Jump to content

Recommended Posts

Posted

Well, the GET method works, I had some server problems before.

Instead, the POST fails.

What's wrong with the above POST code?

Same here.

Don't use addrequestheaders.

Prefer fill the header buffer ( create it before ) and sending it in second parameters of the send function.

-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]
Posted

So, if I put the headers in the SendRequest:

$data = "action=autoit"  ; Data encoded

$type = "Content-Type: application/x-www-form-urlencoded"&@CRLF
$agent = "User-Agent: Mozilla/4.0"&@CRlf 
$newdata = $agent & $type

$sendrequest = _WinINet_HttpSendRequest($httprequest, $newdata , StringToBinary( $data)  ) ;
ConsoleWrite($sendrequest & @CRLF)

I get received data = "". And no other data from the server (I have other echos before the POST data) .

Instead, with Default as a second header parameter:

$sendrequest = _WinINet_HttpSendRequest($httprequest, Default , StringToBinary( $data) ) ;

I get the echos from the server but again NO post data.

Using

echo $_REQUEST['action'];

I get ""

You get data from the server with POST?

Posted

as far as i remember

i didn't use stringtobinary in my sendrequest.

+

for internetreadfile, in the function i've replace "byte[" by "char["

i've not the script here, but i'll have on thursday.

-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]
Posted (edited)

So, if I put the headers in the SendRequest:

$data = "action=autoit"  ; Data encoded

$type = "Content-Type: application/x-www-form-urlencoded"&@CRLF
$agent = "User-Agent: Mozilla/4.0"&@CRlf 
$newdata = $agent & $type

$sendrequest = _WinINet_HttpSendRequest($httprequest, $newdata , StringToBinary( $data)  ) ;
ConsoleWrite($sendrequest & @CRLF)

I get received data = "". And no other data from the server (I have other echos before the POST data) .

Instead, with Default as a second header parameter:

$sendrequest = _WinINet_HttpSendRequest($httprequest, Default , StringToBinary( $data) ) ;

I get the echos from the server but again NO post data.

Using

echo $_REQUEST['action'];

I get ""

You get data from the server with POST?

i didn't see that you didn't $newdata like it should

$tbuffer = dllstrucreate("char[" stringlen($newdata) "]")

dllstructsetdata($tbuffer,$newdata)

$newdata must be in a dllstruct, then you pass this structure, or the pointer of this structure. Look the sendrequest function to know.

edit : i remember something like tINTERNETBUFFER.

if i remember well ( again ) it is not declared in constants or is NULL, and it is needed to fill the headers with this struct.

If you can wait on thursday, i'll post the source.

Edited by arcker

-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]
Posted

Thank you arcker.

Yes, I can wait till Thurdsay. In the meantime I use GET.

Infact, I think it's not extremely important having the POST method inside Autoit because in every case the GET url is not visible, as there is no browser.

The POST is useful to avoid showing vars in the url or if you have a lot of long variables exceeding the length limit.

Anyway, we are making tests, if we can have a correct POST method is better.

Posted

POST is usefull nowadays to make application uses XMLHTTP standard.

My VMWARE udf needed this. Before wininet I used libcurl.

-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]
Posted (edited)

compromis, chose due as we said in french, here is my working example :

just add necessary thing at the start and you're good to go.

I really think that you missed the content-lenght header. I missed too and it didn't work.

I just remembered that.

Hope this help :

Local $toSend = 'User-Agent: VMware VI Client' & @CRLF & _ ; don't set vmware :), set what you want
   'Expect: 100-continue' & @CRLF & _
   'Content-Type: text/xml; charset=utf-8' & @CRLF & _
   'SOAPAction: ""' & @CRLF & _
   'Host: ' & $VIADRESS & @CRLF

; $tosend is equivalent to your header, i've let it to show you

Local $hOpenRequest = _WinINet_HttpOpenRequest($hInternetConnect, "POST", $sPOSTWhat, $INTERNET_FLAG_SECURE)


If @error Then
ConsoleWrite(5 & @CRLF)
Else
ConsoleWrite("hOpenRequest " & $hOpenRequest & @CRLF)
EndIf

$toSend &= 'Content-Length: ' & StringLen($sPostData) ; REALLY , REALLY IMPORTANT !!!!!!! ( doesn't work if you omit this )


_WinINet_HttpSendRequest($hOpenRequest, $toSend, StringToBinary($sPostData)); just to get 12044 error

Local $readfile = ""
Do
  $readfile &= _WinINet_InternetReadFile_2($hOpenRequest, 5000, True)
Until @error Or Not @extended


Func _WinINet_InternetReadFile_2($hInternet, $iNumberOfBytesToRead,$ConvertToChar = False ) ; I've added this parameter. ( converttochar )
; Set data/structures up
Local $tNumberOfBytesRead = DllStructCreate("dword")
if $ConvertToChar then
  Local $tBuffer = DllStructCreate("char[" & $iNumberOfBytesToRead & "]")
Else
  Local $tBuffer = DllStructCreate("byte[" & $iNumberOfBytesToRead & "]")
EndIf

; Make DLL call
Local $avResult = DllCall($__WinINet_hDLL, _
  "int", "InternetReadFile", _
   "ptr",   $hInternet, _
   "ptr",   DllStructGetPtr($tBuffer), _
   "dword", $iNumberOfBytesToRead, _
   "ptr",   DllStructGetPtr($tNumberOfBytesRead) _
)

; Return response
If @error Or Not $avResult[0] Then Return SetError(1, 0, Binary(""))

Local $iNumberOfBytesRead = DllStructGetData($tNumberOfBytesRead, 1)
if $ConvertToChar then
  Return SetError(0, $iNumberOfBytesRead, stringMid(DllStructGetData($tBuffer, 1), 1, $iNumberOfBytesRead))
Else
  Return SetError(0, $iNumberOfBytesRead, BinaryMid(DllStructGetData($tBuffer, 1), 1, $iNumberOfBytesRead))
EndIf
EndFunc   ;==>_WinINet_InternetReadFile_2
Edited by arcker

-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]
Posted (edited)

Thank you, but I can't make it work.

