Network Analyzer Report by Ultra Network Sniffer

Network Analyzer Report

Generated on 2003-04-03 at 06:26:51

Protocol Statistics Report

Protocol Name Packets Bytes

ETHERNET 59 4,037

LLC 13 830

SNAP 6 376

BPDU 4 240

PPPoE SS 0 0

PPPoE DS 0 0

LCP 0 0

PAP 0 0

IPCP 0 0

IP 43 3,045

TCP 38 2,506

UDP 1 243

ICMP 4 296

IGMP 0 0

ARP 3 162

RARP 0 0

DNS 0 0

HTTP 0 0

FTP 0 0

FTP-DATA 0 0

IPX 0 0

Protocol Statistics Chart

Mac Traffic Statistics Report

Station 1 Packets Bytes Bytes Packets Station 2

00:10:EE:88:30:95 18 828 0 0 00:01:02:FC:A1:62

00:D0:59:26:EA:80 1 229 0 0 *BROADCAST

00:06:53:42:4D:D7 4 200 0 0 01:00:0C:CC:CC:CD

00:30:1E:25:74:D8 4 184 0 0 01:80:C2:00:00:00

00:10:EE:88:30:95 5 246 0 0 00:10:4B:19:A8:31

00:04:DC:C4:EA:69 1 46 0 0 01:00:81:00:01:00

00:04:DC:C4:EA:69 1 46 0 0 01:00:81:00:01:01

00:08:9B:90:00:AE 1 93 0 0 00:50:04:B9:A2:4C

(Local Address)00:10:4B:1C:44:8B 1 28 0 0 *BROADCAST

00:10:EE:88:30:95 6 292 248 5 (Local Address)00:10:4B:1C:44:8B

00:05:5D:02:07:D4 1 93 0 0 00:01:02:94:7F:DD

00:10:EE:88:30:95 1 74 0 0 52:54:AB:38:AE:3D

00:10:EE:88:30:95 1 72 0 0 00:00:E2:2B:6B:FB

00:10:EE:88:30:95 1 74 0 0 00:00:E2:89:B0:9F

00:30:1E:25:74:D8 1 46 0 0 01:80:C2:00:00:20

00:30:1E:25:74:D8 2 126 0 0 01:80:C2:00:00:21

(Local Address)00:10:4B:1C:44:8B 2 120 120 2 00:05:5D:02:07:D4

00:60:08:41:54:F0 1 46 0 0 *BROADCAST

Mac Statistics Report

Mac Pkts Sent Pkts Rec. Bytes Sent Bytes Rec.

00:10:EE:88:30:95 32 5 1,586 248

00:01:02:FC:A1:62 0 18 0 828

00:D0:59:26:EA:80 1 0 229 0

*BROADCAST 0 3 0 303

00:06:53:42:4D:D7 4 0 200 0

01:00:0C:CC:CC:CD 0 4 0 200

00:30:1E:25:74:D8 7 0 356 0

01:80:C2:00:00:00 0 4 0 184

00:10:4B:19:A8:31 0 5 0 246

00:04:DC:C4:EA:69 2 0 92 0

01:00:81:00:01:00 0 1 0 46

01:00:81:00:01:01 0 1 0 46

00:08:9B:90:00:AE 1 0 93 0

00:50:04:B9:A2:4C 0 1 0 93

(Local Address)00:10:4B:1C:44:8B 8 8 396 412

00:05:5D:02:07:D4 3 2 213 120

00:01:02:94:7F:DD 0 1 0 93

52:54:AB:38:AE:3D 0 1 0 74

00:00:E2:2B:6B:FB 0 1 0 72

00:00:E2:89:B0:9F 0 1 0 74

01:80:C2:00:00:20 0 1 0 46

01:80:C2:00:00:21 0 2 0 126

00:60:08:41:54:F0 1 0 46 0

Mac Statistics Chart

IP Traffic Statistics Report

Station 1 Packets Bytes Bytes Packets Station 2

61.132.62.169 18 360 0 0 10.0.0.176

10.0.0.204 1 209 0 0 10.255.255.255

10.0.0.227 5 128 0 0 10.0.0.54

10.1.0.118 1 73 0 0 10.0.0.42

10.0.0.243 5 148 128 5 10.0.0.227

10.0.0.2 1 73 0 0 10.0.0.58

207.46.107.1 1 54 0 0 10.10.10.77

207.46.106.46 1 52 0 0 10.10.10.114

207.46.106.31 1 54 0 0 10.10.10.17

10.0.0.243 2 80 80 2 10.0.0.2

IP Statistics Report

IP Pkts Sent Pkts Rec. Bytes Sent Bytes Rec.

61.132.62.169 18 0 360 0

10.0.0.176 0 18 0 360

10.0.0.204 1 0 209 0

10.255.255.255 0 1 0 209

10.0.0.227 10 5 256 148

10.0.0.54 0 5 0 128

10.1.0.118 1 0 73 0

10.0.0.42 0 1 0 73

(Local IP Address)10.0.0.243 7 7 228 208

10.0.0.2 3 2 153 80

10.0.0.58 0 1 0 73

207.46.107.1 1 0 54 0

10.10.10.77 0 1 0 54

207.46.106.46 1 0 52 0

10.10.10.114 0 1 0 52

207.46.106.31 1 0 54 0

10.10.10.17 0 1 0 54

IP Statistics Chart

Packet Analyzer Report

ID Source Address Destination Address Length Summary Protocol Time

0 61.132.62.169:20 10.0.0.176:1539 60 TCP: src = 20, dst = 1539, ack = 0X25C3AF09 ACK TCP 2003-04-03 14:24:13.408

ETHERNET: 00:10:EE:88:30:95 --> 00:01:02:FC:A1:62 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:01:02:FC:A1:62 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 61.132.62.169 --> 10.0.0.176 ID = 0x0413, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 1043(0x0413) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 115(0x73) Protocol = TCP Checksum = 0x7CE0 Source Address = 61.132.62.169 Destination Address = 10.0.0.176 TCP: src = 20, dst = 1539, ack = 0x25C3AF09, ACK Source Port = 20(ftp-data) Destination Port = 1539(Unknown) Sequence Number = -1724986457(0x992ECBA7) Acknowledgment Number = 162513701(0x09AFC325) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 63064(0xF658) Checksum = 0xFADC Urgent Pointer = 0x0000 0000: 00 01 02 FC A1 62 00 10 EE 88 30 95 08 00 45 00 .....b....0...E. 0010: 00 28 04 13 40 00 73 06 7C E0 3D 84 3E A9 0A 00 .(..@.s.|.=.>... 0020: 00 B0 00 14 06 03 99 2E CB A7 09 AF C3 25 50 10 .............%P. 0030: F6 58 FA DC 00 00 00 00 00 00 00 00 .X..............

1 10.0.0.204:138 10.255.255.255:138 243 UDP: src = 138, dst = 138, len = 209(0x00D1) UDP 2003-04-03 14:24:13.778

ETHERNET: 00:D0:59:26:EA:80 --> *BROADCAST ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = *BROADCAST Source Address = 00:D0:59:26:EA:80 Protocol = Internet Protocol IP: 10.0.0.204 --> 10.255.255.255 ID = 0x5785, Protocol = UDP, Length = 229(0x00E5) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 229(0x00E5) Identification = 22405(0x5785) Flags = 0(0x00) MF = .....0.. :Last Fragment in datagram DF = ......0. :May Fragment Fragment = 0(0x00) Time to Live = 128(0x80) Protocol = UDP Checksum = 0xCCB8 Source Address = 10.0.0.204 Destination Address = 10.255.255.255 UDP: src = 138, dst = 138, len = 209(0x00D1) Source Port = 138(netbios-dgm) Destination Port = 138(netbios-dgm) Length = 209(0x00D1) Checksum = 44776(0xAEE8) UDP Data length = 201(0x00C9) 0000: FF FF FF FF FF FF 00 D0 59 26 EA 80 08 00 45 00 ........Y&....E. 0010: 00 E5 57 85 00 00 80 11 CC B8 0A 00 00 CC 0A FF ..W............. 0020: FF FF 00 8A 00 8A 00 D1 AE E8 11 0E 83 C8 0A 00 ................ 0030: 00 CC 00 8A 00 BB 00 00 20 45 46 46 47 45 42 45 ........ EFFGEBE 0040: 4F 46 43 43 41 43 41 43 41 43 41 43 41 43 41 43 OFCCACACACACACAC 0050: 41 43 41 43 41 43 41 43 41 00 20 45 4F 45 46 46 ACACACACA. EOEFF 0060: 45 46 48 45 42 46 4A 43 41 43 41 43 41 43 41 43 EFHEBFJCACACACAC 0070: 41 43 41 43 41 43 41 43 41 42 4E 00 FF 53 4D 42 ACACACACABN..SMB 0080: 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 %............... 0090: 00 00 00 00 00 00 00 00 00 00 00 00 11 00 00 21 ...............! 00A0: 00 00 00 00 00 00 00 00 00 E8 03 00 00 00 00 00 ................ 00B0: 00 00 00 21 00 56 00 03 00 01 00 00 00 02 00 32 ...!.V.........2 00C0: 00 5C 4D 41 49 4C 53 4C 4F 54 5C 42 52 4F 57 53 .\MAILSLOT\BROWS 00D0: 45 00 01 00 80 FC 0A 00 45 56 41 4E 52 00 00 00 E.......EVANR... 00E0: 00 00 00 00 00 00 00 00 05 00 03 10 01 00 0F 01 ................ 00F0: 55 AA 00 U........%......

2 00:06:53:42:4D:D7 01:00:0C:CC:CC:CD 64 SNAP: etype = 0x010B(Unknown) SNAP 2003-04-03 14:24:13.788

ETHERNET: 00:06:53:42:4D:D7 --> 01:00:0C:CC:CC:CD Length = 50 Destination Address = 01:00:0C:CC:CC:CD Source Address = 00:06:53:42:4D:D7 Length = 50(0x0032) LLC: DSAP = 0xAA, SSAP = 0xAA, Command = 0x003 DSAP = 0xAA, Sub-Network Access Protocol(SNAP) SSAP = 0xAA, Sub-Network Access Protocol(SNAP) Command = 0x03 SNAP: etype = 0x010B(Unknown) Organization code = 00 00 0C TYPE = 0x10B(Unknown) SNAP Data: Length = 42(0x2A) 0000: 01 00 0C CC CC CD 00 06 53 42 4D D7 00 32 AA AA ........SBM..2.. 0010: 03 00 00 0C 01 0B 00 00 00 00 00 80 00 00 04 4D ...............M 0020: 8E 1B 40 00 00 00 04 80 00 00 06 53 42 4D C0 80 ..@........SBM.. 0030: 25 01 00 14 00 02 00 0F 00 00 00 00 00 02 00 01 %...............

3 61.132.62.169:20 10.0.0.176:1539 60 TCP: src = 20, dst = 1539, ack = 0XD9C8AF09 ACK TCP 2003-04-03 14:24:13.808

ETHERNET: 00:10:EE:88:30:95 --> 00:01:02:FC:A1:62 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:01:02:FC:A1:62 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 61.132.62.169 --> 10.0.0.176 ID = 0x0423, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 1059(0x0423) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 115(0x73) Protocol = TCP Checksum = 0x7CD0 Source Address = 61.132.62.169 Destination Address = 10.0.0.176 TCP: src = 20, dst = 1539, ack = 0xD9C8AF09, ACK Source Port = 20(ftp-data) Destination Port = 1539(Unknown) Sequence Number = -1724986457(0x992ECBA7) Acknowledgment Number = 162515161(0x09AFC8D9) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 64240(0xFAF0) Checksum = 0xF090 Urgent Pointer = 0x0000 0000: 00 01 02 FC A1 62 00 10 EE 88 30 95 08 00 45 00 .....b....0...E. 0010: 00 28 04 23 40 00 73 06 7C D0 3D 84 3E A9 0A 00 .(.#@.s.|.=.>... 0020: 00 B0 00 14 06 03 99 2E CB A7 09 AF C8 D9 50 10 ..............P. 0030: FA F0 F0 90 00 00 00 00 00 00 00 00 ................

