DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
Old 1st January 2010
mayuka mayuka is offline
Fdisk Soldier
 
Join Date: Dec 2009
Posts: 64
Default

Quote:
Originally Posted by There0 View Post
I am hoping that you have another USB adaptor, or can at least test this current one on a Windoz box and verify. I am at a bit off a loss with your situation and am starting to believe that it is hardware or driver issue.
I just tested the adapter on my Apple C2D 2 GHz notebook with the newest drivers from ralinktech's website. You can't configure the adapter to a hostap mode but at least you can configure it for ad-hoc mode and it seems to work fine there without and with wpa2 encryption.

I can test the adapter with windos xp running in vmware if there is a driver for windos that supports hostap mode? I even could install OpenBSD inside vmware on my C2D notebook if that would help...

Quote:
Originally Posted by J65nko View Post
However port 192 seems to be used by Apple wireless stuff. See http://isc.sans.org/port.html?port=192.
Thanks. I didn't knew that port 192 is some crappy Apple related stuff... As I've written before I was asleep this morning but now I'm passing/allowing all incoming and outgoing traffic on rum0 again. But there's no daemon or program listening on udp port 192, so the Apple notebook or iphone won't get any answer anyway...

Maybe I'll try connecting from a windos box and see if that one could connect...
Reply With Quote
Old 1st January 2010
There0 There0 is offline
./dev/null
 
Join Date: Jul 2008
Posts: 170
Default

Quote:
I can test the adapter with windos xp running in vmware if there is a driver for windos that supports hostap mode? I even could install OpenBSD inside vmware on my C2D notebook if that would help...
You should be able to test fine under VMware, it passes forth all the networking (seemingly) fine, are you using Fusion? or Workstation? i have done this with VMWare Workstation, but not Fusion.

Not sure if the manufacture's drivers support that, Asus is pretty good with features, best to check the model on there site and see what features it does have.
__________________
The more you learn, the more you realize how little you know ....
Reply With Quote
Old 1st January 2010
mayuka mayuka is offline
Fdisk Soldier
 
Join Date: Dec 2009
Posts: 64
Default

Now this is funny... I just tried to setup hostapd with a basic configuration and now the client won't disconnect so easily but every 10 seconds hostapd produces messages like this one:
Code:
rum0/rum0: sent ADD notification for 00:33:36:3f:dc:b2
But I don't understand why starting hostapd helps...

There's a lot of traffic going on, mainly packages to port 5223... I'll sort that out...
Reply With Quote
Old 1st January 2010
mayuka mayuka is offline
Fdisk Soldier
 
Join Date: Dec 2009
Posts: 64
Default

Okay. It just seemed to work. When having hostapd started the client just disconnects after 1 minute instead of 10 seconds. After that it may reconnects or may not. Very strange indeed.

Here's my hostapd.conf file:
Code:
# Macros
iface="rum0"
ssid=test
#wpa=1
wpa_passphrase=0xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP

# Tables
# Define the MAC addresses (BSSIDs) for your accesspoints in a table.
table <myess> {
	xx:xx:xx:xx:xx:xx
}

# Global options
set hostap interface $iface
set hostap mode radiotap

# Uncomment these options to jump to the next channel every 2 seconds.
#set hostap hopper interface $iface
#set hostap hopper delay 2000

# Use multicast (according to the revised standard).
set iapp interface $iface
set iapp mode multicast

# Event rules

# Log probe requests.
hostap handle type management subtype probe request \
    with iapp type radiotap

# Log and annoy foreign accesspoints.
#
# This will be logged as well but the important thing is to
# annoy other accesspoints in your wireless territory.
hostap handle type data bssid !<myess> \
    with frame type management subtype deauth reason auth expire \
    from &bssid to ff:ff:ff:ff:ff:ff bssid &bssid

# The first de-auth example will not work with some newer stuff, like
# iwi(4)/ipw(4) "centrino", because they ignore management frames to
# the broadcast address as a countermeasure against the "void11"
# attack.
#
# hostap handle type data bssid !<myess> \
#    with frame type management subtype deauth reason auth expire \
#    from &bssid to &from bssid &bssid

# Detect flooding of management frames except beacons.
# This will detect some possible Denial of Service attacks
# against the IEEE 802.11 protocol (like "void11").
hostap handle skip type management subtype ! beacon \
    with log \
    rate 100 / 10 sec

# Finally log any rogue accesspoints limited to every second.
hostap handle skip type management subtype beacon bssid !<myess> \
    with iapp type radiotap limit 1 sec
But I still don't understand why starting hostapd changes the situation... And yes, I've read the man page several times now.
Reply With Quote
Old 1st January 2010
There0 There0 is offline
./dev/null
 
Join Date: Jul 2008
Posts: 170
Default

Quote:
But I still don't understand why starting hostapd changes the situation... And yes, I've read the man page several times now.
Not sure i can answer that one for you, perhaps hostapd is proxying or has longer wait for timeouts? and keeps the connection for longer? hostapd maybe managing the connection better (longer), that is perhaps a question for the developers. They may recommend to try the lastest snapshot of PPC arch.

Quote:
rum0/rum0: sent ADD notification for 00:33:36:3f:dc:b2
I just googled that and found nothing, it is probably a request from your adaptor that hostapd is accepting (my guess), as hostapd is designed for multiple access points polling and dynamically joining each other and such.

Did you get a chance to test the adaptor from a Windoz box? is the adaptor it working properly? I'm ready for sleep soon too
__________________
The more you learn, the more you realize how little you know ....
Reply With Quote
Old 1st January 2010
mayuka mayuka is offline
Fdisk Soldier
 
Join Date: Dec 2009
Posts: 64
Default

Quote:
Originally Posted by There0 View Post
Did you get a chance to test the adaptor from a Windoz box? is the adaptor it working properly? I'm ready for sleep soon too
No not yet... I'll try soon.
Reply With Quote
Old 1st January 2010
There0 There0 is offline
./dev/null
 
Join Date: Jul 2008
Posts: 170
Default

Cool, i actually got some replies for the status: no network error, it seems that the intel based wifi adaptors do NOT support hostap mode, i have an atheros based pcmcia that i actually got "active" now i can see it on my wifi scans.

I actually REMOVED the "mode 11g" and "chan 11" from the hostname.ath0 file and status is ACTIVE ....

$ more /etc/hostname.ath0
inet 192.168.10.254 255.255.255.0 NONE media autoselect mediaopt hostap nwid wifi nwkey stupidpass

$ ifconfig ath0
ath0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX ,MULTICAST> mtu 1500
lladdr 00:0d:88:92:16:16
priority: 4
groups: wlan
media: IEEE802.11 autoselect hostap (autoselect mode 11b hostap)
status: active
ieee80211: nwid wifi chan 11 bssid 00:0d:88:92:16:16 nwkey 0x73747570696470617373000000
inet6 fe80::20d:88ff:fe92:1616%ath0 prefixlen 64 scopeid 0x8
inet 192.168.10.254 netmask 0xffffff00 broadcast 192.168.10.255

Update: WOW, so i get it showing me its available but i cannot connect to the wifi network ... yay. As soon as i enter the password to connect (which it fails) i get the following in my /var/log/mesages file, although it is an older chipset (and well supported?) im going to have to pause this project for now.

Jan 1 09:53:48 computer /bsd: ar5k_ar5212_nic_wakeup: failed to resume the AR5212 (again)
Jan 1 09:53:48 computer /bsd: ath0: unable to reset hardware; hal status 3633410968

P.S. I did not mean to sidetrack or hijack your thread kinda almost turned out that way though ...
__________________
The more you learn, the more you realize how little you know ....