I tried your code:

#include <WinINet.au3>
_WinINet_Startup()

    $hInternetOpen = _WinINet_InternetOpen("Mozilla/5.0 Firefox/3.0.1", $INTERNET_OPEN_TYPE_DIRECT, 0, Default, Default)
    $hInternetConnect = _WinINet_InternetConnect($hInternetOpen, $INTERNET_SERVICE_HTTP, "MyServerAddress", 0, 0, Default, Default, 0)

$agent = "User-Agent: Mozilla/4.0"&@CRLF 
$type = "Content-Type: application/x-www-form-urlencoded"&@CRLF & _
'Content-Type: text/xml; charset=utf-8' & @CRLF 
   
$toSend = $agent & $type

Local $hOpenRequest = _WinINet_HttpOpenRequest($hInternetConnect, "POST", "/public/Files/PHP/content.php", $INTERNET_FLAG_SECURE)

$data = "action=autoit"
If @error Then
ConsoleWrite(5 & @CRLF)
Else
ConsoleWrite("hOpenRequest " & $hOpenRequest & @CRLF)
EndIf

$toSend &= 'Content-Length: ' & StringLen($data) ; REALLY , REALLY IMPORTANT !!!!!!! ( doesn't work if you omit this )


_WinINet_HttpSendRequest($hOpenRequest, $toSend, StringToBinary($data) ); just to get 12044 error
    
Local $readfile = ""
Do
  $readfile &= _WinINet_InternetReadFile_2($hOpenRequest, 5000, True)
Until @error Or Not @extended
ConsoleWrite( $readfile);


Func _WinINet_InternetReadFile_2($hOpenRequest, $iNumberOfBytesToRead,$ConvertToChar = False ) ; I've added this parameter. ( converttochar )
; Set data/structures up
Local $tNumberOfBytesRead = DllStructCreate("dword")
if $ConvertToChar then
  Local $tBuffer = DllStructCreate("char[" & $iNumberOfBytesToRead & "]")
Else
  Local $tBuffer = DllStructCreate("byte[" & $iNumberOfBytesToRead & "]")
EndIf

; Make DLL call
Local $avResult = DllCall($__WinINet_hDLL, _
  "int", "InternetReadFile", _
   "ptr",   $hOpenRequest, _
   "ptr",   DllStructGetPtr($tBuffer), _
   "dword", $iNumberOfBytesToRead, _
   "ptr",   DllStructGetPtr($tNumberOfBytesRead) _
)

; Return response
If @error Or Not $avResult[0] Then Return SetError(1, 0, Binary(""))

Local $iNumberOfBytesRead = DllStructGetData($tNumberOfBytesRead, 1)
if $ConvertToChar then
  Return SetError(0, $iNumberOfBytesRead, stringMid(DllStructGetData($tBuffer, 1), 1, $iNumberOfBytesRead))
Else
  Return SetError(0, $iNumberOfBytesRead, BinaryMid(DllStructGetData($tBuffer, 1), 1, $iNumberOfBytesRead))
EndIf
EndFunc   ;==>_WinINet_InternetReadFile_2

It gives me only this:

hOpenRequest 0x00CC000C

and no return data from the server.

Nor echos neither specific POST data.

Edited by frank10
Posted

try to remove the internet flag secure in openrequest

it is only needed for https.

sry i've let it and not seen.

-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]
Posted (edited)

I tried without the secure tag, but it doesn't work.

I don't know why...

Can you receive data with the exact code I posted (with or without the secure flag) ?

Edited by frank10
Posted (edited)

I found out an error in the above code:

In the header I wrote:

$agent = "User-Agent: Mozilla/4.0"&@CRLF

instead it must be:

$agent = "User-Agent: Mozilla//4.0"&@CRLF

and so it receive echos from the server. (without the secure flag)

The problem remains in the POST data that aren't send to the server, because I check them in PHP and it says there aren't.

In GET it works ok, but in POST I can't send for example, "action=autoit"

$data = "action=autoit"
$toSend = 'Content-Length: ' & StringLen($data)

_WinINet_HttpSendRequest($hOpenRequest, $toSend, StringToBinary($data) )

How do you send your data in POST?

Edited by frank10
Posted (edited)

that's weird since i post huge xml request and it works fine.

if the openrequest is ok then there is a problem in the sendrequest.

i'll look deeper.

edit :

maybe the content-type ? "Content-Type: text/xml" is not right ?

i'm sure i miss something.

my data is xml encoded,

Edited by arcker

-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]
Posted

Only the user-agent needs the "//":

$agent = "User-Agent: Mozilla//4.0" & @CRLF

Because there's a number after the /. If you write for example, Mozilla/a4.0

works with one / only.

Posted

@frank :

to be honest, i've just re-checked my script and it works fine.

As an advise, you can use 2 tools ( like i use ) to monitor http connections :

fiddler or httpanalyser.

Fiddler is free and it will help you if you don't forget to configure wininet option.

Httpanalyser is the best best software. It traps everything.

