Últimos mensajes - Powered by IBM
- ayuda con Sawmill
- disco duro externo
- Problema para levantar Branch Office VPN
- MMC no puede crear el complemento Visor de eventos
- Archivado de Ficheros
- Firewall y Router en Solaris
- Recuperar mi Correo de Outlook porque saque la ...
- usuarios nuevos no cojen permisos
- Panda Internet Security 2013
- Problema con carpeta winsxs
Palabras claves
Análisis de un troyano ¿alguien me puede dar alguna pista?
08/12/2004 - 01:15 por Clavo Oxidado | Informe spam
Hola, os paso una preguntilla que me formula uno de nuestros técnicos :
Hola a todos,
últimamente estoy recibiendo muchos reports de clientes nuestros con este
tipo de alertas (pego report NOD32), necesito información :
(ojo, quien no este bien protegido que no ejecute los enlaces)
== en PCCARLOS: http://www.010402.com//inst//main.chm > CHM > /main.htm
Antes de ejecutar los enlaces directamente en mi navegador para investigar
un poquillo, he ejecutado el analizador Ethereal y
he obtenido el fichero adjunto:
195.225.177.26 HTTP GET /inst/main.chm HTTP/1.1
Mira la instrucción GET y el fichero main.chm. Lo que sigue es la típica
secuencia de SYN/ACK y, si se analiza a fondo, cosa que yo no sé, se ven
algún conjunto de instrucciones http interesantes o sospechosas(¿entiendes
http?
¿alguien me puede explicar un poco algo más, pistas, como funcionan estos
ataques a un nivel un poco más técnico (o a el nivel que sea, la información
siempre es bienvenida)?
Muchas gracias y un saludo. (ahora pego el report del analizador Ethereal :
No. Time Source Destination Protocol
Info
5 11.878170 192.168.80.2 195.225.177.26 TCP
3051 > http [SYN] Seq=0 Ack=0 Wine535 Len=0 MSS60
Frame 5 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
195.225.177.26 (195.225.177.26)
Transmission Control Protocol, Src Port: 3051 (3051), Dst Port: http (80),
Seq: 0, Ack: 0, Len: 0
No. Time Source Destination Protocol
Info
6 12.050349 195.225.177.26 192.168.80.2 TCP
http > 3051 [SYN, ACK] Seq=0 Ack=1 WinW344 Len=0 MSS60
Frame 6 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol
Info
7 12.050508 192.168.80.2 195.225.177.26 TCP
3051 > http [ACK] Seq=1 Ack=1 Wine535 Len=0
Frame 7 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
195.225.177.26 (195.225.177.26)
Transmission Control Protocol, Src Port: 3051 (3051), Dst Port: http (80),
Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol
Info
8 12.078697 192.168.80.2 195.225.177.26 HTTP GET
/inst/main.chm HTTP/1.1
Frame 8 (266 bytes on wire, 266 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
195.225.177.26 (195.225.177.26)
Transmission Control Protocol, Src Port: 3051 (3051), Dst Port: http (80),
Seq: 1, Ack: 1, Len: 212
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
9 12.291398 195.225.177.26 192.168.80.2 HTTP
HTTP/1.1 200 OK (text/plain)
Frame 9 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 1, Ack: 213, Len: 1460
Hypertext Transfer Protocol
Line-based text data: text/plain
No. Time Source Destination Protocol
Info
10 12.319446 195.225.177.26 192.168.80.2 HTTP
Continuation
Frame 10 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 1461, Ack: 213, Len: 1460
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
11 12.319601 192.168.80.2 195.225.177.26 TCP
3051 > http [ACK] Seq!3 Ack)21 Wine535 Len=0
Frame 11 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
195.225.177.26 (195.225.177.26)
Transmission Control Protocol, Src Port: 3051 (3051), Dst Port: http (80),
Seq: 213, Ack: 2921, Len: 0
No. Time Source Destination Protocol
Info
12 12.519099 195.225.177.26 192.168.80.2 HTTP
Continuation
Frame 12 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 2921, Ack: 213, Len: 1460
