|
Index of /projects/skeeve
|
Name Last modified Size Description
![[DIR]](/icons/back.gif)
Parent Directory 04-Sep-2007 18:52 -
![[ ]](/icons/compressed.gif)
skeeve-1.0.tar.gz 11-Jun-2004 12:41 19k
Skeeve-1.0 - README
Copyright (C) 2004 Ilya Zelenchuk < dnetc [at] inbox.ru >
===============================================================================
This file is part of Skeeve v1.0 (C) 2004 Ilya Zelenchuk <dnetc[at]inbox.ru>
Skeeve is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version.
Skeeve is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
Skeeve; if not, write to the Free Software Foundation, Inc., 59 Temple Place,
Suite 330, Boston, MA 02111-1307 USA
===============================================================================
===============================================================================
GRAY-WORLD.NET / Skeeve
=======================
The Skeeve program is part of the Gray-World.net projects.
Our Gray-World Team presents on the http://gray-world.net website the projects
and publications we are working on which are related to the NACS (Network
Access Control System) bypassing research field and to the computer and
network security topics.
===============================================================================
------------
INTRODUCTION
------------
With this tool, you can simply create an ICMP tunnel between two computers,
which may be located in different networks and separated by a firewall.
Skeeve utilizes ICMP packets and IP address spoofing technology to create a
data channel in order to redirect TCP connections inside this channel.
------------
HOW IT WORKS
------------
Skeeve creates an ICMP tunnel which is based on the use of a Bounce server.
This method relies upon the basic IP address spoofing technology. The Client of
the tunnel is trying to send a packet to the Bounce server with an address of
the destination Server as a source IP. The Bounce Server can replay this packet
and forward it to the destination Server. By adding some payload to the packet,
we can establish a covert communication channel between two computers without
direct network interaction.
Skeeve Client accepts TCP connections and works as a converter of the
IP header (by changing protocol flag from TCP to ICMP echo_request|reply and
making some other slight modifications). Skeeve Server is doing the reverse
procedure and restores original IP header settings. Both parts are
implemented in one C program as a Loadable Kernel module.
Example:
/////////////////////////////////////////////////////////////////////////
TCP Client(s) TCP Server(s)
| (1) | (2) |
+----------------+ ------> +----------------+ | -----> +----------------+
| Skeeve Client | | Bounce Server | | | Skeeve Server |
+----------------+ <------ +----------------+ | <----- +----------------+
(4) | (3)
Internal network DMZ | External network
firewall
/////////////////////////////////////////////////////////////////////////
1) Client sends:
IP_SRC - Skeeve Server IP (spoofed address)
IP_DEST - Bounce Server IP
ICMP->ECHO_REQUES
2) Bounce Server catches the ICMP ECHO_REQUEST message and answer with:
IP_SRC - Bounce Server IP
IP_DEST - Skeeve Server IP
ICMP->ECHO_REPLY
All payload inside the ECHO_REQUEST will be copied into the ECHO_REPLY by
kernel without any changes. The same scheme will be used for reverse data.
----------------------------
HOW SKEEVE TRANSFORMS PACKET
----------------------------
What do we HAVE, and what do we WANT?
We have a TCP packet and we want to send it as an ICMP one. But on the other
side, we need to receive it as a TCP one.
This is one condition - first, we need to know the source port for the client
part and the destination port (const.) on the server part.
Hmmm. OK.
So, let's begin...
I'll use hereafter an ascii presentation of each packet update so that
you understand stage by stage the way the covering works...
Stage 1:
In the IP packet change the 'protocol' field from TCP to ICMP.
Stage 2:
Set the ICMP 'type' field in 'ECHO'.
[FAKE PACKET]
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ECHO | 0 | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ... |
| |
| |
| |
| |
| |
| |
| |
| |
+---------------------------------------------------------------+
[REAL PACKET]
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Damage | Destination Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Acknowledgment Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data | |U|A|P|R|S|F| |
| Offset| Reserved |R|C|S|S|Y|I| Window |
| | |G|K|H|T|N|N| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | Urgent Pointer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Stage 3:
Calculate and set the ICMP checksum. If not, network equipment can drop
this
packet.
Send... [ OK ]
[FAKE PACKET]
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ECHO | 0 | Calculate CheckSum (new) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identifier | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ... |
| |
| |
| |
| |
| |
| |
| |
| |
| |
+---------------------------------------------------------------+
[REAL PACKET]
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Damage | Damage |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Acknowledgment Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data | |U|A|P|R|S|F| |
| Offset| Reserved |R|C|S|S|Y|I| Window |
| | |G|K|H|T|N|N| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | Urgent Pointer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Whoooohhhhhh. 1-st Mission accomplished.
Don't stop
Somewhere on the net... < Receive >
So we have our icmp packet which shall now be uncovered to a tcp one.
Stage 4:
Heh, yes, yes, In the IP packet change the 'protocol' field from ICMP to TCP.
And we have:
[REAL PACKET]
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Damage | Damage |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Acknowledgment Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data | |U|A|P|R|S|F| |
| Offset| Reserved |R|C|S|S|Y|I| Window |
| | |G|K|H|T|N|N| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | Urgent Pointer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Stage 5:
At this moment, we have a TCP packet with corrupted PORT field's (see
right column in Stage 2 && 3).
As I say - we know the source (in server part - dest.) port.
Set in the TCP 'source port' field.
[REAL PACKET]
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set Source PORT | Damage |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Acknowledgment Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data | |U|A|P|R|S|F| |
| Offset| Reserved |R|C|S|S|Y|I| Window |
| | |G|K|H|T|N|N| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | Urgent Pointer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Stage 6:
To complete now, the dest.(source) port must be determined.
It's easy:
6.0 - set port in NULL (0);
6.1 - save the TCP 'checksum' field in the variable "REAL_CHECKSUM" and
then set field to NULL (0);
6.2 - calculate the TCP checksum (with port && checksum = NULL) and save
in the variable "FAKE_CHECKSUM";
6.3 - compare checksums;
6.4 - Port = FAKE_CHECKSUM - REAL_CHECKSUM
(usually, FAKE_CHECKSUM > REAL_CHECKSUM - why? read RFC 1071);
6.5 - However, the situation might have changed.
When REAL_CHECKSUM > FAKE_CHECKSUM,
then port = (FAKE_CHECKSUM + 65535) - REAL_CHECKSUM;
6.6 - Set the dest.(source) port && recalculate checksum.
Then compare REAL_CHECKSUM & new, they MUST BE EQUAL!
Else - something wrong - drop packet.
6.7 - Don't forget, set the TCP 'checksum' field as REAL_CHECKSUM;
[REAL PACKET]
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Set Source PORT | Set Destination PORT |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Acknowledgment Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data | |U|A|P|R|S|F| |
| Offset| Reserved |R|C|S|S|Y|I| Window |
| | |G|K|H|T|N|N| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | Urgent Pointer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Final Stage: open beer!
------
USAGE
------
"Skeeve" is easy to use.
first a wall, we need determinate the paramaters:
in skeeve.c
.......
#define PORT 80
#define CLIENT_IP "192.168.1.55"
#define BOUNCE_IP "192.168.1.1"
#define TARGET_IP "192.168.1.251"
......
PORT - which port we will listen to! (example 80)
CLIENT_IP - :) it's our ip. Start CLIENT part
(example: insmod np.o type=client dev=eth0);
BOUNCE_IP - IP by Bounce Server (BS);
TARGET_IP - Our server IP, then we run SERVER part
(example: insmod np.o type=server dev=eth0);
Next: MAC adress. If beetwen Bounce Server & the client we have some
active equipment (Some router), and this change MAC when a packet is
retranslated packet, just comment this strings :-).