-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]
  • 2 weeks later...
Posted

So, now I tried Wireshark to sniff TCP:

An ajax post in Firefox it works well:

Frame 4: 715 bytes on wire (5720 bits), 715 bytes captured (5720 bits)

Arrival Time: Jan 4, 2011 10:31:55.540160000 ora solare Europa occidentale

Epoch Time: 1294133515.540160000 seconds

[Time delta from previous captured frame: 0.003413000 seconds]

[Time delta from previous displayed frame: 0.003413000 seconds]

[Time since reference or first frame: 0.023789000 seconds]

Frame Number: 4

Frame Length: 715 bytes (5720 bits)

Capture Length: 715 bytes (5720 bits)

[Frame is marked: False]

[Frame is ignored: False]

[Protocols in frame: eth:ip:tcp:http:data-text-lines]

[Coloring Rule Name: HTTP]

[Coloring Rule String: http || tcp.port == 80]

Ethernet II, Src: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56), Dst: Avm_45:a4:92 (bc:05:43:45:a4:92)

Destination: Avm_45:a4:92 (bc:05:43:45:a4:92)

Address: Avm_45:a4:92 (bc:05:43:45:a4:92)

.... ...0 .... .... .... .... = IG bit: Individual address (unicast)

.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

Source: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)

Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)

.... ...0 .... .... .... .... = IG bit: Individual address (unicast)

.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

Type: IP (0x0800)

Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 62.149.130.46 (62.149.130.46)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)

0000 00.. = Differentiated Services Codepoint: Default (0x00)

.... ..0. = ECN-Capable Transport (ECT): 0

.... ...0 = ECN-CE: 0

Total Length: 701

Identification: 0x05c7 (1479)

Flags: 0x02 (Don't Fragment)

0... .... = Reserved bit: Not set

.1.. .... = Don't fragment: Set

..0. .... = More fragments: Not set

Fragment offset: 0

Time to live: 128

Protocol: TCP (6)

Header checksum: 0x7003 [correct]

[Good: True]

[bad: False]

Source: 192.168.1.5 (192.168.1.5)

Destination: 62.149.130.46 (62.149.130.46)

Transmission Control Protocol, Src Port: 4772 (4772), Dst Port: http (80), Seq: 1, Ack: 1, Len: 661

Source port: 4772 (4772)

Destination port: http (80)

[stream index: 0]

Sequence number: 1 (relative sequence number)

[Next sequence number: 662 (relative sequence number)]

Acknowledgement number: 1 (relative ack number)

Header length: 20 bytes

Flags: 0x18 (PSH, ACK)

0... .... = Congestion Window Reduced (CWR): Not set

.0.. .... = ECN-Echo: Not set

..0. .... = Urgent: Not set

...1 .... = Acknowledgement: Set

.... 1... = Push: Set

.... .0.. = Reset: Not set

.... ..0. = Syn: Not set

.... ...0 = Fin: Not set

Window size: 24820

Checksum: 0x9b51 [validation disabled]

[Good Checksum: False]

[bad Checksum: False]

[sEQ/ACK analysis]

[Number of bytes in flight: 661]

Hypertext Transfer Protocol

POST /public/Files/PHP/content.php HTTP/1.1\r\n

[Expert Info (Chat/Sequence): POST /public/Files/PHP/content.php HTTP/1.1\r\n]

[Message: POST /public/Files/PHP/content.php HTTP/1.1\r\n]

[severity level: Chat]

[Group: Sequence]

Request Method: POST

Request URI: /public/Files/PHP/content.php

Request Version: HTTP/1.1

Host: www........net\r\n

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6\r\n

Accept: */*\r\n

Accept-Language: it-it,it;q=0.8,en-us;q=0.5,en;q=0.3\r\n

Accept-Encoding: gzip,deflate\r\n

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n

Keep-Alive: 115\r\n

Connection: keep-alive\r\n

Content-Type: application/x-www-form-urlencoded; charset=UTF-8\r\n

X-Requested-With: XMLHttpRequest\r\n

Referer: http://www.........net/public/Files/PHP/domotica/domotica2_server.htm\r\n

Content-Length: 12\r\n

[Content length: 12]

Cookie: PHPSESSID=lfun3t84nbtkep2gkk5plr2nn0\r\n

Pragma: no-cache\r\n

Cache-Control: no-cache\r\n

\r\n

Line-based text data: application/x-www-form-urlencoded

action1=ajax

#################################

The packets with autoit in Post with hte code I posted, the php doesn't get the data "action=autoit".

They are present in the packet, but the php doesn't get them ??

Frame 6: 246 bytes on wire (1968 bits), 246 bytes captured (1968 bits)

Arrival Time: Jan 4, 2011 10:47:57.038281000 ora solare Europa occidentale

Epoch Time: 1294134477.038281000 seconds

[Time delta from previous captured frame: 0.000186000 seconds]

[Time delta from previous displayed frame: 0.000186000 seconds]

[Time since reference or first frame: 10.919907000 seconds]

Frame Number: 6

Frame Length: 246 bytes (1968 bits)

Capture Length: 246 bytes (1968 bits)

[Frame is marked: False]

[Frame is ignored: False]

[Protocols in frame: eth:ip:tcp:http:xml]

[Coloring Rule Name: HTTP]

[Coloring Rule String: http || tcp.port == 80]

Ethernet II, Src: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56), Dst: Avm_45:a4:92 (bc:05:43:45:a4:92)

Destination: Avm_45:a4:92 (bc:05:43:45:a4:92)

Address: Avm_45:a4:92 (bc:05:43:45:a4:92)

.... ...0 .... .... .... .... = IG bit: Individual address (unicast)

.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

Source: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)

Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)

.... ...0 .... .... .... .... = IG bit: Individual address (unicast)

.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)

Type: IP (0x0800)

Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 62.149.128.160 (62.149.128.160)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)

0000 00.. = Differentiated Services Codepoint: Default (0x00)

.... ..0. = ECN-Capable Transport (ECT): 0

.... ...0 = ECN-CE: 0

Total Length: 232

Identification: 0x415b (16731)

Flags: 0x02 (Don't Fragment)

0... .... = Reserved bit: Not set

.1.. .... = Don't fragment: Set

..0. .... = More fragments: Not set

Fragment offset: 0

Time to live: 128

Protocol: TCP (6)

Header checksum: 0x37d2 [correct]

[Good: True]

[bad: False]

Source: 192.168.1.5 (192.168.1.5)

Destination: 62.149.128.160 (62.149.128.160)

Transmission Control Protocol, Src Port: mysql-cm-agent (1862), Dst Port: http (80), Seq: 1, Ack: 1, Len: 192