Last edited by There0; 1st January 2010 at 04:07 PM.
Reply With Quote
Old 1st January 2010
mayuka mayuka is offline
Fdisk Soldier
 
Join Date: Dec 2009
Posts: 64
Default

Quote:
Originally Posted by There0 View Post
P.S. I did not mean to sidetrack or hijack your thread kinda almost turned out that way though ...
No problem. That helped nonetheless. Your problem seem to be related to a hardware issue. Maybe OpenBSD does not support hostap mode with your adapter properly or your adapter sets some strange hardware modes.

At the moment my clients are disconnecting every 50-60 seconds. Don't know why. That does not seem to be related to hostapd though. It's more an issue what kind of traffic my firewall blocks or does not forward. These are the only traffic that appears in the firewall log when the client disconnects.

Code:
Jan 01 17:28:59.929785 rule 19/(ip-option) pass in on rum0: 192.168.2.99 > 224.0.0.2: igmp leave 224.0.0.251
Jan 01 17:28:59.930038 rule 19/(ip-option) pass in on rum0: 192.168.2.99 > 224.0.0.251: igmp nreport 224.0.0.251
Jan 01 17:29:05.184011 rule 19/(ip-option) pass in on rum0: 192.168.2.99 > 224.0.0.251: igmp nreport 224.0.0.251
Reply With Quote
Old 1st January 2010
mayuka mayuka is offline
Fdisk Soldier
 
Join Date: Dec 2009
Posts: 64
Default

Quote:
Originally Posted by There0 View Post
Jan 1 09:53:48 computer /bsd: ar5k_ar5212_nic_wakeup: failed to resume the AR5212 (again)
Jan 1 09:53:48 computer /bsd: ath0: unable to reset hardware; hal status 3633410968
Oh maybe you have enable auto-power down or auto sleep? I've read somewhere that my adapter doesn't support that correctly.
Reply With Quote
Old 1st January 2010
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

OpenBSD does not support 802.11 power saving features when in hostap mode, remember to disable power saving on all your clients.
Reply With Quote
Old 1st January 2010
There0 There0 is offline
./dev/null
 
Join Date: Jul 2008
Posts: 170
Default

Quote:
Maybe OpenBSD does not support hostap mode with your adapter properly or your adapter sets some strange hardware modes.
The hostap mode is supported on the atheros (5212) chipset, it was both my iwi and iwn that do not support it

Quote:
Oh maybe you have enable auto-power down or auto sleep? I've read somewhere that my adapter doesn't support that correctly.
Correct those chipset do not fare well with power savings at all, i was trying to connect from my IPod touch, and another notebook, both same HAL error.

I was researching the ral and rum and those both do support what i am after, unfortunitly i do not have one of those chipsets, i have a Linksys wireless N (not supported by OpenBSD) that ima looking to trade off, also a couple other PCMCIA adaptors.

Quote:
It's more an issue what kind of traffic my firewall blocks or does not forward
Have you tried "set skip on rum0" in your pf.conf file? I use the following to nat on all non $EXT interfaces, not sure what your pf.conf looks like but those packets are being passed in;

Code:
nat on $EXT from !$EXT:network to any -> ($EXT)
I did not get past the entering the password for the wifi network, it failed and dumped "ath0: unable to reset hardware; hal status 3633410968" to dmesg every time
__________________
The more you learn, the more you realize how little you know ....
Reply With Quote
Old 1st January 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

Try the following pf.conf
Code:
# pf.conf

EXT="pppoe0"
INT="re1"
WLAN='rum0'

# used by J65nko only
EXT="fxp0"
INT="lo1"
WLAN='lo2'
# ------------------

TCP_PORTS = "www"
UDP_PORTS = 'domain'

set block-policy drop
set skip on lo0

# ---------- NAT/RDR section
nat on $EXT from $INT:network  -> ($EXT)
nat on $EXT from $WLAN:network  -> ($EXT)

# keep VISTA and XP happy
match on pppoe0 scrub (max-mss 1440)

# DEFAULT POLICY
block log (all)

# ---- OUTGOING TRAFFIC

# -- external interface
pass out quick on $EXT tagged OK

# -- internal interface

# --- INCOMING TRAFFIC

# - internal interface
pass in quick on $INT inet proto tcp from $INT:network to any port $TCP_PORTS tag OK
pass in quick on $INT inet proto udp from $INT:network to any port $UDP_PORTS tag OK

# -- internal wireless
pass in quick on $WLAN inet proto tcp from $WLAN:network to any port $TCP_PORTS tag OK
pass in quick on $WLAN inet proto udp from $WLAN:network to any port $UDP_PORTS tag OK
A test parse on my 1 NIC desktop box where I had to spoof two interfaces, else pf chokes on stuff like $WLAN:network
Code:
# pfctl -vvnf mayuka.pf  
EXT = "pppoe0"
INT = "re1"
WLAN = "rum0"
EXT = "fxp0"
INT = "lo1"
WLAN = "lo2"
TCP_PORTS = "www"
UDP_PORTS = "domain"
set block-policy drop
set skip on { lo0 }
@0 nat on fxp0 inet from 10.0.0.0/24 to any -> (fxp0) round-robin
@1 nat on fxp0 inet from 10.2.2.0/24 to any -> (fxp0) round-robin
@0 match on pppoe0 all scrub (max-mss 1440)
@1 block drop log (all) all
@2 pass out quick on fxp0 all flags S/SA keep state tagged OK
@3 pass in quick on lo1 inet proto tcp from 10.0.0.0/24 to any port = www flags S/SA keep state tag OK
@4 pass in quick on lo1 inet proto udp from 10.0.0.0/24 to any port = domain keep state tag OK
@5 pass in quick on lo2 inet proto tcp from 10.2.2.0/24 to any port = www flags S/SA keep state tag OK
@6 pass in quick on lo2 inet proto udp from 10.2.2.0/24 to any port = domain keep state tag OK
With a default policy of block log (all) all blocked packets can be seen with tcpdump -eni pflog0. When no blocked packets are shown by this tcpdump, then in 99% of the cases you have a routing problem.

I hope that just like me you, you used a different subnet for both the internal NIC and WLAN. Even if I have to spoof interfaces I do this
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Old 2nd January 2010
mayuka mayuka is offline
Fdisk Soldier
 
Join Date: Dec 2009
Posts: 64
Default

Thanks for the answers and sorry for the delay. I needed some sleep.

First I tried
Code:
set skip on rum0
but without any change. Both clients (the iphone, the Apple notebook) disconnecting after about a minute.

Then I tried your minimalistic firewall configuration but without a change. However, I'm using tcpdump -n -e -ttt -i pflog0 for parsing the firewall rules. First I suspected that still anti-spoof is being turned on but I turned that one off and still no change. What I discovered is, that now all incoming traffic from my clients to 224.0.0.0/8 also are passed through the firewall to the outside and also these strange igmp packets that are being logged from a rule that shouldn't log at all (pass in quick on rum0 inet from (rum0:network:*) to any flags S/SA keep state.)

Could it be also possible that I have set up some strange timeouts via sysctl or in the pf.conf that could cause this behaviour? This is what I had earlier in my pf.conf. No changes in my sysctl.conf.