Kernel sets the correct MAC by default.
Else, we MUST change MAC to MAC of the Bounce Server!
in skeeve.c
...
skb->mac.ethernet->h_dest[0]=0;
skb->mac.ethernet->h_dest[1]=128;
...
After the parameters are set:
you sould need to compile the code as lKM:
gcc -O6 -c skeeve.c -I /usr/src/linux/include
then, just load the module:
insmod skeeve.o type={server | client} dev={eth0 | ...}
For error see kernel messages: /var/log/messages
----
TEST
----
BEWARE: "SKEEVE" HAS BEEN TESTED "ONLY" ON LOCAL NETWORK.
For testing i used:
Client_IP - 192.168.1.55 MAC: 00:50:56:40:47:9F
Bounce_IP - 192.168.1.1 MAC: 00:80:48:B6:9F:7A
Server_IP - 192.168.1.251 MAC: 00:50:56:40:41:5F
I use Wget to download index.html From Server!
wget http://192.168.1.251/index.html
As you can see, connect to the server directly, it's very important,
because all routine is hidden from the application.
Full Dump:
/* Start: */
No:
1-2 - Send TCP->SYN
3-4 - Recive TCP->SYN:ACK
5-6 - Send TCP->ACK - handshake
7-8 - Send HTTP /Get index.html
9-10 - Recive HTTP Data (index.html)
11-12 - continue...
13-14 - still recive :)
15-16 - Send TCP->ACK
17-18 - Send TCP->ACK
19-20 - Send TCP->ACK:FIN
21-22 - Recive TCP->ACK:FIN
23-24 - Send TCP->ACK
/* END. */
No: 1
Timestamp: 20:7:44:388
MAC source address: 00:50:56:40:47:9F
MAC dest address: 00:80:48:B6:9F:7A
Frame type: IP
Protocol: ICMP->Echo_Request
Source IP address: 192.168.1.251
Dest IP address: 192.168.1.1
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 74
Packet data:
0000: 00 80 48 B6 9F 7A 00 50 56 40 47 9F 08 00 45 00 ..H..z.PV@G...E.
0010: 00 3C 04 84 40 00 40 01 B1 F0 C0 A8 01 FB C0 A8 ....@.@.........
0020: 01 01 08 00 81 19 4A 48 2F 64 00 00 00 00 A0 02 ......JH/d......
0030: 16 D0 02 BA 00 00 02 04 05 B4 04 02 08 0A 00 06 ................
0040: 2B E0 00 00 00 00 01 03 03 00 +.........
=====================================================================
No: 2
Timestamp: 20:7:44:388
MAC source address: 00:80:48:B6:9F:7A
MAC dest address: 00:50:56:40:41:5F
Frame type: IP
Protocol: ICMP->Echo_Reply
Source IP address: 192.168.1.1
Dest IP address: 192.168.1.251
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 74
Packet data:
0000: 00 50 56 40 41 5F 00 80 48 B6 9F 7A 08 00 45 00 .PV@A_..H..z..E.
0010: 00 3C 0D 02 40 00 80 01 69 72 C0 A8 01 01 C0 A8 ....@...ir......
0020: 01 FB 00 00 89 19 4A 48 2F 64 00 00 00 00 A0 02 ......JH/d......
0030: 16 D0 02 BA 00 00 02 04 05 B4 04 02 08 0A 00 06 ................
0040: 2B E0 00 00 00 00 01 03 03 00 +.........
=====================================================================
No: 3
Timestamp: 20:7:44:388
MAC source address: 00:50:56:40:41:5F
MAC dest address: 00:80:48:B6:9F:7A
Frame type: IP
Protocol: ICMP->Echo_Request
Source IP address: 192.168.1.55
Dest IP address: 192.168.1.1
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 74
Packet data:
0000: 00 80 48 B6 9F 7A 00 50 56 40 41 5F 08 00 45 00 ..H..z.PV@A_..E.
0010: 00 3C 00 00 40 00 40 01 B7 38 C0 A8 01 37 C0 A8 ....@.@..8...7..
0020: 01 01 08 00 81 19 1B 6F 67 53 4A 48 2F 65 A0 12 .......ogSJH/e..
0030: 16 A0 87 07 00 00 02 04 05 B4 04 02 08 0A 00 04 ................
0040: F9 0A 00 06 2B E0 01 03 03 00 ....+.....
=====================================================================
No: 4
Timestamp: 20:7:44:398
MAC source address: 00:80:48:B6:9F:7A
MAC dest address: 00:50:56:40:47:9F
Frame type: IP
Protocol: ICMP->Echo_Reply
Source IP address: 192.168.1.1
Dest IP address: 192.168.1.55
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 74
Packet data:
0000: 00 50 56 40 47 9F 00 80 48 B6 9F 7A 08 00 45 00 .PV@G...H..z..E.
0010: 00 3C 0E 02 40 00 80 01 69 36 C0 A8 01 01 C0 A8 ....@...i6......
0020: 01 37 00 00 89 19 1B 6F 67 53 4A 48 2F 65 A0 12 .7.....ogSJH/e..
0030: 16 A0 87 07 00 00 02 04 05 B4 04 02 08 0A 00 04 ................
0040: F9 0A 00 06 2B E0 01 03 03 00 ....+.....
=====================================================================
No: 5
Timestamp: 20:7:44:398
MAC source address: 00:50:56:40:47:9F
MAC dest address: 00:80:48:B6:9F:7A
Frame type: IP
Protocol: ICMP->Echo_Request
Source IP address: 192.168.1.251
Dest IP address: 192.168.1.1
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 66
Packet data:
0000: 00 80 48 B6 9F 7A 00 50 56 40 47 9F 08 00 45 00 ..H..z.PV@G...E.
0010: 00 34 04 85 40 00 40 01 B1 F7 C0 A8 01 FB C0 A8 .4..@.@.........
0020: 01 01 08 00 81 11 4A 48 2F 65 1B 6F 67 54 80 10 ......JH/e.ogT..
0030: 16 D0 B5 9B 00 00 01 01 08 0A 00 06 2B E1 00 04 ............+...
0040: F9 0A ..
=====================================================================
No: 6
Timestamp: 20:7:44:398
MAC source address: 00:80:48:B6:9F:7A
MAC dest address: 00:50:56:40:41:5F
Frame type: IP
Protocol: ICMP->Echo_Reply
Source IP address: 192.168.1.1
Dest IP address: 192.168.1.251
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 66
Packet data:
0000: 00 50 56 40 41 5F 00 80 48 B6 9F 7A 08 00 45 00 .PV@A_..H..z..E.
0010: 00 34 0F 02 40 00 80 01 67 7A C0 A8 01 01 C0 A8 .4..@...gz......
0020: 01 FB 00 00 89 11 4A 48 2F 65 1B 6F 67 54 80 10 ......JH/e.ogT..
0030: 16 D0 B5 9B 00 00 01 01 08 0A 00 06 2B E1 00 04 ............+...
0040: F9 0A ..
=====================================================================
No: 7
Timestamp: 20:7:44:449
MAC source address: 00:50:56:40:47:9F
MAC dest address: 00:80:48:B6:9F:7A
Frame type: IP
Protocol: ICMP->Echo_Request
Source IP address: 192.168.1.251
Dest IP address: 192.168.1.1
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 176
Packet data:
0000: 00 80 48 B6 9F 7A 00 50 56 40 47 9F 08 00 45 00 ..H..z.PV@G...E.
