0 TTL=115 chksum=34814
TCP: port=31718 -> dport: 80 flags=******S* seq=1354961068
ack=0 off=7 res=0 win=16384 urp=0 chksum=57659
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(19 - 24) [2002-04-02 12:47:53] Potential CodeRed/Nimda probe
IPv4: 12.82.130.54 -> 12.82.142.90
hlen=5 TOS=0 dlen=48 ID=53064 flags=0 offset=0 TTL=125 chksum=1355
TCP: port=3949 -> dport: 80 flags=******S* seq=3194896161
ack=0 off=7 res=0 win=16384 urp=0 chksum=3230
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(19 - 25) [2002-04-02 12:47:56] Potential CodeRed/Nimda probe
IPv4: 12.82.130.54 -> 12.82.142.90
hlen=5 TOS=0 dlen=48 ID=53340 flags=0 offset=0 TTL=125 chksum=1079
TCP: port=3949 -> dport: 80 flags=******S* seq=3194896161
ack=0 off=7 res=0 win=16384 urp=0 chksum=3230
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 1) [2002-04-02 14:15:30] Potential CodeRed/Nimda probe
IPv4: 12.82.130.54 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=36277 flags=0 offset=0 TTL=125 chksum=21698
TCP: port=2419 -> dport: 80 flags=******S* seq=1955067133
ack=0 off=7 res=0 win=16384 urp=0 chksum=46214
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 2) [2002-04-02 14:15:33] Potential CodeRed/Nimda probe
IPv4: 12.82.130.54 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=36549 flags=0 offset=0 TTL=125 chksum=21426
TCP: port=2419 -> dport: 80 flags=******S* seq=1955067133
ack=0 off=7 res=0 win=16384 urp=0 chksum=46214
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 3) [2002-04-02 14:42:23] Potential CodeRed/Nimda probe
IPv4: 12.75.134.213 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=34583 flags=0 offset=0 TTL=119 chksum=23752
TCP: port=3948 -> dport: 80 flags=******S* seq=3785635137
ack=0 off=7 res=0 win=16384 urp=0 chksum=64660
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 4) [2002-04-02 14:42:26] Potential CodeRed/Nimda probe
IPv4: 12.75.134.213 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=34879 flags=0 offset=0 TTL=119 chksum=23456
TCP: port=3948 -> dport: 80 flags=******S* seq=3785635137
ack=0 off=7 res=0 win=16384 urp=0 chksum=64660
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 5) [2002-04-02 14:47:05] ICMP echo request
IPv4: 140.212.201.25 -> 12.82.128.118
hlen=5 TOS=0 dlen=1500 ID=56304 flags=0 offset=0 TTL=243 chksum=50041
ICMP: type=Echo Request code=0
checksum=63487 id=0 seq=0
Payload: length = 1472
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
040 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
060 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
070 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
080 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
090 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
100 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
110 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
120 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
130 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
140 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
150 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
160 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
170 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
180 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
190 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
200 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
210 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
220 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
230 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
240 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
250 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
290 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
300 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
310 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
320 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
330 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
340 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
350 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
360 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
370 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
380 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
590 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
5a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
5b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
------------------------------------------------------------------------------
#(20 - 6) [2002-04-02 14:47:48] ICMP echo request
IPv4: 140.212.201.25 -> 12.82.128.118
hlen=5 TOS=0 dlen=1500 ID=56620 flags=0 offset=0 TTL=243 chksum=49725
ICMP: type=Echo Request code=0
checksum=63485 id=0 seq=2
Payload: length = 1472
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
040 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
060 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
070 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
080 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
