http://staff.washington.edu/dittrich/misc/stacheldraht.analysis You can see the ECHO REPLY packet containing the passphrase of "sicken" -KL -----Original Message----- From: Robert Buckley [mailto:rbuckleyat_private] Sent: Wednesday, May 29, 2002 11:15 AM To: incidentsat_private Subject: New Stacheldraht? Hello all, SHADOW (Secondary Heuristic Analyses for Defensive Online Warfare) picked up what appears to stacheldraht. However the arachnids DB, keeps pointing to an icmp id 666. This is not the case, though some of the payload appears to be stacheldraht. Is there some new and improved stacheldraht around, or did I mis-diagnose this attack? From what I understand, trinoo uses udp for communications, TFN uses icmp, and stacheldraht uses tcp. I believe that stacheldraht code was based off TFN orginally. Can anyone give some insight to a proper diagnoses here? Thanx. Some Stats: Source: Spoofed our own external network range. Dest: 10.0.0.1 - non-existant host - possible router target for translated network Proto: 100 % ICMP Duration: 1 minute Signature: spoofworks Diagnoses: Stacheldraht 06:53:31.383133 xxx.xxx.xxx.219 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 208, id 36441, len 48) 0x0000 4500 0030 8e59 0000 d001 d5a4 cff2 acdb E..0.Y.......... 0x0010 0a00 0001 0845 2457 209b ba10 0000 0000 .....E$W........ 0x0020 5018 1e8d 6f75 0000 0000 0000 0000 0000 P...ou.......... 06:53:31.383449 xxx.xxx.xxx.220 > 10.0.0.1: icmp: host 0.0.0.0 unreachable - admin prohibited (wrong icmp csum) (ttl 246, id 20967, len 48) 0x0000 4500 0030 51e7 0000 f601 ec15 cff2 acdc E..0Q........... 0x0010 0a00 0001 030a 2457 209b ba10 0000 0000 ......$W........ 0x0020 5018 1e8d 6f75 0000 0000 0000 0000 0000 P...ou.......... 06:53:31.384069 xxx.xxx.xxx.220 > 10.0.0.1: icmp: ip reassembly time exceeded (wrong icmp csum) (ttl 200, id 48005, len 48) 0x0000 4500 0030 bb85 0000 c801 b077 cff2 acdc E..0.......w.... 0x0010 0a00 0001 0b01 0000 0000 0000 0000 0000 ................ 0x0020 5018 1e8d 6f75 0000 0000 0000 0000 0000 P...ou.......... 06:53:31.390306 xxx.xxx.xxx.221 > 10.0.0.1: icmp: type-#20 (wrong icmp csum) (ttl 233, id 2044, len 48) 0x0000 4500 0030 07fc 0000 e901 4300 cff2 acdd E..0......C..... 0x0010 0a00 0001 14d0 745d 1192 b5e2 0a00 0001 ......t]........ 0x0020 5018 4035 23d9 0000 0000 0000 0000 0000 P.@5#........... 06:53:31.392159 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.222 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 247, id 14614, len 180) 0x0000 4500 00b4 3916 0000 f701 0361 cff2 acde E...9......a.... 0x0010 0a00 0001 0837 44e0 7b2e 30a8 0a00 0001 .....7D.{.0..... 0x0020 5010 4733 b651 0000 0000 0000 0000 0000 P.G3.Q.......... 0x0030 0000 0000 0000 0000 0000 0000 4953 5350 ............ISSP 0x0040 4e47 5251 0073 2079 6f75 2e2e 2e00 0000 NGRQ.s.you...... 0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.393935 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.223 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 202, id 20696, len 180) 0x0000 4500 00b4 50d8 0000 ca01 189e cff2 acdf E...P........... 0x0010 0a00 0001 085a 1e61 0000 0000 0a00 0001 .....Z.a........ 0x0020 5038 398d da43 0000 0000 0000 0000 0000 P89..C.......... 0x0030 0000 0000 0000 0000 0000 0000 006d 7033 .............mp3 0x0040 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.395705 xxx.xxx.xxx.224 > 10.0.0.1: icmp: type-#31 (wrong icmp csum) (ttl 232, id 47353, len 48) 0x0000 4500 0030 b8f9 0000 e801 92ff cff2 ace0 E..0............ 0x0010 0a00 0001 1fd4 0019 93ac a8bf 0a00 0001 ................ 0x0020 5000 6620 cb1d 0000 0000 0000 0000 0000 P.f............. 06:53:31.402633 xxx.xxx.xxx.220 > 10.0.0.1: icmp: parameter problem - code 2 (wrong icmp csum) (ttl 199, id 14141, len 48) 0x0000 4500 0030 373d 0000 c701 35c0 cff2 acdc E..07=....5..... 0x0010 0a00 0001 0c02 aee7 b066 14cc 0a00 0001 .........f...... 0x0020 5010 0e5e 2c80 0000 0000 0000 0000 0000 P..^,........... 06:53:31.411383 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.226 > 10.0.0.1: icmp: echo reply (wrong icmp csum) (ttl 233, id 19911, len 180) 0x0000 4500 00b4 4dc7 0000 e901 fcab cff2 ace2 E...M........... 0x0010 0a00 0001 004f e45d 029b c448 0a00 0001 .....O.]...H.... 0x0020 5018 5eb3 9845 0000 0000 0000 0000 0000 P.^..E.......... 0x0030 0000 0000 0000 0000 0000 0000 6669 636b ............fick 0x0040 656e 002e 6578 653f 6162 6f75 7400 0000 en..exe?about... 