0010: 00 A2 04 86 40 00 40 01 B1 88 C0 A8 01 FB C0 A8 ....@.@.........
0020: 01 01 08 00 81 7F 4A 48 2F 65 1B 6F 67 54 80 18 ......JH/e.ogT..
0030: 16 D0 A7 AF 00 00 01 01 08 0A 00 06 2B E2 00 04 ............+...
0040: F9 0A 47 45 54 20 2F 69 6E 64 65 78 2E 68 74 6D ..GET /index.htm
0050: 6C 20 48 54 54 50 2F 31 2E 30 0D 0A 55 73 65 72 l HTTP/1.0..User
0060: 2D 41 67 65 6E 74 3A 20 57 67 65 74 2F 31 2E 38 -Agent: Wget/1.8
0070: 2E 32 0D 0A 48 6F 73 74 3A 20 31 39 32 2E 31 36 .2..Host: 192.16
0080: 38 2E 31 2E 32 35 31 0D 0A 41 63 63 65 70 74 3A 8.1.251..Accept:
0090: 20 2A 2F 2A 0D 0A 43 6F 6E 6E 65 63 74 69 6F 6E */*..Connection
00A0: 3A 20 4B 65 65 70 2D 41 6C 69 76 65 0D 0A 0D 0A : Keep-Alive....
00B0:
=====================================================================
No: 8
Timestamp: 20:7:44:449
MAC source address: 00:80:48:B6:9F:7A
MAC dest address: 00:50:56:40:41:5F
Frame type: IP
Protocol: ICMP->Echo_Reply
Source IP address: 192.168.1.1
Dest IP address: 192.168.1.251
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 176
Packet data:
0000: 00 50 56 40 41 5F 00 80 48 B6 9F 7A 08 00 45 00 .PV@A_..H..z..E.
0010: 00 A2 10 02 40 00 80 01 66 0C C0 A8 01 01 C0 A8 ....@...f.......
0020: 01 FB 00 00 89 7F 4A 48 2F 65 1B 6F 67 54 80 18 ......JH/e.ogT..
0030: 16 D0 A7 AF 00 00 01 01 08 0A 00 06 2B E2 00 04 ............+...
0040: F9 0A 47 45 54 20 2F 69 6E 64 65 78 2E 68 74 6D ..GET /index.htm
0050: 6C 20 48 54 54 50 2F 31 2E 30 0D 0A 55 73 65 72 l HTTP/1.0..User
0060: 2D 41 67 65 6E 74 3A 20 57 67 65 74 2F 31 2E 38 -Agent: Wget/1.8
0070: 2E 32 0D 0A 48 6F 73 74 3A 20 31 39 32 2E 31 36 .2..Host: 192.16
0080: 38 2E 31 2E 32 35 31 0D 0A 41 63 63 65 70 74 3A 8.1.251..Accept:
0090: 20 2A 2F 2A 0D 0A 43 6F 6E 6E 65 63 74 69 6F 6E */*..Connection
00A0: 3A 20 4B 65 65 70 2D 41 6C 69 76 65 0D 0A 0D 0A : Keep-Alive....
00B0:
=====================================================================
No: 9
Timestamp: 20:7:44:449
MAC source address: 00:50:56:40:41:5F
MAC dest address: 00:80:48:B6:9F:7A
Frame type: IP
Protocol: ICMP->Echo_Request
Source IP address: 192.168.1.55
Dest IP address: 192.168.1.1
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 66
Packet data:
0000: 00 80 48 B6 9F 7A 00 50 56 40 41 5F 08 00 45 00 ..H..z.PV@A_..E.
0010: 00 34 9E 5F 40 00 40 01 18 E1 C0 A8 01 37 C0 A8 .4._@.@......7..
0020: 01 01 08 00 81 11 1B 6F 67 54 4A 48 2F D3 80 10 .......ogTJH/...
0030: 16 A0 B5 56 00 00 01 01 08 0A 00 04 F9 10 00 06 ...V............
0040: 2B E2 +.
=====================================================================
No: 10
Timestamp: 20:7:44:449
MAC source address: 00:80:48:B6:9F:7A
MAC dest address: 00:50:56:40:47:9F
Frame type: IP
Protocol: ICMP->Echo_Reply
Source IP address: 192.168.1.1
Dest IP address: 192.168.1.55
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 66
Packet data:
0000: 00 50 56 40 47 9F 00 80 48 B6 9F 7A 08 00 45 00 .PV@G...H..z..E.
0010: 00 34 11 02 40 00 80 01 66 3E C0 A8 01 01 C0 A8 .4..@...f.......
0020: 01 37 00 00 89 11 1B 6F 67 54 4A 48 2F D3 80 10 .7.....ogTJH/...
0030: 16 A0 B5 56 00 00 01 01 08 0A 00 04 F9 10 00 06 ...V............
0040: 2B E2 +.
=====================================================================
No: 11
Timestamp: 20:7:44:519
MAC source address: 00:50:56:40:41:5F
MAC dest address: 00:80:48:B6:9F:7A
Frame type: IP
Protocol: ICMP->Echo_Request
Source IP address: 192.168.1.55
Dest IP address: 192.168.1.1
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 1514
Packet data:
0000: 00 80 48 B6 9F 7A 00 50 56 40 41 5F 08 00 45 00 ..H..z.PV@A_..E.
0010: 05 DC 9E 60 40 00 40 01 13 38 C0 A8 01 37 C0 A8 ...`@.@..8...7..
0020: 01 01 08 00 86 B9 1B 6F 67 54 4A 48 2F D3 80 10 .......ogTJH/...
0030: 16 A0 A0 56 00 00 01 01 08 0A 00 04 F9 14 00 06 ...V............
0040: 2B E2 48 54 54 50 2F 31 2E 31 20 32 30 30 20 4F +.HTTP/1.1 200 O
0050: 4B 0D 0A 44 61 74 65 3A 20 54 68 75 2C 20 30 36 K..Date: Thu, 06
0060: 20 4D 61 79 20 32 30 30 34 20 30 32 3A 30 37 3A May 2004 02:07:
0070: 34 30 20 47 4D 54 0D 0A 53 65 72 76 65 72 3A 20 40 GMT..Server:
0080: 41 70 61 63 68 65 2F 32 2E 30 2E 34 39 20 28 55 Apache/2.0.49 (U
0090: 6E 69 78 29 20 50 48 50 2F 34 2E 33 2E 35 0D 0A nix) PHP/4.3.5..
00A0: 4C 61 73 74 2D 4D 6F 64 69 66 69 65 64 3A 20 4D Last-Modified: M
00B0: 6F 6E 2C 20 31 32 20 41 70 72 20 32 30 30 34 20 on, 12 Apr 2004
00C0: 30 36 3A 30 38 3A 32 35 20 47 4D 54 0D 0A 45 54 06:08:25 GMT..ET
00D0: 61 67 3A 20 22 32 30 35 61 39 2D 35 62 30 2D 39 ag: "205a9-5b0-9
00E0: 32 62 65 38 38 34 30 22 0D 0A 41 63 63 65 70 74 2be8840"..Accept
00F0: 2D 52 61 6E 67 65 73 3A 20 62 79 74 65 73 0D 0A -Ranges: bytes..