090 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
100 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
110 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
120 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
130 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
140 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
150 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
160 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
170 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
180 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
190 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
200 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
210 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
220 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
230 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
240 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
250 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
290 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
300 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
310 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
320 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
330 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
340 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
350 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
360 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
370 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
380 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
590 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
5a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
5b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
------------------------------------------------------------------------------
#(20 - 7) [2002-04-02 15:00:29] ICMP echo request
IPv4: 140.212.204.25 -> 12.82.128.118
hlen=5 TOS=0 dlen=1500 ID=60916 flags=0 offset=0 TTL=244 chksum=44405
ICMP: type=Echo Request code=0
checksum=63487 id=0 seq=0
Payload: length = 1472
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
040 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
060 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
070 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
080 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
090 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
100 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
110 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
120 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
130 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
140 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
150 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
160 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
170 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
180 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
190 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
200 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
210 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
220 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
230 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
240 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
250 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
290 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
300 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
310 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
320 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
330 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
340 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
350 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
360 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
370 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
380 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
590 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
5a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
5b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
------------------------------------------------------------------------------
#(20 - 8) [2002-04-02 15:01:06] ICMP echo request
IPv4: 140.212.204.25 -> 12.82.128.118
hlen=5 TOS=0 dlen=1500 ID=61437 flags=0 offset=0 TTL=244 chksum=43884
ICMP: type=Echo Request code=0
checksum=63485 id=0 seq=2
Payload: length = 1472
000 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
040 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
060 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
070 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
080 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
090 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
100 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
110 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
120 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
130 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
140 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
150 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