0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.423107 xxx.xxx.xxx.229 > 10.0.0.1: icmp: type-#40 (wrong icmp csum) (ttl 246, id 62067, len 48) 0x0000 4500 0030 f273 0000 f601 4b80 cff2 ace5 E..0.s....K..... 0x0010 0a00 0001 2801 106b 3109 3ef5 0a00 0001 ....(..k1.>..... 0x0020 5038 0408 660e 0000 0000 0000 0000 0000 P8..f........... 06:53:31.428923 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.231 > 10.0.0.1: icmp: echo reply (wrong icmp csum) (ttl 222, id 3578, len 180) 0x0000 4500 00b4 0dfa 0000 de01 4774 cff2 ace7 E.........Gt.... 0x0010 0a00 0001 0015 0019 0000 ff5c 0a00 0001 ...........\.... 0x0020 5000 eb66 cf76 0000 0000 0000 0000 0000 P..f.v.......... 0x0030 0000 0000 0000 0000 0000 0000 4141 4141 ............AAAA 0x0040 4141 4141 4141 0046 424f 5246 572e 4558 AAAAAA.FBORFW.EX 0x0050 455c 2200 0000 0000 0000 0000 0000 0000 E\"............. 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.430783 xxx.xxx.xxx.232 > 10.0.0.1: icmp: type-#110 (wrong icmp csum) (ttl 211, id 7080, len 48) 0x0000 4500 0030 1ba8 0000 d301 4549 cff2 ace8 E..0......EI.... 0x0010 0a00 0001 6e35 5cc6 7471 da3e 0a00 0001 ....n5\.tq.>.... 0x0020 5018 2441 e05c 0000 0000 0000 0000 0000 P.$A.\.......... 06:53:31.431458 xxx.xxx.xxx.220 > 10.0.0.1: icmp: source quench (wrong icmp csum) (ttl 227, id 65454, len 48) 0x0000 4500 0030 ffae 0000 e301 514e cff2 acdc E..0......QN.... 0x0010 0a00 0001 0447 0050 01cd db0c 0a00 0001 .....G.P........ 0x0020 5038 2d7e 0a5b 0000 0000 0000 0000 0000 P8-~.[.......... 06:53:31.433324 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.234 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 228, id 64561, len 180) 0x0000 4500 00b4 fc31 0000 e401 5339 cff2 acea E....1....S9.... 0x0010 0a00 0001 081c cc1d 77f8 9cca 0a00 0001 ........w....... 0x0020 5030 dd03 75b3 0000 0000 0000 0000 0000 P0..u........... 0x0030 0000 0000 0000 0000 0000 0000 0102 0304 ................ 0x0040 0506 0708 090a 0b0c 0d0e 0f10 0000 0000 ................ 0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.435075 xxx.xxx.xxx.235 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 207, id 20202, len 48) 0x0000 4500 0030 4eea 0000 cf01 1604 cff2 aceb E..0N........... 0x0010 0a00 0001 0878 a863 029a 0000 0a00 0001 .....x.c........ 0x0020 5018 0774 2d00 0000 0000 0000 0000 0000 P..t-........... 06:53:31.435373 xxx.xxx.xxx.236 > 10.0.0.1: icmp: time stamp reply id 666 seq 0 : org 0xa000001 recv 0x50180774 xmit 0x2d000000 (wrong icmp csum) (ttl 239, id 49620, len 48) 0x0000 4500 0030 c1d4 0000 ef01 8318 cff2 acec E..0............ 0x0010 0a00 0001 0e78 a863 029a 0000 0a00 0001 .....x.c........ 0x0020 5018 0774 2d00 0000 0000 0000 0000 0000 P..t-........... 06:53:31.440461 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.237 > 10.0.0.1: icmp: echo reply (wrong icmp csum) (ttl 227, id 22537, len 180) 0x0000 4500 00b4 5809 0000 e301 f85e cff2 aced E...X......^.... 0x0010 0a00 0001 0055 03ff 007b 0000 0a00 0001 .....U...{...... 0x0020 5038 f6ec e3ec 0000 0000 0000 0000 0000 P8.............. 0x0030 0000 0000 0000 0000 0000 0000 7368 656c ............shel 0x0040 6c20 626f 756e 6420 746f 2070 6f72 7400 l.bound.to.port. 0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.467158 xxx.xxx.xxx.220 > 10.0.0.1: icmp: redirect-#34 0.0.0.0 to net 114.101.45.225 (wrong icmp csum) (ttl 245, id 63303, len 48) 0x0000 4500 0030 f747 0000 f501 47b5 cff2 acdc E..0.G....G..... 0x0010 0a00 0001 0522 3184 7265 2de1 0a00 0001 ....."1.re-..... 0x0020 5038 a8bd 14fe 0000 0000 0000 0000 0000 P8.............. 06:53:31.471227 xxx.xxx.xxx.238 > 10.0.0.1: icmp: type-#39 (wrong icmp csum) (ttl 227, id 35512, len 48) 0x0000 4500 0030 8ab8 0000 e301 c632 cff2 acee E..0.......2.... 0x0010 0a00 0001 2700 0019 1fa9 0876 0a00 0001 ....'......v.... 0x0020 5020 57f6 6f09 0000 0000 0000 0000 0000 P.W.o........... 06:53:31.476674 xxx.xxx.xxx.240 > 10.0.0.1: icmp: router solicitation (wrong icmp csum) (ttl 252, id 10092, len 48) 0x0000 4500 0030 276c 0000 fc01 107d cff2 acf0 E..0'l.....}.... 0x0010 0a00 0001 0a00 0019 7bde 30be 0a00 0001 ........{.0..... 0x0020 5000 a683 bff6 0000 0000 0000 0000 0000 P............... 06:53:31.480432 xxx.xxx.xxx.220 > 10.0.0.1: icmp: parameter problem - code 2 (wrong icmp csum) (ttl 252, id 56670, len 48) 0x0000 4500 0030 dd5e 0000 fc01 5a9e cff2 acdc E..0.