Code:
set timeout interval 10
set timeout frag 20
set timeout src.track 5
set timeout { tcp.first 30, tcp.closing 10, tcp.closed 10, tcp.finwait 10 tcp.es
tablished 86400 }
set timeout { udp.first 10, udp.single 10, udp.multiple 10 }
I also enabled multicast routing in my sysctl but without any change (obviously):

Code:
sysctl net.inet.ip.mforwarding=1
sysctl net.inet.ip.multipath=1
So. Maybe wrong routes are the problem here? My internal ethernet network has a 10.x.x.x subnet. So there should be no conflicts at all.

Code:
# route -n show | grep rum0
192.168.2/24       link#7             UC         1        0     -     4 rum0
192.168.2.99       00:33:36:3f:dc:b2  UHLc       0      501     -     4 rum0
fe80::%rum0/64                     link#7                         UC         0        0     -     4 rum0
fe80::33e6:baff:fef0:a0f%rum0      33:33:33:f0:0a:0f              UHL        0        0     -     4 lo0
ff01::%rum0/32                     link#7                         UC         0        0     -     4 rum0
ff02::%rum0/32                     link#7                         UC         0        0     -     4 rum0
Reply With Quote
Old 2nd January 2010
mayuka mayuka is offline
Fdisk Soldier
 
Join Date: Dec 2009
Posts: 64
Default

PS: The full routing table is in this post:

http://www.daemonforums.org/showpost...12&postcount=9
Reply With Quote
Old 2nd January 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

Let us really debug this thing ?
  • Enable sshd on the OBSD router. Tell it to listen on the internal interface only (/etc/ssh/sshd_config)
  • Disable those multipath routing sysctls.
  • Load the minimalistic pf.conf I suggested without any messing around with timeout values. I was assuming you used pppoe, if not modify.
    Flush all existing pf rules and settings with 'pfctl' Add ssh to the allowed TCP services to pass in.
  • From your OBSD box in the wired network open up 4 xterms to ssh in to your OBSD firewall.

    In all xterms, use ssh to log in in to your router and 'su - root' because
    you will be wiretapping all interfaces on your OpenBSD router.

    1. # tcpdump -eni $EXT
    2. # tcpdump -eni $INT 'not port ssh'
    3. # tcpdump -eni $WLAN
    4. # tcpdump -eni pflog0

    From this same box in yet another xterm do dig www.google.com
    You should see the DNS request arrive on you $INTand leave on $EXT and
    the answer entering on $EXT, and leaving on $INT to arrive on your box

    Now make a connection on the wireles client and repeat the dig www.google.com.

    If it is a windows wireless client which doesn't have 'dig' use 'nslookup'
    Alternatively, you also could use 'ping' but then you first have to allow ICMP trafficin the pf.conf
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Old 2nd January 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

BTW your wireless clients need the IP address of you $WLAN NIC set as default gateway.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Old 2nd January 2010
mayuka mayuka is offline
Fdisk Soldier
 
Join Date: Dec 2009
Posts: 64
Default

Argh.. My Apple notebook won't connect over wifi at the moment. Don't know why. So I did this from the (un-jailbreaked) iphone. Instead of dig/nslookup/host id did just browse www.google.com. There is lots of traffic being ganerated. I decided to just post the traffic on my wifi adapter. I hope you can make head or tails out of it. I can post the traffic on my external interface afterwards.

PS: I blacked out the mac addresses. xx:xx is the iphone. yy:yy is the wifi adapter. Happy digging.