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
13 12.519281 192.168.80.2 195.225.177.26 TCP
3051 > http [ACK] Seq!3 AckC81 Wine535 Len=0
Frame 13 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
195.225.177.26 (195.225.177.26)
Transmission Control Protocol, Src Port: 3051 (3051), Dst Port: http (80),
Seq: 213, Ack: 4381, Len: 0
No. Time Source Destination Protocol
Info
14 12.546683 195.225.177.26 192.168.80.2 HTTP
Continuation
Frame 14 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 4381, Ack: 213, Len: 1460
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
15 12.573119 195.225.177.26 192.168.80.2 HTTP
Continuation
Frame 15 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 5841, Ack: 213, Len: 1460
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
16 12.573268 192.168.80.2 195.225.177.26 TCP
3051 > http [ACK] Seq!3 Acks01 Wine535 Len=0
Frame 16 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
195.225.177.26 (195.225.177.26)
Transmission Control Protocol, Src Port: 3051 (3051), Dst Port: http (80),
Seq: 213, Ack: 7301, Len: 0
No. Time Source Destination Protocol
Info
17 12.714817 195.225.177.26 192.168.80.2 HTTP
Continuation
Frame 17 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 7301, Ack: 213, Len: 1460
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
18 12.715020 192.168.80.2 195.225.177.26 TCP
3051 > http [ACK] Seq!3 Ack61 Wine535 Len=0
Frame 18 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
195.225.177.26 (195.225.177.26)
Transmission Control Protocol, Src Port: 3051 (3051), Dst Port: http (80),
Seq: 213, Ack: 8761, Len: 0
No. Time Source Destination Protocol
Info
19 12.741945 195.225.177.26 192.168.80.2 HTTP
Continuation
Frame 19 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 8761, Ack: 213, Len: 1460
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
20 12.770256 195.225.177.26 192.168.80.2 HTTP
Continuation
Frame 20 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 10221, Ack: 213, Len: 1460
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
21 12.770418 192.168.80.2 195.225.177.26 TCP
3051 > http [ACK] Seq!3 Ack681 Wine535 Len=0
Frame 21 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
195.225.177.26 (195.225.177.26)
Transmission Control Protocol, Src Port: 3051 (3051), Dst Port: http (80),
Seq: 213, Ack: 11681, Len: 0
No. Time Source Destination Protocol
Info
22 12.790823 195.225.177.26 192.168.80.2 HTTP
Continuation
Frame 22 (1104 bytes on wire, 1104 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 11681, Ack: 213, Len: 1050
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
23 12.791041 192.168.80.2 195.225.177.26 TCP
3051 > http [ACK] Seq!3 Ack732 Wind485 Len=0
Frame 23 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
195.225.177.26 (195.225.177.26)
Transmission Control Protocol, Src Port: 3051 (3051), Dst Port: http (80),
Seq: 213, Ack: 12732, Len: 0
No. Time Source Destination Protocol
Info
24 12.819013 192.168.80.2 80.35.132.39 TCP
3052 > 2222 [SYN] Seq=0 Ack=0 Wine535 Len=0 MSS60
Frame 24 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
80.35.132.39 (80.35.132.39)
Transmission Control Protocol, Src Port: 3052 (3052), Dst Port: 2222 (2222),
Seq: 0, Ack: 0, Len: 0
No. Time Source Destination Protocol
Info
25 15.771561 192.168.80.2 80.35.132.39 TCP
3052 > 2222 [SYN] Seq=0 Ack=0 Wine535 Len=0 MSS60
Frame 25 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
80.35.132.39 (80.35.132.39)
Transmission Control Protocol, Src Port: 3052 (3052), Dst Port: 2222 (2222),
Seq: 0, Ack: 0, Len: 0
No. Time Source Destination Protocol
Info