160 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
170 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
180 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
190 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
1f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
200 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
210 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
220 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
230 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
240 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
250 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
260 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
270 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
280 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
290 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
2f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
300 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
310 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
320 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
330 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
340 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
350 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
360 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
370 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
380 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
390 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
3f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
400 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
410 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
420 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
430 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
440 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
450 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
460 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
470 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
480 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
490 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4c0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4d0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4e0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
4f0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
500 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
510 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
520 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
530 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
540 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
550 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
560 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
570 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
580 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
590 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
5a0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
5b0 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 9) [2002-04-02 15:18:04] Potential CodeRed/Nimda probe
IPv4: 12.82.130.54 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=5155 flags=0 offset=0 TTL=125 chksum=52820
TCP: port=1251 -> dport: 80 flags=******S* seq=1689936777
ack=0 off=7 res=0 win=16384 urp=0 chksum=23128
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 10) [2002-04-02 15:18:07] Potential CodeRed/Nimda probe
IPv4: 12.82.130.54 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=5398 flags=0 offset=0 TTL=125 chksum=52577
TCP: port=1251 -> dport: 80 flags=******S* seq=1689936777
ack=0 off=7 res=0 win=16384 urp=0 chksum=23128
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 11) [2002-04-02 15:29:22] Potential CodeRed/Nimda probe
IPv4: 12.82.130.54 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=4596 flags=0 offset=0 TTL=125 chksum=53379
TCP: port=3090 -> dport: 80 flags=******S* seq=3152994776
ack=0 off=7 res=0 win=16384 urp=0 chksum=32165
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 12) [2002-04-02 15:29:25] Potential CodeRed/Nimda probe
IPv4: 12.82.130.54 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=4875 flags=0 offset=0 TTL=125 chksum=53100
TCP: port=3090 -> dport: 80 flags=******S* seq=3152994776
ack=0 off=7 res=0 win=16384 urp=0 chksum=32165
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 13) [2002-04-02 16:13:00] Potential CodeRed/Nimda probe
IPv4: 12.82.136.91 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=64591 flags=0 offset=0 TTL=125 chksum=57346
TCP: port=2657 -> dport: 80 flags=******S* seq=4005269933
ack=0 off=7 res=0 win=8760 urp=0 chksum=46167
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 14) [2002-04-02 16:13:03] Potential CodeRed/Nimda probe
IPv4: 12.82.136.91 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=64849 flags=0 offset=0 TTL=125 chksum=57088
TCP: port=2657 -> dport: 80 flags=******S* seq=4005269933
ack=0 off=7 res=0 win=8760 urp=0 chksum=46167