Code:
13:16:38.708899 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.2.99 tell 0.0.0.0
13:16:39.109161 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.2.99 tell 0.0.0.0
13:16:39.518627 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.2.99 tell 0.0.0.0
13:16:39.918340 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.2.99 tell 192.168.2.99
13:16:40.319119 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.2.99 tell 192.168.2.99
13:16:40.322738 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.2.254 tell 192.168.2.99
13:16:40.322764 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0806 42: arp reply 192.168.2.254 is-at yy:yy:yy:yy:yy:yy
13:16:40.478697 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 169.254.255.255 tell 192.168.2.99
13:16:40.612418 xx:xx:xx:xx:xx:xx 01:00:5e:00:00:02 0800 46: 192.168.2.99 > 224.0.0.2: igmp leave 224.0.0.251 [ttl 1]
13:16:40.614319 xx:xx:xx:xx:xx:xx 01:00:5e:00:00:fb 0800 46: 192.168.2.99 > 224.0.0.251: igmp nreport 224.0.0.251 [ttl 1]
13:16:40.861484 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 169.254.255.255 tell 192.168.2.99
13:16:40.907594 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.2.254 tell 192.168.2.99
13:16:40.907619 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0806 42: arp reply 192.168.2.254 is-at yy:yy:yy:yy:yy:yy
13:16:40.908888 xx:xx:xx:xx:xx:xx 01:00:5e:00:00:fb 0800 113: 192.168.2.99.5353 > 224.0.0.251.5353: 0 [1n] [1au] ANY (Cache flush)? touchPod.local. (71)
13:16:40.911770 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 91: 192.168.2.99.57739 > 83.169.185.161.53: 59379+ A? safebrowsing.clients.google.com. (49)
13:16:40.919842 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 211: 83.169.185.161.53 > 192.168.2.99.57739: 59379 7/0/0 CNAME clients.l.google.com.,[|domain]
13:16:41.157010 xx:xx:xx:xx:xx:xx 01:00:5e:00:00:fb 0800 113: 192.168.2.99.5353 > 224.0.0.251.5353: 0 [1n] [1au] ANY? touchPod.local. (71)
13:16:41.261481 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 169.254.255.255 tell 192.168.2.99
13:16:41.406013 xx:xx:xx:xx:xx:xx 01:00:5e:00:00:fb 0800 113: 192.168.2.99.5353 > 224.0.0.251.5353: 0 [1n] [1au] ANY? touchPod.local. (71)
13:16:41.655503 xx:xx:xx:xx:xx:xx 01:00:5e:00:00:fb 0800 123: 192.168.2.99.5353 > 224.0.0.251.5353: 0*- [0q] 2/0/0 (Cache flush) A 192.168.2.99, (81)
13:16:41.661492 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 169.254.255.255 tell 192.168.2.99
13:16:42.652756 xx:xx:xx:xx:xx:xx 01:00:5e:00:00:fb 0800 123: 192.168.2.99.5353 > 224.0.0.251.5353: 0*- [0q] 2/0/0 (Cache flush) A 192.168.2.99, (81)
13:16:44.667696 xx:xx:xx:xx:xx:xx 01:00:5e:00:00:fb 0800 123: 192.168.2.99.5353 > 224.0.0.251.5353: 0*- [0q] 2/0/0 (Cache flush) A 192.168.2.99, (81)
13:16:44.667828 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 44: 192.168.2.99.5353 > 192.168.2.254.5351:[|domain]
13:16:44.667962 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: 192.168.2.254 udp port 5351 unreachable
13:16:44.668086 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 170: 192.168.2.99.61471 > 192.168.2.254.1900: udp 128
13:16:44.668155 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: 192.168.2.254 udp port 1900 unreachable
13:16:44.672915 xx:xx:xx:xx:xx:xx 01:00:5e:7f:ff:fa 0800 170: 192.168.2.99.61471 > 239.255.255.250.1900: udp 128
13:16:44.673060 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 54: 192.168.2.99.5353 > 192.168.2.254.5351: 1 [5353a] [5353q] [7200au][|domain]
13:16:44.673118 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: 192.168.2.254 udp port 5351 unreachable
13:16:44.673313 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 171: 192.168.2.99.61471 > 192.168.2.254.1900: udp 129
13:16:44.673359 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: 192.168.2.254 udp port 1900 unreachable
13:16:44.676879 xx:xx:xx:xx:xx:xx 01:00:5e:7f:ff:fa 0800 171: 192.168.2.99.61471 > 239.255.255.250.1900: udp 129
13:16:45.178569 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 44: 192.168.2.99.5353 > 192.168.2.254.5351:[|domain]
13:16:45.178652 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: 192.168.2.254 udp port 5351 unreachable
13:16:45.178793 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 170: 192.168.2.99.61471 > 192.168.2.254.1900: udp 128
13:16:45.178841 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: 192.168.2.254 udp port 1900 unreachable
13:16:45.181832 xx:xx:xx:xx:xx:xx 01:00:5e:7f:ff:fa 0800 170: 192.168.2.99.61471 > 239.255.255.250.1900: udp 128
13:16:45.182027 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 54: 192.168.2.99.5353 > 192.168.2.254.5351: 1 [5353a] [5353q] [7200au][|domain]
13:16:45.182074 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: 192.168.2.254 udp port 5351 unreachable
13:16:45.184278 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 171: 192.168.2.99.61471 > 192.168.2.254.1900: udp 129
13:16:45.184321 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: 192.168.2.254 udp port 1900 unreachable
13:16:45.184529 xx:xx:xx:xx:xx:xx 01:00:5e:7f:ff:fa 0800 171: 192.168.2.99.61471 > 239.255.255.250.1900: udp 129
13:16:46.160606 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 44: 192.168.2.99.5353 > 192.168.2.254.5351:[|domain]
13:16:46.160689 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: 192.168.2.254 udp port 5351 unreachable
13:16:46.162567 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 170: 192.168.2.99.61471 > 192.168.2.254.1900: udp 128
13:16:46.162613 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: 192.168.2.254 udp port 1900 unreachable
13:16:46.162819 xx:xx:xx:xx:xx:xx 01:00:5e:7f:ff:fa 0800 170: 192.168.2.99.61471 > 239.255.255.250.1900: udp 128
13:16:46.164308 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 54: 192.168.2.99.5353 > 192.168.2.254.5351: 1 [5353a] [5353q] [7200au][|domain]
13:16:46.164352 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: 192.168.2.254 udp port 5351 unreachable
13:16:46.166563 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 171: 192.168.2.99.61471 > 192.168.2.254.1900: udp 129
13:16:46.166616 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: 192.168.2.254 udp port 1900 unreachable
13:16:46.166811 xx:xx:xx:xx:xx:xx 01:00:5e:7f:ff:fa 0800 171: 192.168.2.99.61471 > 239.255.255.250.1900: udp 129
13:16:48.156084 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 44: 192.168.2.99.5353 > 192.168.2.254.5351:[|domain]
13:16:48.156165 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: 192.168.2.254 udp port 5351 unreachable
13:16:48.158050 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 170: 192.168.2.99.61471 > 192.168.2.254.1900: udp 128
13:16:48.158097 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: 192.168.2.254 udp port 1900 unreachable
13:16:48.158302 xx:xx:xx:xx:xx:xx 01:00:5e:7f:ff:fa 0800 170: 192.168.2.99.61471 > 239.255.255.250.1900: udp 128
13:16:48.159790 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 54: 192.168.2.99.5353 > 192.168.2.254.5351: 1 [5353a] [5353q] [7200au][|domain]
13:16:48.159834 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: 192.168.2.254 udp port 5351 unreachable
13:16:48.163536 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 171: 192.168.2.99.61471 > 192.168.2.254.1900: udp 129
13:16:48.163578 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: 192.168.2.254 udp port 1900 unreachable
13:16:48.163786 xx:xx:xx:xx:xx:xx 01:00:5e:7f:ff:fa 0800 171: 192.168.2.99.61471 > 239.255.255.250.1900: udp 129
13:16:48.165536 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 74: 192.168.2.99.5353 > 83.169.185.161.53: 64815+ TXT? push.apple.com. (32)
13:16:48.174312 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 95: 83.169.185.161.53 > 192.168.2.99.5353: 64815 1/0/0 TXT "count=50[|domain]
13:16:48.290001 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 84: 192.168.2.99.64639 > 83.169.185.161.53: 17435+ A? 1-courier.push.apple.com. (42)
13:16:48.305294 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 261: 83.169.185.161.53 > 192.168.2.99.64639: 17435 9/0/0 CNAME[|domain]
13:16:48.315909 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50105 > 17.149.36.234.5223: S 2685137392:2685137392(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427309 0,sackOK,eol> (DF)
13:16:48.316064 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.234 unreachable
13:16:48.652419 xx:xx:xx:xx:xx:xx 01:00:5e:00:00:fb 0800 123: 192.168.2.99.5353 > 224.0.0.251.5353: 0*- [0q] 2/0/0 (Cache flush) A 192.168.2.99, (81)
13:16:49.265556 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50105 > 17.149.36.234.5223: S 2685137392:2685137392(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427318 0,sackOK,eol> (DF)
13:16:49.265746 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.234 unreachable
13:16:50.248822 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50105 > 17.149.36.234.5223: S 2685137392:2685137392(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427328 0,sackOK,eol> (DF)
13:16:50.248964 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.234 unreachable
13:16:50.348879 xx:xx:xx:xx:xx:xx 01:00:5e:00:00:fb 0800 46: 192.168.2.99 > 224.0.0.251: igmp nreport 224.0.0.251 [ttl 1]
13:16:51.247583 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50105 > 17.149.36.234.5223: S 2685137392:2685137392(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427338 0,sackOK,eol> (DF)
13:16:51.247784 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.234 unreachable
13:16:52.246554 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50105 > 17.149.36.234.5223: S 2685137392:2685137392(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427348 0,sackOK,eol> (DF)
13:16:52.246710 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.234 unreachable
13:16:52.260238 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50106 > 17.149.36.166.5223: S 4187036928:4187036928(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427349 0,sackOK,eol> (DF)
13:16:52.260357 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.166 unreachable
13:16:53.250026 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50106 > 17.149.36.166.5223: S 4187036928:4187036928(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427358 0,sackOK,eol> (DF)
13:16:53.250170 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.166 unreachable
13:16:54.244044 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50106 > 17.149.36.166.5223: S 4187036928:4187036928(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427368 0,sackOK,eol> (DF)
13:16:54.244241 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.166 unreachable
13:16:55.242770 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50106 > 17.149.36.166.5223: S 4187036928:4187036928(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427378 0,sackOK,eol> (DF)
13:16:55.242928 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.166 unreachable
13:16:56.241507 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50106 > 17.149.36.166.5223: S 4187036928:4187036928(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427388 0,sackOK,eol> (DF)
13:16:56.241657 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.166 unreachable
13:16:56.247207 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50107 > 17.149.36.123.5223: S 4113026251:4113026251(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427389 0,sackOK,eol> (DF)
13:16:56.247314 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.123 unreachable
13:16:56.621864 xx:xx:xx:xx:xx:xx 01:00:5e:00:00:fb 0800 123: 192.168.2.99.5353 > 224.0.0.251.5353: 0*- [0q] 2/0/0 (Cache flush) A 192.168.2.99, (81)
13:16:57.240238 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50107 > 17.149.36.123.5223: S 4113026251:4113026251(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427398 0,sackOK,eol> (DF)
13:16:57.240389 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.123 unreachable
13:16:58.256679 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50107 > 17.149.36.123.5223: S 4113026251:4113026251(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427408 0,sackOK,eol> (DF)
13:16:58.256835 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.123 unreachable