^....Z..... 0x0010 0a00 0001 0c02 4ee7 891c 13f8 0a00 0001 ......N......... 0x0020 5038 4b85 f4b3 0000 0000 0000 0000 0000 P8K............. 06:53:31.495096 xxx.xxx.xxx.241 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 246, id 48371, len 48) 0x0000 4500 0030 bcf3 0000 f601 80f4 cff2 acf1 E..0............ 0x0010 0a00 0001 0827 485f 2c63 259c 0a00 0001 .....'H_,c%..... 0x0020 5038 5173 ac38 0000 0000 0000 0000 0000 P8Qs.8.......... 06:53:31.503292 xxx.xxx.xxx.242 > 10.0.0.1: icmp: type-#40 (wrong icmp csum) (ttl 247, id 34372, len 48) 0x0000 4500 0030 8644 0000 f701 b6a2 cff2 acf2 E..0.D.......... 0x0010 0a00 0001 2800 a14d 13dc 25b4 0a00 0001 ....(..M..%..... 0x0020 5010 c13f 91db 0000 0000 0000 0000 0000 P..?............ 06:53:31.507033 xxx.xxx.xxx.220 > 10.0.0.1: icmp: time exceeded-#110 (wrong icmp csum) (ttl 208, id 64829, len 48) 0x0000 4500 0030 fd3d 0000 d001 66bf cff2 acdc E..0.=....f..... 0x0010 0a00 0001 0b6e bcca 65c2 0170 0a00 0001 .....n..e..p.... 0x0020 5000 479b 19ed 0000 0000 0000 0000 0000 P.G............. 06:53:31.508482 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.243 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 228, id 43566, len 180) 0x0000 4500 00b4 aa2e 0000 e401 a533 cff2 acf3 E..........3.... 0x0010 0a00 0001 086e bcca 65c2 0170 0a00 0001 .....n..e..p.... 0x0020 5010 479b 19ed 0000 0000 0000 0000 0000 P.G............. 0x0030 0000 0000 0000 0000 0000 0000 a920 5375 ..............Su 0x0040 7374 6169 6e61 626c 6520 536f 0000 0000 stainable.So.... 0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.537866 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.244 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 239, id 14687, len 180) 0x0000 4500 00b4 395f 0000 ef01 0b02 cff2 acf4 E...9_.......... 0x0010 0a00 0001 085c c0de 589a 6f8c 0a00 0001 .....\..X.o..... 0x0020 5018 58a1 fb95 0000 0000 0000 0000 0000 P.X............. 0x0030 0000 0000 0000 0000 0000 0000 abcd abcd ................ 0x0040 abcd abcd abcd abcd abcd abcd 0000 0000 ................ 0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.540602 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.246 > 10.0.0.1: icmp: echo reply (wrong icmp csum) (ttl 216, id 20184, len 180) 0x0000 4500 00b4 4ed8 0000 d801 0c87 cff2 acf6 E...N........... 0x0010 0a00 0001 0089 336e 029d e045 0a00 0001 ......3n...E.... 0x0020 5018 16be 4de9 0000 0000 0000 0000 0000 P...M........... 0x0030 0000 0000 0000 0000 0000 0000 7369 636b ............sick 0x0040 656e 0000 0000 0000 0000 0000 0000 0000 en.............. 0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.543279 xxx.xxx.xxx.247 > 10.0.0.1: icmp: type-#35 (wrong icmp csum) (ttl 216, id 4295, len 48) 0x0000 4500 0030 10c7 0000 d801 4b1b cff2 acf7 E..0......K..... 0x0010 0a00 0001 2300 006f 36ac 0f80 0a00 0001 ....#..o6....... 0x0020 5038 5bda ab11 0000 0000 0000 0000 0000 P8[............. 06:53:31.544436 xxx.xxx.xxx.248 > 10.0.0.1: icmp: router solicitation (wrong icmp csum) (ttl 226, id 22632, len 48) 0x0000 4500 0030 5868 0000 e201 f978 cff2 acf8 E..0Xh.....x.... 0x0010 0a00 0001 0a00 006f 36ac 0f80 0a00 0001 .......o6....... 0x0020 5038 5bda ab11 0000 0000 0000 0000 0000 P8[............. 06:53:31.561740 xxx.xxx.xxx.249 > 10.0.0.1: icmp: type-#39 (wrong icmp csum) (ttl 243, id 49667, len 48) 0x0000 4500 0030 c203 0000 f301 7edc cff2 acf9 E..0......~..... 0x0010 0a00 0001 2700 0000 0000 0000 0a00 0001 ....'........... 0x0020 5038 b57e 96eb 0000 0000 0000 0000 0000 P8.~............ 06:53:31.580512 xxx.xxx.xxx.220 > 10.0.0.1: icmp: host 0.0.0.0 unreachable - admin prohibited (wrong icmp csum) (ttl 216, id 50578, len 48) 0x0000 4500 0030 c592 0000 d801 966a cff2 acdc E..0.......j.... 0x0010 0a00 0001 030a 0fd1 d198 7403 0a00 0001 ..........t..... 0x0020 5018 231b ff51 0000 0000 0000 0000 0000 P.#..Q.......... 06:53:31.595083 xxx.xxx.xxx.220 > 10.0.0.1: icmp: 0.0.0.0 unreachable - source host isolated (wrong icmp csum) (ttl 234, id 6735, len 48) 0x0000 4500 0030 1a4f 0000 ea01 2fae cff2 acdc E..0.O..../..... 0x0010 0a00 0001 0308 0000 0000 0000 0a00 0001 ................ 0x0020 5038 f1de dfa6 0000 0000 0000 0000 0000 P8.............. 06:53:31.605668 xxx.xxx.xxx.220 > 10.0.0.1: icmp: redirect-tos 0.0.0.0 to net 0.0.0.0 (wrong icmp csum) (ttl 207, id 52230, len 48) 0x0000 4500 0030 cc06 0000 cf01 98f6 cff2 acdc E..0............ 0x0010 0a00 0001 0503 0000 0000 0000 0a00 0001 ................ 