0100: 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 Content-Length:
0110: 31 34 35 36 0D 0A 4B 65 65 70 2D 41 6C 69 76 65 1456..Keep-Alive
0120: 3A 20 74 69 6D 65 6F 75 74 3D 31 35 2C 20 6D 61 : timeout=15, ma
0130: 78 3D 31 30 30 0D 0A 43 6F 6E 6E 65 63 74 69 6F x=100..Connectio
0140: 6E 3A 20 4B 65 65 70 2D 41 6C 69 76 65 0D 0A 43 n: Keep-Alive..C
0150: 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74 65 78 ontent-Type: tex
0160: 74 2F 68 74 6D 6C 3B 20 63 68 61 72 73 65 74 3D t/html; charset=
0170: 49 53 4F 2D 38 38 35 39 2D 31 0D 0A 0D 0A 3C 21 ISO-8859-1.....!
0180: 44 4F 43 54 59 50 45 20 68 74 6D 6C 20 50 55 42 DOCTYPE html PUB
0190: 4C 49 43 20 22 2D 2F 2F 57 33 43 2F 2F 44 54 44 LIC "-//W3C//DTD
01A0: 20 58 48 54 4D 4C 20 31 2E 30 20 54 72 61 6E 73 XHTML 1.0 Trans
01B0: 69 74 69 6F 6E 61 6C 2F 2F 45 4E 22 0A 20 20 20 itional//EN".
01C0: 20 22 68 74 74 70 3A 2F 2F 77 77 77 2E 77 33 2E "http://www.w3.
01D0: 6F 72 67 2F 54 52 2F 78 68 74 6D 6C 31 2F 44 54 org/TR/xhtml1/DT
01E0: 44 2F 78 68 74 6D 6C 31 2D 74 72 61 6E 73 69 74 D/xhtml1-transit
01F0: 69 6F 6E 61 6C 2E 64 74 64 22 3E 0A 3C 68 74 6D ional.dtd"...htm
0200: 6C 20 78 6D 6C 6E 73 3D 22 68 74 74 70 3A 2F 2F l xmlns="http://
0210: 77 77 77 2E 77 33 2E 6F 72 67 2F 31 39 39 39 2F www.w3.org/1999/
0220: 78 68 74 6D 6C 22 3E 0A 3C 68 65 61 64 3E 0A 3C xhtml"...head...
0230: 74 69 74 6C 65 3E 54 65 73 74 20 50 61 67 65 20 title.Test Page
0240: 66 6F 72 20 41 70 61 63 68 65 20 49 6E 73 74 61 for Apache Insta
0250: 6C 6C 61 74 69 6F 6E 3C 2F 74 69 74 6C 65 3E 0A llation./title..
0260: 3C 2F 68 65 61 64 3E 0A 3C 21 2D 2D 20 42 61 63 ./head...!-- Bac
0270: 6B 67 72 6F 75 6E 64 20 77 68 69 74 65 2C 20 6C kground white, l
0280: 69 6E 6B 73 20 62 6C 75 65 20 28 75 6E 76 69 73 inks blue (unvis
0290: 69 74 65 64 29 2C 20 6E 61 76 79 20 28 76 69 73 ited), navy (vis
02A0: 69 74 65 64 29 2C 20 72 65 64 0A 28 61 63 74 69 ited), red.(acti
02B0: 76 65 29 20 2D 2D 3E 0A 3C 62 6F 64 79 20 62 67 ve) --...body bg
02C0: 63 6F 6C 6F 72 3D 22 23 46 46 46 46 46 46 22 20 color="#FFFFFF"
02D0: 74 65 78 74 3D 22 23 30 30 30 30 30 30 22 20 6C text="#000000" l
02E0: 69 6E 6B 3D 22 23 30 30 30 30 46 46 22 0A 76 6C ink="#0000FF".vl
02F0: 69 6E 6B 3D 22 23 30 30 30 30 38 30 22 20 61 6C ink="#000080" al
0300: 69 6E 6B 3D 22 23 46 46 30 30 30 30 22 3E 0A 3C ink="#FF0000"...
0310: 70 3E 49 66 20 79 6F 75 20 63 61 6E 20 73 65 65 p.If you can see
0320: 20 74 68 69 73 2C 20 69 74 20 6D 65 61 6E 73 20 this, it means
0330: 74 68 61 74 20 74 68 65 20 69 6E 73 74 61 6C 6C that the install
0340: 61 74 69 6F 6E 20 6F 66 20 74 68 65 20 3C 61 0A ation of the .a.
0350: 68 72 65 66 3D 22 68 74 74 70 3A 2F 2F 77 77 77 href="http://www
0360: 2E 61 70 61 63 68 65 2E 6F 72 67 2F 66 6F 75 6E .apache.org/foun
0370: 64 61 74 69 6F 6E 2F 70 72 65 46 41 51 2E 68 74 dation/preFAQ.ht
0380: 6D 6C 22 3E 41 70 61 63 68 65 20 77 65 62 0A 73 ml".Apache web.s
0390: 65 72 76 65 72 3C 2F 61 3E 20 73 6F 66 74 77 61 erver./a. softwa
03A0: 72 65 20 6F 6E 20 74 68 69 73 20 73 79 73 74 65 re on this syste
03B0: 6D 20 77 61 73 20 73 75 63 63 65 73 73 66 75 6C m was successful
03C0: 2E 20 59 6F 75 20 6D 61 79 20 6E 6F 77 20 61 64 . You may now ad
03D0: 64 0A 63 6F 6E 74 65 6E 74 20 74 6F 20 74 68 69 d.content to thi
03E0: 73 20 64 69 72 65 63 74 6F 72 79 20 61 6E 64 20 s directory and
03F0: 72 65 70 6C 61 63 65 20 74 68 69 73 20 70 61 67 replace this pag
0400: 65 2E 3C 2F 70 3E 0A 0A 3C 68 72 20 77 69 64 74 e../p....hr widt
0410: 68 3D 22 35 30 25 22 20 73 69 7A 65 3D 22 38 22 h="50%" size="8"
0420: 20 2F 3E 0A 3C 68 32 20 61 6C 69 67 6E 3D 22 63 /...h2 align="c
0430: 65 6E 74 65 72 22 3E 53 65 65 69 6E 67 20 74 68 enter".Seeing th
0440: 69 73 20 69 6E 73 74 65 61 64 20 6F 66 20 74 68 is instead of th
0450: 65 20 77 65 62 73 69 74 65 20 79 6F 75 0A 65 78 e website you.ex
0460: 70 65 63 74 65 64 3F 3C 2F 68 32 3E 0A 0A 3C 70 pected?./h2....p
0470: 3E 54 68 69 73 20 70 61 67 65 20 69 73 20 68 65 .This page is he
0480: 72 65 20 62 65 63 61 75 73 65 20 74 68 65 20 73 re because the s
0490: 69 74 65 20 61 64 6D 69 6E 69 73 74 72 61 74 6F ite administrato
04A0: 72 20 68 61 73 20 63 68 61 6E 67 65 64 20 74 68 r has changed th
04B0: 65 0A 63 6F 6E 66 69 67 75 72 61 74 69 6F 6E 20 e.configuration
04C0: 6F 66 20 74 68 69 73 20 77 65 62 20 73 65 72 76 of this web serv
04D0: 65 72 2E 20 50 6C 65 61 73 65 20 3C 73 74 72 6F er. Please .stro
04E0: 6E 67 3E 63 6F 6E 74 61 63 74 20 74 68 65 20 70 ng.contact the p
04F0: 65 72 73 6F 6E 0A 72 65 73 70 6F 6E 73 69 62 6C erson.responsibl
0500: 65 20 66 6F 72 20 6D 61 69 6E 74 61 69 6E 69 6E e for maintainin
0510: 67 20 74 68 69 73 20 73 65 72 76 65 72 20 77 69 g this server wi
0520: 74 68 20 71 75 65 73 74 69 6F 6E 73 2E 3C 2F 73 th questions../s
0530: 74 72 6F 6E 67 3E 0A 54 68 65 20 41 70 61 63 68 trong..The Apach
0540: 65 20 53 6F 66 74 77 61 72 65 20 46 6F 75 6E 64 e Software Found
0550: 61 74 69 6F 6E 2C 20 77 68 69 63 68 20 77 72 6F ation, which wro
0560: 74 65 20 74 68 65 20 77 65 62 20 73 65 72 76 65 te the web serve
0570: 72 20 73 6F 66 74 77 61 72 65 0A 74 68 69 73 20 r software.this
0580: 73 69 74 65 20 61 64 6D 69 6E 69 73 74 72 61 74 site administrat
0590: 6F 72 20 69 73 20 75 73 69 6E 67 2C 20 68 61 73 or is using, has
05A0: 20 6E 6F 74 68 69 6E 67 20 74 6F 20 64 6F 20 77 nothing to do w
05B0: 69 74 68 0A 6D 61 69 6E 74 61 69 6E 69 6E 67 20 ith.maintaining
05C0: 74 68 69 73 20 73 69 74 65 20 61 6E 64 20 63 61 this site and ca
05D0: 6E 6E 6F 74 20 68 65 6C 70 20 72 65 73 6F 6C 76 nnot help resolv
05E0: 65 20 63 6F 6E 66 69 67 75 72 e configur
=====================================================================
No: 12
Timestamp: 20:7:44:519
MAC source address: 00:80:48:B6:9F:7A
MAC dest address: 00:50:56:40:47:9F
Frame type: IP
Protocol: ICMP->Echo_Reply
Source IP address: 192.168.1.1
Dest IP address: 192.168.1.55
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 1514
Packet data:
0000: 00 50 56 40 47 9F 00 80 48 B6 9F 7A 08 00 45 00 .PV@G...H..z..E.