13:16:58.310568 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 74: 192.168.2.99.62288 > 83.169.185.161.53: 22404+ A? www.google.com. (32)
13:16:58.317885 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 190: 83.169.185.161.53 > 192.168.2.99.62288: 22404 7/0/0 CNAME www.l.google.com., A 209.85.135.105,[|domain]
13:16:58.333744 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50108 > 209.85.135.105.80: S 860115950:860115950(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427409 0,sackOK,eol> (DF)
13:16:58.370211 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 74: 209.85.135.105.80 > 192.168.2.99.50108: S 351720446:351720446(0) ack 860115951 win 5672 <mss 1430,sackOK,timestamp 3521150060 840427409,nop,wscale 6>
13:16:58.373360 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50108 > 209.85.135.105.80: . ack 1 win 32968 <nop,nop,timestamp 840427410 3521150060> (DF)
13:16:58.460935 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 521: 192.168.2.99.50108 > 209.85.135.105.80: P 1:456(455) ack 1 win 32968 <nop,nop,timestamp 840427411 3521150060> (DF)
13:16:58.500672 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 66: 209.85.135.105.80 > 192.168.2.99.50108: . ack 456 win 106 <nop,nop,timestamp 3521150191 840427411>
13:16:58.514816 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 721: 209.85.135.105.80 > 192.168.2.99.50108: P 1:656(655) ack 456 win 106 <nop,nop,timestamp 3521150205 840427411>
13:16:58.522747 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50108 > 209.85.135.105.80: . ack 656 win 32804 <nop,nop,timestamp 840427411 3521150205> (DF)
13:16:58.643240 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 73: 192.168.2.99.54556 > 83.169.185.161.53: 30984+ A? www.google.de. (31)
13:16:58.651020 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 217: 83.169.185.161.53 > 192.168.2.99.54556: 30984 8/0/0 CNAME www.google.com., CNAME[|domain]
13:16:58.665159 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50109 > 209.85.135.105.80: S 2575371328:2575371328(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427413 0,sackOK,eol> (DF)
13:16:58.700923 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 74: 209.85.135.105.80 > 192.168.2.99.50109: S 434548378:434548378(0) ack 2575371329 win 5672 <mss 1430,sackOK,timestamp 4073449169 840427413,nop,wscale 6>
13:16:58.703534 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50109 > 209.85.135.105.80: . ack 1 win 32968 <nop,nop,timestamp 840427413 4073449169> (DF)
13:16:58.706828 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 614: 192.168.2.99.50109 > 209.85.135.105.80: P 1:549(548) ack 1 win 32968 <nop,nop,timestamp 840427413 4073449169> (DF)
13:16:58.743750 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 66: 209.85.135.105.80 > 192.168.2.99.50109: . ack 549 win 106 <nop,nop,timestamp 4073449212 840427413>
13:16:58.868765 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 587: 209.85.135.105.80 > 192.168.2.99.50109: P 1:522(521) ack 549 win 106 <nop,nop,timestamp 4073449337 840427413>
13:16:58.875621 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50109 > 209.85.135.105.80: . ack 522 win 32838 <nop,nop,timestamp 840427415 4073449337> (DF)
13:16:58.954014 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50109: . 522:1940(1418) ack 549 win 106 <nop,nop,timestamp 4073449423 840427415>
13:16:58.956218 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50109: . 1940:3358(1418) ack 549 win 106 <nop,nop,timestamp 4073449423 840427415>
13:16:58.958187 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1326: 209.85.135.105.80 > 192.168.2.99.50109: P 3358:4618(1260) ack 549 win 106 <nop,nop,timestamp 4073449423 840427415>
13:16:58.960173 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 72: 209.85.135.105.80 > 192.168.2.99.50109: P 4618:4624(6) ack 549 win 106 <nop,nop,timestamp 4073449423 840427415>
13:16:58.960426 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50109: . 4624:6042(1418) ack 549 win 106 <nop,nop,timestamp 4073449423 840427415>
13:16:58.991837 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50109 > 209.85.135.105.80: . ack 3358 win 32614 <nop,nop,timestamp 840427416 4073449423> (DF)
13:16:58.993301 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50109 > 209.85.135.105.80: . ack 4618 win 32653 <nop,nop,timestamp 840427416 4073449423> (DF)
13:16:59.007778 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50109 > 209.85.135.105.80: . ack 4624 win 32652 <nop,nop,timestamp 840427416 4073449423> (DF)
13:16:59.035167 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50109: . 6042:7460(1418) ack 549 win 106 <nop,nop,timestamp 4073449498 840427416>
13:16:59.035505 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50109: . 7460:8878(1418) ack 549 win 106 <nop,nop,timestamp 4073449498 840427416>
13:16:59.035579 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50109: . 8878:10296(1418) ack 549 win 106 <nop,nop,timestamp 4073449498 840427416>
13:16:59.044218 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50109: . 10296:11714(1418) ack 549 win 106 <nop,nop,timestamp 4073449513 840427416>
13:16:59.049138 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50109: . 11714:13132(1418) ack 549 win 106 <nop,nop,timestamp 4073449513 840427416>
13:16:59.056120 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50109: . 13132:14550(1418) ack 549 win 106 <nop,nop,timestamp 4073449513 840427416>
13:16:59.062551 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50109 > 209.85.135.105.80: . ack 7460 win 32614 <nop,nop,timestamp 840427417 4073449423> (DF)
13:16:59.062606 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50109: . 14550:15968(1418) ack 549 win 106 <nop,nop,timestamp 4073449513 840427416>
13:16:59.103961 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50109 > 209.85.135.105.80: . ack 8878 win 32968 <nop,nop,timestamp 840427417 4073449498> (DF)
13:16:59.104016 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50109: . 15968:17386(1418) ack 549 win 106 <nop,nop,timestamp 4073449570 840427417>
13:16:59.104338 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50109: . 17386:18804(1418) ack 549 win 106 <nop,nop,timestamp 4073449570 840427417>
13:16:59.105098 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50109: . 18804:20222(1418) ack 549 win 106 <nop,nop,timestamp 4073449570 840427417>
13:16:59.126261 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50109 > 209.85.135.105.80: . ack 10296 win 32614 <nop,nop,timestamp 840427417 4073449498> (DF)
13:16:59.148081 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50109: . 20222:21640(1418) ack 549 win 106 <nop,nop,timestamp 4073449617 840427417>
13:16:59.149999 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50109: . 21640:23058(1418) ack 549 win 106 <nop,nop,timestamp 4073449617 840427417>
13:16:59.151923 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50109 > 209.85.135.105.80: . ack 11714 win 32968 <nop,nop,timestamp 840427417 4073449513> (DF)
13:16:59.187724 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50109: . 23058:24476(1418) ack 549 win 106 <nop,nop,timestamp 4073449657 840427417>
13:16:59.189416 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50109: . 24476:25894(1418) ack 549 win 106 <nop,nop,timestamp 4073449657 840427417>
13:16:59.191332 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50109 > 209.85.135.105.80: . ack 14550 win 32968 <nop,nop,timestamp 840427417 4073449513> (DF)
13:16:59.191627 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50109: . 25894:27312(1418) ack 549 win 106 <nop,nop,timestamp 4073449657 840427417>
13:16:59.193412 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1273: 209.85.135.105.80 > 192.168.2.99.50109: P 27312:28519(1207) ack 549 win 106 <nop,nop,timestamp 4073449657 840427417>
13:16:59.204307 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50109 > 209.85.135.105.80: . ack 15968 win 32968 <nop,nop,timestamp 840427417 4073449513> (DF)
13:16:59.217282 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50109 > 209.85.135.105.80: . ack 18804 win 32968 <nop,nop,timestamp 840427418 4073449570> (DF)
13:16:59.241215 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50109 > 209.85.135.105.80: . ack 21640 win 32968 <nop,nop,timestamp 840427418 4073449570> (DF)
13:16:59.241428 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50109 > 209.85.135.105.80: . ack 24476 win 32968 <nop,nop,timestamp 840427418 4073449617> (DF)
13:16:59.241677 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50109 > 209.85.135.105.80: . ack 27312 win 32968 <nop,nop,timestamp 840427418 4073449657> (DF)
13:16:59.241928 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50107 > 17.149.36.123.5223: S 4113026251:4113026251(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427418 0,sackOK,eol> (DF)
13:16:59.242065 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.123 unreachable
13:16:59.242174 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50109 > 209.85.135.105.80: . ack 28519 win 32666 <nop,nop,timestamp 840427419 4073449657> (DF)
13:16:59.538739 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 544: 192.168.2.99.50109 > 209.85.135.105.80: P 549:1027(478) ack 28519 win 32968 <nop,nop,timestamp 840427421 4073449657> (DF)
13:16:59.574916 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 66: 209.85.135.105.80 > 192.168.2.99.50109: . ack 1027 win 123 <nop,nop,timestamp 4073450045 840427421>
13:16:59.826343 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 829: 209.85.135.105.80 > 192.168.2.99.50109: P 28519:29282(763) ack 1027 win 123 <nop,nop,timestamp 4073450294 840427421>
13:16:59.835207 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50109 > 209.85.135.105.80: . ack 29282 win 32777 <nop,nop,timestamp 840427424 4073450294> (DF)
13:17:00.068628 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 75: 192.168.2.99.61688 > 83.169.185.161.53: 16954+ A? www.gstatic.com. (33)
13:17:00.077407 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 199: 83.169.185.161.53 > 192.168.2.99.61688: 16954 7/0/0 CNAME www2.l.google.com., A[|domain]
13:17:00.095551 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50110 > 209.85.135.105.80: S 63261447:63261447(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427427 0,sackOK,eol> (DF)
13:17:00.131293 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 74: 209.85.135.105.80 > 192.168.2.99.50110: S 371668876:371668876(0) ack 63261448 win 5672 <mss 1430,sackOK,timestamp 1904402167 840427427,nop,wscale 6>
13:17:00.133937 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50110 > 209.85.135.105.80: . ack 1 win 32968 <nop,nop,timestamp 840427427 1904402167> (DF)
13:17:00.136947 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 375: 192.168.2.99.50110 > 209.85.135.105.80: P 1:310(309) ack 1 win 32968 <nop,nop,timestamp 840427427 1904402167> (DF)
13:17:00.172885 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 66: 209.85.135.105.80 > 192.168.2.99.50110: . ack 310 win 106 <nop,nop,timestamp 1904402209 840427427>
13:17:00.174370 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 386: 209.85.135.105.80 > 192.168.2.99.50110: P 1:321(320) ack 310 win 106 <nop,nop,timestamp 1904402209 840427427>
13:17:00.174627 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 644: 209.85.135.105.80 > 192.168.2.99.50110: P 321:899(578) ack 310 win 106 <nop,nop,timestamp 1904402209 840427427>
13:17:00.198302 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50110 > 209.85.135.105.80: . ack 321 win 32888 <nop,nop,timestamp 840427428 1904402209> (DF)
13:17:00.198521 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50110 > 209.85.135.105.80: . ack 899 win 32824 <nop,nop,timestamp 840427428 1904402209> (DF)
13:17:00.237691 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50107 > 17.149.36.123.5223: S 4113026251:4113026251(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427428 0,sackOK,eol> (DF)
13:17:00.237854 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.123 unreachable
13:17:00.243405 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50111 > 17.149.36.197.5223: S 2314452776:2314452776(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427429 0,sackOK,eol> (DF)
Reply With Quote
Old 2nd January 2010
mayuka mayuka is offline
Fdisk Soldier
 