26 16.608575 192.168.80.2 195.225.177.26 TCP
3051 > http [FIN, ACK] Seq!3 Ack732 Wind485 Len=0
Frame 26 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
195.225.177.26 (195.225.177.26)
Transmission Control Protocol, Src Port: 3051 (3051), Dst Port: http (80),
Seq: 213, Ack: 12732, Len: 0
No. Time Source Destination Protocol
Info
27 16.777331 195.225.177.26 192.168.80.2 TCP
http > 3051 [ACK] Seq732 Ack!4 WinX400 Len=0
Frame 27 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 12732, Ack: 214, Len: 0
No. Time Source Destination Protocol
Info
28 16.904216 192.168.80.2 216.239.59.99 TCP
3053 > http [SYN] Seq=0 Ack=0 Wine535 Len=0 MSS60
Frame 28 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
216.239.59.99 (216.239.59.99)
Transmission Control Protocol, Src Port: 3053 (3053), Dst Port: http (80),
Seq: 0, Ack: 0, Len: 0
No. Time Source Destination Protocol
Info
29 17.030090 216.239.59.99 192.168.80.2 TCP
http > 3053 [SYN, ACK] Seq=0 Ack=1 Win90 Len=0 MSS60
Frame 29 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 216.239.59.99 (216.239.59.99), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3053 (3053),
Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol
Info
30 17.030258 192.168.80.2 216.239.59.99 TCP
3053 > http [ACK] Seq=1 Ack=1 Wine535 Len=0
Frame 30 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
216.239.59.99 (216.239.59.99)
Transmission Control Protocol, Src Port: 3053 (3053), Dst Port: http (80),
Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol
Info
31 17.031685 192.168.80.2 216.239.59.99 HTTP GET
/search?client=navclient-auto&chi5674915&freshness_checkBRX1KgzyC-UuWhQ-iQH7&iqrn=XdsC&orig=0J&ie=UTF-8&oe=UTF-8&features=Rank&q=info:http%3A%2F%2Fwww%2E010402%2Ecom%2Finst%2Fmain%2Echm
HTTP/1.1
Frame 31 (492 bytes on wire, 492 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
216.239.59.99 (216.239.59.99)
Transmission Control Protocol, Src Port: 3053 (3053), Dst Port: http (80),
Seq: 1, Ack: 1, Len: 438
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
32 17.230892 216.239.59.99 192.168.80.2 HTTP
HTTP/1.1 200 OK (text/html)
Frame 32 (223 bytes on wire, 223 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 216.239.59.99 (216.239.59.99), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3053 (3053),
Seq: 1, Ack: 439, Len: 169
Hypertext Transfer Protocol
Line-based text data: text/html
No. Time Source Destination Protocol
Info
33 17.232730 216.239.59.99 192.168.80.2 HTTP
Continuation
Frame 33 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 216.239.59.99 (216.239.59.99), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3053 (3053),
Seq: 170, Ack: 439, Len: 5
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
34 17.232876 192.168.80.2 216.239.59.99 TCP
3053 > http [ACK] SeqC9 Ack5 Wine361 Len=0
Frame 34 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
216.239.59.99 (216.239.59.99)
Transmission Control Protocol, Src Port: 3053 (3053), Dst Port: http (80),
Seq: 439, Ack: 175, Len: 0
No. Time Source Destination Protocol
Info
35 21.790758 192.168.80.2 80.35.132.39 TCP
3052 > 2222 [SYN] Seq=0 Ack=0 Wine535 Len=0 MSS60
Frame 35 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
80.35.132.39 (80.35.132.39)
Transmission Control Protocol, Src Port: 3052 (3052), Dst Port: 2222 (2222),
Seq: 0, Ack: 0, Len: 0
Hola a todos,
últimamente estoy recibiendo muchos reports de clientes nuestros con este
tipo de alertas (pego report NOD32), necesito información :
(ojo, quien no este bien protegido que no ejecute los enlaces)
== en PCCARLOS: http://www.010402.com//inst//main.chm > CHM > /main.htm
> infectado con VBS/TrojanDownloader.Psyme.NAF Troyano.