0010: 05 DC 12 02 40 00 80 01 5F 96 C0 A8 01 01 C0 A8 ....@..._.......
0020: 01 37 00 00 8E B9 1B 6F 67 54 4A 48 2F D3 80 10 .7.....ogTJH/...
0030: 16 A0 A0 56 00 00 01 01 08 0A 00 04 F9 14 00 06 ...V............
0040: 2B E2 48 54 54 50 2F 31 2E 31 20 32 30 30 20 4F +.HTTP/1.1 200 O
0050: 4B 0D 0A 44 61 74 65 3A 20 54 68 75 2C 20 30 36 K..Date: Thu, 06
0060: 20 4D 61 79 20 32 30 30 34 20 30 32 3A 30 37 3A May 2004 02:07:
0070: 34 30 20 47 4D 54 0D 0A 53 65 72 76 65 72 3A 20 40 GMT..Server:
0080: 41 70 61 63 68 65 2F 32 2E 30 2E 34 39 20 28 55 Apache/2.0.49 (U
0090: 6E 69 78 29 20 50 48 50 2F 34 2E 33 2E 35 0D 0A nix) PHP/4.3.5..
00A0: 4C 61 73 74 2D 4D 6F 64 69 66 69 65 64 3A 20 4D Last-Modified: M
00B0: 6F 6E 2C 20 31 32 20 41 70 72 20 32 30 30 34 20 on, 12 Apr 2004
00C0: 30 36 3A 30 38 3A 32 35 20 47 4D 54 0D 0A 45 54 06:08:25 GMT..ET
00D0: 61 67 3A 20 22 32 30 35 61 39 2D 35 62 30 2D 39 ag: "205a9-5b0-9
00E0: 32 62 65 38 38 34 30 22 0D 0A 41 63 63 65 70 74 2be8840"..Accept
00F0: 2D 52 61 6E 67 65 73 3A 20 62 79 74 65 73 0D 0A -Ranges: bytes..
0100: 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 Content-Length:
0110: 31 34 35 36 0D 0A 4B 65 65 70 2D 41 6C 69 76 65 1456..Keep-Alive
0120: 3A 20 74 69 6D 65 6F 75 74 3D 31 35 2C 20 6D 61 : timeout=15, ma
0130: 78 3D 31 30 30 0D 0A 43 6F 6E 6E 65 63 74 69 6F x=100..Connectio
0140: 6E 3A 20 4B 65 65 70 2D 41 6C 69 76 65 0D 0A 43 n: Keep-Alive..C
0150: 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74 65 78 ontent-Type: tex
0160: 74 2F 68 74 6D 6C 3B 20 63 68 61 72 73 65 74 3D t/html; charset=
0170: 49 53 4F 2D 38 38 35 39 2D 31 0D 0A 0D 0A 3C 21 ISO-8859-1.....!
0180: 44 4F 43 54 59 50 45 20 68 74 6D 6C 20 50 55 42 DOCTYPE html PUB
0190: 4C 49 43 20 22 2D 2F 2F 57 33 43 2F 2F 44 54 44 LIC "-//W3C//DTD
01A0: 20 58 48 54 4D 4C 20 31 2E 30 20 54 72 61 6E 73 XHTML 1.0 Trans
01B0: 69 74 69 6F 6E 61 6C 2F 2F 45 4E 22 0A 20 20 20 itional//EN".
01C0: 20 22 68 74 74 70 3A 2F 2F 77 77 77 2E 77 33 2E "http://www.w3.
01D0: 6F 72 67 2F 54 52 2F 78 68 74 6D 6C 31 2F 44 54 org/TR/xhtml1/DT
01E0: 44 2F 78 68 74 6D 6C 31 2D 74 72 61 6E 73 69 74 D/xhtml1-transit
01F0: 69 6F 6E 61 6C 2E 64 74 64 22 3E 0A 3C 68 74 6D ional.dtd"...htm
0200: 6C 20 78 6D 6C 6E 73 3D 22 68 74 74 70 3A 2F 2F l xmlns="http://
0210: 77 77 77 2E 77 33 2E 6F 72 67 2F 31 39 39 39 2F www.w3.org/1999/
0220: 78 68 74 6D 6C 22 3E 0A 3C 68 65 61 64 3E 0A 3C xhtml"...head...
0230: 74 69 74 6C 65 3E 54 65 73 74 20 50 61 67 65 20 title.Test Page
0240: 66 6F 72 20 41 70 61 63 68 65 20 49 6E 73 74 61 for Apache Insta
0250: 6C 6C 61 74 69 6F 6E 3C 2F 74 69 74 6C 65 3E 0A llation./title..
0260: 3C 2F 68 65 61 64 3E 0A 3C 21 2D 2D 20 42 61 63 ./head...!-- Bac
0270: 6B 67 72 6F 75 6E 64 20 77 68 69 74 65 2C 20 6C kground white, l
0280: 69 6E 6B 73 20 62 6C 75 65 20 28 75 6E 76 69 73 inks blue (unvis
0290: 69 74 65 64 29 2C 20 6E 61 76 79 20 28 76 69 73 ited), navy (vis
02A0: 69 74 65 64 29 2C 20 72 65 64 0A 28 61 63 74 69 ited), red.(acti
02B0: 76 65 29 20 2D 2D 3E 0A 3C 62 6F 64 79 20 62 67 ve) --...body bg
02C0: 63 6F 6C 6F 72 3D 22 23 46 46 46 46 46 46 22 20 color="#FFFFFF"
02D0: 74 65 78 74 3D 22 23 30 30 30 30 30 30 22 20 6C text="#000000" l
02E0: 69 6E 6B 3D 22 23 30 30 30 30 46 46 22 0A 76 6C ink="#0000FF".vl
02F0: 69 6E 6B 3D 22 23 30 30 30 30 38 30 22 20 61 6C ink="#000080" al
0300: 69 6E 6B 3D 22 23 46 46 30 30 30 30 22 3E 0A 3C ink="#FF0000"...