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 15) [2002-04-02 16:15:57] Potential CodeRed/Nimda probe
IPv4: 12.82.158.69 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=58263 flags=0 offset=0 TTL=125 chksum=58064
TCP: port=3480 -> dport: 80 flags=******S* seq=3393201984
ack=0 off=7 res=0 win=5840 urp=0 chksum=13703
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 16) [2002-04-02 16:16:00] Potential CodeRed/Nimda probe
IPv4: 12.82.158.69 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=58511 flags=0 offset=0 TTL=125 chksum=57816
TCP: port=3480 -> dport: 80 flags=******S* seq=3393201984
ack=0 off=7 res=0 win=5840 urp=0 chksum=13703
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 17) [2002-04-02 17:03:52] Potential CodeRed/Nimda probe
IPv4: 12.82.137.138 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=9814 flags=0 offset=0 TTL=125 chksum=46285
TCP: port=2216 -> dport: 80 flags=******S* seq=2994345894
ack=0 off=7 res=0 win=8760 urp=0 chksum=27434
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 18) [2002-04-02 17:03:55] Potential CodeRed/Nimda probe
IPv4: 12.82.137.138 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=10044 flags=0 offset=0 TTL=125 chksum=46055
TCP: port=2216 -> dport: 80 flags=******S* seq=2994345894
ack=0 off=7 res=0 win=8760 urp=0 chksum=27434
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 19) [2002-04-02 17:42:59] Potential CodeRed/Nimda probe
IPv4: 12.82.137.138 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=58705 flags=0 offset=0 TTL=125 chksum=62929
TCP: port=3647 -> dport: 80 flags=******S* seq=3996853519
ack=0 off=7 res=0 win=8760 urp=0 chksum=7273
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 20) [2002-04-02 17:43:01] Potential CodeRed/Nimda probe
IPv4: 12.82.137.138 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=58971 flags=0 offset=0 TTL=125 chksum=62663
TCP: port=3647 -> dport: 80 flags=******S* seq=3996853519
ack=0 off=7 res=0 win=8760 urp=0 chksum=7273
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 21) [2002-04-02 17:48:13] TCP to 21 ftp
IPv4: 194.93.167.1 -> 12.82.128.118
hlen=5 TOS=0 dlen=40 ID=8004 flags=0 offset=0 TTL=108 chksum=14693
TCP: port=21 -> dport: 21 flags=******S* seq=447779054
ack=2108844124 off=5 res=0 win=25367 urp=0 chksum=50380
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 22) [2002-04-02 17:48:23] Potential CodeRed/Nimda probe
IPv4: 12.82.245.107 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=31443 flags=0 offset=0 TTL=117 chksum=64622
TCP: port=1720 -> dport: 80 flags=******S* seq=4041105192
ack=0 off=7 res=0 win=8760 urp=0 chksum=31570
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 23) [2002-04-02 17:48:26] Potential CodeRed/Nimda probe
IPv4: 12.82.245.107 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=31760 flags=0 offset=0 TTL=117 chksum=64305
TCP: port=1720 -> dport: 80 flags=******S* seq=4041105192
ack=0 off=7 res=0 win=8760 urp=0 chksum=31570
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 24) [2002-04-02 18:04:16] Potential CodeRed/Nimda probe
IPv4: 12.82.245.107 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=32944 flags=0 offset=0 TTL=117 chksum=63121
TCP: port=3720 -> dport: 80 flags=******S* seq=1917029137
ack=0 off=7 res=0 win=8760 urp=0 chksum=50740
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 25) [2002-04-02 18:04:19] Potential CodeRed/Nimda probe
IPv4: 12.82.245.107 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=33212 flags=0 offset=0 TTL=117 chksum=62853
TCP: port=3720 -> dport: 80 flags=******S* seq=1917029137
ack=0 off=7 res=0 win=8760 urp=9216 chksum=41524
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 26) [2002-04-02 18:08:38] UDP to 137 netBIOS ns
IPv4: 12.82.128.11 -> 12.82.128.118
hlen=5 TOS=0 dlen=78 ID=58899 flags=0 offset=0 TTL=127 chksum=15462
UDP: port=1032 -> dport: 137 len=58
Payload: length = 50
000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41 .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 27) [2002-04-02 18:09:54] Potential CodeRed/Nimda probe
IPv4: 12.82.245.107 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=9273 flags=0 offset=0 TTL=117 chksum=21257
TCP: port=2043 -> dport: 80 flags=******S* seq=2653597998
ack=0 off=7 res=0 win=8760 urp=0 chksum=31421
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 28) [2002-04-02 18:09:56] Potential CodeRed/Nimda probe
IPv4: 12.82.245.107 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=9537 flags=0 offset=0 TTL=117 chksum=20993
TCP: port=2043 -> dport: 80 flags=******S* seq=2653597998
ack=0 off=7 res=0 win=8760 urp=0 chksum=31421
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 33) [2002-04-02 18:15:57] UDP to 137 netBIOS ns
IPv4: 203.91.74.31 -> 12.82.128.118
hlen=5 TOS=0 dlen=78 ID=39452 flags=0 offset=0 TTL=107 chksum=4928
UDP: port=1449 -> dport: 137 len=58
Payload: length = 50
000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41 .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
#(20 - 34) [2002-04-02 18:37:03] UDP to 137 netBIOS ns