0x0020 5030 f615 3b79 0000 0000 0000 0000 0000 P0..;y.......... 06:53:31.607036 xxx.xxx.xxx.220 > 10.0.0.1: icmp: redirect-tos 0.0.0.0 to net 0.0.0.0 (wrong icmp csum) (ttl 249, id 29171, len 48) 0x0000 4500 0030 71f3 0000 f901 c909 cff2 acdc E..0q........... 0x0010 0a00 0001 0503 0000 0000 0000 0a00 0001 ................ 0x0020 5030 f615 3b79 0000 0000 0000 0000 0000 P0..;y.......... 06:53:31.609822 xxx.xxx.xxx.252 > 10.0.0.1: icmp: echo reply (wrong icmp csum) (ttl 237, id 2475, len 48) 0x0000 4500 0030 09ab 0000 ed01 3d32 cff2 acfc E..0......=2.... 0x0010 0a00 0001 0082 0000 0000 0000 0a00 0001 ................ 0x0020 5030 f615 3b79 0000 0000 0000 0000 0000 P0..;y.......... 06:53:31.612285 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.253 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 241, id 24120, len 180) 0x0000 4500 00b4 5e38 0000 f101 e41f cff2 acfd E...^8.......... 0x0010 0a00 0001 0873 0019 380c 1e50 0a00 0001 .....s..8..P.... 0x0020 5030 aa8e 7244 0000 0000 0000 0000 0000 P0..rD.......... 0x0030 0000 0000 0000 0000 0000 0000 6162 6364 ............abcd 0x0040 6566 6768 696a 6b6c 6d6e 6f70 002e 4558 efghijklmnop..EX 0x0050 455c 2200 0000 0000 0000 0000 0000 0000 E\"............. 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.613612 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.254 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 233, id 39695, len 180) 0x0000 4500 00b4 9b0f 0000 e901 af47 cff2 acfe E..........G.... 0x0010 0a00 0001 0873 0019 380c 1e50 0a00 0001 .....s..8..P.... 0x0020 5030 aa8e 7244 0000 0000 0000 0000 0000 P0..rD.......... 0x0030 0000 0000 0000 0000 0000 0000 0062 6364 .............bcd 0x0040 6566 6768 696a 6b6c 6d6e 6f70 002e 4558 efghijklmnop..EX 0x0050 455c 2200 0000 0000 0000 0000 0000 0000 E\"............. 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.623101 xxx.xxx.xxx.220 > 10.0.0.1: icmp: 0.0.0.0 protocol 151 unreachable (wrong icmp csum) (ttl 239, id 12182, len 48) 0x0000 4500 0030 2f96 0000 ef01 1567 cff2 acdc E..0/......g.... 0x0010 0a00 0001 0302 48ae 00e9 f565 0a00 0001 ......H....e.... 0x0020 5038 6a1c 2697 0000 0000 0000 0000 0000 P8j.&........... 06:53:31.625531 xxx.xxx.xxx.220 > 10.0.0.1: icmp: 0.0.0.0 unreachable - need to frag (mtu 16045) (wrong icmp csum) (ttl 231, id 49338, len 48) 0x0000 4500 0030 c0ba 0000 e701 8c42 cff2 acdc E..0.......B.... 0x0010 0a00 0001 0304 ba05 13d3 3ead 0a00 0001 ..........>..... 0x0020 5038 18bf 2a99 0000 0000 0000 0000 0000 P8..*........... 06:53:31.642962 xxx.xxx.xxx.220 > 10.0.0.1: icmp: source quench (wrong icmp csum) (ttl 248, id 33889, len 48) 0x0000 4500 0030 8461 0000 f801 b79b cff2 acdc E..0.a.......... 0x0010 0a00 0001 0400 f9a3 7d86 a512 0a00 0001 ........}....... 0x0020 5020 4170 5a4e 0000 0000 0000 0000 0000 P.ApZN.......... 06:53:31.645742 xxx.xxx.xxx.50 > 10.0.0.1: icmp: type-#116 (wrong icmp csum) (ttl 215, id 45405, len 48) 0x0000 4500 0030 b15d 0000 d701 ac49 cff2 ac32 E..0.].....I...2 0x0010 0a00 0001 74b1 468b 0ab8 0674 0a00 0001 ....t.F....t.... 0x0020 5018 28f2 131f 0000 0000 0000 0000 0000 P.(............. 06:53:31.658886 xxx.xxx.xxx.220 > 10.0.0.1: icmp: net 0.0.0.0 unreachable - tos prohibited (wrong icmp csum) (ttl 199, id 8018, len 48) 0x0000 4500 0030 1f52 0000 c701 4dab cff2 acdc E..0.R....M..... 0x0010 0a00 0001 030b 1c46 140c 4095 0a00 0001 .......F..@..... 0x0020 5033 8577 f758 0000 0000 0000 0000 0000 P3.w.X.......... 06:53:31.660281 xxx.xxx.xxx.51 > 10.0.0.1: icmp: type-#36 (wrong icmp csum) (ttl 213, id 47412, len 48) 0x0000 4500 0030 b934 0000 d501 a671 cff2 ac33 E..0.4.....q...3 0x0010 0a00 0001 240b 1c46 140c 4095 0a00 0001 ....$..F..@..... 0x0020 5033 8577 f758 0000 0000 0000 0000 0000 P3.w.X.......... 06:53:31.672283 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.52 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 215, id 19036, len 180) 0x0000 4500 00b4 4a5c 0000 d701 12c5 cff2 ac34 E...J\.........4 0x0010 0a00 0001 0800 0019 3509 f220 0a00 0001 ........5....... 0x0020 5010 36d0 5cdf 0000 0000 0000 0000 0000 P.6.\........... 0x0030 0000 0000 0000 0000 0000 0000 4142 4344 ............ABCD 0x0040 4546 4748 494a 4b4c 4d4e 4f50 5152 5354 EFGHIJKLMNOPQRST 0x0050 5556 5741 4243 4445 4647 4849 0000 0000 UVWABCDEFGHI.... 