Join Date: Dec 2009
Posts: 64
Default

Here's the 2nd part. (I'm not allowed to post more than 40000 characters for obvious reasons. )

Code:
13:17:00.243508 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.197 unreachable
13:17:00.270362 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 375: 192.168.2.99.50110 > 209.85.135.105.80: P 310:619(309) ack 899 win 32968 <nop,nop,timestamp 840427429 1904402209> (DF)
13:17:00.308117 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 390: 209.85.135.105.80 > 192.168.2.99.50110: P 899:1223(324) ack 619 win 123 <nop,nop,timestamp 1904402344 840427429>
13:17:00.308292 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 531: 209.85.135.105.80 > 192.168.2.99.50110: P 1223:1688(465) ack 619 win 123 <nop,nop,timestamp 1904402344 840427429>
13:17:00.317488 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50110 > 209.85.135.105.80: . ack 1223 win 32887 <nop,nop,timestamp 840427429 1904402344> (DF)
13:17:00.318462 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50110 > 209.85.135.105.80: . ack 1688 win 32852 <nop,nop,timestamp 840427429 1904402344> (DF)
13:17:00.340681 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 370: 192.168.2.99.50110 > 209.85.135.105.80: P 619:923(304) ack 1688 win 32968 <nop,nop,timestamp 840427430 1904402344> (DF)
13:17:00.377883 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 387: 209.85.135.105.80 > 192.168.2.99.50110: P 1688:2009(321) ack 923 win 139 <nop,nop,timestamp 1904402414 840427430>
13:17:00.378864 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50110: . 2009:3427(1418) ack 923 win 139 <nop,nop,timestamp 1904402414 840427430>
13:17:00.380607 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50110: . 3427:4845(1418) ack 923 win 139 <nop,nop,timestamp 1904402414 840427430>
13:17:00.382599 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1326: 209.85.135.105.80 > 192.168.2.99.50110: P 4845:6105(1260) ack 923 win 139 <nop,nop,timestamp 1904402414 840427430>
13:17:00.386340 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 337: 209.85.135.105.80 > 192.168.2.99.50110: P 6105:6376(271) ack 923 win 139 <nop,nop,timestamp 1904402414 840427430>
13:17:00.394783 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50110 > 209.85.135.105.80: . ack 2009 win 32888 <nop,nop,timestamp 840427430 1904402414> (DF)
13:17:00.420508 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50110 > 209.85.135.105.80: . ack 4845 win 32614 <nop,nop,timestamp 840427430 1904402414> (DF)
13:17:00.424238 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50110 > 209.85.135.105.80: . ack 6105 win 32653 <nop,nop,timestamp 840427430 1904402414> (DF)
13:17:00.424960 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50110 > 209.85.135.105.80: . ack 6376 win 32900 <nop,nop,timestamp 840427430 1904402414> (DF)
13:17:00.708777 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 402: 192.168.2.99.50110 > 209.85.135.105.80: P 923:1259(336) ack 6376 win 32968 <nop,nop,timestamp 840427433 1904402414> (DF)
13:17:00.752030 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 387: 209.85.135.105.80 > 192.168.2.99.50110: P 6376:6697(321) ack 1259 win 156 <nop,nop,timestamp 1904402789 840427433>
13:17:00.752949 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50110: . 6697:8115(1418) ack 1259 win 156 <nop,nop,timestamp 1904402789 840427433>
13:17:00.754810 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1484: 209.85.135.105.80 > 192.168.2.99.50110: . 8115:9533(1418) ack 1259 win 156 <nop,nop,timestamp 1904402789 840427433>
13:17:00.757733 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 1326: 209.85.135.105.80 > 192.168.2.99.50110: P 9533:10793(1260) ack 1259 win 156 <nop,nop,timestamp 1904402789 840427433>
13:17:00.758706 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 337: 209.85.135.105.80 > 192.168.2.99.50110: P 10793:11064(271) ack 1259 win 156 <nop,nop,timestamp 1904402789 840427433>
13:17:00.769231 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50110 > 209.85.135.105.80: . ack 6697 win 32888 <nop,nop,timestamp 840427434 1904402789> (DF)
13:17:00.813036 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50110 > 209.85.135.105.80: . ack 9533 win 32614 <nop,nop,timestamp 840427434 1904402789> (DF)
13:17:00.813223 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50110 > 209.85.135.105.80: . ack 10793 win 32653 <nop,nop,timestamp 840427434 1904402789> (DF)
13:17:00.813469 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50110 > 209.85.135.105.80: . ack 11064 win 32900 <nop,nop,timestamp 840427434 1904402789> (DF)
13:17:01.236464 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50111 > 17.149.36.197.5223: S 2314452776:2314452776(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427438 0,sackOK,eol> (DF)
13:17:01.236667 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.197 unreachable
13:17:01.423991 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 585: 192.168.2.99.50109 > 209.85.135.105.80: P 1027:1546(519) ack 29282 win 32968 <nop,nop,timestamp 840427440 4073450294> (DF)
13:17:01.434418 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50112 > 209.85.135.105.80: S 3836612285:3836612285(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427440 0,sackOK,eol> (DF)
13:17:01.453623 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50113 > 209.85.135.105.80: S 687080056:687080056(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427441 0,sackOK,eol> (DF)
13:17:01.460152 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 66: 209.85.135.105.80 > 192.168.2.99.50109: . ack 1546 win 140 <nop,nop,timestamp 4073451935 840427440>
13:17:01.470389 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 74: 209.85.135.105.80 > 192.168.2.99.50112: S 445557849:445557849(0) ack 3836612286 win 5672 <mss 1430,sackOK,timestamp 1539748314 840427440,nop,wscale 6>
13:17:01.473064 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50112 > 209.85.135.105.80: . ack 1 win 32968 <nop,nop,timestamp 840427441 1539748314> (DF)
13:17:01.476327 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 595: 192.168.2.99.50112 > 209.85.135.105.80: P 1:530(529) ack 1 win 32968 <nop,nop,timestamp 840427441 1539748314> (DF)
13:17:01.489828 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 74: 209.85.135.105.80 > 192.168.2.99.50113: S 3943608834:3943608834(0) ack 687080057 win 5672 <mss 1430,sackOK,timestamp 235059743 840427441,nop,wscale 6>
13:17:01.492261 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50113 > 209.85.135.105.80: . ack 1 win 32968 <nop,nop,timestamp 840427441 235059743> (DF)
13:17:01.497054 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 731: 192.168.2.99.50113 > 209.85.135.105.80: P 1:666(665) ack 1 win 32968 <nop,nop,timestamp 840427441 235059743> (DF)
13:17:01.514538 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 66: 209.85.135.105.80 > 192.168.2.99.50112: . ack 530 win 106 <nop,nop,timestamp 1539748359 840427441>
13:17:01.519742 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 557: 209.85.135.105.80 > 192.168.2.99.50109: P 29282:29773(491) ack 1546 win 140 <nop,nop,timestamp 4073451994 840427440>
13:17:01.526440 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50109 > 209.85.135.105.80: . ack 29773 win 32845 <nop,nop,timestamp 840427441 4073451994> (DF)
13:17:01.534717 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 66: 209.85.135.105.80 > 192.168.2.99.50113: . ack 666 win 110 <nop,nop,timestamp 235059787 840427441>
13:17:01.603327 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 418: 209.85.135.105.80 > 192.168.2.99.50113: P 1:353(352) ack 666 win 110 <nop,nop,timestamp 235059856 840427441>
13:17:01.604794 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 103: 209.85.135.105.80 > 192.168.2.99.50113: P 353:390(37) ack 666 win 110 <nop,nop,timestamp 235059858 840427441>
13:17:01.609729 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50113 > 209.85.135.105.80: . ack 353 win 32880 <nop,nop,timestamp 840427442 235059856> (DF)
13:17:01.629430 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50113 > 209.85.135.105.80: . ack 390 win 32959 <nop,nop,timestamp 840427442 235059858> (DF)
13:17:01.637964 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 659: 209.85.135.105.80 > 192.168.2.99.50112: P 1:594(593) ack 530 win 106 <nop,nop,timestamp 1539748482 840427441>
13:17:01.645902 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50112 > 209.85.135.105.80: . ack 594 win 32820 <nop,nop,timestamp 840427443 1539748482> (DF)
13:17:02.241161 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50114 > 209.85.135.105.80: S 976500500:976500500(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427448 0,sackOK,eol> (DF)
13:17:02.241497 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50111 > 17.149.36.197.5223: S 2314452776:2314452776(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427448 0,sackOK,eol> (DF)
13:17:02.241576 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.197 unreachable
13:17:02.278167 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 74: 209.85.135.105.80 > 192.168.2.99.50114: S 1836497422:1836497422(0) ack 976500501 win 5672 <mss 1430,sackOK,timestamp 1264103973 840427448,nop,wscale 6>
13:17:02.280801 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50114 > 209.85.135.105.80: . ack 1 win 32968 <nop,nop,timestamp 840427449 1264103973> (DF)
13:17:02.284186 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 696: 192.168.2.99.50114 > 209.85.135.105.80: P 1:631(630) ack 1 win 32968 <nop,nop,timestamp 840427449 1264103973> (DF)