4 00:30:1E:25:74:D8 01:80:C2:00:00:00 60 BPDU: S:Pri=0x8000 Port=0x800D Root:Pri=0x8000 Addr=00:04:4D:8E:1B:40 Cost=22 BPDU 2003-04-03 14:24:13.818

ETHERNET: 00:30:1E:25:74:D8 --> 01:80:C2:00:00:00 Length = 38 Destination Address = 01:80:C2:00:00:00 Source Address = 00:30:1E:25:74:D8 Length = 38(0x0026) LLC: DSAP = 0x42, SSAP = 0x42, Command = 0x003 DSAP = 0x42, BPDU SSAP = 0x42, BPDU Command = 0x03 BPDU: S:Pri=0x8000 Port=0x800D Root:Pri=0x8000 Addr=00:04:4D:8E:1B:40 Cose=22 Protocol Identifier = 0x0000 Protocol Version = 0x00 BPDU Type = 0x00(Configuration) BPDU Flags = 0x00 0....... = Not Topology Change Notification .......0 = Not Topology Change Notification Acknowledgement Root Identifier = 8000.00044D8E1B40 Priority = 0x8000 Mac Address = 00044D8E1B40 Root Path Cost = 22 Sending Bridge Id = 8000.00301E2574D8.800D Priority = 0x8000 Mac Address = 00301E2574D8 Port = 0x800D Message Age = 2.000 seconds Information Lifetime = 20.000 seconds Root Hello Time = 2.000 seconds Forward Delay = 15.000 seconds 0000: 01 80 C2 00 00 00 00 30 1E 25 74 D8 00 26 42 42 .......0.%t..&BB 0010: 03 00 00 00 00 00 80 00 00 04 4D 8E 1B 40 00 00 ..........M..@.. 0020: 00 16 80 00 00 30 1E 25 74 D8 80 0D 02 00 14 00 .....0.%t....... 0030: 02 00 0F 00 00 00 00 00 00 00 00 00 ................

5 61.132.62.169:20 10.0.0.176:1539 60 TCP: src = 20, dst = 1539, ack = 0X8DCEAF09 ACK TCP 2003-04-03 14:24:14.109

ETHERNET: 00:10:EE:88:30:95 --> 00:01:02:FC:A1:62 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:01:02:FC:A1:62 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 61.132.62.169 --> 10.0.0.176 ID = 0x042E, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 1070(0x042E) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 115(0x73) Protocol = TCP Checksum = 0x7CC5 Source Address = 61.132.62.169 Destination Address = 10.0.0.176 TCP: src = 20, dst = 1539, ack = 0x8DCEAF09, ACK Source Port = 20(ftp-data) Destination Port = 1539(Unknown) Sequence Number = -1724986457(0x992ECBA7) Acknowledgment Number = 162516621(0x09AFCE8D) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 64240(0xFAF0) Checksum = 0xEADC Urgent Pointer = 0x0000 0000: 00 01 02 FC A1 62 00 10 EE 88 30 95 08 00 45 00 .....b....0...E. 0010: 00 28 04 2E 40 00 73 06 7C C5 3D 84 3E A9 0A 00 .(..@.s.|.=.>... 0020: 00 B0 00 14 06 03 99 2E CB A7 09 AF CE 8D 50 10 ..............P. 0030: FA F0 EA DC 00 00 00 00 00 00 00 00 ................

6 61.132.62.169:20 10.0.0.176:1539 60 TCP: src = 20, dst = 1539, ack = 0X25D3AF09 ACK TCP 2003-04-03 14:24:14.509

ETHERNET: 00:10:EE:88:30:95 --> 00:01:02:FC:A1:62 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:01:02:FC:A1:62 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 61.132.62.169 --> 10.0.0.176 ID = 0x0447, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 1095(0x0447) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 115(0x73) Protocol = TCP Checksum = 0x7CAC Source Address = 61.132.62.169 Destination Address = 10.0.0.176 TCP: src = 20, dst = 1539, ack = 0x25D3AF09, ACK Source Port = 20(ftp-data) Destination Port = 1539(Unknown) Sequence Number = -1724986457(0x992ECBA7) Acknowledgment Number = 162517797(0x09AFD325) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 63064(0xF658) Checksum = 0xEADC Urgent Pointer = 0x0000 0000: 00 01 02 FC A1 62 00 10 EE 88 30 95 08 00 45 00 .....b....0...E. 0010: 00 28 04 47 40 00 73 06 7C AC 3D 84 3E A9 0A 00 .(.G@.s.|.=.>... 0020: 00 B0 00 14 06 03 99 2E CB A7 09 AF D3 25 50 10 .............%P. 0030: F6 58 EA DC 00 00 00 00 00 00 00 00 .X..............

7 61.132.62.169:20 10.0.0.176:1539 60 TCP: src = 20, dst = 1539, ack = 0XD9D8AF09 ACK TCP 2003-04-03 14:24:14.910

ETHERNET: 00:10:EE:88:30:95 --> 00:01:02:FC:A1:62 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:01:02:FC:A1:62 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 61.132.62.169 --> 10.0.0.176 ID = 0x0453, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 1107(0x0453) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 115(0x73) Protocol = TCP Checksum = 0x7CA0 Source Address = 61.132.62.169 Destination Address = 10.0.0.176 TCP: src = 20, dst = 1539, ack = 0xD9D8AF09, ACK Source Port = 20(ftp-data) Destination Port = 1539(Unknown) Sequence Number = -1724986457(0x992ECBA7) Acknowledgment Number = 162519257(0x09AFD8D9) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 64240(0xFAF0) Checksum = 0xE090 Urgent Pointer = 0x0000 0000: 00 01 02 FC A1 62 00 10 EE 88 30 95 08 00 45 00 .....b....0...E. 0010: 00 28 04 53 40 00 73 06 7C A0 3D 84 3E A9 0A 00 .(.S@.s.|.=.>... 0020: 00 B0 00 14 06 03 99 2E CB A7 09 AF D8 D9 50 10 ..............P. 0030: FA F0 E0 90 00 00 00 00 00 00 00 00 ................

8 61.132.62.169:20 10.0.0.176:1539 60 TCP: src = 20, dst = 1539, ack = 0X8DDEAF09 ACK TCP 2003-04-03 14:24:15.220

ETHERNET: 00:10:EE:88:30:95 --> 00:01:02:FC:A1:62 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:01:02:FC:A1:62 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 61.132.62.169 --> 10.0.0.176 ID = 0x045E, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 1118(0x045E) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 115(0x73) Protocol = TCP Checksum = 0x7C95 Source Address = 61.132.62.169 Destination Address = 10.0.0.176 TCP: src = 20, dst = 1539, ack = 0x8DDEAF09, ACK Source Port = 20(ftp-data) Destination Port = 1539(Unknown) Sequence Number = -1724986457(0x992ECBA7) Acknowledgment Number = 162520717(0x09AFDE8D) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 64240(0xFAF0) Checksum = 0xDADC Urgent Pointer = 0x0000 0000: 00 01 02 FC A1 62 00 10 EE 88 30 95 08 00 45 00 .....b....0...E. 0010: 00 28 04 5E 40 00 73 06 7C 95 3D 84 3E A9 0A 00 .(.^@.s.|.=.>... 0020: 00 B0 00 14 06 03 99 2E CB A7 09 AF DE 8D 50 10 ..............P. 0030: FA F0 DA DC 00 00 00 00 00 00 00 00 .............f..

9 61.132.62.169:20 10.0.0.176:1539 60 TCP: src = 20, dst = 1539, ack = 0X25E3AF09 ACK TCP 2003-04-03 14:24:15.621

ETHERNET: 00:10:EE:88:30:95 --> 00:01:02:FC:A1:62 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:01:02:FC:A1:62 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 61.132.62.169 --> 10.0.0.176 ID = 0x0474, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 1140(0x0474) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 115(0x73) Protocol = TCP Checksum = 0x7C7F Source Address = 61.132.62.169 Destination Address = 10.0.0.176 TCP: src = 20, dst = 1539, ack = 0x25E3AF09, ACK Source Port = 20(ftp-data) Destination Port = 1539(Unknown) Sequence Number = -1724986457(0x992ECBA7) Acknowledgment Number = 162521893(0x09AFE325) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 63064(0xF658) Checksum = 0xDADC Urgent Pointer = 0x0000 0000: 00 01 02 FC A1 62 00 10 EE 88 30 95 08 00 45 00 .....b....0...E. 0010: 00 28 04 74 40 00 73 06 7C 7F 3D 84 3E A9 0A 00 .(.t@.s.|=.>... 0020: 00 B0 00 14 06 03 99 2E CB A7 09 AF E3 25 50 10 .............%P. 0030: F6 58 DA DC 00 00 00 00 00 00 00 00 .X..............

10 10.0.0.227:7223 10.0.0.54:2235 62 TCP: src = 7223, dst = 2235, ack = 0X50A58B2E SYN ACK TCP 2003-04-03 14:24:15.621

ETHERNET: 00:10:EE:88:30:95 --> 00:10:4B:19:A8:31 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:10:4B:19:A8:31 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 10.0.0.227 --> 10.0.0.54 ID = 0xD9F3, Protocol = TCP, Length = 48(0x0030) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 48(0x0030) Identification = 55795(0xD9F3) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 64(0x40) Protocol = TCP Checksum = 0x4BBC Source Address = 10.0.0.227 Destination Address = 10.0.0.54 TCP: src = 7223, dst = 2235, ack = 0x50A58B2E, SYN ACK Source Port = 7223(Unknown) Destination Port = 2235(Unknown) Sequence Number = 2021072928(0x78772020) Acknowledgment Number = 780903760(0x2E8BA550) Data Offset = 28(0x1C) Flags = 0x12 SYN ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .1...... : Synchronize sequence numbers 0....... : No Fin Window = 32120(0x7D78) Checksum = 0x5F19 Urgent Pointer = 0x0000 Option: Maximum Segment Size Number: Maximum Segment Size Length: 4 Maximum Segment Size: 1460(0x05B4) Option: Nop Option: Nop Option: Sack-Permitted Option Number: Sack-Permitted Option Length: 2 0000: 00 10 4B 19 A8 31 00 10 EE 88 30 95 08 00 45 00 ..K..1....0...E. 0010: 00 30 D9 F3 40 00 40 06 4B BC 0A 00 00 E3 0A 00 .0..@.@.K....... 0020: 00 36 1C 37 08 BB 78 77 20 20 2E 8B A5 50 70 12 .6.7..xw ...Pp. 0030: 7D 78 5F 19 00 00 02 04 05 B4 01 01 04 02 }x_.............

11 10.0.0.227:7223 10.0.0.54:2235 60 TCP: src = 7223, dst = 2235, ack = 0X78A58B2E ACK TCP 2003-04-03 14:24:15.621

ETHERNET: 00:10:EE:88:30:95 --> 00:10:4B:19:A8:31 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:10:4B:19:A8:31 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 10.0.0.227 --> 10.0.0.54 ID = 0xD9F4, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 55796(0xD9F4) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 64(0x40) Protocol = TCP Checksum = 0x4BC3 Source Address = 10.0.0.227 Destination Address = 10.0.0.54 TCP: src = 7223, dst = 2235, ack = 0x78A58B2E, ACK Source Port = 7223(Unknown) Destination Port = 2235(Unknown) Sequence Number = 2021072929(0x78772021) Acknowledgment Number = 780903800(0x2E8BA578) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 32120(0x7D78) Checksum = 0x8BB5 Urgent Pointer = 0x0000 0000: 00 10 4B 19 A8 31 00 10 EE 88 30 95 08 00 45 00 ..K..1....0...E. 0010: 00 28 D9 F4 40 00 40 06 4B C3 0A 00 00 E3 0A 00 .(..@.@.K....... 0020: 00 36 1C 37 08 BB 78 77 20 21 2E 8B A5 78 50 10 .6.7..xw !...xP. 0030: 7D 78 8B B5 00 00 00 00 00 00 00 00 }x..............