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.676374 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.53 > 10.0.0.1: icmp: echo reply (wrong icmp csum) (ttl 218, id 38002, len 180) 0x0000 4500 00b4 9472 0000 da01 c5ad cff2 ac35 E....r.........5 0x0010 0a00 0001 0063 0000 029c 0000 0a00 0001 .....c.......... 0x0020 5030 5898 5afd 0000 0000 0000 0000 0000 P0X.Z........... 0x0030 0000 0000 0000 0000 0000 0000 6765 7375 ............gesu 0x0040 6e64 6865 6974 2100 0000 0000 0000 0000 ndheit!......... 0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.726406 xxx.xxx.xxx.57 > 10.0.0.1: icmp: type-#30 (wrong icmp csum) (ttl 236, id 61835, len 48) 0x0000 4500 0030 f18b 0000 ec01 5714 cff2 ac39 E..0......W....9 0x0010 0a00 0001 1ec5 153e 53b5 377a 0a00 0001 .......>S.7z.... 0x0020 5018 776b 536b 0000 0000 0000 0000 0000 P.wkSk.......... 06:53:31.730371 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.58 > 10.0.0.1: icmp: echo reply (wrong icmp csum) (ttl 219, id 60600, len 180) 0x0000 4500 00b4 ecb8 0000 db01 6c62 cff2 ac3a E.........lb...: 0x0010 0a00 0001 0084 969e 03e8 6f04 0a00 0001 ..........o..... 0x0020 5038 d750 4e69 0000 0000 0000 0000 0000 P8.PNi.......... 0x0030 0000 0000 0000 0000 0000 0000 7370 6f6f ............spoo 0x0040 6677 6f72 6b73 0000 0000 0000 0000 0000 fworks.......... 0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.740310 xxx.xxx.xxx.60 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 253, id 64346, len 48) 0x0000 4500 0030 fb5a 0000 fd01 3c42 cff2 ac3c E..0.Z....<B...< 0x0010 0a00 0001 0852 6ff0 0e6b 6ec0 0a00 0001 .....Ro..kn..... 0x0020 5030 ba41 fe6d 0000 0000 0000 0000 0000 P0.A.m.......... 06:53:31.746581 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.61 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 217, id 38457, len 180) 0x0000 4500 00b4 9639 0000 d901 c4de cff2 ac3d E....9.........= 0x0010 0a00 0001 0856 d9af 126c 8f40 0a00 0001 .....V...l.@.... 0x0020 5018 69aa e691 0000 0000 0000 0000 0000 P.i............. 0x0030 0000 0000 0000 0000 0000 0000 0102 0304 ................ 0x0040 0506 0708 090a 0b0c 0d0e 0f10 0000 0000 ................ 0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.757598 xxx.xxx.xxx.220 > 10.0.0.1: icmp: xxx.xxx.xxx.220 protocol 17 unreachable (wrong icmp csum) (ttl 238, id 52118, len 48) 0x0000 4500 0030 cb96 0000 ee01 7a66 cff2 acdc E..0......zf.... 0x0010 0a00 0001 0302 0a3a 3a8d 4d8c 0a00 0001 .......::.M..... 0x0020 5018 6429 5b11 8330 0000 0000 cff2 acdc P.d)[..0........ 06:53:31.763831 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.62 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 250, id 38329, len 180) 0x0000 4500 00b4 95b9 0000 fa01 a45d cff2 ac3e E..........]...> 0x0010 0a00 0001 0859 8251 4537 8af2 0a00 0001 .....Y.QE7...... 0x0020 5018 f7e7 b315 0000 0000 0000 0000 0000 P............... 0x0030 0000 0000 0000 0000 0000 0000 5768 6174 ............What 0x0040 7355 7020 2d20 4120 4e65 7477 0000 0000 sUp.-.A.Netw.... 0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.799162 xxx.xxx.xxx.220 > 10.0.0.1: icmp: source quench (wrong icmp csum) (ttl 199, id 15975, len 48) 0x0000 4500 0030 3e67 0000 c701 2e96 cff2 acdc E..0>g.......... 0x0010 0a00 0001 04b2 0019 5a44 b2d8 0a00 0001 ........ZD...... 0x0020 5020 9276 6931 0000 0000 0000 0000 0000 P..vi1.......... 06:53:31.800463 xxx.xxx.xxx.220 > 10.0.0.1: icmp: parameter problem - octet 90 (wrong icmp csum) (ttl 247, id 55286, len 48) 0x0000 4500 0030 d7f6 0000 f701 6506 cff2 acdc E..0......e..... 0x0010 0a00 0001 0c00 0019 5a44 b2d8 0a00 0001 ........ZD...... 0x0020 5020 9276 6931 0000 0000 0000 0000 0000 P..vi1.......... 06:53:31.807215 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.63 > 10.0.0.1: icmp: echo reply (wrong icmp csum) (ttl 245, id 27241, len 180) 0x0000 4500 00b4 6a69 0000 f501 d4ac cff2 ac3f E...ji.........? 0x0010 0a00 0001 0085 2a3b 03e8 b366 0a00 0001 ......*;...f.... 0x0020 5018 603f 0c5d 0000 0000 0000 0000 0000 P.`?.].......... 0x0030 0000 0000 0000 0000 0000 0000 7370 6f6f ............spoo 0x0040 6677 6f72 6b73 006c 732f 6765 7464 7276 fworks.ls/getdrv 0x0050 732e 6578 6500 0000 0000 0000 0000 0000 s.exe........... 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.809034 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.64 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 223, id 32832, len 180) 0x0000 4500 00b4 8040 0000 df01 d4d4 cff2 ac40 E....@.........@ 0x0010 0a00 0001 0885 2a3b 03e8 b366 0a00 0001 ......*;...f.... 0x0020 5018 603f 0c5d 0000 0000 0000 0000 0000 P.`?.].......... 