IPv4: 203.221.55.25 -> 12.82.128.118
hlen=5 TOS=0 dlen=78 ID=16098 flags=0 offset=0 TTL=108 chksum=32766
UDP: port=1204 -> dport: 137 len=58
Payload: length = 50
000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41 .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 35) [2002-04-02 18:43:22] Potential CodeRed/Nimda probe
IPv4: 12.82.140.193 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=26371 flags=0 offset=0 TTL=125 chksum=28905
TCP: port=2003 -> dport: 80 flags=******S* seq=2419791761
ack=0 off=7 res=0 win=16384 urp=0 chksum=27988
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 36) [2002-04-02 18:43:25] Potential CodeRed/Nimda probe
IPv4: 12.82.140.193 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=26642 flags=0 offset=0 TTL=125 chksum=28634
TCP: port=2003 -> dport: 80 flags=******S* seq=2419791761
ack=0 off=7 res=0 win=16384 urp=0 chksum=27988
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 44) [2002-04-02 18:58:13] UDP to 137 netBIOS ns
IPv4: 149.99.116.134 -> 12.82.128.118
hlen=5 TOS=0 dlen=78 ID=57403 flags=0 offset=0 TTL=111 chksum=54449
UDP: port=1044 -> dport: 137 len=58
Payload: length = 50
000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41 .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 45) [2002-04-02 18:59:51] TCP to 139 netBIOS ss
IPv4: 194.65.158.24 -> 12.82.128.118
hlen=5 TOS=0 dlen=44 ID=24226 flags=0 offset=0 TTL=111 chksum=49159
TCP: port=2049 -> dport: 139 flags=******S* seq=736751198
ack=0 off=6 res=0 win=8192 urp=0 chksum=26672
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(20 - 46) [2002-04-02 18:59:55] TCP to 139 netBIOS ss
IPv4: 194.65.158.24 -> 12.82.128.118
hlen=5 TOS=0 dlen=44 ID=37282 flags=0 offset=0 TTL=111 chksum=36103
TCP: port=2049 -> dport: 139 flags=******S* seq=736751198
ack=0 off=6 res=0 win=8192 urp=0 chksum=26672
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(20 - 47) [2002-04-02 19:00:01] TCP to 139 netBIOS ss
IPv4: 194.65.158.24 -> 12.82.128.118
hlen=5 TOS=0 dlen=44 ID=5539 flags=0 offset=0 TTL=111 chksum=2311
TCP: port=2049 -> dport: 139 flags=******S* seq=736751198
ack=0 off=6 res=0 win=8192 urp=0 chksum=26672
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
#(20 - 48) [2002-04-02 19:00:14] TCP to 139 netBIOS ss
IPv4: 194.65.158.24 -> 12.82.128.118
hlen=5 TOS=0 dlen=44 ID=41891 flags=0 offset=0 TTL=111 chksum=31494
TCP: port=2049 -> dport: 139 flags=******S* seq=736751198
ack=0 off=6 res=0 win=8192 urp=0 chksum=26672
Options:
#1 - MSS len=4 data=05B4
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 49) [2002-04-02 19:11:00] UDP to 137 netBIOS ns
IPv4: 80.192.221.79 -> 12.82.128.118
hlen=5 TOS=0 dlen=78 ID=13192 flags=0 offset=0 TTL=109 chksum=24383
UDP: port=1026 -> dport: 137 len=58
Payload: length = 50
000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41 .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 50) [2002-04-02 19:28:15] TCP to 27374 SubSeven
IPv4: 172.136.246.92 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=7266 flags=0 offset=0 TTL=107 chksum=50104
TCP: port=1469 -> dport: 27374 flags=******S* seq=827282703
ack=0 off=7 res=0 win=8760 urp=0 chksum=14924
Options:
#1 - MSS len=4 data=0598
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 51) [2002-04-02 19:28:18] TCP to 27374 SubSeven
IPv4: 172.136.246.92 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=7400 flags=0 offset=0 TTL=107 chksum=49970
TCP: port=1469 -> dport: 27374 flags=******S* seq=827282703
ack=0 off=7 res=0 win=8760 urp=0 chksum=14924
Options:
#1 - MSS len=4 data=0598
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 52) [2002-04-02 19:28:24] TCP to 27374 SubSeven
IPv4: 172.136.246.92 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=7664 flags=0 offset=0 TTL=107 chksum=49706
TCP: port=1469 -> dport: 27374 flags=******S* seq=827282703
ack=0 off=7 res=0 win=8760 urp=0 chksum=14924
Options:
#1 - MSS len=4 data=0598
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 55) [2002-04-02 19:43:07] Potential CodeRed/Nimda probe
IPv4: 12.82.151.64 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=55442 flags=0 offset=0 TTL=125 chksum=62682
TCP: port=4731 -> dport: 80 flags=******S* seq=2771387904
ack=0 off=7 res=0 win=16384 urp=0 chksum=21705
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 56) [2002-04-02 19:43:10] Potential CodeRed/Nimda probe
IPv4: 12.82.151.64 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=55750 flags=0 offset=0 TTL=125 chksum=62374
TCP: port=4731 -> dport: 80 flags=******S* seq=2771387904
ack=0 off=7 res=0 win=16384 urp=0 chksum=21705
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 57) [2002-04-02 19:44:10] UDP to 137 netBIOS ns
IPv4: 200.52.6.241 -> 12.82.128.118
hlen=5 TOS=0 dlen=78 ID=19741 flags=0 offset=0 TTL=110 chksum=41876
UDP: port=1029 -> dport: 137 len=58
Payload: length = 50
000 : 00 7B 00 10 00 01 00 00 00 00 00 00 20 43 4B 41 .{.......... CKA
010 : 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
020 : 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA..!
030 : 00 01 ..