> 07/12/04 18:39:09 p.m. - IMON - Proteccion de Internet - Alerta de
> virus
> en PCCARLOS: http://010402.com/java0/classload.jar infectado con
> varias
> infecciones.
Antes de ejecutar los enlaces directamente en mi navegador para investigar
un poquillo, he ejecutado el analizador Ethereal y
he obtenido el fichero adjunto:
195.225.177.26 HTTP GET /inst/main.chm HTTP/1.1
Mira la instrucción GET y el fichero main.chm. Lo que sigue es la típica
secuencia de SYN/ACK y, si se analiza a fondo, cosa que yo no sé, se ven
algún conjunto de instrucciones http interesantes o sospechosas(¿entiendes
http?
¿alguien me puede explicar un poco algo más, pistas, como funcionan estos
ataques a un nivel un poco más técnico (o a el nivel que sea, la información
siempre es bienvenida)?
Muchas gracias y un saludo. (ahora pego el report del analizador Ethereal :
No. Time Source Destination Protocol
Info
5 11.878170 192.168.80.2 195.225.177.26 TCP
3051 > http [SYN] Seq=0 Ack=0 Wine535 Len=0 MSS60
Frame 5 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
195.225.177.26 (195.225.177.26)
Transmission Control Protocol, Src Port: 3051 (3051), Dst Port: http (80),
Seq: 0, Ack: 0, Len: 0
No. Time Source Destination Protocol
Info
6 12.050349 195.225.177.26 192.168.80.2 TCP
http > 3051 [SYN, ACK] Seq=0 Ack=1 WinW344 Len=0 MSS60
Frame 6 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol
Info
7 12.050508 192.168.80.2 195.225.177.26 TCP
3051 > http [ACK] Seq=1 Ack=1 Wine535 Len=0
Frame 7 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
195.225.177.26 (195.225.177.26)
Transmission Control Protocol, Src Port: 3051 (3051), Dst Port: http (80),
Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol
Info
8 12.078697 192.168.80.2 195.225.177.26 HTTP GET
/inst/main.chm HTTP/1.1
Frame 8 (266 bytes on wire, 266 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
195.225.177.26 (195.225.177.26)
Transmission Control Protocol, Src Port: 3051 (3051), Dst Port: http (80),
Seq: 1, Ack: 1, Len: 212
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
9 12.291398 195.225.177.26 192.168.80.2 HTTP
HTTP/1.1 200 OK (text/plain)
Frame 9 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 1, Ack: 213, Len: 1460
Hypertext Transfer Protocol
Line-based text data: text/plain
No. Time Source Destination Protocol
Info
10 12.319446 195.225.177.26 192.168.80.2 HTTP
Continuation
Frame 10 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 1461, Ack: 213, Len: 1460
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
11 12.319601 192.168.80.2 195.225.177.26 TCP
3051 > http [ACK] Seq!3 Ack)21 Wine535 Len=0
Frame 11 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
195.225.177.26 (195.225.177.26)
Transmission Control Protocol, Src Port: 3051 (3051), Dst Port: http (80),
Seq: 213, Ack: 2921, Len: 0
No. Time Source Destination Protocol
Info
12 12.519099 195.225.177.26 192.168.80.2 HTTP
Continuation
Frame 12 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 2921, Ack: 213, Len: 1460
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
13 12.519281 192.168.80.2 195.225.177.26 TCP
3051 > http [ACK] Seq!3 AckC81 Wine535 Len=0
Frame 13 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
195.225.177.26 (195.225.177.26)
Transmission Control Protocol, Src Port: 3051 (3051), Dst Port: http (80),
Seq: 213, Ack: 4381, Len: 0
No. Time Source Destination Protocol
Info
14 12.546683 195.225.177.26 192.168.80.2 HTTP
Continuation
Frame 14 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 4381, Ack: 213, Len: 1460
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