12 10.0.0.227:7223 10.0.0.54:2235 74 TCP: src = 7223, dst = 2235, ack = 0X78A58B2E PSH ACK TCP 2003-04-03 14:24:15.621

ETHERNET: 00:10:EE:88:30:95 --> 00:10:4B:19:A8:31 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:10:4B:19:A8:31 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 10.0.0.227 --> 10.0.0.54 ID = 0xD9F5, Protocol = TCP, Length = 60(0x003C) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 60(0x003C) Identification = 55797(0xD9F5) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 64(0x40) Protocol = TCP Checksum = 0x4BAE Source Address = 10.0.0.227 Destination Address = 10.0.0.54 TCP: src = 7223, dst = 2235, ack = 0x78A58B2E, PSH ACK Source Port = 7223(Unknown) Destination Port = 2235(Unknown) Sequence Number = 2021072929(0x78772021) Acknowledgment Number = 780903800(0x2E8BA578) Data Offset = 20(0x14) Flags = 0x18 PSH ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...1.... : Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 32120(0x7D78) Checksum = 0x1485 Urgent Pointer = 0x0000 TCP Data length = 20(0x0014) 0000: 00 10 4B 19 A8 31 00 10 EE 88 30 95 08 00 45 00 ..K..1....0...E. 0010: 00 3C D9 F5 40 00 40 06 4B AE 0A 00 00 E3 0A 00 .<..@.@.K....... 0020: 00 36 1C 37 08 BB 78 77 20 21 2E 8B A5 78 50 18 .6.7..xw !...xP. 0030: 7D 78 14 85 00 00 BE DD 1B ED 00 00 9C 42 00 00 }x...........B.. 0040: 00 03 00 00 00 04 00 00 00 00 ................

13 10.0.0.227:7223 10.0.0.54:2235 60 TCP: src = 7223, dst = 2235, ack = 0X79A58B2E ACK TCP 2003-04-03 14:24:15.631

ETHERNET: 00:10:EE:88:30:95 --> 00:10:4B:19:A8:31 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:10:4B:19:A8:31 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 10.0.0.227 --> 10.0.0.54 ID = 0xD9F6, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 55798(0xD9F6) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 64(0x40) Protocol = TCP Checksum = 0x4BC1 Source Address = 10.0.0.227 Destination Address = 10.0.0.54 TCP: src = 7223, dst = 2235, ack = 0x79A58B2E, ACK Source Port = 7223(Unknown) Destination Port = 2235(Unknown) Sequence Number = 2021072949(0x78772035) Acknowledgment Number = 780903801(0x2E8BA579) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 32120(0x7D78) Checksum = 0x8BA0 Urgent Pointer = 0x0000 0000: 00 10 4B 19 A8 31 00 10 EE 88 30 95 08 00 45 00 ..K..1....0...E. 0010: 00 28 D9 F6 40 00 40 06 4B C1 0A 00 00 E3 0A 00 .(..@.@.K....... 0020: 00 36 1C 37 08 BB 78 77 20 35 2E 8B A5 79 50 10 .6.7..xw 5...yP. 0030: 7D 78 8B A0 00 00 00 00 00 00 00 00 }x..............

14 10.0.0.227:7223 10.0.0.54:2235 60 TCP: src = 7223, dst = 2235, ack = 0X79A58B2E FIN ACK TCP 2003-04-03 14:24:15.631

ETHERNET: 00:10:EE:88:30:95 --> 00:10:4B:19:A8:31 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:10:4B:19:A8:31 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 10.0.0.227 --> 10.0.0.54 ID = 0xD9F7, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 55799(0xD9F7) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 64(0x40) Protocol = TCP Checksum = 0x4BC0 Source Address = 10.0.0.227 Destination Address = 10.0.0.54 TCP: src = 7223, dst = 2235, ack = 0x79A58B2E, FIN ACK Source Port = 7223(Unknown) Destination Port = 2235(Unknown) Sequence Number = 2021072949(0x78772035) Acknowledgment Number = 780903801(0x2E8BA579) Data Offset = 20(0x14) Flags = 0x11 FIN ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 1....... : No more data from sender Window = 32120(0x7D78) Checksum = 0x8B9F Urgent Pointer = 0x0000 0000: 00 10 4B 19 A8 31 00 10 EE 88 30 95 08 00 45 00 ..K..1....0...E. 0010: 00 28 D9 F7 40 00 40 06 4B C0 0A 00 00 E3 0A 00 .(..@.@.K....... 0020: 00 36 1C 37 08 BB 78 77 20 35 2E 8B A5 79 50 11 .6.7..xw 5...yP. 0030: 7D 78 8B 9F 00 00 00 00 00 00 00 00 }x..............

15 00:04:DC:C4:EA:69 01:00:81:00:01:00 60 SNAP: etype = 0x01A2(Unknown) SNAP 2003-04-03 14:24:15.651

ETHERNET: 00:04:DC:C4:EA:69 --> 01:00:81:00:01:00 Length = 19 Destination Address = 01:00:81:00:01:00 Source Address = 00:04:DC:C4:EA:69 Length = 19(0x0013) LLC: DSAP = 0xAA, SSAP = 0xAA, Command = 0x003 DSAP = 0xAA, Sub-Network Access Protocol(SNAP) SSAP = 0xAA, Sub-Network Access Protocol(SNAP) Command = 0x03 SNAP: etype = 0x01A2(Unknown) Organization code = 00 00 81 TYPE = 0x1A2(Unknown) SNAP Data: Length = 38(0x26) 0000: 01 00 81 00 01 00 00 04 DC C4 EA 69 00 13 AA AA ...........i.... 0010: 03 00 00 81 01 A2 0A 00 01 06 00 01 18 30 0C 02 .............0.. 0020: 00 00 00 00 00 04 DC C4 EA 69 80 16 01 01 14 00 .........i...... 0030: 02 00 0F 00 00 00 00 00 00 00 00 00 ................

16 00:04:DC:C4:EA:69 01:00:81:00:01:01 60 SNAP: etype = 0x01A1(Unknown) SNAP 2003-04-03 14:24:15.651

ETHERNET: 00:04:DC:C4:EA:69 --> 01:00:81:00:01:01 Length = 19 Destination Address = 01:00:81:00:01:01 Source Address = 00:04:DC:C4:EA:69 Length = 19(0x0013) LLC: DSAP = 0xAA, SSAP = 0xAA, Command = 0x003 DSAP = 0xAA, Sub-Network Access Protocol(SNAP) SSAP = 0xAA, Sub-Network Access Protocol(SNAP) Command = 0x03 SNAP: etype = 0x01A1(Unknown) Organization code = 00 00 81 TYPE = 0x1A1(Unknown) SNAP Data: Length = 38(0x26) 0000: 01 00 81 00 01 01 00 04 DC C4 EA 69 00 13 AA AA ...........i.... 0010: 03 00 00 81 01 A1 0A 00 01 06 00 01 18 30 0C 02 .............0.. 0020: 00 00 00 00 00 04 DC C4 EA 69 80 17 01 01 14 00 .........i...... 0030: 02 00 0F 00 00 01 00 00 00 00 00 00 ................

17 00:06:53:42:4D:D7 01:00:0C:CC:CC:CD 64 SNAP: etype = 0x010B(Unknown) SNAP 2003-04-03 14:24:15.791

ETHERNET: 00:06:53:42:4D:D7 --> 01:00:0C:CC:CC:CD Length = 50 Destination Address = 01:00:0C:CC:CC:CD Source Address = 00:06:53:42:4D:D7 Length = 50(0x0032) LLC: DSAP = 0xAA, SSAP = 0xAA, Command = 0x003 DSAP = 0xAA, Sub-Network Access Protocol(SNAP) SSAP = 0xAA, Sub-Network Access Protocol(SNAP) Command = 0x03 SNAP: etype = 0x010B(Unknown) Organization code = 00 00 0C TYPE = 0x10B(Unknown) SNAP Data: Length = 42(0x2A) 0000: 01 00 0C CC CC CD 00 06 53 42 4D D7 00 32 AA AA ........SBM..2.. 0010: 03 00 00 0C 01 0B 00 00 00 00 00 80 00 00 04 4D ...............M 0020: 8E 1B 40 00 00 00 04 80 00 00 06 53 42 4D C0 80 ..@........SBM.. 0030: 25 01 00 14 00 02 00 0F 00 00 00 00 00 02 00 01 %...............

18 00:30:1E:25:74:D8 01:80:C2:00:00:00 60 BPDU: S:Pri=0x8000 Port=0x800D Root:Pri=0x8000 Addr=00:04:4D:8E:1B:40 Cost=22 BPDU 2003-04-03 14:24:15.811

ETHERNET: 00:30:1E:25:74:D8 --> 01:80:C2:00:00:00 Length = 38 Destination Address = 01:80:C2:00:00:00 Source Address = 00:30:1E:25:74:D8 Length = 38(0x0026) LLC: DSAP = 0x42, SSAP = 0x42, Command = 0x003 DSAP = 0x42, BPDU SSAP = 0x42, BPDU Command = 0x03 BPDU: S:Pri=0x8000 Port=0x800D Root:Pri=0x8000 Addr=00:04:4D:8E:1B:40 Cose=22 Protocol Identifier = 0x0000 Protocol Version = 0x00 BPDU Type = 0x00(Configuration) BPDU Flags = 0x00 0....... = Not Topology Change Notification .......0 = Not Topology Change Notification Acknowledgement Root Identifier = 8000.00044D8E1B40 Priority = 0x8000 Mac Address = 00044D8E1B40 Root Path Cost = 22 Sending Bridge Id = 8000.00301E2574D8.800D Priority = 0x8000 Mac Address = 00301E2574D8 Port = 0x800D Message Age = 2.000 seconds Information Lifetime = 20.000 seconds Root Hello Time = 2.000 seconds Forward Delay = 15.000 seconds 0000: 01 80 C2 00 00 00 00 30 1E 25 74 D8 00 26 42 42 .......0.%t..&BB 0010: 03 00 00 00 00 00 80 00 00 04 4D 8E 1B 40 00 00 ..........M..@.. 0020: 00 16 80 00 00 30 1E 25 74 D8 80 0D 02 00 14 00 .....0.%t....... 0030: 02 00 0F 00 00 00 00 00 00 00 00 00 ................

19 61.132.62.169:20 10.0.0.176:1539 60 TCP: src = 20, dst = 1539, ack = 0XD9E8AF09 ACK TCP 2003-04-03 14:24:16.022

ETHERNET: 00:10:EE:88:30:95 --> 00:01:02:FC:A1:62 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:01:02:FC:A1:62 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 61.132.62.169 --> 10.0.0.176 ID = 0x0485, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 1157(0x0485) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 115(0x73) Protocol = TCP Checksum = 0x7C6E Source Address = 61.132.62.169 Destination Address = 10.0.0.176 TCP: src = 20, dst = 1539, ack = 0xD9E8AF09, ACK Source Port = 20(ftp-data) Destination Port = 1539(Unknown) Sequence Number = -1724986457(0x992ECBA7) Acknowledgment Number = 162523353(0x09AFE8D9) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 64240(0xFAF0) Checksum = 0xD090 Urgent Pointer = 0x0000 0000: 00 01 02 FC A1 62 00 10 EE 88 30 95 08 00 45 00 .....b....0...E. 0010: 00 28 04 85 40 00 73 06 7C 6E 3D 84 3E A9 0A 00 .(..@.s.|n=.>... 0020: 00 B0 00 14 06 03 99 2E CB A7 09 AF E8 D9 50 10 ..............P. 0030: FA F0 D0 90 00 00 00 00 00 00 00 00 ............8...

20 10.1.0.118:139 10.0.0.42:1034 107 TCP: src = 139, dst = 1034, ack = 0X9C69BA3F PSH ACK TCP 2003-04-03 14:24:16.182

ETHERNET: 00:08:9B:90:00:AE --> 00:50:04:B9:A2:4C ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:50:04:B9:A2:4C Source Address = 00:08:9B:90:00:AE Protocol = Internet Protocol IP: 10.1.0.118 --> 10.0.0.42 ID = 0x6DC0, Protocol = TCP, Length = 93(0x005D) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 93(0x005D) Identification = 28096(0x6DC0) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 64(0x40) Protocol = TCP Checksum = 0xB83A Source Address = 10.1.0.118 Destination Address = 10.0.0.42 TCP: src = 139, dst = 1034, ack = 0x9C69BA3F, PSH ACK Source Port = 139(netbios-ssn) Destination Port = 1034(Unknown) Sequence Number = -419455426(0xE6FF9E3E) Acknowledgment Number = 1069181340(0x3FBA699C) Data Offset = 20(0x14) Flags = 0x18 PSH ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...1.... : Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 10220(0x27EC) Checksum = 0xA4AF Urgent Pointer = 0x0000 TCP Data length = 53(0x0035) 0000: 00 50 04 B9 A2 4C 00 08 9B 90 00 AE 08 00 45 00 .P...L........E. 0010: 00 5D 6D C0 40 00 40 06 B8 3A 0A 01 00 76 0A 00 .]m.@.@..:...v.. 0020: 00 2A 00 8B 04 0A E6 FF 9E 3E 3F BA 69 9C 50 18 .*.......>?.i.P. 0030: 27 EC A4 AF 00 00 00 00 00 31 FF 53 4D 42 2B 00 '........1.SMB+. 0040: 00 00 00 88 01 00 00 00 00 00 00 00 00 00 00 00 ................ 0050: 00 00 FF FF FF FE 00 00 FE FF 01 01 00 0C 00 4A ...............J 0060: 6C 4A 6D 49 68 43 6C 42 73 72 00 lJmIhClBsr......