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 58) [2002-04-02 19:57:56] Potential CodeRed/Nimda probe
IPv4: 12.82.151.64 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=15678 flags=0 offset=0 TTL=125 chksum=36911
TCP: port=4730 -> dport: 80 flags=******S* seq=562884145
ack=0 off=7 res=0 win=16384 urp=0 chksum=61500
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 59) [2002-04-02 19:57:59] Potential CodeRed/Nimda probe
IPv4: 12.82.151.64 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=15892 flags=0 offset=0 TTL=125 chksum=36697
TCP: port=4730 -> dport: 80 flags=******S* seq=562884145
ack=0 off=7 res=0 win=16384 urp=0 chksum=61500
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 60) [2002-04-02 20:14:13] Potential CodeRed/Nimda probe
IPv4: 12.82.67.49 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=11680 flags=0 offset=0 TTL=119 chksum=63964
TCP: port=1825 -> dport: 80 flags=******S* seq=1424495439
ack=0 off=7 res=0 win=8760 urp=0 chksum=5364
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 61) [2002-04-02 20:14:16] Potential CodeRed/Nimda probe
IPv4: 12.82.67.49 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=11947 flags=0 offset=0 TTL=119 chksum=63697
TCP: port=1825 -> dport: 80 flags=******S* seq=1424495439
ack=0 off=7 res=0 win=8760 urp=0 chksum=5364
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 62) [2002-04-02 20:19:44] Potential CodeRed/Nimda probe
IPv4: 12.82.77.30 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=28417 flags=0 offset=0 TTL=119 chksum=44686
TCP: port=1191 -> dport: 80 flags=******S* seq=3162729776
ack=0 off=7 res=0 win=8760 urp=0 chksum=19460
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 63) [2002-04-02 20:19:47] Potential CodeRed/Nimda probe
IPv4: 12.82.77.30 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=28680 flags=0 offset=0 TTL=119 chksum=44423
TCP: port=1191 -> dport: 80 flags=******S* seq=3162729776
ack=0 off=7 res=0 win=8760 urp=0 chksum=19460
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 64) [2002-04-02 20:21:41] Potential CodeRed/Nimda probe
IPv4: 12.82.77.30 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=38982 flags=0 offset=0 TTL=119 chksum=34121
TCP: port=1811 -> dport: 80 flags=******S* seq=3418908413
ack=0 off=7 res=0 win=8760 urp=0 chksum=16518
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 65) [2002-04-02 20:21:43] Potential CodeRed/Nimda probe
IPv4: 12.82.77.30 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=39304 flags=0 offset=0 TTL=119 chksum=33799
TCP: port=1811 -> dport: 80 flags=******S* seq=3418908413
ack=0 off=7 res=0 win=8760 urp=0 chksum=16518
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 66) [2002-04-02 20:26:57] TCP to 27374 SubSeven
IPv4: 172.172.193.165 -> 12.82.128.118
hlen=5 TOS=0 dlen=44 ID=2073 flags=0 offset=0 TTL=42 chksum=36249
TCP: port=4119 -> dport: 27374 flags=******S* seq=82475461
ack=0 off=6 res=0 win=4824 urp=0 chksum=37129
Options:
#1 - MSS len=4 data=052A
Payload: none
------------------------------------------------------------------------------
#(20 - 67) [2002-04-02 20:27:00] TCP to 27374 SubSeven
IPv4: 172.172.193.165 -> 12.82.128.118
hlen=5 TOS=0 dlen=44 ID=2134 flags=0 offset=0 TTL=42 chksum=36188
TCP: port=4119 -> dport: 27374 flags=******S* seq=82475461
ack=0 off=6 res=0 win=4824 urp=0 chksum=37129
Options:
#1 - MSS len=4 data=052A
Payload: none
------------------------------------------------------------------------------
#(20 - 68) [2002-04-02 20:27:06] TCP to 27374 SubSeven
IPv4: 172.172.193.165 -> 12.82.128.118
hlen=5 TOS=0 dlen=44 ID=2264 flags=0 offset=0 TTL=42 chksum=36058
TCP: port=4119 -> dport: 27374 flags=******S* seq=82475461
ack=0 off=6 res=0 win=4824 urp=0 chksum=37129
Options:
#1 - MSS len=4 data=052A
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 69) [2002-04-02 20:53:27] Potential CodeRed/Nimda probe
IPv4: 12.82.77.30 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=25433 flags=0 offset=0 TTL=119 chksum=47670