Source port: mysql-cm-agent (1862)

Destination port: http (80)

[stream index: 0]

Sequence number: 1 (relative sequence number)

[Next sequence number: 193 (relative sequence number)]

Acknowledgement number: 1 (relative ack number)

Header length: 20 bytes

Flags: 0x18 (PSH, ACK)

0... .... = Congestion Window Reduced (CWR): Not set

.0.. .... = ECN-Echo: Not set

..0. .... = Urgent: Not set

...1 .... = Acknowledgement: Set

.... 1... = Push: Set

.... .0.. = Reset: Not set

.... ..0. = Syn: Not set

.... ...0 = Fin: Not set

Window size: 24820

Checksum: 0xcf66 [validation disabled]

[Good Checksum: False]

[bad Checksum: False]

[sEQ/ACK analysis]

[Number of bytes in flight: 192]

Hypertext Transfer Protocol

POST /public/Files/PHP/.........php HTTP/1.1\r\n

[Expert Info (Chat/Sequence): POST /public/Files/PHP/...........php HTTP/1.1\r\n]

[Message: POST /public/Files/PHP/........php HTTP/1.1\r\n]

[severity level: Chat]

[Group: Sequence]

Request Method: POST

Request URI: /public/Files/PHP/.......php

Request Version: HTTP/1.1

User-Agent: Mozilla//4.0\r\n

Content-Type: text/xml; charset=utf-8\r\n

Content-Length: 13\r\n

[Content length: 13]

Host: ..........net\r\n

Cache-Control: no-cache\r\n

\r\n

eXtensible Markup Language

action=autoit

If you need more packets I will post them.

Posted

weird.

so the function works ?

eXtensible Markup Language = XML

action=autoit

can you try to post another thing ? "toto" or something, just to understand how the php server get it.

What is your webserver ? Apache ? lighttpd ? another ?

-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]
Posted (edited)

I have this webserver:

.NET Framework version: 3.5.30729.01

Sistema Operativo: Microsoft Windows 2003

IIS: Microsoft-IIS/6.0server

These are the other packets:

Frame 7: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
    Arrival Time: Jan  4, 2011 10:47:57.063487000 ora solare Europa occidentale
    Epoch Time: 1294134477.063487000 seconds
    [Time delta from previous captured frame: 0.025206000 seconds]
    [Time delta from previous displayed frame: 0.025206000 seconds]
    [Time since reference or first frame: 10.945113000 seconds]
    Frame Number: 7
    Frame Length: 60 bytes (480 bits)
    Capture Length: 60 bytes (480 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: HTTP]
    [Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Avm_45:a4:92 (bc:05:43:45:a4:92), Dst: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
    Destination: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: Avm_45:a4:92 (bc:05:43:45:a4:92)
        Address: Avm_45:a4:92 (bc:05:43:45:a4:92)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
    Trailer: 000000000000
Internet Protocol, Src: 62.149.128.160 (62.149.128.160), Dst: 192.168.1.5 (192.168.1.5)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 40
    Identification: 0x32f2 (13042)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 50
    Protocol: TCP (6)
    Header checksum: 0x94fb [correct]
        [Good: True]
        [Bad: False]
    Source: 62.149.128.160 (62.149.128.160)
    Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: http (80), Dst Port: mysql-cm-agent (1862), Seq: 1, Ack: 193, Len: 0
    Source port: http (80)
    Destination port: mysql-cm-agent (1862)
    [Stream index: 0]
    Sequence number: 1  (relative sequence number)
    Acknowledgement number: 193 (relative ack number)
    Header length: 20 bytes
    Flags: 0x10 (ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 6912 (scaled)
    Checksum: 0x5e04 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 6]
        [The RTT to ACK the segment was: 0.025206000 seconds]

0000  00 c0 9f 38 7c 56 bc 05 43 45 a4 92 08 00 45 00   ...8|V..CE....E.
0010  00 28 32 f2 40 00 32 06 94 fb 3e 95 80 a0 c0 a8   .(2.@.2...>.....
0020  01 05 00 50 07 46 9c 68 a9 3c 42 ff 39 f3 50 10   ...P.F.h.<B.9.P.
0030  06 c0 5e 04 00 00 00 00 00 00 00 00               ..^.........

No.     Time        Source              Destination         Protocol Info
    8 10.947603   62.149.128.160        192.168.1.5         HTTP    HTTP/1.1 301 Moved Permanently  (text/html)

Frame 8: 554 bytes on wire (4432 bits), 554 bytes captured (4432 bits)
    Arrival Time: Jan  4, 2011 10:47:57.065977000 ora solare Europa occidentale
    Epoch Time: 1294134477.065977000 seconds
    [Time delta from previous captured frame: 0.002490000 seconds]
    [Time delta from previous displayed frame: 0.002490000 seconds]
    [Time since reference or first frame: 10.947603000 seconds]
    Frame Number: 8
    Frame Length: 554 bytes (4432 bits)
    Capture Length: 554 bytes (4432 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:http:data-text-lines]
    [Coloring Rule Name: HTTP]
    [Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Avm_45:a4:92 (bc:05:43:45:a4:92), Dst: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
    Destination: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: Avm_45:a4:92 (bc:05:43:45:a4:92)
        Address: Avm_45:a4:92 (bc:05:43:45:a4:92)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 62.149.128.160 (62.149.128.160), Dst: 192.168.1.5 (192.168.1.5)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 540
    Identification: 0x32f4 (13044)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 50
    Protocol: TCP (6)
    Header checksum: 0x9305 [correct]
        [Good: True]
        [Bad: False]
    Source: 62.149.128.160 (62.149.128.160)
    Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: http (80), Dst Port: mysql-cm-agent (1862), Seq: 1, Ack: 193, Len: 500
    Source port: http (80)
    Destination port: mysql-cm-agent (1862)
    [Stream index: 0]
    Sequence number: 1  (relative sequence number)
    [Next sequence number: 501  (relative sequence number)]
    Acknowledgement number: 193 (relative ack number)
    Header length: 20 bytes
    Flags: 0x18 (PSH, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 1... = Push: Set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 6912 (scaled)
    Checksum: 0x145d [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]
        [Number of bytes in flight: 500]
Hypertext Transfer Protocol
    HTTP/1.1 301 Moved Permanently\r\n
        [Expert Info (Chat/Sequence): HTTP/1.1 301 Moved Permanently\r\n]
            [Message: HTTP/1.1 301 Moved Permanently\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Version: HTTP/1.1
        Response Code: 301
    Date: Tue, 04 Jan 2011 09:47:46 GMT\r\n
    Server: Apache\r\n
    Location: http://www........./public/Files/PHP/.......php\r\n
    Content-Length: 262\r\n
        [Content length: 262]
    Connection: close\r\n
    Content-Type: text/html; charset=iso-8859-1\r\n
    \r\n
Line-based text data: text/html
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n
    <html><head>\n
    <title>301 Moved Permanently</title>\n
    </head><body>\n
    <h1>Moved Permanently</h1>\n
    <p>The document has moved <a href="http://www.........net/public/Files/PHP/.........php">here</a>.</p>\n
    </body></html>\n
    