0x0030 0000 0000 0000 0000 0000 0000 4461 7461 ............Data 0x0040 0077 6f72 6b73 006c 732f 6765 7464 7276 .works.ls/getdrv 0x0050 732e 6578 6500 0000 0000 0000 0000 0000 s.exe........... 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.813043 0:d0:58:43:38:80 0800 70: xxx.xxx.xxx.65 > 10.0.0.1: icmp: host xxx.xxx.xxx.65 unreachable (ttl 255, id 3281, len 56) 0x0000 4500 0038 0cd1 0000 ff01 28bf cff2 ac41 E..8......(....A 0x0010 0a00 0001 0301 d6a2 0000 0000 4500 00b4 ............E... 0x0020 eb9d 0000 d806 7071 0a00 0001 cff2 ac41 ......pq.......A 0x0030 006e 1bed 0a00 0001 .n...... 06:53:31.843820 xxx.xxx.xxx.66 > 10.0.0.1: icmp: router solicitation (wrong icmp csum) (ttl 201, id 13142, len 48) 0x0000 4500 0030 3356 0000 c901 3841 cff2 ac42 E..03V....8A...B 0x0010 0a00 0001 0acb 856f 2108 8b6d 0a00 0001 .......o!..m.... 0x0020 5038 6dc3 743c 0000 0000 0000 0000 0000 P8m.t<.......... 06:53:31.857102 xxx.xxx.xxx.220 > 10.0.0.1: icmp: source quench (wrong icmp csum) (ttl 210, id 46680, len 48) 0x0000 4500 0030 b658 0000 d201 aba4 cff2 acdc E..0.X.......... 0x0010 0a00 0001 0400 0000 0000 0000 0a00 0001 ................ 0x0020 5013 929f 76d7 0000 0000 0000 0000 0000 P...v........... 06:53:31.860536 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.67 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 219, id 17708, len 180) 0x0000 4500 00b4 452c 0000 db01 13e6 cff2 ac43 E...E,.........C 0x0010 0a00 0001 0860 085c 0000 0000 0a00 0001 .....`.\........ 0x0020 5013 929f 76d7 0000 0000 0000 0000 0000 P...v........... 0x0030 0000 0000 0000 0000 0000 0000 0102 0304 ................ 0x0040 0506 0708 090a 0b0c 0d0e 0f10 0000 0000 ................ 0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.866035 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.68 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 203, id 11049, len 180) 0x0000 4500 00b4 2b29 0000 cb01 3de8 cff2 ac44 E...+)....=....D 0x0010 0a00 0001 087c b2b7 04cf 9fe1 0a00 0001 .....|.......... 0x0020 5018 c071 2922 0000 0000 0000 0000 0000 P..q)".......... 0x0030 0000 0000 0000 0000 0000 0000 4953 5350 ............ISSP 0x0040 4e47 5251 0000 0000 0000 0000 0000 0000 NGRQ............ 0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.867338 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.69 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 230, id 22301, len 180) 0x0000 4500 00b4 571d 0000 e601 f6f2 cff2 ac45 E...W..........E 0x0010 0a00 0001 087e 3d5d c0a1 f184 0a00 0001 .....~=]........ 0x0020 5010 8bfd 409a 0000 0000 0000 0000 0000 P...@........... 0x0030 0000 0000 0000 0000 0000 0000 8804 2020 ................ 0x0040 2020 2020 2020 2020 2020 2020 0000 0000 ................ 0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.873506 xxx.xxx.xxx.70 > 10.0.0.1: icmp: type-#40 (wrong icmp csum) (ttl 220, id 5243, len 48) 0x0000 4500 0030 147b 0000 dc01 4418 cff2 ac46 E..0.{....D....F 0x0010 0a00 0001 2800 58e4 1e97 517a 0a00 0001 ....(.X...Qz.... 0x0020 5018 dfc0 3271 0000 0000 0000 0000 0000 P...2q.......... 06:53:31.877137 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.71 > 10.0.0.1: icmp: echo reply (wrong icmp csum) (ttl 202, id 7154, len 180) 0x0000 4500 00b4 1bf2 0000 ca01 4e1c cff2 ac47 E.........N....G 0x0010 0a00 0001 00e1 2b94 03e8 ad40 0a00 0001 ......+....@.... 0x0020 5038 a80f 7109 0000 0000 0000 0000 0000 P8..q........... 0x0030 0000 0000 0000 0000 0000 0000 7370 6f6f ............spoo 0x0040 6677 6f72 6b73 0069 0000 0000 0000 0000 fworks.i........ 0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.882183 xxx.xxx.xxx.220 > 10.0.0.1: icmp: host 0.0.0.0 unreachable - tos prohibited (wrong icmp csum) (ttl 224, id 47383, len 48) 0x0000 4500 0030 b917 0000 e001 9ae5 cff2 acdc E..0............ 0x0010 0a00 0001 030c 614c 1778 2f74 0a00 0001 ......aL.x/t.... 0x0020 5038 2350 6683 0000 0000 0000 0000 0000 P8#Pf........... 06:53:31.883052 xxx.xxx.xxx.72 > 10.0.0.1: icmp: type-#36 (wrong icmp csum) (ttl 207, id 49866, len 48) 0x0000 4500 0030 c2ca 0000 cf01 a2c6 cff2 ac48 E..0...........H 0x0010 0a00 0001 2400 daeb 090d 065c 0a00 0001 ....$......\.... 0x0020 5038 488f 86d4 0000 0000 0000 0000 0000 P8H............. 06:53:31.889054 xxx.xxx.xxx.220 > 10.0.0.1: icmp: redirect-tos 0.0.0.0 to net 203.237.226.116 (wrong icmp csum) (ttl 254, id 26556, len 48) 0x0000 4500 0030 67bc 0000 fe01 ce40 cff2 acdc E..0g......@.... 