0310: 70 3E 49 66 20 79 6F 75 20 63 61 6E 20 73 65 65 p.If you can see
0320: 20 74 68 69 73 2C 20 69 74 20 6D 65 61 6E 73 20 this, it means
0330: 74 68 61 74 20 74 68 65 20 69 6E 73 74 61 6C 6C that the install
0340: 61 74 69 6F 6E 20 6F 66 20 74 68 65 20 3C 61 0A ation of the .a.
0350: 68 72 65 66 3D 22 68 74 74 70 3A 2F 2F 77 77 77 href="http://www
0360: 2E 61 70 61 63 68 65 2E 6F 72 67 2F 66 6F 75 6E .apache.org/foun
0370: 64 61 74 69 6F 6E 2F 70 72 65 46 41 51 2E 68 74 dation/preFAQ.ht
0380: 6D 6C 22 3E 41 70 61 63 68 65 20 77 65 62 0A 73 ml".Apache web.
0390: 65 72 76 65 72 3C 2F 61 3E 20 73 6F 66 74 77 61 erver./a. softwa
03A0: 72 65 20 6F 6E 20 74 68 69 73 20 73 79 73 74 65 re on this syste
03B0: 6D 20 77 61 73 20 73 75 63 63 65 73 73 66 75 6C m was successful
03C0: 2E 20 59 6F 75 20 6D 61 79 20 6E 6F 77 20 61 64 . You may now ad
03D0: 64 0A 63 6F 6E 74 65 6E 74 20 74 6F 20 74 68 69 d.content to thi
03E0: 73 20 64 69 72 65 63 74 6F 72 79 20 61 6E 64 20 s directory and
03F0: 72 65 70 6C 61 63 65 20 74 68 69 73 20 70 61 67 replace this pag
0400: 65 2E 3C 2F 70 3E 0A 0A 3C 68 72 20 77 69 64 74 e../p....hr widt
0410: 68 3D 22 35 30 25 22 20 73 69 7A 65 3D 22 38 22 h="50%" size="8"
0420: 20 2F 3E 0A 3C 68 32 20 61 6C 69 67 6E 3D 22 63 /...h2 align="c
0430: 65 6E 74 65 72 22 3E 53 65 65 69 6E 67 20 74 68 enter".Seeing th
0440: 69 73 20 69 6E 73 74 65 61 64 20 6F 66 20 74 68 is instead of th
0450: 65 20 77 65 62 73 69 74 65 20 79 6F 75 0A 65 78 e website you.ex
0460: 70 65 63 74 65 64 3F 3C 2F 68 32 3E 0A 0A 3C 70 pected?./h2....p
0470: 3E 54 68 69 73 20 70 61 67 65 20 69 73 20 68 65 .This page is he
0480: 72 65 20 62 65 63 61 75 73 65 20 74 68 65 20 73 re because the s
0490: 69 74 65 20 61 64 6D 69 6E 69 73 74 72 61 74 6F ite administrato
04A0: 72 20 68 61 73 20 63 68 61 6E 67 65 64 20 74 68 r has changed th
04B0: 65 0A 63 6F 6E 66 69 67 75 72 61 74 69 6F 6E 20 e.configuration
04C0: 6F 66 20 74 68 69 73 20 77 65 62 20 73 65 72 76 of this web serv
04D0: 65 72 2E 20 50 6C 65 61 73 65 20 3C 73 74 72 6F er. Please .stro
04E0: 6E 67 3E 63 6F 6E 74 61 63 74 20 74 68 65 20 70 ng.contact the p
04F0: 65 72 73 6F 6E 0A 72 65 73 70 6F 6E 73 69 62 6C erson.responsibl
0500: 65 20 66 6F 72 20 6D 61 69 6E 74 61 69 6E 69 6E e for maintainin
0510: 67 20 74 68 69 73 20 73 65 72 76 65 72 20 77 69 g this server wi
0520: 74 68 20 71 75 65 73 74 69 6F 6E 73 2E 3C 2F 73 th questions../s
0530: 74 72 6F 6E 67 3E 0A 54 68 65 20 41 70 61 63 68 trong..The Apach
0540: 65 20 53 6F 66 74 77 61 72 65 20 46 6F 75 6E 64 e Software Found
0550: 61 74 69 6F 6E 2C 20 77 68 69 63 68 20 77 72 6F ation, which wro
0560: 74 65 20 74 68 65 20 77 65 62 20 73 65 72 76 65 te the web serve
0570: 72 20 73 6F 66 74 77 61 72 65 0A 74 68 69 73 20 r software.this
0580: 73 69 74 65 20 61 64 6D 69 6E 69 73 74 72 61 74 site administrat
0590: 6F 72 20 69 73 20 75 73 69 6E 67 2C 20 68 61 73 or is using, has
05A0: 20 6E 6F 74 68 69 6E 67 20 74 6F 20 64 6F 20 77 nothing to do w
05B0: 69 74 68 0A 6D 61 69 6E 74 61 69 6E 69 6E 67 20 ith.maintaining
05C0: 74 68 69 73 20 73 69 74 65 20 61 6E 64 20 63 61 this site and ca
05D0: 6E 6E 6F 74 20 68 65 6C 70 20 72 65 73 6F 6C 76 nnot help resolv
05E0: 65 20 63 6F 6E 66 69 67 75 72 e configur
=====================================================================
No: 13
Timestamp: 23:7:44:519
MAC source address: 00:50:56:40:41:5F
MAC dest address: 00:80:48:B6:9F:7A
Frame type: IP
Protocol: ICMP->Echo_Request
Source IP address: 192.168.1.55
Dest IP address: 192.168.1.1
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 390
Packet data:
0000: 00 80 48 B6 9F 7A 00 50 56 40 41 5F 08 00 45 00 ..H..z.PV@A_..E.
0010: 01 78 9E 61 40 00 40 01 17 9B C0 A8 01 37 C0 A8 .x.a@.@......7..
0020: 01 01 08 00 82 55 1B 6F 6C FC 4A 48 2F D3 80 18 .....U.ol.JH/...
0030: 16 A0 47 AF 00 00 01 01 08 0A 00 04 F9 14 00 06 ..G.............
0040: 2B E2 61 74 69 6F 6E 0A 69 73 73 75 65 73 2E 3C +.ation.issues..
0050: 2F 70 3E 0A 0A 3C 68 72 20 77 69 64 74 68 3D 22 /p....hr width="
0060: 35 30 25 22 20 73 69 7A 65 3D 22 38 22 20 2F 3E 50%" size="8" /.
0070: 0A 3C 70 3E 54 68 65 20 41 70 61 63 68 65 20 3C ..p.The Apache .
0080: 61 20 68 72 65 66 3D 22 6D 61 6E 75 61 6C 2F 22 a href="manual/"
0090: 3E 64 6F 63 75 6D 65 6E 74 61 74 69 6F 6E 3C 2F .documentation./
00A0: 61 3E 20 68 61 73 20 62 65 65 6E 20 69 6E 63 6C a. has been incl
00B0: 75 64 65 64 0A 77 69 74 68 20 74 68 69 73 20 64 uded.with this d
00C0: 69 73 74 72 69 62 75 74 69 6F 6E 2E 3C 2F 70 3E istribution../p.