13:17:02.321078 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 66: 209.85.135.105.80 > 192.168.2.99.50114: . ack 631 win 109 <nop,nop,timestamp 1264104016 840427449>
13:17:02.345442 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 302: 209.85.135.105.80 > 192.168.2.99.50114: P 1:237(236) ack 631 win 109 <nop,nop,timestamp 1264104041 840427449>
13:17:02.350118 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50114 > 209.85.135.105.80: . ack 237 win 32909 <nop,nop,timestamp 840427450 1264104041> (DF)
13:17:03.234175 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50111 > 17.149.36.197.5223: S 2314452776:2314452776(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427458 0,sackOK,eol> (DF)
13:17:03.234354 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.197 unreachable
13:17:04.233174 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50111 > 17.149.36.197.5223: S 2314452776:2314452776(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427468 0,sackOK,eol> (DF)
13:17:04.233367 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.197 unreachable
13:17:04.238898 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50115 > 17.149.36.65.5223: S 2461760529:2461760529(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427469 0,sackOK,eol> (DF)
13:17:04.239111 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.65 unreachable
13:17:05.204219 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50109 > 209.85.135.105.80: F 1546:1546(0) ack 29773 win 32968 <nop,nop,timestamp 840427478 4073451994> (DF)
13:17:05.204428 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50112 > 209.85.135.105.80: F 530:530(0) ack 594 win 32968 <nop,nop,timestamp 840427478 1539748482> (DF)
13:17:05.204678 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50113 > 209.85.135.105.80: F 666:666(0) ack 390 win 32968 <nop,nop,timestamp 840427478 235059858> (DF)
13:17:05.206671 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50110 > 209.85.135.105.80: F 1259:1259(0) ack 11064 win 32968 <nop,nop,timestamp 840427478 1904402789> (DF)
13:17:05.208664 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50114 > 209.85.135.105.80: F 631:631(0) ack 237 win 32968 <nop,nop,timestamp 840427478 1264104041> (DF)
13:17:05.232121 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50115 > 17.149.36.65.5223: S 2461760529:2461760529(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427478 0,sackOK,eol> (DF)
13:17:05.232265 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.65 unreachable
13:17:05.238668 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 66: 209.85.135.105.80 > 192.168.2.99.50109: F 29773:29773(0) ack 1547 win 140 <nop,nop,timestamp 4073455723 840427478>
13:17:05.241086 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50109 > 209.85.135.105.80: . ack 29774 win 32968 <nop,nop,timestamp 840427479 4073455723> (DF)
13:17:05.242374 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 66: 209.85.135.105.80 > 192.168.2.99.50113: F 390:390(0) ack 667 win 110 <nop,nop,timestamp 235063504 840427478>
13:17:05.242622 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 66: 209.85.135.105.80 > 192.168.2.99.50112: F 594:594(0) ack 531 win 106 <nop,nop,timestamp 1539752096 840427478>
13:17:05.245577 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50113 > 209.85.135.105.80: . ack 391 win 32968 <nop,nop,timestamp 840427479 235063504> (DF)
13:17:05.246320 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50112 > 209.85.135.105.80: . ack 595 win 32968 <nop,nop,timestamp 840427479 1539752096> (DF)
13:17:05.247364 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 66: 209.85.135.105.80 > 192.168.2.99.50114: F 237:237(0) ack 632 win 109 <nop,nop,timestamp 1264106949 840427478>
13:17:05.247609 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 66: 209.85.135.105.80 > 192.168.2.99.50110: F 11064:11064(0) ack 1260 win 156 <nop,nop,timestamp 1904407295 840427478>
13:17:05.250558 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50114 > 209.85.135.105.80: . ack 238 win 32968 <nop,nop,timestamp 840427479 1264106949> (DF)
13:17:05.251309 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 66: 192.168.2.99.50110 > 209.85.135.105.80: . ack 11065 win 32968 <nop,nop,timestamp 840427479 1904407295> (DF)
13:17:06.230880 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50115 > 17.149.36.65.5223: S 2461760529:2461760529(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427488 0,sackOK,eol> (DF)
13:17:06.231033 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.65 unreachable
13:17:07.247575 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50115 > 17.149.36.65.5223: S 2461760529:2461760529(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427498 0,sackOK,eol> (DF)
13:17:07.247721 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.65 unreachable
13:17:08.228857 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50115 > 17.149.36.65.5223: S 2461760529:2461760529(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427508 0,sackOK,eol> (DF)
13:17:08.229004 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.65 unreachable
13:17:08.238797 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50116 > 17.149.36.210.5223: S 354003135:354003135(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427509 0,sackOK,eol> (DF)
13:17:08.238907 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.210 unreachable
13:17:09.232765 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50116 > 17.149.36.210.5223: S 354003135:354003135(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427518 0,sackOK,eol> (DF)
13:17:09.232895 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.210 unreachable
13:17:10.228585 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50116 > 17.149.36.210.5223: S 354003135:354003135(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427528 0,sackOK,eol> (DF)
13:17:10.228740 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.210 unreachable
13:17:11.232322 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50116 > 17.149.36.210.5223: S 354003135:354003135(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427538 0,sackOK,eol> (DF)
13:17:11.232518 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.210 unreachable
13:17:12.228309 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50116 > 17.149.36.210.5223: S 354003135:354003135(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427548 0,sackOK,eol> (DF)
13:17:12.228490 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.210 unreachable
13:17:12.253959 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50117 > 17.149.36.114.5223: S 2077770712:2077770712(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427549 0,sackOK,eol> (DF)
13:17:12.254093 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.114 unreachable
13:17:12.580785 xx:xx:xx:xx:xx:xx 01:00:5e:00:00:fb 0800 123: 192.168.2.99.5353 > 224.0.0.251.5353: 0*- [0q] 2/0/0 (Cache flush) A 192.168.2.99, (81)
13:17:13.228283 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50117 > 17.149.36.114.5223: S 2077770712:2077770712(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427558 0,sackOK,eol> (DF)
13:17:13.228426 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.114 unreachable
13:17:14.228018 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50117 > 17.149.36.114.5223: S 2077770712:2077770712(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427568 0,sackOK,eol> (DF)
13:17:14.228165 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.114 unreachable
13:17:15.227760 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50117 > 17.149.36.114.5223: S 2077770712:2077770712(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427578 0,sackOK,eol> (DF)
13:17:15.227912 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.114 unreachable
13:17:16.238723 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50117 > 17.149.36.114.5223: S 2077770712:2077770712(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427588 0,sackOK,eol> (DF)
13:17:16.238916 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.114 unreachable
13:17:16.248418 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50118 > 17.149.36.189.5223: S 1474835541:1474835541(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427589 0,sackOK,eol> (DF)
13:17:16.248552 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.189 unreachable
13:17:17.227486 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50118 > 17.149.36.189.5223: S 1474835541:1474835541(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427598 0,sackOK,eol> (DF)
13:17:17.227672 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.189 unreachable
13:17:18.227469 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50118 > 17.149.36.189.5223: S 1474835541:1474835541(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427608 0,sackOK,eol> (DF)
13:17:18.227642 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.189 unreachable
13:17:19.227202 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50118 > 17.149.36.189.5223: S 1474835541:1474835541(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427618 0,sackOK,eol> (DF)
13:17:19.227377 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.189 unreachable
13:17:20.226935 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 0800 78: 192.168.2.99.50118 > 17.149.36.189.5223: S 1474835541:1474835541(0) win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 840427628 0,sackOK,eol> (DF)
13:17:20.227082 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0800 70: 192.168.2.254 > 192.168.2.99: icmp: host 17.149.36.189 unreachable
Reply With Quote
Old 2nd January 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