    
    
    

0000  00 c0 9f 38 7c 56 bc 05 43 45 a4 92 08 00 45 00   ...8|V..CE....E.
0010  02 1c 32 f4 40 00 32 06 93 05 3e 95 80 a0 c0 a8   ..2.@.2...>.....
0020  01 05 00 50 07 46 9c 68 a9 3c 42 ff 39 f3 50 18   ...P.F.h.<B.9.P.
0030  06 c0 14 5d 00 00 48 54 54 50 2f 31 2e 31 20 33   ...]..HTTP/1.1 3
0040  30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65   01 Moved Permane
0050  6e 74 6c 79 0d 0a 44 61 74 65 3a 20 54 75 65 2c   ntly..Date: Tue,
0060  20 30 34 20 4a 61 6e 20 32 30 31 31 20 30 39 3a   04 Jan 2011 09:
0070  34 37 3a 34 36 20 47 4d 54 0d 0a 53 65 72 76 65   47:46 GMT..Serve
0080  72 3a 20 41 70 61 63 68 65 0d 0a 4c 6f 63 61 74   r: Apache..Locat
0090  69 6f 6e 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e   ion: http://www.
00a0  64 65 76 65 72 69 74 61 74 65 2e 6e 65 74 2f 70   ...........net/p
00b0  75 62 6c 69 63 2f 46 69 6c 65 73 2f 50 48 50 2f   ublic/Files/PHP/
00c0  63 6f 6e 74 65 6e 74 2e 70 68 70 0d 0a 43 6f 6e   .......php..Con
00d0  74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 36 32   tent-Length: 262
00e0  0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c   ..Connection: cl
00f0  6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70   ose..Content-Typ
0100  65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68   e: text/html; ch
0110  61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31   arset=iso-8859-1
0120  0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54   ....<!DOCTYPE HT
0130  4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45   ML PUBLIC "-//IE
0140  54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30   TF//DTD HTML 2.0
0150  2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65   //EN">.<html><he
0160  61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d   ad>.<title>301 M
0170  6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79   oved Permanently
0180  3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e   </title>.</head>
0190  3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64   <body>.<h1>Moved
01a0  20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31   Permanently</h1
01b0  3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e   >.<p>The documen
01c0  74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68   t has moved <a h
01d0  72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e   ref="http://www.
01e0  64 65 76 65 72 69 74 61 74 65 2e 6e 65 74 2f 70   ...........net/p
01f0  75 62 6c 69 63 2f 46 69 6c 65 73 2f 50 48 50 2f   ublic/Files/PHP/
0200  63 6f 6e 74 65 6e 74 2e 70 68 70 22 3e 68 65 72   .........php">her
0210  65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64   e</a>.</p>.</bod
0220  79 3e 3c 2f 68 74 6d 6c 3e 0a                     y></html>.

No.     Time        Source              Destination         Protocol Info
    9 10.948045   62.149.128.160        192.168.1.5         TCP     http > mysql-cm-agent [FIN, ACK] Seq=501 Ack=193 Win=6912 Len=0

Frame 9: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
    Arrival Time: Jan  4, 2011 10:47:57.066419000 ora solare Europa occidentale
    Epoch Time: 1294134477.066419000 seconds
    [Time delta from previous captured frame: 0.000442000 seconds]
    [Time delta from previous displayed frame: 0.000442000 seconds]
    [Time since reference or first frame: 10.948045000 seconds]
    Frame Number: 9
    Frame Length: 60 bytes (480 bits)
    Capture Length: 60 bytes (480 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: HTTP]
    [Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Avm_45:a4:92 (bc:05:43:45:a4:92), Dst: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
    Destination: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: Avm_45:a4:92 (bc:05:43:45:a4:92)
        Address: Avm_45:a4:92 (bc:05:43:45:a4:92)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
    Trailer: 000000000000
Internet Protocol, Src: 62.149.128.160 (62.149.128.160), Dst: 192.168.1.5 (192.168.1.5)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 40
    Identification: 0x32f6 (13046)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 50
    Protocol: TCP (6)
    Header checksum: 0x94f7 [correct]
        [Good: True]
        [Bad: False]
    Source: 62.149.128.160 (62.149.128.160)
    Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: http (80), Dst Port: mysql-cm-agent (1862), Seq: 501, Ack: 193, Len: 0
    Source port: http (80)
    Destination port: mysql-cm-agent (1862)
    [Stream index: 0]
    Sequence number: 501    (relative sequence number)
    Acknowledgement number: 193 (relative ack number)
    Header length: 20 bytes
    Flags: 0x11 (FIN, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...1 = Fin: Set
            [Expert Info (Chat/Sequence): Connection finish (FIN)]
                [Message: Connection finish (FIN)]
                [Severity level: Chat]
                [Group: Sequence]
    Window size: 6912 (scaled)
    Checksum: 0x5c0f [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]

0000  00 c0 9f 38 7c 56 bc 05 43 45 a4 92 08 00 45 00   ...8|V..CE....E.
0010  00 28 32 f6 40 00 32 06 94 f7 3e 95 80 a0 c0 a8   .(2.@.2...>.....
0020  01 05 00 50 07 46 9c 68 ab 30 42 ff 39 f3 50 11   ...P.F.h.0B.9.P.
0030  06 c0 5c 0f 00 00 00 00 00 00 00 00               ..\.........

No.     Time        Source              Destination         Protocol Info
    10 10.948105   192.168.1.5          62.149.128.160      TCP     mysql-cm-agent > http [ACK] Seq=193 Ack=502 Win=24320 Len=0

Frame 10: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
    Arrival Time: Jan  4, 2011 10:47:57.066479000 ora solare Europa occidentale
    Epoch Time: 1294134477.066479000 seconds
    [Time delta from previous captured frame: 0.000060000 seconds]
    [Time delta from previous displayed frame: 0.000060000 seconds]
    [Time since reference or first frame: 10.948105000 seconds]
    Frame Number: 10
    Frame Length: 54 bytes (432 bits)
    Capture Length: 54 bytes (432 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: HTTP]
    [Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56), Dst: Avm_45:a4:92 (bc:05:43:45:a4:92)
    Destination: Avm_45:a4:92 (bc:05:43:45:a4:92)
        Address: Avm_45:a4:92 (bc:05:43:45:a4:92)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 62.149.128.160 (62.149.128.160)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 40
    Identification: 0x415c (16732)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (6)
    Header checksum: 0x3891 [correct]
        [Good: True]
        [Bad: False]
    Source: 192.168.1.5 (192.168.1.5)
    Destination: 62.149.128.160 (62.149.128.160)
Transmission Control Protocol, Src Port: mysql-cm-agent (1862), Dst Port: http (80), Seq: 193, Ack: 502, Len: 0
    Source port: mysql-cm-agent (1862)
    Destination port: http (80)
    [Stream index: 0]
    Sequence number: 193    (relative sequence number)
    Acknowledgement number: 502 (relative ack number)
    Header length: 20 bytes
    Flags: 0x10 (ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 24320
    Checksum: 0x03cf [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 9]
        [The RTT to ACK the segment was: 0.000060000 seconds]

0000  bc 05 43 45 a4 92 00 c0 9f 38 7c 56 08 00 45 00   ..CE.....8|V..E.
0010  00 28 41 5c 40 00 80 06 38 91 c0 a8 01 05 3e 95   .(A\@...8.....>.
0020  80 a0 07 46 00 50 42 ff 39 f3 9c 68 ab 31 50 10   ...F.PB.9..h.1P.
0030  5f 00 03 cf 00 00                                 _.....

No.     Time        Source              Destination         Protocol Info
    11 10.948159   192.168.1.5          62.149.128.160      TCP     mysql-cm-agent > http [FIN, ACK] Seq=193 Ack=502 Win=24320 Len=0

Frame 11: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
    Arrival Time: Jan  4, 2011 10:47:57.066533000 ora solare Europa occidentale
    Epoch Time: 1294134477.066533000 seconds
    [Time delta from previous captured frame: 0.000054000 seconds]
    [Time delta from previous displayed frame: 0.000054000 seconds]
    [Time since reference or first frame: 10.948159000 seconds]
    Frame Number: 11
    Frame Length: 54 bytes (432 bits)
    Capture Length: 54 bytes (432 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: HTTP]
    [Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56), Dst: Avm_45:a4:92 (bc:05:43:45:a4:92)
    Destination: Avm_45:a4:92 (bc:05:43:45:a4:92)
        Address: Avm_45:a4:92 (bc:05:43:45:a4:92)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 62.149.128.160 (62.149.128.160)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 40
    Identification: 0x415d (16733)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (6)
    Header checksum: 0x3890 [correct]
        [Good: True]
        [Bad: False]
    Source: 192.168.1.5 (192.168.1.5)
    Destination: 62.149.128.160 (62.149.128.160)
Transmission Control Protocol, Src Port: mysql-cm-agent (1862), Dst Port: http (80), Seq: 193, Ack: 502, Len: 0
    Source port: mysql-cm-agent (1862)
    Destination port: http (80)
    [Stream index: 0]
    Sequence number: 193    (relative sequence number)
    Acknowledgement number: 502 (relative ack number)
    Header length: 20 bytes
    Flags: 0x11 (FIN, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...1 = Fin: Set
            [Expert Info (Chat/Sequence): Connection finish (FIN)]
                [Message: Connection finish (FIN)]
                [Severity level: Chat]
                [Group: Sequence]
    Window size: 24320
    Checksum: 0x03ce [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]

0000  bc 05 43 45 a4 92 00 c0 9f 38 7c 56 08 00 45 00   ..CE.....8|V..E.
0010  00 28 41 5d 40 00 80 06 38 90 c0 a8 01 05 3e 95   .(A]@...8.....>.
0020  80 a0 07 46 00 50 42 ff 39 f3 9c 68 ab 31 50 11   ...F.PB.9..h.1P.
0030  5f 00 03 ce 00 00                                 _.....

No.     Time        Source              Destination         Protocol Info
    12 10.964015   192.168.1.5          62.149.130.46       TCP     msnp > http [SYN] Seq=0 Win=24820 Len=0 MSS=1460 WS=0 SACK_PERM=1

Frame 12: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
    Arrival Time: Jan  4, 2011 10:47:57.082389000 ora solare Europa occidentale
    Epoch Time: 1294134477.082389000 seconds
    [Time delta from previous captured frame: 0.015856000 seconds]
    [Time delta from previous displayed frame: 0.015856000 seconds]
    [Time since reference or first frame: 10.964015000 seconds]
    Frame Number: 12
    Frame Length: 66 bytes (528 bits)
    Capture Length: 66 bytes (528 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: HTTP]
    [Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56), Dst: Avm_45:a4:92 (bc:05:43:45:a4:92)
    Destination: Avm_45:a4:92 (bc:05:43:45:a4:92)
        Address: Avm_45:a4:92 (bc:05:43:45:a4:92)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 62.149.130.46 (62.149.130.46)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 52
    Identification: 0x415e (16734)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (6)
    Header checksum: 0x36f5 [correct]
        [Good: True]
        [Bad: False]
    Source: 192.168.1.5 (192.168.1.5)
    Destination: 62.149.130.46 (62.149.130.46)
Transmission Control Protocol, Src Port: msnp (1863), Dst Port: http (80), Seq: 0, Len: 0
    Source port: msnp (1863)
    Destination port: http (80)
    [Stream index: 1]
    Sequence number: 0  (relative sequence number)
    Header length: 32 bytes
    Flags: 0x02 (SYN)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...0 .... = Acknowledgement: Not set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..1. = Syn: Set
            [Expert Info (Chat/Sequence): Connection establish request (SYN): server port http]
                [Message: Connection establish request (SYN): server port http]
                [Severity level: Chat]
                [Group: Sequence]
        .... ...0 = Fin: Not set
    Window size: 24820
    Checksum: 0x8e08 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (12 bytes)
        Maximum segment size: 1460 bytes
        NOP
        Window scale: 0 (multiply by 1)
        NOP
        NOP
        TCP SACK Permitted Option: True

0000  bc 05 43 45 a4 92 00 c0 9f 38 7c 56 08 00 45 00   ..CE.....8|V..E.
0010  00 34 41 5e 40 00 80 06 36 f5 c0 a8 01 05 3e 95   .4A^@...6.....>.
0020  82 2e 07 47 00 50 f5 2d 00 e6 00 00 00 00 80 02   ...G.P.-........
0030  60 f4 8e 08 00 00 02 04 05 b4 01 03 03 00 01 01   `...............
0040  04 02                                             ..

No.     Time        Source              Destination         Protocol Info
    13 10.970133   62.149.128.160       192.168.1.5         TCP     http > mysql-cm-agent [ACK] Seq=502 Ack=194 Win=6912 Len=0

Frame 13: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
    Arrival Time: Jan  4, 2011 10:47:57.088507000 ora solare Europa occidentale
    Epoch Time: 1294134477.088507000 seconds
    [Time delta from previous captured frame: 0.006118000 seconds]
    [Time delta from previous displayed frame: 0.006118000 seconds]
    [Time since reference or first frame: 10.970133000 seconds]
    Frame Number: 13
    Frame Length: 60 bytes (480 bits)
    Capture Length: 60 bytes (480 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: HTTP]
    [Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Avm_45:a4:92 (bc:05:43:45:a4:92), Dst: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
    Destination: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: Avm_45:a4:92 (bc:05:43:45:a4:92)
        Address: Avm_45:a4:92 (bc:05:43:45:a4:92)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
    Trailer: 000000000000
Internet Protocol, Src: 62.149.128.160 (62.149.128.160), Dst: 192.168.1.5 (192.168.1.5)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 40
    Identification: 0x32f8 (13048)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 50
    Protocol: TCP (6)
    Header checksum: 0x94f5 [correct]
        [Good: True]
        [Bad: False]
    Source: 62.149.128.160 (62.149.128.160)
    Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: http (80), Dst Port: mysql-cm-agent (1862), Seq: 502, Ack: 194, Len: 0
    Source port: http (80)
    Destination port: mysql-cm-agent (1862)
    [Stream index: 0]
    Sequence number: 502    (relative sequence number)
    Acknowledgement number: 194 (relative ack number)
    Header length: 20 bytes
    Flags: 0x10 (ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 6912 (scaled)
    Checksum: 0x5c0e [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 11]
        [The RTT to ACK the segment was: 0.021974000 seconds]

0000  00 c0 9f 38 7c 56 bc 05 43 45 a4 92 08 00 45 00   ...8|V..CE....E.
0010  00 28 32 f8 40 00 32 06 94 f5 3e 95 80 a0 c0 a8   .(2.@.2...>.....
0020  01 05 00 50 07 46 9c 68 ab 31 42 ff 39 f4 50 10   ...P.F.h.1B.9.P.
0030  06 c0 5c 0e 00 00 00 00 00 00 00 00               ..\.........

No.     Time        Source              Destination         Protocol Info
    14 10.983790   62.149.130.46        192.168.1.5         TCP     http > msnp [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1430 WS=0 SACK_PERM=1

Frame 14: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
    Arrival Time: Jan  4, 2011 10:47:57.102164000 ora solare Europa occidentale
    Epoch Time: 1294134477.102164000 seconds
    [Time delta from previous captured frame: 0.013657000 seconds]
    [Time delta from previous displayed frame: 0.013657000 seconds]
    [Time since reference or first frame: 10.983790000 seconds]
    Frame Number: 14
    Frame Length: 66 bytes (528 bits)
    Capture Length: 66 bytes (528 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: HTTP]
    [Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Avm_45:a4:92 (bc:05:43:45:a4:92), Dst: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
    Destination: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: Avm_45:a4:92 (bc:05:43:45:a4:92)
        Address: Avm_45:a4:92 (bc:05:43:45:a4:92)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 62.149.130.46 (62.149.130.46), Dst: 192.168.1.5 (192.168.1.5)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 52
    Identification: 0x5ece (24270)
    Flags: 0x00
        0... .... = Reserved bit: Not set
        .0.. .... = Don't fragment: Not set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 115
    Protocol: TCP (6)
    Header checksum: 0x6685 [correct]
        [Good: True]
        [Bad: False]
    Source: 62.149.130.46 (62.149.130.46)
    Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: http (80), Dst Port: msnp (1863), Seq: 0, Ack: 1, Len: 0
    Source port: http (80)
    Destination port: msnp (1863)
    [Stream index: 1]
    Sequence number: 0  (relative sequence number)
    Acknowledgement number: 1   (relative ack number)
    Header length: 32 bytes
    Flags: 0x12 (SYN, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..1. = Syn: Set
            [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port http]
                [Message: Connection establish acknowledge (SYN+ACK): server port http]
                [Severity level: Chat]
                [Group: Sequence]
        .... ...0 = Fin: Not set
    Window size: 16384
    Checksum: 0xa9c1 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (12 bytes)
        Maximum segment size: 1430 bytes
        NOP
        Window scale: 0 (multiply by 1)
        NOP
        NOP
        TCP SACK Permitted Option: True
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 12]
        [The RTT to ACK the segment was: 0.019775000 seconds]