TCP: port=2230 -> dport: 80 flags=******S* seq=3363143414
ack=0 off=7 res=0 win=8760 urp=0 chksum=10813
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 70) [2002-04-02 20:53:30] Potential CodeRed/Nimda probe
IPv4: 12.82.77.30 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=25784 flags=0 offset=0 TTL=119 chksum=47319
TCP: port=2230 -> dport: 80 flags=******S* seq=3363143414
ack=0 off=7 res=0 win=8760 urp=0 chksum=10813
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 71) [2002-04-02 21:00:46] Potential CodeRed/Nimda probe
IPv4: 12.82.140.193 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=24364 flags=0 offset=0 TTL=125 chksum=30912
TCP: port=4575 -> dport: 80 flags=******S* seq=3421694183
ack=0 off=7 res=0 win=16384 urp=0 chksum=22074
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 72) [2002-04-02 21:00:49] Potential CodeRed/Nimda probe
IPv4: 12.82.140.193 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=24610 flags=0 offset=0 TTL=125 chksum=30666
TCP: port=4575 -> dport: 80 flags=******S* seq=3421694183
ack=0 off=7 res=0 win=16384 urp=0 chksum=22074
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 73) [2002-04-02 21:02:44] Potential CodeRed/Nimda probe
IPv4: 12.82.77.30 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=13331 flags=0 offset=0 TTL=119 chksum=59772
TCP: port=1703 -> dport: 80 flags=******S* seq=358995959
ack=0 off=7 res=0 win=8760 urp=0 chksum=34395
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 74) [2002-04-02 21:02:47] Potential CodeRed/Nimda probe
IPv4: 12.82.77.30 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=13602 flags=0 offset=0 TTL=119 chksum=59501
TCP: port=1703 -> dport: 80 flags=******S* seq=358995959
ack=0 off=7 res=0 win=8760 urp=0 chksum=34395
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 75) [2002-04-02 21:18:25] Potential CodeRed/Nimda probe
IPv4: 12.82.140.193 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=61200 flags=0 offset=0 TTL=125 chksum=59611
TCP: port=2777 -> dport: 80 flags=******S* seq=1466837627
ack=0 off=7 res=0 win=16384 urp=0 chksum=36913
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 76) [2002-04-02 21:18:28] Potential CodeRed/Nimda probe
IPv4: 12.82.140.193 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=61468 flags=0 offset=0 TTL=125 chksum=59343
TCP: port=2777 -> dport: 80 flags=******S* seq=1466837627
ack=0 off=7 res=0 win=16384 urp=0 chksum=36913
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
------------------------------------------------------------------------------
#(20 - 77) [2002-04-02 21:23:39] TCP to 27374 SubSeven
IPv4: 172.169.74.119 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=57226 flags=0 offset=0 TTL=106 chksum=44372
TCP: port=1124 -> dport: 27374 flags=******S* seq=3517608
ack=0 off=7 res=0 win=8192 urp=0 chksum=49926
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 78) [2002-04-02 21:23:42] TCP to 27374 SubSeven
IPv4: 172.169.74.119 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=4747 flags=0 offset=0 TTL=106 chksum=31316
TCP: port=1124 -> dport: 27374 flags=******S* seq=3517608
ack=0 off=7 res=0 win=8192 urp=0 chksum=49926
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 79) [2002-04-02 21:23:48] TCP to 27374 SubSeven
IPv4: 172.169.74.119 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=31115 flags=0 offset=0 TTL=106 chksum=4948
TCP: port=1124 -> dport: 27374 flags=******S* seq=3517608
ack=0 off=7 res=0 win=8192 urp=0 chksum=49926
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
#(20 - 80) [2002-04-02 21:24:01] TCP to 27374 SubSeven
IPv4: 172.169.74.119 -> 12.82.128.118
hlen=5 TOS=0 dlen=48 ID=22156 flags=0 offset=0 TTL=106 chksum=13907
TCP: port=1124 -> dport: 27374 flags=******S* seq=3517608
ack=0 off=7 res=0 win=8192 urp=0 chksum=49926
Options:
#1 - MSS len=4 data=05B4
#2 - NOP len=0
#3 - NOP len=0
#4 - SACKOK len=0
Payload: none
------------------------------------------------------------------------------
jsage@finchhaven.com
Last modified: Thu Apr 4 19:06:51 2002