0x0010 0a00 0001 0502 e217 cbed e274 0a00 0001 ...........t.... 0x0020 5018 a59b 6ebe 0000 0000 0000 0000 0000 P...n........... 06:53:31.893877 xxx.xxx.xxx.73 > 10.0.0.1: icmp: type-#7 (wrong icmp csum) (ttl 244, id 36175, len 48) 0x0000 4500 0030 8d4f 0000 f401 b340 cff2 ac49 E..0.O.....@...I 0x0010 0a00 0001 0700 63da 11fd eb14 0a00 0001 ......c......... 0x0020 5018 5a21 b191 0000 0000 0000 0000 0000 P.Z!............ 06:53:31.895614 xxx.xxx.xxx.220 > 10.0.0.1: icmp: 0.0.0.0 unreachable - source route failed (wrong icmp csum) (ttl 208, id 10903, len 48) 0x0000 4500 0030 2a97 0000 d001 3966 cff2 acdc E..0*.....9f.... 0x0010 0a00 0001 0305 0000 0000 0000 0a00 0001 ................ 0x0020 5018 6861 7f4f 0000 0000 0000 0000 0000 P.ha.O.......... 06:53:31.895908 xxx.xxx.xxx.220 > 10.0.0.1: icmp: redirect-tos 0.0.0.0 to net 0.0.0.0 (wrong icmp csum) (ttl 245, id 34545, len 48) 0x0000 4500 0030 86f1 0000 f501 b80b cff2 acdc E..0............ 0x0010 0a00 0001 0503 0000 0000 0000 0a00 0001 ................ 0x0020 5018 6861 7f4f 0000 0000 0000 0000 0000 P.ha.O.......... 06:53:31.904127 xxx.xxx.xxx.74 > 10.0.0.1: icmp: echo reply (wrong icmp csum) (ttl 205, id 633, len 48) 0x0000 4500 0030 0279 0000 cd01 6516 cff2 ac4a E..0.y....e....J 0x0010 0a00 0001 0000 0000 0000 0000 0a00 0001 ................ 0x0020 5018 1b16 7096 0000 0000 0000 0000 0000 P...p........... 06:53:31.904951 xxx.xxx.xxx.75 > 10.0.0.1: icmp: type-#32 (wrong icmp csum) (ttl 244, id 38341, len 48) 0x0000 4500 0030 95c5 0000 f401 aac8 cff2 ac4b E..0...........K 0x0010 0a00 0001 2072 f10d 03c2 85f0 0a00 0001 .....r.......... 0x0020 5018 facf c4bc 0000 0000 0000 0000 0000 P............... 06:53:31.905247 xxx.xxx.xxx.77 > 10.0.0.1: icmp: type-#33 (wrong icmp csum) (ttl 249, id 43089, len 48) 0x0000 4500 0030 a851 0000 f901 933a cff2 ac4d E..0.Q.....:...M 0x0010 0a00 0001 2100 f10d 03c2 85f0 0a00 0001 ....!........... 0x0020 5018 facf c4bc 0000 0000 0000 0000 0000 P............... 06:53:31.906109 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.78 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 239, id 9893, len 180) 0x0000 4500 00b4 26a5 0000 ef01 1e62 cff2 ac4e E...&......b...N 0x0010 0a00 0001 08ba d941 0000 0000 0a00 0001 .......A........ 0x0020 5018 4bf9 bd6a 0000 0000 0000 0000 0000 P.K..j.......... 0x0030 0000 0000 0000 0000 0000 0000 0032 3026 .............20& 0x0040 4369 5265 7374 7269 6374 696f 6e3d 6e6f CiRestriction=no 0x0050 6e65 2643 6948 696c 6974 6554 7970 653d ne&CiHiliteType= 0x0060 4675 6c6c 2048 5454 502f 312e 3000 0000 Full.HTTP/1.0... 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.911133 xxx.xxx.xxx.220 > 10.0.0.1: icmp: host 0.0.0.0 unreachable - precedence cutoff (wrong icmp csum) (ttl 249, id 48567, len 48) 0x0000 4500 0030 bdb7 0000 f901 7d45 cff2 acdc E..0......}E.... 0x0010 0a00 0001 030f 3030 038c 267d 0a00 0001 ......00..&}.... 0x0020 5038 7ac0 70e9 0000 0000 0000 0000 0000 P8z.p........... 06:53:31.912329 xxx.xxx.xxx.79 > 10.0.0.1: icmp: address mask request (wrong icmp csum) (ttl 241, id 8255, len 48) 0x0000 4500 0030 203f 0000 f101 234b cff2 ac4f E..0.?....#K...O 0x0010 0a00 0001 1100 f18e cb8d 4f0f 0a00 0001 ..........O..... 0x0020 5018 b62c 6373 0000 0000 0000 0000 0000 P..,cs.......... 06:53:31.913588 xxx.xxx.xxx.80 > 10.0.0.1: icmp: echo reply (wrong icmp csum) (ttl 208, id 40099, len 48) 0x0000 4500 0030 9ca3 0000 d001 c7e5 cff2 ac50 E..0...........P 0x0010 0a00 0001 006e 1379 356b 9d9e 0a00 0001 .....n.y5k...... 0x0020 5010 900a 7f6a 0000 0000 0000 0000 0000 P....j.......... 06:53:31.915441 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.83 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 209, id 14081, len 180) 0x0000 4500 00b4 3701 0000 d101 2c01 cff2 ac53 E...7.....,....S 0x0010 0a00 0001 08eb 69d0 587b bfd8 0a00 0001 ......i.X{...... 0x0020 5018 bcf2 3bb5 0000 0000 0000 0000 0000 P...;........... 0x0030 0000 0000 0000 0000 0000 0000 4f4d 6574 ............OMet 0x0040 6572 4f62 6573 6541 726d 6164 0000 0000 erObeseArmad.... 0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.923191 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.85 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 220, id 3387, len 180) 0x0000 4500 00b4 0d3b 0000 dc01 4ac5 cff2 ac55 E....;....J....U 0x0010 0a00 0001 088b 768a 3bf5 a1c0 0a00 0001 ......v.;....... 0x0020 5018 93c0 8037 0000 0000 0000 0000 0000 P....7.......... 