15 12.573119 195.225.177.26 192.168.80.2 HTTP
Continuation
Frame 15 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 5841, Ack: 213, Len: 1460
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
16 12.573268 192.168.80.2 195.225.177.26 TCP
3051 > http [ACK] Seq!3 Acks01 Wine535 Len=0
Frame 16 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
195.225.177.26 (195.225.177.26)
Transmission Control Protocol, Src Port: 3051 (3051), Dst Port: http (80),
Seq: 213, Ack: 7301, Len: 0
No. Time Source Destination Protocol
Info
17 12.714817 195.225.177.26 192.168.80.2 HTTP
Continuation
Frame 17 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 7301, Ack: 213, Len: 1460
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
18 12.715020 192.168.80.2 195.225.177.26 TCP
3051 > http [ACK] Seq!3 Ack61 Wine535 Len=0
Frame 18 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
195.225.177.26 (195.225.177.26)
Transmission Control Protocol, Src Port: 3051 (3051), Dst Port: http (80),
Seq: 213, Ack: 8761, Len: 0
No. Time Source Destination Protocol
Info
19 12.741945 195.225.177.26 192.168.80.2 HTTP
Continuation
Frame 19 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 8761, Ack: 213, Len: 1460
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
20 12.770256 195.225.177.26 192.168.80.2 HTTP
Continuation
Frame 20 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 10221, Ack: 213, Len: 1460
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
21 12.770418 192.168.80.2 195.225.177.26 TCP
3051 > http [ACK] Seq!3 Ack681 Wine535 Len=0
Frame 21 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
195.225.177.26 (195.225.177.26)
Transmission Control Protocol, Src Port: 3051 (3051), Dst Port: http (80),
Seq: 213, Ack: 11681, Len: 0
No. Time Source Destination Protocol
Info
22 12.790823 195.225.177.26 192.168.80.2 HTTP
Continuation
Frame 22 (1104 bytes on wire, 1104 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 11681, Ack: 213, Len: 1050
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
23 12.791041 192.168.80.2 195.225.177.26 TCP
3051 > http [ACK] Seq!3 Ack732 Wind485 Len=0
Frame 23 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
195.225.177.26 (195.225.177.26)
Transmission Control Protocol, Src Port: 3051 (3051), Dst Port: http (80),
Seq: 213, Ack: 12732, Len: 0
No. Time Source Destination Protocol
Info
24 12.819013 192.168.80.2 80.35.132.39 TCP
3052 > 2222 [SYN] Seq=0 Ack=0 Wine535 Len=0 MSS60
Frame 24 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
80.35.132.39 (80.35.132.39)
Transmission Control Protocol, Src Port: 3052 (3052), Dst Port: 2222 (2222),
Seq: 0, Ack: 0, Len: 0
No. Time Source Destination Protocol
Info
25 15.771561 192.168.80.2 80.35.132.39 TCP
3052 > 2222 [SYN] Seq=0 Ack=0 Wine535 Len=0 MSS60
Frame 25 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
80.35.132.39 (80.35.132.39)
Transmission Control Protocol, Src Port: 3052 (3052), Dst Port: 2222 (2222),
Seq: 0, Ack: 0, Len: 0
No. Time Source Destination Protocol
Info
26 16.608575 192.168.80.2 195.225.177.26 TCP
3051 > http [FIN, ACK] Seq!3 Ack732 Wind485 Len=0
Frame 26 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
195.225.177.26 (195.225.177.26)
Transmission Control Protocol, Src Port: 3051 (3051), Dst Port: http (80),
Seq: 213, Ack: 12732, Len: 0
No. Time Source Destination Protocol
Info
27 16.777331 195.225.177.26 192.168.80.2 TCP
http > 3051 [ACK] Seq732 Ack!4 WinX400 Len=0
Frame 27 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 195.225.177.26 (195.225.177.26), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3051 (3051),