21 61.132.62.169:20 10.0.0.176:1539 60 TCP: src = 20, dst = 1539, ack = 0X8DEEAF09 ACK TCP 2003-04-03 14:24:16.322

ETHERNET: 00:10:EE:88:30:95 --> 00:01:02:FC:A1:62 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:01:02:FC:A1:62 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 61.132.62.169 --> 10.0.0.176 ID = 0x0492, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 1170(0x0492) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 115(0x73) Protocol = TCP Checksum = 0x7C61 Source Address = 61.132.62.169 Destination Address = 10.0.0.176 TCP: src = 20, dst = 1539, ack = 0x8DEEAF09, ACK Source Port = 20(ftp-data) Destination Port = 1539(Unknown) Sequence Number = -1724986457(0x992ECBA7) Acknowledgment Number = 162524813(0x09AFEE8D) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 64240(0xFAF0) Checksum = 0xCADC Urgent Pointer = 0x0000 0000: 00 01 02 FC A1 62 00 10 EE 88 30 95 08 00 45 00 .....b....0...E. 0010: 00 28 04 92 40 00 73 06 7C 61 3D 84 3E A9 0A 00 .(..@.s.|a=.>... 0020: 00 B0 00 14 06 03 99 2E CB A7 09 AF EE 8D 50 10 ..............P. 0030: FA F0 CA DC 00 00 00 00 00 00 00 00 ..............X.

22 00:10:4B:1C:44:8B *BROADCAST 42 Request for 10.0.0.227 Prot type: IP ARP 2003-04-03 14:24:16.342

ETHERNET: 00:10:4B:1C:44:8B --> *BROADCAST ETYPE = 0x0806,Protocol = ARP Destination Address = *BROADCAST Source Address = 00:10:4B:1C:44:8B Protocol = ARP ARP Request Packet: Hardware Type = Ethernet; Protocol Type = IP Hardware Address Type = Ethernet(0x0001) Protocol Address Type = IP(0x0800) Hardware Address Length = 6 bytes Protocol Address Length = 4 bytes Option = Request(0x0001) Source Hardware Address = 00:10:4B:1C:44:8B Destination Hardware Address = 00:00:00:00:00:00 Source Protocol Address = 10.0.0.243 Destination Protocol Address = 10.0.0.227 0000: FF FF FF FF FF FF 00 10 4B 1C 44 8B 08 06 00 01 ........K.D..... 0010: 08 00 06 04 00 01 00 10 4B 1C 44 8B 0A 00 00 F3 ........K.D..... 0020: 00 00 00 00 00 00 0A 00 00 E3 ............~...

23 00:10:EE:88:30:95 00:10:4B:1C:44:8B 60 Response for 10.0.0.243 Prot type: IP ARP 2003-04-03 14:24:16.342

ETHERNET: 00:10:EE:88:30:95 --> 00:10:4B:1C:44:8B ETYPE = 0x0806,Protocol = ARP Destination Address = 00:10:4B:1C:44:8B Source Address = 00:10:EE:88:30:95 Protocol = ARP ARP Response Packet: Hardware Type = Ethernet; Protocol Type = IP Hardware Address Type = Ethernet(0x0001) Protocol Address Type = IP(0x0800) Hardware Address Length = 6 bytes Protocol Address Length = 4 bytes Option = Response(0x0002) Source Hardware Address = 00:10:EE:88:30:95 Destination Hardware Address = 00:10:4B:1C:44:8B Source Protocol Address = 10.0.0.227 Destination Protocol Address = 10.0.0.243 0000: 00 10 4B 1C 44 8B 00 10 EE 88 30 95 08 06 00 01 ..K.D.....0..... 0010: 08 00 06 04 00 02 00 10 EE 88 30 95 0A 00 00 E3 ..........0..... 0020: 00 10 4B 1C 44 8B 0A 00 00 F3 00 00 00 00 00 00 ..K.D........... 0030: 00 00 00 00 00 00 00 00 00 00 00 00 ............h...

24 10.0.0.243:1926 10.0.0.227:7223 62 TCP: src = 1926, dst = 7223, ack = 0X00000000 SYN TCP 2003-04-03 14:24:16.342

ETHERNET: 00:10:4B:1C:44:8B --> 00:10:EE:88:30:95 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:10:EE:88:30:95 Source Address = 00:10:4B:1C:44:8B Protocol = Internet Protocol IP: 10.0.0.243 --> 10.0.0.227 ID = 0x3A67, Protocol = TCP, Length = 48(0x0030) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 48(0x0030) Identification = 14951(0x3A67) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 128(0x80) Protocol = TCP Checksum = 0x0000 Source Address = 10.0.0.243 Destination Address = 10.0.0.227 TCP: src = 1926, dst = 7223, ack = 0x00000000, SYN Source Port = 1926(Unknown) Destination Port = 7223(Unknown) Sequence Number = -1718642830(0x998F9772) Acknowledgment Number = 0(0x00000000) Data Offset = 28(0x1C) Flags = 0x02 SYN .....0.. : Urgent Pointer field no significant ....0... : Acknowledgment field no significant ...0.... : No Push Function ..0..... : No Reset .1...... : Synchronize sequence numbers 0....... : No Fin Window = 16384(0x4000) Checksum = 0xD88A Urgent Pointer = 0x0000 Option: Maximum Segment Size Number: Maximum Segment Size Length: 4 Maximum Segment Size: 1460(0x05B4) Option: Nop Option: Nop Option: Sack-Permitted Option Number: Sack-Permitted Option Length: 2 0000: 00 10 EE 88 30 95 00 10 4B 1C 44 8B 08 00 45 00 ....0...K.D...E. 0010: 00 30 3A 67 40 00 80 06 00 00 0A 00 00 F3 0A 00 .0:g@........... 0020: 00 E3 07 86 1C 37 99 8F 97 72 00 00 00 00 70 02 .....7...r....p. 0030: 40 00 D8 8A 00 00 02 04 05 B4 01 01 04 02 @...............

25 10.0.0.227:7223 10.0.0.243:1926 62 TCP: src = 7223, dst = 1926, ack = 0X73978F99 SYN ACK TCP 2003-04-03 14:24:16.342

ETHERNET: 00:10:EE:88:30:95 --> 00:10:4B:1C:44:8B ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:10:4B:1C:44:8B Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 10.0.0.227 --> 10.0.0.243 ID = 0xD9FA, Protocol = TCP, Length = 48(0x0030) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 48(0x0030) Identification = 55802(0xD9FA) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 64(0x40) Protocol = TCP Checksum = 0x4AF8 Source Address = 10.0.0.227 Destination Address = 10.0.0.243 TCP: src = 7223, dst = 1926, ack = 0x73978F99, SYN ACK Source Port = 7223(Unknown) Destination Port = 1926(Unknown) Sequence Number = 2011421089(0x77E3D9A1) Acknowledgment Number = -1718642829(0x998F9773) Data Offset = 28(0x1C) Flags = 0x12 SYN ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .1...... : Synchronize sequence numbers 0....... : No Fin Window = 32120(0x7D78) Checksum = 0x497C Urgent Pointer = 0x0000 Option: Maximum Segment Size Number: Maximum Segment Size Length: 4 Maximum Segment Size: 1460(0x05B4) Option: Nop Option: Nop Option: Sack-Permitted Option Number: Sack-Permitted Option Length: 2 0000: 00 10 4B 1C 44 8B 00 10 EE 88 30 95 08 00 45 00 ..K.D.....0...E. 0010: 00 30 D9 FA 40 00 40 06 4A F8 0A 00 00 E3 0A 00 .0..@.@.J....... 0020: 00 F3 1C 37 07 86 77 E3 D9 A1 99 8F 97 73 70 12 ...7..w......sp. 0030: 7D 78 49 7C 00 00 02 04 05 B4 01 01 04 02 }xI|............

26 10.0.0.243:1926 10.0.0.227:7223 54 TCP: src = 1926, dst = 7223, ack = 0XA2D9E377 ACK TCP 2003-04-03 14:24:16.342

ETHERNET: 00:10:4B:1C:44:8B --> 00:10:EE:88:30:95 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:10:EE:88:30:95 Source Address = 00:10:4B:1C:44:8B Protocol = Internet Protocol IP: 10.0.0.243 --> 10.0.0.227 ID = 0x3A68, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 14952(0x3A68) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 128(0x80) Protocol = TCP Checksum = 0x0000 Source Address = 10.0.0.243 Destination Address = 10.0.0.227 TCP: src = 1926, dst = 7223, ack = 0xA2D9E377, ACK Source Port = 1926(Unknown) Destination Port = 7223(Unknown) Sequence Number = -1718642829(0x998F9773) Acknowledgment Number = 2011421090(0x77E3D9A2) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 17520(0x4470) Checksum = 0x15F0 Urgent Pointer = 0x0000 0000: 00 10 EE 88 30 95 00 10 4B 1C 44 8B 08 00 45 00 ....0...K.D...E. 0010: 00 28 3A 68 40 00 80 06 00 00 0A 00 00 F3 0A 00 .(:h@........... 0020: 00 E3 07 86 1C 37 99 8F 97 73 77 E3 D9 A2 50 10 .....7...sw...P. 0030: 44 70 15 F0 00 00 Dp......~....%..

27 10.0.0.243:1926 10.0.0.227:7223 94 TCP: src = 1926, dst = 7223, ack = 0XA2D9E377 PSH ACK TCP 2003-04-03 14:24:16.342

ETHERNET: 00:10:4B:1C:44:8B --> 00:10:EE:88:30:95 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:10:EE:88:30:95 Source Address = 00:10:4B:1C:44:8B Protocol = Internet Protocol IP: 10.0.0.243 --> 10.0.0.227 ID = 0x3A69, Protocol = TCP, Length = 80(0x0050) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 80(0x0050) Identification = 14953(0x3A69) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 128(0x80) Protocol = TCP Checksum = 0x0000 Source Address = 10.0.0.243 Destination Address = 10.0.0.227 TCP: src = 1926, dst = 7223, ack = 0xA2D9E377, PSH ACK Source Port = 1926(Unknown) Destination Port = 7223(Unknown) Sequence Number = -1718642829(0x998F9773) Acknowledgment Number = 2011421090(0x77E3D9A2) Data Offset = 20(0x14) Flags = 0x18 PSH ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...1.... : Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 17520(0x4470) Checksum = 0x1618 Urgent Pointer = 0x0000 TCP Data length = 40(0x0028) 0000: 00 10 EE 88 30 95 00 10 4B 1C 44 8B 08 00 45 00 ....0...K.D...E. 0010: 00 50 3A 69 40 00 80 06 00 00 0A 00 00 F3 0A 00 .P:i@........... 0020: 00 E3 07 86 1C 37 99 8F 97 73 77 E3 D9 A2 50 18 .....7...sw...P. 0030: 44 70 16 18 00 00 BE DD 1B ED 00 00 9C 42 00 00 Dp...........B.. 0040: 00 07 00 00 00 18 00 00 00 03 67 6A 70 00 00 00 ..........gjp... 0050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

28 10.0.0.227:7223 10.0.0.243:1926 60 TCP: src = 7223, dst = 1926, ack = 0X9B978F99 ACK TCP 2003-04-03 14:24:16.342

ETHERNET: 00:10:EE:88:30:95 --> 00:10:4B:1C:44:8B ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:10:4B:1C:44:8B Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 10.0.0.227 --> 10.0.0.243 ID = 0xD9FB, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 55803(0xD9FB) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 64(0x40) Protocol = TCP Checksum = 0x4AFF Source Address = 10.0.0.227 Destination Address = 10.0.0.243 TCP: src = 7223, dst = 1926, ack = 0x9B978F99, ACK Source Port = 7223(Unknown) Destination Port = 1926(Unknown) Sequence Number = 2011421090(0x77E3D9A2) Acknowledgment Number = -1718642789(0x998F979B) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 32120(0x7D78) Checksum = 0x7618 Urgent Pointer = 0x0000 0000: 00 10 4B 1C 44 8B 00 10 EE 88 30 95 08 00 45 00 ..K.D.....0...E. 0010: 00 28 D9 FB 40 00 40 06 4A FF 0A 00 00 E3 0A 00 .(..@.@.J....... 0020: 00 F3 1C 37 07 86 77 E3 D9 A2 99 8F 97 9B 50 10 ...7..w.......P. 0030: 7D 78 76 18 00 00 00 00 00 00 00 00 }xv.............