Look by hiding MAC addresses and real addresses nobody can really help you. And not telling on which interface you captured the traffic is not really helpful either. Please walk in our moccasins
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Old 2nd January 2010
mayuka mayuka is offline
Fdisk Soldier
 
Join Date: Dec 2009
Posts: 64
Default

Quote:
Originally Posted by J65nko View Post
Look by hiding MAC addresses and real addresses nobody can really help you. And not telling on which interface you captured the traffic is not really helpful either. Please walk in our moccasins
I really don't see the point posting over 1400 lines of network traffic... And besides using a small home office doesn't mean I can post some IP addresses of the company network my openbsd router connects to. I think my employer won't like this.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Wireless NIC for access point dewarrn1 FreeBSD General 1 15th September 2009 11:01 PM
How do I edit my .profile to permanently have an ftp site to point to badguy OpenBSD Packages and Ports 12 19th July 2009 02:05 AM
OpenBSD Wi-Fi acces point LordZ OpenBSD General 4 18th October 2008 10:33 AM
Point-to-Point VPN + Firewall + Router (sorta) - What should I use? Bruco FreeBSD General 6 5th July 2008 11:09 PM
Configuring a wireless access point Serge FreeBSD General 6 6th June 2008 04:07 PM


All times are GMT. The time now is 10:33 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick