From: Sang-Kyun Noh (ygescape@gmail.com)
Date: 02/12/06
Message-ID: <46fd74400602121013l14bb8520s@mail.gmail.com> Date: Mon, 13 Feb 2006 03:13:18 +0900 From: Sang-Kyun Noh <ygescape@gmail.com> Subject: tcptrace-bugs Any 'TCP connection information' is abnormal.
Hello.
The attached file is the tcpdump data about NTinfoscan attack of 1999 DARPA
DATA SET.
But, TCP connection information by tcptrace(v6.6.7) of this data is
abnormal.
The result is shown as follows:
=================================================================================
TCP connection info:
1: 172.16.112.100:20 - 206.48.44.18:20 (a2b) 4> 4< (reset)
2: 206.48.44.18:1056 - 172.16.112.100:23 (c2d) 4> 3< (reset)
3: 206.48.44.18:1057 - 172.16.112.100:80 (e2f) 4> 3<
4: 206.48.44.18:1058 - 172.16.112.100:80 (g2h) 5> 4< (complete)
5: 206.48.44.18:1059 - 172.16.112.100:80 (i2j) 5> 4< (complete)
6: 206.48.44.18:1060 - 172.16.112.100:80 (k2l) 5> 4< (complete)
7: 206.48.44.18:1061 - 172.16.112.100:80 (m2n) 5> 4< (complete)
8: 206.48.44.18:1062 - 172.16.112.100:80 (o2p) 5> 4< (complete)
* 9: 206.48.44.18:1063 - 172.16.112.100:80 (q2r) 3> 2<
10: 172.16.112.100:80 - 206.48.44.18:1063 (s2t) 3> 2<*
11: 206.48.44.18:1078 - 172.16.112.100:80 (u2v) 5> 4< (complete)
12: 206.48.44.18:1079 - 172.16.112.100:80 (w2x) 5> 4< (complete)
13: 206.48.44.18:1080 - 172.16.112.100:80 (y2z) 5> 4< (complete)
14: 206.48.44.18:1081 - 172.16.112.100:139 (aa2ab) 9> 7< (complete)
15: 206.48.44.18:1083 - 172.16.112.100:139 (ac2ad) 618> 616< (complete)
16: 206.48.44.18:1057 - 172.16.112.100:80 (ae2af) 1> 0< (reset)
(unidirectional)
=================================================================================
*The connection 9 and 10 must be one connection.*
It seems a bug.
Could you analyze this problem?
Best Regards.
*P.S.*
*Please doesn't bulletin my e-mail address in your homepage or others...*
This archive was generated by hypermail 2.1.7 : 02/13/06 EST