29 10.0.0.227:7223 10.0.0.243:1926 74 TCP: src = 7223, dst = 1926, ack = 0X9B978F99 PSH ACK TCP 2003-04-03 14:24:16.342

ETHERNET: 00:10:EE:88:30:95 --> 00:10:4B:1C:44:8B ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:10:4B:1C:44:8B Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 10.0.0.227 --> 10.0.0.243 ID = 0xD9FC, Protocol = TCP, Length = 60(0x003C) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 60(0x003C) Identification = 55804(0xD9FC) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 64(0x40) Protocol = TCP Checksum = 0x4AEA Source Address = 10.0.0.227 Destination Address = 10.0.0.243 TCP: src = 7223, dst = 1926, ack = 0x9B978F99, PSH ACK Source Port = 7223(Unknown) Destination Port = 1926(Unknown) Sequence Number = 2011421090(0x77E3D9A2) Acknowledgment Number = -1718642789(0x998F979B) Data Offset = 20(0x14) Flags = 0x18 PSH ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...1.... : Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 32120(0x7D78) Checksum = 0xFEE7 Urgent Pointer = 0x0000 TCP Data length = 20(0x0014) 0000: 00 10 4B 1C 44 8B 00 10 EE 88 30 95 08 00 45 00 ..K.D.....0...E. 0010: 00 3C D9 FC 40 00 40 06 4A EA 0A 00 00 E3 0A 00 .<..@.@.J....... 0020: 00 F3 1C 37 07 86 77 E3 D9 A2 99 8F 97 9B 50 18 ...7..w.......P. 0030: 7D 78 FE E7 00 00 BE DD 1B ED 00 00 9C 42 00 00 }x...........B.. 0040: 00 03 00 00 00 04 00 00 00 00 ................

30 10.0.0.243:1926 10.0.0.227:7223 54 TCP: src = 1926, dst = 7223, ack = 0XB6D9E377 FIN ACK TCP 2003-04-03 14:24:16.342

ETHERNET: 00:10:4B:1C:44:8B --> 00:10:EE:88:30:95 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:10:EE:88:30:95 Source Address = 00:10:4B:1C:44:8B Protocol = Internet Protocol IP: 10.0.0.243 --> 10.0.0.227 ID = 0x3A6A, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 14954(0x3A6A) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 128(0x80) Protocol = TCP Checksum = 0x0000 Source Address = 10.0.0.243 Destination Address = 10.0.0.227 TCP: src = 1926, dst = 7223, ack = 0xB6D9E377, FIN ACK Source Port = 1926(Unknown) Destination Port = 7223(Unknown) Sequence Number = -1718642789(0x998F979B) Acknowledgment Number = 2011421110(0x77E3D9B6) Data Offset = 20(0x14) Flags = 0x11 FIN ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 1....... : No more data from sender Window = 17500(0x445C) Checksum = 0x15F0 Urgent Pointer = 0x0000 0000: 00 10 EE 88 30 95 00 10 4B 1C 44 8B 08 00 45 00 ....0...K.D...E. 0010: 00 28 3A 6A 40 00 80 06 00 00 0A 00 00 F3 0A 00 .(:j@........... 0020: 00 E3 07 86 1C 37 99 8F 97 9B 77 E3 D9 B6 50 11 .....7....w...P. 0030: 44 5C 15 F0 00 00 D\....c.~....%..

31 10.0.0.227:7223 10.0.0.243:1926 60 TCP: src = 7223, dst = 1926, ack = 0X9C978F99 ACK TCP 2003-04-03 14:24:16.342

ETHERNET: 00:10:EE:88:30:95 --> 00:10:4B:1C:44:8B ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:10:4B:1C:44:8B Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 10.0.0.227 --> 10.0.0.243 ID = 0xD9FD, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 55805(0xD9FD) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 64(0x40) Protocol = TCP Checksum = 0x4AFD Source Address = 10.0.0.227 Destination Address = 10.0.0.243 TCP: src = 7223, dst = 1926, ack = 0x9C978F99, ACK Source Port = 7223(Unknown) Destination Port = 1926(Unknown) Sequence Number = 2011421110(0x77E3D9B6) Acknowledgment Number = -1718642788(0x998F979C) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 32120(0x7D78) Checksum = 0x7603 Urgent Pointer = 0x0000 0000: 00 10 4B 1C 44 8B 00 10 EE 88 30 95 08 00 45 00 ..K.D.....0...E. 0010: 00 28 D9 FD 40 00 40 06 4A FD 0A 00 00 E3 0A 00 .(..@.@.J....... 0020: 00 F3 1C 37 07 86 77 E3 D9 B6 99 8F 97 9C 50 10 ...7..w.......P. 0030: 7D 78 76 03 00 00 00 00 00 00 00 00 }xv.............

32 10.0.0.227:7223 10.0.0.243:1926 60 TCP: src = 7223, dst = 1926, ack = 0X9C978F99 FIN ACK TCP 2003-04-03 14:24:16.342

ETHERNET: 00:10:EE:88:30:95 --> 00:10:4B:1C:44:8B ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:10:4B:1C:44:8B Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 10.0.0.227 --> 10.0.0.243 ID = 0xD9FE, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 55806(0xD9FE) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 64(0x40) Protocol = TCP Checksum = 0x4AFC Source Address = 10.0.0.227 Destination Address = 10.0.0.243 TCP: src = 7223, dst = 1926, ack = 0x9C978F99, FIN ACK Source Port = 7223(Unknown) Destination Port = 1926(Unknown) Sequence Number = 2011421110(0x77E3D9B6) Acknowledgment Number = -1718642788(0x998F979C) Data Offset = 20(0x14) Flags = 0x11 FIN ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 1....... : No more data from sender Window = 32120(0x7D78) Checksum = 0x7602 Urgent Pointer = 0x0000 0000: 00 10 4B 1C 44 8B 00 10 EE 88 30 95 08 00 45 00 ..K.D.....0...E. 0010: 00 28 D9 FE 40 00 40 06 4A FC 0A 00 00 E3 0A 00 .(..@.@.J....... 0020: 00 F3 1C 37 07 86 77 E3 D9 B6 99 8F 97 9C 50 11 ...7..w.......P. 0030: 7D 78 76 02 00 00 00 00 00 00 00 00 }xv.........lB..

33 10.0.0.243:1926 10.0.0.227:7223 54 TCP: src = 1926, dst = 7223, ack = 0XB7D9E377 ACK TCP 2003-04-03 14:24:16.342

ETHERNET: 00:10:4B:1C:44:8B --> 00:10:EE:88:30:95 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:10:EE:88:30:95 Source Address = 00:10:4B:1C:44:8B Protocol = Internet Protocol IP: 10.0.0.243 --> 10.0.0.227 ID = 0x3A6B, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 14955(0x3A6B) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 128(0x80) Protocol = TCP Checksum = 0x0000 Source Address = 10.0.0.243 Destination Address = 10.0.0.227 TCP: src = 1926, dst = 7223, ack = 0xB7D9E377, ACK Source Port = 1926(Unknown) Destination Port = 7223(Unknown) Sequence Number = -1718642788(0x998F979C) Acknowledgment Number = 2011421111(0x77E3D9B7) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 17500(0x445C) Checksum = 0x15F0 Urgent Pointer = 0x0000 0000: 00 10 EE 88 30 95 00 10 4B 1C 44 8B 08 00 45 00 ....0...K.D...E. 0010: 00 28 3A 6B 40 00 80 06 00 00 0A 00 00 F3 0A 00 .(:k@........... 0020: 00 E3 07 86 1C 37 99 8F 97 9C 77 E3 D9 B7 50 10 .....7....w...P. 0030: 44 5C 15 F0 00 00 D\......N.......

34 61.132.62.169:20 10.0.0.176:1539 60 TCP: src = 20, dst = 1539, ack = 0X25F3AF09 ACK TCP 2003-04-03 14:24:16.723

ETHERNET: 00:10:EE:88:30:95 --> 00:01:02:FC:A1:62 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:01:02:FC:A1:62 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 61.132.62.169 --> 10.0.0.176 ID = 0x04AB, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 1195(0x04AB) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 115(0x73) Protocol = TCP Checksum = 0x7C48 Source Address = 61.132.62.169 Destination Address = 10.0.0.176 TCP: src = 20, dst = 1539, ack = 0x25F3AF09, ACK Source Port = 20(ftp-data) Destination Port = 1539(Unknown) Sequence Number = -1724986457(0x992ECBA7) Acknowledgment Number = 162525989(0x09AFF325) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 63064(0xF658) Checksum = 0xCADC Urgent Pointer = 0x0000 0000: 00 01 02 FC A1 62 00 10 EE 88 30 95 08 00 45 00 .....b....0...E. 0010: 00 28 04 AB 40 00 73 06 7C 48 3D 84 3E A9 0A 00 .(..@.s.|H=.>... 0020: 00 B0 00 14 06 03 99 2E CB A7 09 AF F3 25 50 10 .............%P. 0030: F6 58 CA DC 00 00 00 00 00 00 00 00 .X..............

35 10.0.0.2:445 10.0.0.58:3433 107 TCP: src = 445, dst = 3433, ack = 0XB53E9C40 PSH ACK TCP 2003-04-03 14:24:17.033

ETHERNET: 00:05:5D:02:07:D4 --> 00:01:02:94:7F:DD ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:01:02:94:7F:DD Source Address = 00:05:5D:02:07:D4 Protocol = Internet Protocol IP: 10.0.0.2 --> 10.0.0.58 ID = 0x8DC6, Protocol = TCP, Length = 93(0x005D) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 93(0x005D) Identification = 36294(0x8DC6) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 128(0x80) Protocol = TCP Checksum = 0x5899 Source Address = 10.0.0.2 Destination Address = 10.0.0.58 TCP: src = 445, dst = 3433, ack = 0xB53E9C40, PSH ACK Source Port = 445(microsoft-ds) Destination Port = 3433(Unknown) Sequence Number = 450463617(0x1AD98781) Acknowledgment Number = 1083981493(0x409C3EB5) Data Offset = 20(0x14) Flags = 0x18 PSH ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...1.... : Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 17202(0x4332) Checksum = 0x4956 Urgent Pointer = 0x0000 TCP Data length = 53(0x0035) 0000: 00 01 02 94 7F DD 00 05 5D 02 07 D4 08 00 45 00 .......].....E. 0010: 00 5D 8D C6 40 00 80 06 58 99 0A 00 00 02 0A 00 .]..@...X....... 0020: 00 3A 01 BD 0D 69 1A D9 87 81 40 9C 3E B5 50 18 .:...i....@.>.P. 0030: 43 32 49 56 00 00 00 00 00 31 FF 53 4D 42 2B 00 C2IV.....1.SMB+. 0040: 00 00 00 98 43 C0 00 00 00 00 00 00 00 00 00 00 ....C........... 0050: 00 00 FF FF FF FE 00 00 FE FF 01 01 00 0C 00 4A ...............J 0060: 6C 4A 6D 49 68 43 6C 42 73 72 00 lJmIhClBsr..F...

36 61.132.62.169:20 10.0.0.176:1539 60 TCP: src = 20, dst = 1539, ack = 0XD9F8AF09 ACK TCP 2003-04-03 14:24:17.123

ETHERNET: 00:10:EE:88:30:95 --> 00:01:02:FC:A1:62 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:01:02:FC:A1:62 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 61.132.62.169 --> 10.0.0.176 ID = 0x04B8, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 1208(0x04B8) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 115(0x73) Protocol = TCP Checksum = 0x7C3B Source Address = 61.132.62.169 Destination Address = 10.0.0.176 TCP: src = 20, dst = 1539, ack = 0xD9F8AF09, ACK Source Port = 20(ftp-data) Destination Port = 1539(Unknown) Sequence Number = -1724986457(0x992ECBA7) Acknowledgment Number = 162527449(0x09AFF8D9) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 64240(0xFAF0) Checksum = 0xC090 Urgent Pointer = 0x0000 0000: 00 01 02 FC A1 62 00 10 EE 88 30 95 08 00 45 00 .....b....0...E. 0010: 00 28 04 B8 40 00 73 06 7C 3B 3D 84 3E A9 0A 00 .(..@.s.|;=.>... 0020: 00 B0 00 14 06 03 99 2E CB A7 09 AF F8 D9 50 10 ..............P. 0030: FA F0 C0 90 00 00 00 00 00 00 00 00 ............0...

37 61.132.62.169:20 10.0.0.176:1539 60 TCP: src = 20, dst = 1539, ack = 0X8DFEAF09 ACK TCP 2003-04-03 14:24:17.534

ETHERNET: 00:10:EE:88:30:95 --> 00:01:02:FC:A1:62 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:01:02:FC:A1:62 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 61.132.62.169 --> 10.0.0.176 ID = 0x04D2, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 1234(0x04D2) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 115(0x73) Protocol = TCP Checksum = 0x7C21 Source Address = 61.132.62.169 Destination Address = 10.0.0.176 TCP: src = 20, dst = 1539, ack = 0x8DFEAF09, ACK Source Port = 20(ftp-data) Destination Port = 1539(Unknown) Sequence Number = -1724986457(0x992ECBA7) Acknowledgment Number = 162528909(0x09AFFE8D) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 64240(0xFAF0) Checksum = 0xBADC Urgent Pointer = 0x0000 0000: 00 01 02 FC A1 62 00 10 EE 88 30 95 08 00 45 00 .....b....0...E. 0010: 00 28 04 D2 40 00 73 06 7C 21 3D 84 3E A9 0A 00 .(..@.s.|!=.>... 0020: 00 B0 00 14 06 03 99 2E CB A7 09 AF FE 8D 50 10 ..............P. 0030: FA F0 BA DC 00 00 00 00 00 00 00 00 ................

38 00:06:53:42:4D:D7 01:00:0C:CC:CC:CD 64 SNAP: etype = 0x010B(Unknown) SNAP 2003-04-03 14:24:17.784

ETHERNET: 00:06:53:42:4D:D7 --> 01:00:0C:CC:CC:CD Length = 50 Destination Address = 01:00:0C:CC:CC:CD Source Address = 00:06:53:42:4D:D7 Length = 50(0x0032) LLC: DSAP = 0xAA, SSAP = 0xAA, Command = 0x003 DSAP = 0xAA, Sub-Network Access Protocol(SNAP) SSAP = 0xAA, Sub-Network Access Protocol(SNAP) Command = 0x03 SNAP: etype = 0x010B(Unknown) Organization code = 00 00 0C TYPE = 0x10B(Unknown) SNAP Data: Length = 42(0x2A) 0000: 01 00 0C CC CC CD 00 06 53 42 4D D7 00 32 AA AA ........SBM..2.. 0010: 03 00 00 0C 01 0B 00 00 00 00 00 80 00 00 04 4D ...............M 0020: 8E 1B 40 00 00 00 04 80 00 00 06 53 42 4D C0 80 ..@........SBM.. 0030: 25 01 00 14 00 02 00 0F 00 00 00 00 00 02 00 01 %...............

39 00:30:1E:25:74:D8 01:80:C2:00:00:00 60 BPDU: S:Pri=0x8000 Port=0x800D Root:Pri=0x8000 Addr=00:04:4D:8E:1B:40 Cost=22 BPDU 2003-04-03 14:24:17.814

ETHERNET: 00:30:1E:25:74:D8 --> 01:80:C2:00:00:00 Length = 38 Destination Address = 01:80:C2:00:00:00 Source Address = 00:30:1E:25:74:D8 Length = 38(0x0026) LLC: DSAP = 0x42, SSAP = 0x42, Command = 0x003 DSAP = 0x42, BPDU SSAP = 0x42, BPDU Command = 0x03 BPDU: S:Pri=0x8000 Port=0x800D Root:Pri=0x8000 Addr=00:04:4D:8E:1B:40 Cose=22 Protocol Identifier = 0x0000 Protocol Version = 0x00 BPDU Type = 0x00(Configuration) BPDU Flags = 0x00 0....... = Not Topology Change Notification .......0 = Not Topology Change Notification Acknowledgement Root Identifier = 8000.00044D8E1B40 Priority = 0x8000 Mac Address = 00044D8E1B40 Root Path Cost = 22 Sending Bridge Id = 8000.00301E2574D8.800D Priority = 0x8000 Mac Address = 00301E2574D8 Port = 0x800D Message Age = 2.000 seconds Information Lifetime = 20.000 seconds Root Hello Time = 2.000 seconds Forward Delay = 15.000 seconds 0000: 01 80 C2 00 00 00 00 30 1E 25 74 D8 00 26 42 42 .......0.%t..&BB 0010: 03 00 00 00 00 00 80 00 00 04 4D 8E 1B 40 00 00 ..........M..@.. 0020: 00 16 80 00 00 30 1E 25 74 D8 80 0D 02 00 14 00 .....0.%t....... 0030: 02 00 0F 00 00 00 00 00 00 00 00 00 ................

40 61.132.62.169:20 10.0.0.176:1539 60 TCP: src = 20, dst = 1539, ack = 0X2503B009 ACK TCP 2003-04-03 14:24:17.934

ETHERNET: 00:10:EE:88:30:95 --> 00:01:02:FC:A1:62 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:01:02:FC:A1:62 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 61.132.62.169 --> 10.0.0.176 ID = 0x04DE, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 1246(0x04DE) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 115(0x73) Protocol = TCP Checksum = 0x7C15 Source Address = 61.132.62.169 Destination Address = 10.0.0.176 TCP: src = 20, dst = 1539, ack = 0x2503B009, ACK Source Port = 20(ftp-data) Destination Port = 1539(Unknown) Sequence Number = -1724986457(0x992ECBA7) Acknowledgment Number = 162530085(0x09B00325) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 63064(0xF658) Checksum = 0xBADC Urgent Pointer = 0x0000 0000: 00 01 02 FC A1 62 00 10 EE 88 30 95 08 00 45 00 .....b....0...E. 0010: 00 28 04 DE 40 00 73 06 7C 15 3D 84 3E A9 0A 00 .(..@.s.|.=.>... 0020: 00 B0 00 14 06 03 99 2E CB A7 09 B0 03 25 50 10 .............%P. 0030: F6 58 BA DC 00 00 00 00 00 00 00 00 .X..............

41 207.46.107.1:1863 10.10.10.77:1658 88 TCP: src = 1863, dst = 1658, ack = 0X4FAD8048 PSH ACK TCP 2003-04-03 14:24:18.075

ETHERNET: 00:10:EE:88:30:95 --> 52:54:AB:38:AE:3D ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 52:54:AB:38:AE:3D Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 207.46.107.1 --> 10.10.10.77 ID = 0x3474, Protocol = TCP, Length = 74(0x004A) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 74(0x004A) Identification = 13428(0x3474) Flags = 0(0x00) MF = .....0.. :Last Fragment in datagram DF = ......0. :May Fragment Fragment = 0(0x00) Time to Live = 53(0x35) Protocol = TCP Checksum = 0x02B4 Source Address = 207.46.107.1 Destination Address = 10.10.10.77 TCP: src = 1863, dst = 1658, ack = 0x4FAD8048, PSH ACK Source Port = 1863(Unknown) Destination Port = 1658(Unknown) Sequence Number = -1845603738(0x91FE5266) Acknowledgment Number = 1216392527(0x4880AD4F) Data Offset = 20(0x14) Flags = 0x18 PSH ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...1.... : Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 17498(0x445A) Checksum = 0xC922 Urgent Pointer = 0x0000 TCP Data length = 34(0x0022) 0000: 52 54 AB 38 AE 3D 00 10 EE 88 30 95 08 00 45 00 RT.8.=....0...E. 0010: 00 4A 34 74 00 00 35 06 02 B4 CF 2E 6B 01 0A 0A .J4t..5.....k... 0020: 0A 4D 07 47 06 7A 91 FE 52 66 48 80 AD 4F 50 18 .M.G.z..RfH..OP. 0030: 44 5A C9 22 00 00 4E 4C 4E 20 49 44 4C 20 73 6B DZ."..NLN IDL sk 0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050: 20 77 6D 68 20 30 0D 0A wmh 0..........

42 207.46.106.46:1863 10.10.10.114:1042 86 TCP: src = 1863, dst = 1042, ack = 0X9689E960 PSH ACK TCP 2003-04-03 14:24:18.095

ETHERNET: 00:10:EE:88:30:95 --> 00:00:E2:2B:6B:FB ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:00:E2:2B:6B:FB Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 207.46.106.46 --> 10.10.10.114 ID = 0xE0E6, Protocol = TCP, Length = 72(0x0048) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 72(0x0048) Identification = 57574(0xE0E6) Flags = 0(0x00) MF = .....0.. :Last Fragment in datagram DF = ......0. :May Fragment Fragment = 0(0x00) Time to Live = 51(0x33) Protocol = TCP Checksum = 0x58F1 Source Address = 207.46.106.46 Destination Address = 10.10.10.114 TCP: src = 1863, dst = 1042, ack = 0x9689E960, PSH ACK Source Port = 1863(Unknown) Destination Port = 1042(Unknown) Sequence Number = -230615935(0xF2411481) Acknowledgment Number = 1625917846(0x60E98996) Data Offset = 20(0x14) Flags = 0x18 PSH ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...1.... : Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 17232(0x4350) Checksum = 0xD666 Urgent Pointer = 0x0000 TCP Data length = 32(0x0020) 0000: 00 00 E2 2B 6B FB 00 10 EE 88 30 95 08 00 45 00 ...+k.....0...E. 0010: 00 48 E0 E6 00 00 33 06 58 F1 CF 2E 6A 2E 0A 0A .H....3.X...j... 0020: 0A 72 07 47 04 12 F2 41 14 81 60 E9 89 96 50 18 .r.G...A..`...P. 0030: 43 50 D6 66 00 00 4E 4C 4E 20 49 44 4C 20 73 6B CP.f..NLN IDL sk 0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050: 20 77 6D 68 0D 0A wmh............

43 207.46.106.31:1863 10.10.10.17:4321 88 TCP: src = 1863, dst = 4321, ack = 0X50105BAD PSH ACK TCP 2003-04-03 14:24:18.105

ETHERNET: 00:10:EE:88:30:95 --> 00:00:E2:89:B0:9F ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:00:E2:89:B0:9F Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 207.46.106.31 --> 10.10.10.17 ID = 0xFEC9, Protocol = TCP, Length = 74(0x004A) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 74(0x004A) Identification = 65225(0xFEC9) Flags = 0(0x00) MF = .....0.. :Last Fragment in datagram DF = ......0. :May Fragment Fragment = 0(0x00) Time to Live = 52(0x34) Protocol = TCP Checksum = 0x3A7C Source Address = 207.46.106.31 Destination Address = 10.10.10.17 TCP: src = 1863, dst = 4321, ack = 0x50105BAD, PSH ACK Source Port = 1863(Unknown) Destination Port = 4321(Unknown) Sequence Number = 689255777(0x29153561) Acknowledgment Number = -1386540976(0xAD5B1050) Data Offset = 20(0x14) Flags = 0x18 PSH ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...1.... : Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 17498(0x445A) Checksum = 0x7DEC Urgent Pointer = 0x0000 TCP Data length = 34(0x0022) 0000: 00 00 E2 89 B0 9F 00 10 EE 88 30 95 08 00 45 00 ..........0...E. 0010: 00 4A FE C9 00 00 34 06 3A 7C CF 2E 6A 1F 0A 0A .J....4.:|..j... 0020: 0A 11 07 47 10 E1 29 15 35 61 AD 5B 10 50 50 18 ...G..).5a.[.PP. 0030: 44 5A 7D EC 00 00 4E 4C 4E 20 49 44 4C 20 73 6B DZ}...NLN IDL sk 0040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0050: 20 77 6D 68 20 30 0D 0A wmh 0......F...

44 61.132.62.169:20 10.0.0.176:1539 60 TCP: src = 20, dst = 1539, ack = 0XD908B009 ACK TCP 2003-04-03 14:24:18.335

ETHERNET: 00:10:EE:88:30:95 --> 00:01:02:FC:A1:62 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:01:02:FC:A1:62 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 61.132.62.169 --> 10.0.0.176 ID = 0x04EE, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 1262(0x04EE) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 115(0x73) Protocol = TCP Checksum = 0x7C05 Source Address = 61.132.62.169 Destination Address = 10.0.0.176 TCP: src = 20, dst = 1539, ack = 0xD908B009, ACK Source Port = 20(ftp-data) Destination Port = 1539(Unknown) Sequence Number = -1724986457(0x992ECBA7) Acknowledgment Number = 162531545(0x09B008D9) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 64240(0xFAF0) Checksum = 0xB090 Urgent Pointer = 0x0000 0000: 00 01 02 FC A1 62 00 10 EE 88 30 95 08 00 45 00 .....b....0...E. 0010: 00 28 04 EE 40 00 73 06 7C 05 3D 84 3E A9 0A 00 .(..@.s.|.=.>... 0020: 00 B0 00 14 06 03 99 2E CB A7 09 B0 08 D9 50 10 ..............P. 0030: FA F0 B0 90 00 00 00 00 00 00 00 00 ............Capt

45 00:30:1E:25:74:D8 01:80:C2:00:00:20 60 LLC: DSAP = 0x42, SSAP=0x42, Command = 0x003 LLC 2003-04-03 14:24:18.635

ETHERNET: 00:30:1E:25:74:D8 --> 01:80:C2:00:00:20 Length = 14 Destination Address = 01:80:C2:00:00:20 Source Address = 00:30:1E:25:74:D8 Length = 14(0x000E) LLC: DSAP = 0x42, SSAP = 0x42, Command = 0x003 DSAP = 0x42 SSAP = 0x42 Command = 0x03 LLC Data: Length = 43(0x2B); 0000: 01 80 C2 00 00 20 00 30 1E 25 74 D8 00 0E 42 42 ..... .0.%t...BB 0010: 03 00 01 01 02 00 00 02 02 00 00 00 00 00 00 00 ................ 0020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0030: 00 00 00 00 00 00 00 00 00 00 00 00 ................

46 00:30:1E:25:74:D8 01:80:C2:00:00:21 84 LLC: DSAP = 0x42, SSAP=0x42, Command = 0x003 LLC 2003-04-03 14:24:18.645

ETHERNET: 00:30:1E:25:74:D8 --> 01:80:C2:00:00:21 Length = 70 Destination Address = 01:80:C2:00:00:21 Source Address = 00:30:1E:25:74:D8 Length = 70(0x0046) LLC: DSAP = 0x42, SSAP = 0x42, Command = 0x003 DSAP = 0x42 SSAP = 0x42 Command = 0x03 LLC Data: Length = 67(0x43); 0000: 01 80 C2 00 00 21 00 30 1E 25 74 D8 00 46 42 42 .....!.0.%t..FBB 0010: 03 00 01 01 02 00 04 02 00 01 04 01 00 02 04 01 ................ 0020: 00 03 04 01 00 04 04 01 00 05 04 05 00 07 04 05 ................ 0030: 00 08 04 05 00 09 04 01 00 0A 04 01 00 0B 04 01 ................ 0040: 00 14 04 01 00 15 04 01 00 1E 04 01 00 58 04 01 .............X.. 0050: 00 64 00 00 .d...?.......n..

47 61.132.62.169:20 10.0.0.176:1539 60 TCP: src = 20, dst = 1539, ack = 0X2513B009 ACK TCP 2003-04-03 14:24:18.715

ETHERNET: 00:10:EE:88:30:95 --> 00:01:02:FC:A1:62 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:01:02:FC:A1:62 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 61.132.62.169 --> 10.0.0.176 ID = 0x0502, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 1282(0x0502) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 115(0x73) Protocol = TCP Checksum = 0x7BF1 Source Address = 61.132.62.169 Destination Address = 10.0.0.176 TCP: src = 20, dst = 1539, ack = 0x2513B009, ACK Source Port = 20(ftp-data) Destination Port = 1539(Unknown) Sequence Number = -1724986457(0x992ECBA7) Acknowledgment Number = 162534181(0x09B01325) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 64240(0xFAF0) Checksum = 0xA644 Urgent Pointer = 0x0000 0000: 00 01 02 FC A1 62 00 10 EE 88 30 95 08 00 45 00 .....b....0...E. 0010: 00 28 05 02 40 00 73 06 7B F1 3D 84 3E A9 0A 00 .(..@.s.{.=.>... 0020: 00 B0 00 14 06 03 99 2E CB A7 09 B0 13 25 50 10 .............%P. 0030: FA F0 A6 44 00 00 00 00 00 00 00 00 ...D............

48 00:30:1E:25:74:D8 01:80:C2:00:00:21 70 LLC: DSAP = 0x42, SSAP=0x42, Command = 0x003 LLC 2003-04-03 14:24:18.846

ETHERNET: 00:30:1E:25:74:D8 --> 01:80:C2:00:00:21 Length = 56 Destination Address = 01:80:C2:00:00:21 Source Address = 00:30:1E:25:74:D8 Length = 56(0x0038) LLC: DSAP = 0x42, SSAP = 0x42, Command = 0x003 DSAP = 0x42 SSAP = 0x42 Command = 0x03 LLC Data: Length = 53(0x35); 0000: 01 80 C2 00 00 21 00 30 1E 25 74 D8 00 38 42 42 .....!.0.%t..8BB 0010: 03 00 01 01 04 02 00 01 04 01 00 02 04 01 00 03 ................ 0020: 04 01 00 04 04 01 00 05 04 01 00 0A 04 01 00 0B ................ 0030: 04 01 00 14 04 01 00 15 04 01 00 1E 04 01 00 58 ...............X 0040: 04 01 00 64 00 00 ...d....6.......

49 10.0.0.243 10.0.0.2 74 ICMP: Echo Request ICMP 2003-04-03 14:24:18.846

ETHERNET: 00:10:4B:1C:44:8B --> 00:05:5D:02:07:D4 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:05:5D:02:07:D4 Source Address = 00:10:4B:1C:44:8B Protocol = Internet Protocol IP: 10.0.0.243 --> 10.0.0.2 ID = 0x3A6C, Protocol = ICMP, Length = 60(0x003C) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 60(0x003C) Identification = 14956(0x3A6C) Flags = 0(0x00) MF = .....0.. :Last Fragment in datagram DF = ......0. :May Fragment Fragment = 0(0x00) Time to Live = 128(0x80) Protocol = ICMP Checksum = 0xEB60 Source Address = 10.0.0.243 Destination Address = 10.0.0.2 ICMP: Echo Request Type = 8(Echo Request) Code = 0 CheckSum = 0x3a5c(14940) Identifier = 0x0(0) Sequence Number = 0x8816(34838) Echo Data(Length 32(0x20)) 0000: 00 05 5D 02 07 D4 00 10 4B 1C 44 8B 08 00 45 00 ..].....K.D...E. 0010: 00 3C 3A 6C 00 00 80 01 EB 60 0A 00 00 F3 0A 00 .<:l.....`...... 0020: 00 02 08 00 3A 5C 04 00 0F 00 61 62 63 64 65 66 ....:\....abcdef 0030: 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 ghijklmnopqrstuv 0040: 77 61 62 63 64 65 66 67 68 69 wabcdefghi..*...

50 10.0.0.2 10.0.0.243 74 ICMP: Echo Reply ICMP 2003-04-03 14:24:18.846

ETHERNET: 00:05:5D:02:07:D4 --> 00:10:4B:1C:44:8B ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:10:4B:1C:44:8B Source Address = 00:05:5D:02:07:D4 Protocol = Internet Protocol IP: 10.0.0.2 --> 10.0.0.243 ID = 0x9227, Protocol = ICMP, Length = 60(0x003C) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 60(0x003C) Identification = 37415(0x9227) Flags = 0(0x00) MF = .....0.. :Last Fragment in datagram DF = ......0. :May Fragment Fragment = 0(0x00) Time to Live = 128(0x80) Protocol = ICMP Checksum = 0x93A5 Source Address = 10.0.0.2 Destination Address = 10.0.0.243 ICMP: Echo Reply Type = 0(Echo Reply) Code = 0 CheckSum = 0x425c(16988) Identifier = 0x0(0) Sequence Number = 0x8816(34838) Echo Data(Length 32(0x20)) 0000: 00 10 4B 1C 44 8B 00 05 5D 02 07 D4 08 00 45 00 ..K.D...].....E. 0010: 00 3C 92 27 00 00 80 01 93 A5 0A 00 00 02 0A 00 .<.'............ 0020: 00 F3 00 00 42 5C 04 00 0F 00 61 62 63 64 65 66 ....B\....abcdef 0030: 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 ghijklmnopqrstuv 0040: 77 61 62 63 64 65 66 67 68 69 wabcdefghi..6...

51 61.132.62.169:20 10.0.0.176:1539 60 TCP: src = 20, dst = 1539, ack = 0XD918B009 ACK TCP 2003-04-03 14:24:19.236

ETHERNET: 00:10:EE:88:30:95 --> 00:01:02:FC:A1:62 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:01:02:FC:A1:62 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 61.132.62.169 --> 10.0.0.176 ID = 0x0515, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 1301(0x0515) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 115(0x73) Protocol = TCP Checksum = 0x7BDE Source Address = 61.132.62.169 Destination Address = 10.0.0.176 TCP: src = 20, dst = 1539, ack = 0xD918B009, ACK Source Port = 20(ftp-data) Destination Port = 1539(Unknown) Sequence Number = -1724986457(0x992ECBA7) Acknowledgment Number = 162535641(0x09B018D9) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 64240(0xFAF0) Checksum = 0xA090 Urgent Pointer = 0x0000 0000: 00 01 02 FC A1 62 00 10 EE 88 30 95 08 00 45 00 .....b....0...E. 0010: 00 28 05 15 40 00 73 06 7B DE 3D 84 3E A9 0A 00 .(..@.s.{.=.>... 0020: 00 B0 00 14 06 03 99 2E CB A7 09 B0 18 D9 50 10 ..............P. 0030: FA F0 A0 90 00 00 00 00 00 00 00 00 ................

52 00:60:08:41:54:F0 *BROADCAST 60 Request for 10.0.0.227 Prot type: IP ARP 2003-04-03 14:24:19.416

ETHERNET: 00:60:08:41:54:F0 --> *BROADCAST ETYPE = 0x0806,Protocol = ARP Destination Address = *BROADCAST Source Address = 00:60:08:41:54:F0 Protocol = ARP ARP Request Packet: Hardware Type = Ethernet; Protocol Type = IP Hardware Address Type = Ethernet(0x0001) Protocol Address Type = IP(0x0800) Hardware Address Length = 6 bytes Protocol Address Length = 4 bytes Option = Request(0x0001) Source Hardware Address = 00:60:08:41:54:F0 Destination Hardware Address = 00:00:00:00:00:00 Source Protocol Address = 10.0.0.77 Destination Protocol Address = 10.0.0.227 0000: FF FF FF FF FF FF 00 60 08 41 54 F0 08 06 00 01 .......`.AT..... 0010: 08 00 06 04 00 01 00 60 08 41 54 F0 0A 00 00 4D .......`.AT....M 0020: 00 00 00 00 00 00 0A 00 00 E3 00 E3 00 E3 00 E3 ................ 0030: 00 E3 00 E3 00 E3 00 E3 00 E3 00 E3 ............H...

53 61.132.62.169:20 10.0.0.176:1539 60 TCP: src = 20, dst = 1539, ack = 0X8D1EB009 ACK TCP 2003-04-03 14:24:19.647

ETHERNET: 00:10:EE:88:30:95 --> 00:01:02:FC:A1:62 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:01:02:FC:A1:62 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 61.132.62.169 --> 10.0.0.176 ID = 0x052C, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 1324(0x052C) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 115(0x73) Protocol = TCP Checksum = 0x7BC7 Source Address = 61.132.62.169 Destination Address = 10.0.0.176 TCP: src = 20, dst = 1539, ack = 0x8D1EB009, ACK Source Port = 20(ftp-data) Destination Port = 1539(Unknown) Sequence Number = -1724986457(0x992ECBA7) Acknowledgment Number = 162537101(0x09B01E8D) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 64240(0xFAF0) Checksum = 0x9ADC Urgent Pointer = 0x0000 0000: 00 01 02 FC A1 62 00 10 EE 88 30 95 08 00 45 00 .....b....0...E. 0010: 00 28 05 2C 40 00 73 06 7B C7 3D 84 3E A9 0A 00 .(.,@.s.{.=.>... 0020: 00 B0 00 14 06 03 99 2E CB A7 09 B0 1E 8D 50 10 ..............P. 0030: FA F0 9A DC 00 00 00 00 00 00 00 00 ............k...