00D0: 0A 0A 3C 70 3E 59 6F 75 20 61 72 65 20 66 72 65 ...p.You are fre
00E0: 65 20 74 6F 20 75 73 65 20 74 68 65 20 69 6D 61 e to use the ima
00F0: 67 65 20 62 65 6C 6F 77 20 6F 6E 20 61 6E 20 41 ge below on an A
0100: 70 61 63 68 65 2D 70 6F 77 65 72 65 64 20 77 65 pache-powered we
0110: 62 0A 73 65 72 76 65 72 2E 20 54 68 61 6E 6B 73 b.server. Thanks
0120: 20 66 6F 72 20 75 73 69 6E 67 20 41 70 61 63 68 for using Apach
0130: 65 21 3C 2F 70 3E 0A 0A 3C 64 69 76 20 61 6C 69 e!./p....div ali
0140: 67 6E 3D 22 63 65 6E 74 65 72 22 3E 3C 69 6D 67 gn="center"..img
0150: 20 73 72 63 3D 22 61 70 61 63 68 65 5F 70 62 2E src="apache_pb.
0160: 67 69 66 22 20 61 6C 74 3D 22 22 20 2F 3E 3C 2F gif" alt="" /../
0170: 64 69 76 3E 0A 3C 2F 62 6F 64 79 3E 0A 3C 2F 68 div.../body.../h
0180: 74 6D 6C 3E 0A 0A tml...
=====================================================================
No: 14
Timestamp: 20:7:44:529
MAC source address: 00:80:48:B6:9F:7A
MAC dest address: 00:50:56:40:47:9F
Frame type: IP
Protocol: ICMP->Echo_Reply
Source IP address: 192.168.1.1
Dest IP address: 192.168.1.55
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 390
Packet data:
0000: 00 50 56 40 47 9F 00 80 48 B6 9F 7A 08 00 45 00 .PV@G...H..z..E.
0010: 01 78 13 02 40 00 80 01 62 FA C0 A8 01 01 C0 A8 .x..@...b.......
0020: 01 37 00 00 8A 55 1B 6F 6C FC 4A 48 2F D3 80 18 .7...U.ol.JH/...
0030: 16 A0 47 AF 00 00 01 01 08 0A 00 04 F9 14 00 06 ..G.............
0040: 2B E2 61 74 69 6F 6E 0A 69 73 73 75 65 73 2E 3C +.ation.issues..
0050: 2F 70 3E 0A 0A 3C 68 72 20 77 69 64 74 68 3D 22 /p....hr width=
0060: 35 30 25 22 20 73 69 7A 65 3D 22 38 22 20 2F 3E 50%" size="8" /.
0070: 0A 3C 70 3E 54 68 65 20 41 70 61 63 68 65 20 3C ..p.The Apache .
0080: 61 20 68 72 65 66 3D 22 6D 61 6E 75 61 6C 2F 22 a href="manual/"
0090: 3E 64 6F 63 75 6D 65 6E 74 61 74 69 6F 6E 3C 2F .documentation./
00A0: 61 3E 20 68 61 73 20 62 65 65 6E 20 69 6E 63 6C a. has been incl
00B0: 75 64 65 64 0A 77 69 74 68 20 74 68 69 73 20 64 uded.with this d
00C0: 69 73 74 72 69 62 75 74 69 6F 6E 2E 3C 2F 70 3E istribution../p.
00D0: 0A 0A 3C 70 3E 59 6F 75 20 61 72 65 20 66 72 65 ...p.You are fre
00E0: 65 20 74 6F 20 75 73 65 20 74 68 65 20 69 6D 61 e to use the ima
00F0: 67 65 20 62 65 6C 6F 77 20 6F 6E 20 61 6E 20 41 ge below on an A
0100: 70 61 63 68 65 2D 70 6F 77 65 72 65 64 20 77 65 pache-powered we
0110: 62 0A 73 65 72 76 65 72 2E 20 54 68 61 6E 6B 73 b.server. Thanks
0120: 20 66 6F 72 20 75 73 69 6E 67 20 41 70 61 63 68 for using Apach
0130: 65 21 3C 2F 70 3E 0A 0A 3C 64 69 76 20 61 6C 69 e!./p....div ali
0140: 67 6E 3D 22 63 65 6E 74 65 72 22 3E 3C 69 6D 67 gn="center"..img
0150: 20 73 72 63 3D 22 61 70 61 63 68 65 5F 70 62 2E src="apache_pb.
0160: 67 69 66 22 20 61 6C 74 3D 22 22 20 2F 3E 3C 2F gif" alt="" /../
0170: 64 69 76 3E 0A 3C 2F 62 6F 64 79 3E 0A 3C 2F 68 div.../body.../h
0180: 74 6D 6C 3E 0A 0A tml...
=====================================================================
No: 15
Timestamp: 20:7:44:539
MAC source address: 00:50:56:40:47:9F
MAC dest address: 00:80:48:B6:9F:7A
Frame type: IP
Protocol: ICMP->Echo_Request
Source IP address: 192.168.1.251
Dest IP address: 192.168.1.1
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 66
Packet data:
0000: 00 80 48 B6 9F 7A 00 50 56 40 47 9F 08 00 45 00 ..H..z.PV@G...E.
0010: 00 34 04 87 40 00 40 01 B1 F5 C0 A8 01 FB C0 A8 .4..@.@.........
0020: 01 01 08 00 81 11 4A 48 2F D3 1B 6F 6C FC 80 10 ......JH/..ol...
0030: 21 F0 A4 54 00 00 01 01 08 0A 00 06 2B E8 00 04 !..T........+...
0040: F9 14 ..
=====================================================================
No: 16
Timestamp: 20:7:44:539
MAC source address: 00:80:48:B6:9F:7A
MAC dest address: 00:50:56:40:41:5F
Frame type: IP
Protocol: ICMP->Echo_Reply
Source IP address: 192.168.1.1
Dest IP address: 192.168.1.251
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 66
Packet data:
0000: 00 50 56 40 41 5F 00 80 48 B6 9F 7A 08 00 45 00 .PV@A_..H..z..E.
0010: 00 34 14 02 40 00 80 01 62 7A C0 A8 01 01 C0 A8 .4..@...bz......
0020: 01 FB 00 00 89 11 4A 48 2F D3 1B 6F 6C FC 80 10 ......JH/..ol...
0030: 21 F0 A4 54 00 00 01 01 08 0A 00 06 2B E8 00 04 !..T........+...
0040: F9 14 ..
=====================================================================
No: 17
Timestamp: 20:7:44:549
MAC source address: 00:50:56:40:47:9F
MAC dest address: 00:80:48:B6:9F:7A
Frame type: IP
Protocol: ICMP->Echo_Request
Source IP address: 192.168.1.251
Dest IP address: 192.168.1.1
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 66
Packet data:
0000: 00 80 48 B6 9F 7A 00 50 56 40 47 9F 08 00 45 00 ..H..z.PV@G...E.
0010: 00 34 04 88 40 00 40 01 B1 F4 C0 A8 01 FB C0 A8 .4..@.@.........
0020: 01 01 08 00 81 11 4A 48 2F D3 1B 6F 6E 40 80 10 ......JH/..on@..
