My firewall captured a packet outgoing from my laptop, originated by the Synaptics TouchPad program, to a destination address that has nothing to do with the Synaptics network. I verified that the destination address is an host located in Finland. I now blocked the Synaptics TouchPad program. As you can see the checksums are incorrect. I currently don't have the tools to do analysis on my own, and I found my laptop being free from known viruses, so I am submitting this for analysis by the community. Valerio B. The packet decode is included below: ****************************************** File Version : 5.0.62 13Mar00 File Description : Synaptics TouchPad Enhancements File Path : C:\Programmi\Synaptics\SynTP\SynTPEnh.exe Process ID : FFFDEA69 (Heximal) 4294830697 (Decimal) Connection origin : local initiated Protocol : UDP Local Address : xxx.xx.xxx.xxx Local Port : 17697 Remote Name : Remote Address : xxx.xxx.xxx.x Remote Port : 65280 Ethernet packet details: Ethernet II (Packet Length: 64) Destination: xx-xx-xx-xx-xx-xx Source: xx-xx-xx-xx-xx-xx Type: IP (0x0800) Internet Protocol Version: 4 Header Length: 20 bytes Flags: .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset:69 Time to live: 128 Protocol: 0x11 (UDP - User Datagram Protocol) Header checksum: 0xf8eb (Correct) Source: xxx.xx.xxx.xxx Destination: xxx.xxx.xxx.x User Datagram Protocol Source port: 17697 Destination port: 65280 Length: 8 Checksum: 0x52f9 (Incorrect - Checksum should be 0x396b) Data (38509 Bytes) Binary dump of the packet: 0000: xx xx xx xx xx xx xx xx : xx xx xx xx 08 00 45 00 | SRC..DEST....E. 0010: 00 32 9D D3 00 45 80 11 : EB F8 D4 0F A2 F0 C1 A6 | .2...E.......... 0020: 78 03 45 21 FF 00 96 6D : F9 52 B9 57 29 C8 0A B9 | x.E!...m.R.W)... 0030: 04 60 E6 99 54 48 B4 1A : 00 4A 28 03 FF D9 FF FF | .`..TH...J(..... ******************************************
This archive was generated by hypermail 2b30 : Tue Nov 27 2001 - 14:26:45 PST