54 00:06:53:42:4D:D7 01:00:0C:CC:CC:CD 64 SNAP: etype = 0x010B(Unknown) SNAP 2003-04-03 14:24:19.787

ETHERNET: 00:06:53:42:4D:D7 --> 01:00:0C:CC:CC:CD Length = 50 Destination Address = 01:00:0C:CC:CC:CD Source Address = 00:06:53:42:4D:D7 Length = 50(0x0032) LLC: DSAP = 0xAA, SSAP = 0xAA, Command = 0x003 DSAP = 0xAA, Sub-Network Access Protocol(SNAP) SSAP = 0xAA, Sub-Network Access Protocol(SNAP) Command = 0x03 SNAP: etype = 0x010B(Unknown) Organization code = 00 00 0C TYPE = 0x10B(Unknown) SNAP Data: Length = 42(0x2A) 0000: 01 00 0C CC CC CD 00 06 53 42 4D D7 00 32 AA AA ........SBM..2.. 0010: 03 00 00 0C 01 0B 00 00 00 00 00 80 00 00 04 4D ...............M 0020: 8E 1B 40 00 00 00 04 80 00 00 06 53 42 4D C0 80 ..@........SBM.. 0030: 25 01 00 14 00 02 00 0F 00 00 00 00 00 02 00 01 %...............

55 00:30:1E:25:74:D8 01:80:C2:00:00:00 60 BPDU: S:Pri=0x8000 Port=0x800D Root:Pri=0x8000 Addr=00:04:4D:8E:1B:40 Cost=22 BPDU 2003-04-03 14:24:19.817

ETHERNET: 00:30:1E:25:74:D8 --> 01:80:C2:00:00:00 Length = 38 Destination Address = 01:80:C2:00:00:00 Source Address = 00:30:1E:25:74:D8 Length = 38(0x0026) LLC: DSAP = 0x42, SSAP = 0x42, Command = 0x003 DSAP = 0x42, BPDU SSAP = 0x42, BPDU Command = 0x03 BPDU: S:Pri=0x8000 Port=0x800D Root:Pri=0x8000 Addr=00:04:4D:8E:1B:40 Cose=22 Protocol Identifier = 0x0000 Protocol Version = 0x00 BPDU Type = 0x00(Configuration) BPDU Flags = 0x00 0....... = Not Topology Change Notification .......0 = Not Topology Change Notification Acknowledgement Root Identifier = 8000.00044D8E1B40 Priority = 0x8000 Mac Address = 00044D8E1B40 Root Path Cost = 22 Sending Bridge Id = 8000.00301E2574D8.800D Priority = 0x8000 Mac Address = 00301E2574D8 Port = 0x800D Message Age = 2.000 seconds Information Lifetime = 20.000 seconds Root Hello Time = 2.000 seconds Forward Delay = 15.000 seconds 0000: 01 80 C2 00 00 00 00 30 1E 25 74 D8 00 26 42 42 .......0.%t..&BB 0010: 03 00 00 00 00 00 80 00 00 04 4D 8E 1B 40 00 00 ..........M..@.. 0020: 00 16 80 00 00 30 1E 25 74 D8 80 0D 02 00 14 00 .....0.%t....... 0030: 02 00 0F 00 00 00 00 00 00 00 00 00 ............8...

56 10.0.0.243 10.0.0.2 74 ICMP: Echo Request ICMP 2003-04-03 14:24:19.847

ETHERNET: 00:10:4B:1C:44:8B --> 00:05:5D:02:07:D4 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:05:5D:02:07:D4 Source Address = 00:10:4B:1C:44:8B Protocol = Internet Protocol IP: 10.0.0.243 --> 10.0.0.2 ID = 0x3A6D, Protocol = ICMP, Length = 60(0x003C) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 60(0x003C) Identification = 14957(0x3A6D) Flags = 0(0x00) MF = .....0.. :Last Fragment in datagram DF = ......0. :May Fragment Fragment = 0(0x00) Time to Live = 128(0x80) Protocol = ICMP Checksum = 0xEB5F Source Address = 10.0.0.243 Destination Address = 10.0.0.2 ICMP: Echo Request Type = 8(Echo Request) Code = 0 CheckSum = 0x395c(14684) Identifier = 0x0(0) Sequence Number = 0x8816(34838) Echo Data(Length 32(0x20)) 0000: 00 05 5D 02 07 D4 00 10 4B 1C 44 8B 08 00 45 00 ..].....K.D...E. 0010: 00 3C 3A 6D 00 00 80 01 EB 5F 0A 00 00 F3 0A 00 .<:m....._...... 0020: 00 02 08 00 39 5C 04 00 10 00 61 62 63 64 65 66 ....9\....abcdef 0030: 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 ghijklmnopqrstuv 0040: 77 61 62 63 64 65 66 67 68 69 wabcdefghi..&...

57 10.0.0.2 10.0.0.243 74 ICMP: Echo Reply ICMP 2003-04-03 14:24:19.847

ETHERNET: 00:05:5D:02:07:D4 --> 00:10:4B:1C:44:8B ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:10:4B:1C:44:8B Source Address = 00:05:5D:02:07:D4 Protocol = Internet Protocol IP: 10.0.0.2 --> 10.0.0.243 ID = 0x94AE, Protocol = ICMP, Length = 60(0x003C) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 60(0x003C) Identification = 38062(0x94AE) Flags = 0(0x00) MF = .....0.. :Last Fragment in datagram DF = ......0. :May Fragment Fragment = 0(0x00) Time to Live = 128(0x80) Protocol = ICMP Checksum = 0x911E Source Address = 10.0.0.2 Destination Address = 10.0.0.243 ICMP: Echo Reply Type = 0(Echo Reply) Code = 0 CheckSum = 0x415c(16732) Identifier = 0x0(0) Sequence Number = 0x8816(34838) Echo Data(Length 32(0x20)) 0000: 00 10 4B 1C 44 8B 00 05 5D 02 07 D4 08 00 45 00 ..K.D...].....E. 0010: 00 3C 94 AE 00 00 80 01 91 1E 0A 00 00 02 0A 00 .<.............. 0020: 00 F3 00 00 41 5C 04 00 10 00 61 62 63 64 65 66 ....A\....abcdef 0030: 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 ghijklmnopqrstuv 0040: 77 61 62 63 64 65 66 67 68 69 wabcdefghi..~...

58 61.132.62.169:20 10.0.0.176:1539 60 TCP: src = 20, dst = 1539, ack = 0X2523B009 ACK TCP 2003-04-03 14:24:19.947

ETHERNET: 00:10:EE:88:30:95 --> 00:01:02:FC:A1:62 ETYPE = 0x0800,Protocol = Internet Protocol Destination Address = 00:01:02:FC:A1:62 Source Address = 00:10:EE:88:30:95 Protocol = Internet Protocol IP: 61.132.62.169 --> 10.0.0.176 ID = 0x053A, Protocol = TCP, Length = 40(0x0028) Header Length = 20(0x14) Version = 0x04 Type of Service = Normal Service Precedence = 000.....:0x00(Routine) TOS = ...0000.:0x00(Normal Service) Length = 40(0x0028) Identification = 1338(0x053A) Flags = 2(0x02) MF = .....0.. :Last Fragment in datagram DF = ......1. :Don't Fragment Fragment = 0(0x00) Time to Live = 115(0x73) Protocol = TCP Checksum = 0x7BB9 Source Address = 61.132.62.169 Destination Address = 10.0.0.176 TCP: src = 20, dst = 1539, ack = 0x2523B009, ACK Source Port = 20(ftp-data) Destination Port = 1539(Unknown) Sequence Number = -1724986457(0x992ECBA7) Acknowledgment Number = 162538277(0x09B02325) Data Offset = 20(0x14) Flags = 0x10 ACK .....0.. : Urgent Pointer field no significant ....1... : Acknowledgment field significant ...0.... : No Push Function ..0..... : No Reset .0...... : No Synchronize 0....... : No Fin Window = 63064(0xF658) Checksum = 0x9ADC Urgent Pointer = 0x0000 0000: 00 01 02 FC A1 62 00 10 EE 88 30 95 08 00 45 00 .....b....0...E. 0010: 00 28 05 3A 40 00 73 06 7B B9 3D 84 3E A9 0A 00 .(.:@.s.{.=.>... 0020: 00 B0 00 14 06 03 99 2E CB A7 09 B0 23 25 50 10 ............#%P. 0030: F6 58 9A DC 00 00 00 00 00 00 00 00 .X..............

This report was generated by Ultra Network Sniffer.

Protocol Name	Packets	Bytes
ETHERNET	59	4,037
LLC	13	830
SNAP	6	376
BPDU	4	240
PPPoE SS	0	0
PPPoE DS	0	0
LCP	0	0
PAP	0	0
IPCP	0	0
IP	43	3,045
TCP	38	2,506
UDP	1	243
ICMP	4	296
IGMP	0	0
ARP	3	162
RARP	0	0
DNS	0	0
HTTP	0	0
FTP	0	0
FTP-DATA	0	0
IPX	0	0

Station 1	Packets	Bytes	Bytes	Packets	Station 2
00:10:EE:88:30:95	18	828	0	0	00:01:02:FC:A1:62
00:D0:59:26:EA:80	1	229	0	0	*BROADCAST
00:06:53:42:4D:D7	4	200	0	0	01:00:0C:CC:CC:CD
00:30:1E:25:74:D8	4	184	0	0	01:80:C2:00:00:00
00:10:EE:88:30:95	5	246	0	0	00:10:4B:19:A8:31
00:04:DC:C4:EA:69	1	46	0	0	01:00:81:00:01:00
00:04:DC:C4:EA:69	1	46	0	0	01:00:81:00:01:01
00:08:9B:90:00:AE	1	93	0	0	00:50:04:B9:A2:4C
(Local Address)00:10:4B:1C:44:8B	1	28	0	0	*BROADCAST
00:10:EE:88:30:95	6	292	248	5	(Local Address)00:10:4B:1C:44:8B
00:05:5D:02:07:D4	1	93	0	0	00:01:02:94:7F:DD
00:10:EE:88:30:95	1	74	0	0	52:54:AB:38:AE:3D
00:10:EE:88:30:95	1	72	0	0	00:00:E2:2B:6B:FB
00:10:EE:88:30:95	1	74	0	0	00:00:E2:89:B0:9F
00:30:1E:25:74:D8	1	46	0	0	01:80:C2:00:00:20
00:30:1E:25:74:D8	2	126	0	0	01:80:C2:00:00:21
(Local Address)00:10:4B:1C:44:8B	2	120	120	2	00:05:5D:02:07:D4
00:60:08:41:54:F0	1	46	0	0	*BROADCAST

Mac	Pkts Sent	Pkts Rec.	Bytes Sent	Bytes Rec.
00:10:EE:88:30:95	32	5	1,586	248
00:01:02:FC:A1:62	0	18	0	828
00:D0:59:26:EA:80	1	0	229	0
*BROADCAST	0	3	0	303
00:06:53:42:4D:D7	4	0	200	0
01:00:0C:CC:CC:CD	0	4	0	200
00:30:1E:25:74:D8	7	0	356	0
01:80:C2:00:00:00	0	4	0	184
00:10:4B:19:A8:31	0	5	0	246
00:04:DC:C4:EA:69	2	0	92	0
01:00:81:00:01:00	0	1	0	46
01:00:81:00:01:01	0	1	0	46
00:08:9B:90:00:AE	1	0	93	0
00:50:04:B9:A2:4C	0	1	0	93
(Local Address)00:10:4B:1C:44:8B	8	8	396	412
00:05:5D:02:07:D4	3	2	213	120
00:01:02:94:7F:DD	0	1	0	93
52:54:AB:38:AE:3D	0	1	0	74
00:00:E2:2B:6B:FB	0	1	0	72
00:00:E2:89:B0:9F	0	1	0	74
01:80:C2:00:00:20	0	1	0	46
01:80:C2:00:00:21	0	2	0	126
00:60:08:41:54:F0	1	0	46	0