0030: 21 F0 A3 10 00 00 01 01 08 0A 00 06 2B E8 00 04 !...........+...
0040: F9 14 ..
=====================================================================
No: 18
Timestamp: 20:7:44:549
MAC source address: 00:80:48:B6:9F:7A
MAC dest address: 00:50:56:40:41:5F
Frame type: IP
Protocol: ICMP->Echo_Reply
Source IP address: 192.168.1.1
Dest IP address: 192.168.1.251
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 66
Packet data:
0000: 00 50 56 40 41 5F 00 80 48 B6 9F 7A 08 00 45 00 .PV@A_..H..z..E.
0010: 00 34 15 02 40 00 80 01 61 7A C0 A8 01 01 C0 A8 .4..@...az......
0020: 01 FB 00 00 89 11 4A 48 2F D3 1B 6F 6E 40 80 10 ......JH/..on@..
0030: 21 F0 A3 10 00 00 01 01 08 0A 00 06 2B E8 00 04 !...........+...
0040: F9 14 ..
=====================================================================
No: 19
Timestamp: 20:7:44:669
MAC source address: 00:50:56:40:47:9F
MAC dest address: 00:80:48:B6:9F:7A
Frame type: IP
Protocol: ICMP->Echo_Request
Source IP address: 192.168.1.251
Dest IP address: 192.168.1.1
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 66
Packet data:
0000: 00 80 48 B6 9F 7A 00 50 56 40 47 9F 08 00 45 00 ..H..z.PV@G...E.
0010: 00 34 04 89 40 00 40 01 B1 F3 C0 A8 01 FB C0 A8 .4..@.@.........
0020: 01 01 08 00 81 11 4A 48 2F D3 1B 6F 6E 40 80 11 ......JH/..on@..
0030: 21 F0 A3 0A 00 00 01 01 08 0A 00 06 2B ED 00 04 !...........+...
0040: F9 14 ..
=====================================================================
No: 20
Timestamp: 20:7:44:669
MAC source address: 00:80:48:B6:9F:7A
MAC dest address: 00:50:56:40:41:5F
Frame type: IP
Protocol: ICMP->Echo_Reply
Source IP address: 192.168.1.1
Dest IP address: 192.168.1.251
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 66
Packet data:
0000: 00 50 56 40 41 5F 00 80 48 B6 9F 7A 08 00 45 00 .PV@A_..H..z..E.
0010: 00 34 16 02 40 00 80 01 60 7A C0 A8 01 01 C0 A8 .4..@...`z......
0020: 01 FB 00 00 89 11 4A 48 2F D3 1B 6F 6E 40 80 11 ......JH/..on@..
0030: 21 F0 A3 0A 00 00 01 01 08 0A 00 06 2B ED 00 04 !...........+...
0040: F9 14 ..
=====================================================================
No: 21
Timestamp: 20:7:44:669
MAC source address: 00:50:56:40:41:5F
MAC dest address: 00:80:48:B6:9F:7A
Frame type: IP
Protocol: ICMP->Echo_Request
Source IP address: 192.168.1.55
Dest IP address: 192.168.1.1
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 66
Packet data:
0000: 00 80 48 B6 9F 7A 00 50 56 40 41 5F 08 00 45 00 ..H..z.PV@A_..E.
0010: 00 34 9E 62 40 00 40 01 18 DE C0 A8 01 37 C0 A8 .4.b@.@......7..
0020: 01 01 08 00 81 11 1B 6F 6E 40 4A 48 2F D4 80 11 .......on@JH/...
0030: 16 A0 AE 4A 00 00 01 01 08 0A 00 04 F9 23 00 06 ...J.........#..
0040: 2B ED +.
=====================================================================
No: 22
Timestamp: 20:7:44:669
MAC source address: 00:80:48:B6:9F:7A
MAC dest address: 00:50:56:40:47:9F
Frame type: IP
Protocol: ICMP->Echo_Reply
Source IP address: 192.168.1.1
Dest IP address: 192.168.1.55
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 66
Packet data:
0000: 00 50 56 40 47 9F 00 80 48 B6 9F 7A 08 00 45 00 .PV@G...H..z..E.
0010: 00 34 17 02 40 00 80 01 60 3E C0 A8 01 01 C0 A8 .4..@...`.......
0020: 01 37 00 00 89 11 1B 6F 6E 40 4A 48 2F D4 80 11 .7.....on@JH/...
0030: 16 A0 AE 4A 00 00 01 01 08 0A 00 04 F9 23 00 06 ...J.........#..
0040: 2B ED +.
=====================================================================
No: 23
Timestamp: 20:7:44:679
MAC source address: 00:50:56:40:47:9F
MAC dest address: 00:80:48:B6:9F:7A
Frame type: IP
Protocol: ICMP->Echo_Request
Source IP address: 192.168.1.251
Dest IP address: 192.168.1.1
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 66
Packet data:
0000: 00 80 48 B6 9F 7A 00 50 56 40 47 9F 08 00 45 00 ..H..z.PV@G...E.
0010: 00 34 04 8A 40 00 40 01 B1 F2 C0 A8 01 FB C0 A8 .4..@.@.........
0020: 01 01 08 00 81 11 4A 48 2F D4 1B 6F 6E 41 80 10 ......JH/..onA..
0030: 21 F0 A2 FA 00 00 01 01 08 0A 00 06 2B ED 00 04 !...........+...
0040: F9 23 .#
=====================================================================
No: 24
Timestamp: 20:7:44:679
MAC source address: 00:80:48:B6:9F:7A
MAC dest address: 00:50:56:40:41:5F
Frame type: IP
Protocol: ICMP->Echo_Reply
Source IP address: 192.168.1.1
Dest IP address: 192.168.1.251
Source port: ---
Destination port: ---
SEQ: ---
ACK: ---
Packet size: 66
Packet data:
0000: 00 50 56 40 41 5F 00 80 48 B6 9F 7A 08 00 45 00 .PV@A_..H..z..E.
0010: 00 34 18 02 40 00 80 01 5E 7A C0 A8 01 01 C0 A8 .4..@...^z......
0020: 01 FB 00 00 89 11 4A 48 2F D4 1B 6F 6E 41 80 10 ......JH/..onA..
0030: 21 F0 A2 FA 00 00 01 01 08 0A 00 06 2B ED 00 04 !...........+...
0040: F9 23 .#
=====================================================================
----
BUGS
----
After you load the module, don't try to ping the Bounce Server!!!
you can't catch ICMP_REPLY from the BOUNCE Server because I just can't
identify real ECHO_REPLY.
So, any ECHO_REPLY that will you come from the BOUNCE Server will be
transformed to TCP & as a result - Bad port :)
-------
LICENSE
-------
"Skeeve" is distributed under the terms of the GNU General Public License v2.0
and is copyright (c) 2004 Ilya Zelenchuk <dnetc [at] inbox.ru>.
See the file COPYING for details.
------
AUTHOR
------
Ilya Zelenchuk <dnetc[at]inbox.ru>
------
THANKS
------
Alex Dyatlov <alex [at] gray-world.net>
I would like to thanks Alex Dyatlov from Russia for his support & help
in the development of this tool.
Simon Castro <scastro [at] entreelibre.com>
Special thanks to Simon Castro from France for his online lessons :)
Also, i would like send big thanks to all other guy's
from... another world...
from... gray-world.net, it's a pleasure for me, to be published on this site
2 NecroZz - thank's for you advices & free beer! my Friend :)
----------------------------------------------------------
Our life is like an IP packet, who knows, which route we have?
@ROFL
------