Seq: 12732, Ack: 214, Len: 0
No. Time Source Destination Protocol
Info
28 16.904216 192.168.80.2 216.239.59.99 TCP
3053 > http [SYN] Seq=0 Ack=0 Wine535 Len=0 MSS60
Frame 28 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
216.239.59.99 (216.239.59.99)
Transmission Control Protocol, Src Port: 3053 (3053), Dst Port: http (80),
Seq: 0, Ack: 0, Len: 0
No. Time Source Destination Protocol
Info
29 17.030090 216.239.59.99 192.168.80.2 TCP
http > 3053 [SYN, ACK] Seq=0 Ack=1 Win90 Len=0 MSS60
Frame 29 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 216.239.59.99 (216.239.59.99), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3053 (3053),
Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol
Info
30 17.030258 192.168.80.2 216.239.59.99 TCP
3053 > http [ACK] Seq=1 Ack=1 Wine535 Len=0
Frame 30 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
216.239.59.99 (216.239.59.99)
Transmission Control Protocol, Src Port: 3053 (3053), Dst Port: http (80),
Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol
Info
31 17.031685 192.168.80.2 216.239.59.99 HTTP GET
/search?client=navclient-auto&chi5674915&freshness_checkBRX1KgzyC-UuWhQ-iQH7&iqrn=XdsC&orig=0J&ie=UTF-8&oe=UTF-8&features=Rank&q=info:http%3A%2F%2Fwww%2E010402%2Ecom%2Finst%2Fmain%2Echm
HTTP/1.1
Frame 31 (492 bytes on wire, 492 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
216.239.59.99 (216.239.59.99)
Transmission Control Protocol, Src Port: 3053 (3053), Dst Port: http (80),
Seq: 1, Ack: 1, Len: 438
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
32 17.230892 216.239.59.99 192.168.80.2 HTTP
HTTP/1.1 200 OK (text/html)
Frame 32 (223 bytes on wire, 223 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 216.239.59.99 (216.239.59.99), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3053 (3053),
Seq: 1, Ack: 439, Len: 169
Hypertext Transfer Protocol
Line-based text data: text/html
No. Time Source Destination Protocol
Info
33 17.232730 216.239.59.99 192.168.80.2 HTTP
Continuation
Frame 33 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: 00:a0:c5:73:9a:af, Dst: 00:06:5b:ba:ab:af
Internet Protocol, Src Addr: 216.239.59.99 (216.239.59.99), Dst Addr:
192.168.80.2 (192.168.80.2)
Transmission Control Protocol, Src Port: http (80), Dst Port: 3053 (3053),
Seq: 170, Ack: 439, Len: 5
Hypertext Transfer Protocol
No. Time Source Destination Protocol
Info
34 17.232876 192.168.80.2 216.239.59.99 TCP
3053 > http [ACK] SeqC9 Ack5 Wine361 Len=0
Frame 34 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
216.239.59.99 (216.239.59.99)
Transmission Control Protocol, Src Port: 3053 (3053), Dst Port: http (80),
Seq: 439, Ack: 175, Len: 0
No. Time Source Destination Protocol
Info
35 21.790758 192.168.80.2 80.35.132.39 TCP
3052 > 2222 [SYN] Seq=0 Ack=0 Wine535 Len=0 MSS60
Frame 35 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: 00:06:5b:ba:ab:af, Dst: 00:a0:c5:73:9a:af
Internet Protocol, Src Addr: 192.168.80.2 (192.168.80.2), Dst Addr:
80.35.132.39 (80.35.132.39)
Transmission Control Protocol, Src Port: 3052 (3052), Dst Port: 2222 (2222),
Seq: 0, Ack: 0, Len: 0
Preguntas similare
- Alguien me puede ayudar?
- alguien me puede ayudar con el odbc por fa
- alguien me puede decir...
- a ver si alguien me puede ayudar..
- ¿alguien me puede explicar esta opcion como funciona?
- Alguien me puede explicar Sql Server compact edition
- a ver si alguien me puede ayudar...
- alguien me puede decir a que se debe este error?
- Alguien me puede ayudar ??
Busqueda sugerida
Leer las respuestas