0x0030 0000 0000 0000 0000 0000 0000 a920 5375 ..............Su 0x0040 7374 6169 6e61 626c 6520 536f 0000 0000 stainable.So.... 0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.932658 xxx.xxx.xxx.220 > 10.0.0.1: icmp: time exceeded in-transit (wrong icmp csum) (ttl 244, id 45859, len 48) 0x0000 4500 0030 b323 0000 f401 8cd9 cff2 acdc E..0.#.......... 0x0010 0a00 0001 0b00 0000 0000 0000 0a00 0001 ................ 0x0020 5018 6089 2bce 0000 0000 0000 0000 0000 P.`.+........... 06:53:31.935834 0:d0:58:43:38:80 0800 194: xxx.xxx.xxx.86 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 219, id 45206, len 180) 0x0000 4500 00b4 b096 0000 db01 a868 cff2 ac56 E..........h...V 0x0010 0a00 0001 08b7 1ab6 0000 0000 0a00 0001 ................ 0x0020 5018 a893 b78d 0000 0000 0000 0000 0000 P............... 0x0030 0000 0000 0000 0000 0000 0000 5069 6e67 ............Ping 0x0040 696e 6720 6672 6f6d 2044 656c 0000 0000 ing.from.Del.... 0x0050 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0060 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0070 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0080 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0090 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00a0 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x00b0 0000 0000 .... 06:53:31.936104 xxx.xxx.xxx.87 > 10.0.0.1: icmp: time stamp query id 0 seq 0 (wrong icmp csum) (ttl 243, id 19719, len 48) 0x0000 4500 0030 4d07 0000 f301 f47a cff2 ac57 E..0M......z...W 0x0010 0a00 0001 0d00 1ab6 0000 0000 0a00 0001 ................ 0x0020 5018 a893 b78d 0000 0000 0000 0000 0000 P............... 06:53:31.938880 xxx.xxx.xxx.220 > 10.0.0.1: icmp: source quench (wrong icmp csum) (ttl 239, id 376, len 48) 0x0000 4500 0030 0178 0000 ef01 4385 cff2 acdc E..0.x....C..... 0x0010 0a00 0001 043c 4344 0d5f 79ae 0a00 0001 .....<CD._y..... 0x0020 5018 9a7b 01a2 0000 0000 0000 0000 0000 P..{............ 06:53:31.944668 xxx.xxx.xxx.88 > 10.0.0.1: icmp: type-#7 (wrong icmp csum) (ttl 215, id 60738, len 48) 0x0000 4500 0030 ed42 0000 d701 703e cff2 ac58 E..0.B....p>...X 0x0010 0a00 0001 070d 50fe 00ee 4df5 0a00 0001 ......P...M..... 0x0020 5018 5320 03d3 0000 0000 0000 0000 0000 P.S............. 06:53:31.946270 xxx.xxx.xxx.220 > 10.0.0.1: icmp: parameter problem - octet 0 (wrong icmp csum) (ttl 219, id 30368, len 48) 0x0000 4500 0030 76a0 0000 db01 e25c cff2 acdc E..0v......\.... 0x0010 0a00 0001 0c00 0000 0000 0000 0a00 0001 ................ 0x0020 5038 d6a7 11c0 0000 0000 0000 0000 0000 P8.............. 06:53:31.948939 xxx.xxx.xxx.90 > 10.0.0.1: icmp: type-#32 (wrong icmp csum) (ttl 240, id 61848, len 48) 0x0000 4500 0030 f198 0000 f001 52e6 cff2 ac5a E..0......R....Z 0x0010 0a00 0001 2000 0000 0000 0000 0a00 0001 ................ 0x0020 5010 e9e2 1564 0000 0000 0000 0000 0000 P....d.......... 06:53:31.956133 xxx.xxx.xxx.91 > 10.0.0.1: icmp: type-#40 (wrong icmp csum) (ttl 252, id 10646, len 48) 0x0000 4500 0030 2996 0000 fc01 0ee8 cff2 ac5b E..0)..........[ 0x0010 0a00 0001 2801 e71f 433f 33d0 0a00 0001 ....(...C?3..... 0x0020 5038 f122 8cf2 0000 0000 0000 0000 0000 P8."............ 06:53:31.958689 xxx.xxx.xxx.220 > 10.0.0.1: icmp: parameter problem - code 2 (wrong icmp csum) (ttl 243, id 20541, len 48) 0x0000 4500 0030 503d 0000 f301 f0bf cff2 acdc E..0P=.......... 0x0010 0a00 0001 0c02 10d3 1554 e6fa 0a00 0001 .........T...... 0x0020 5000 49f3 f8dd 0000 0000 0000 0000 0000 P.I............. 06:53:31.965373 xxx.xxx.xxx.94 > 10.0.0.1: icmp: router advertisement lifetime 10:14:40 149: [size 61] (wrong icmp csum) (ttl 238, id 13131, len 48) 0x0000 4500 0030 334b 0000 ee01 1330 cff2 ac5e E..03K.....0...^ 0x0010 0a00 0001 0934 ef28 953d 9010 0a00 0001 .....4.(.=...... 0x0020 5010 7520 2b5f 0000 0000 0000 0000 0000 P.u.+_.......... 06:53:31.965701 xxx.xxx.xxx.95 > 10.0.0.1: icmp: echo request (wrong icmp csum) (ttl 233, id 9164, len 48) 0x0000 4500 0030 23cc 0000 e901 27ae cff2 ac5f E..0#.....'...._ 0x0010 0a00 0001 0834 ef28 953d 9010 0a00 0001 .....4.(.=...... 0x0020 5010 7520 2b5f 0000 0000 0000 0000 0000 P.u.+_.......... 06:53:31.968448 xxx.xxx.xxx.96 > 10.0.0.1: icmp: type-#2 (wrong icmp csum) (ttl 237, id 61603, len 48) 0x0000 4500 0030 f0a3 0000 ed01 56d5 cff2 ac60 E..0......V....` 0x0010 0a00 0001 0200 0019 22da 9090 0a00 0001 ........"....... 0x0020 5000 0d4c 95bb 0000 0000 0000 0000 0000 P..L............ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed May 29 2002 - 13:02:13 PDT