0000  00 c0 9f 38 7c 56 bc 05 43 45 a4 92 08 00 45 00   ...8|V..CE....E.
0010  00 34 5e ce 00 00 73 06 66 85 3e 95 82 2e c0 a8   .4^...s.f.>.....
0020  01 05 00 50 07 47 09 6d fb da f5 2d 00 e7 80 12   ...P.G.m...-....
0030  40 00 a9 c1 00 00 02 04 05 96 01 03 03 00 01 01   @...............
0040  04 02                                             ..

No.     Time        Source              Destination         Protocol Info
    15 10.983888   192.168.1.5          62.149.130.46       TCP     msnp > http [ACK] Seq=1 Ack=1 Win=24820 Len=0

Frame 15: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
    Arrival Time: Jan  4, 2011 10:47:57.102262000 ora solare Europa occidentale
    Epoch Time: 1294134477.102262000 seconds
    [Time delta from previous captured frame: 0.000098000 seconds]
    [Time delta from previous displayed frame: 0.000098000 seconds]
    [Time since reference or first frame: 10.983888000 seconds]
    Frame Number: 15
    Frame Length: 54 bytes (432 bits)
    Capture Length: 54 bytes (432 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: HTTP]
    [Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56), Dst: Avm_45:a4:92 (bc:05:43:45:a4:92)
    Destination: Avm_45:a4:92 (bc:05:43:45:a4:92)
        Address: Avm_45:a4:92 (bc:05:43:45:a4:92)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 62.149.130.46 (62.149.130.46)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 40
    Identification: 0x415f (16735)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (6)
    Header checksum: 0x3700 [correct]
        [Good: True]
        [Bad: False]
    Source: 192.168.1.5 (192.168.1.5)
    Destination: 62.149.130.46 (62.149.130.46)
Transmission Control Protocol, Src Port: msnp (1863), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
    Source port: msnp (1863)
    Destination port: http (80)
    [Stream index: 1]
    Sequence number: 1  (relative sequence number)
    Acknowledgement number: 1   (relative ack number)
    Header length: 20 bytes
    Flags: 0x10 (ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 24820
    Checksum: 0xc97a [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 14]
        [The RTT to ACK the segment was: 0.000098000 seconds]

0000  bc 05 43 45 a4 92 00 c0 9f 38 7c 56 08 00 45 00   ..CE.....8|V..E.
0010  00 28 41 5f 40 00 80 06 37 00 c0 a8 01 05 3e 95   .(A_@...7.....>.
0020  82 2e 07 47 00 50 f5 2d 00 e7 09 6d fb db 50 10   ...G.P.-...m..P.
0030  60 f4 c9 7a 00 00                                 `..z..

No.     Time        Source              Destination         Protocol Info
    16 10.984054   192.168.1.5          62.149.130.46       HTTP    GET /public/Files/PHP/.........php HTTP/1.1 

Frame 16: 201 bytes on wire (1608 bits), 201 bytes captured (1608 bits)
    Arrival Time: Jan  4, 2011 10:47:57.102428000 ora solare Europa occidentale
    Epoch Time: 1294134477.102428000 seconds
    [Time delta from previous captured frame: 0.000166000 seconds]
    [Time delta from previous displayed frame: 0.000166000 seconds]
    [Time since reference or first frame: 10.984054000 seconds]
    Frame Number: 16
    Frame Length: 201 bytes (1608 bits)
    Capture Length: 201 bytes (1608 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:http]
Ethernet II, Src: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56), Dst: Avm_45:a4:92 (bc:05:43:45:a4:92)
    Destination: Avm_45:a4:92 (bc:05:43:45:a4:92)
        Address: Avm_45:a4:92 (bc:05:43:45:a4:92)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 62.149.130.46 (62.149.130.46)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 187
    Identification: 0x4160 (16736)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (6)
    Header checksum: 0x366c [correct]
        [Good: True]
        [Bad: False]
    Source: 192.168.1.5 (192.168.1.5)
    Destination: 62.149.130.46 (62.149.130.46)
Transmission Control Protocol, Src Port: msnp (1863), Dst Port: http (80), Seq: 1, Ack: 1, Len: 147
    Source port: msnp (1863)
    Destination port: http (80)
    [Stream index: 1]
    Sequence number: 1  (relative sequence number)
    [Next sequence number: 148  (relative sequence number)]
    Acknowledgement number: 1   (relative ack number)
    Header length: 20 bytes
    Flags: 0x18 (PSH, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 1... = Push: Set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 24820
    Checksum: 0x6691 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]
        [Number of bytes in flight: 147]
Hypertext Transfer Protocol
    GET /public/Files/PHP/.........php HTTP/1.1\r\n
        [Expert Info (Chat/Sequence): GET /public/Files/PHP/.........php HTTP/1.1\r\n]
            [Message: GET /public/Files/PHP/.........php HTTP/1.1\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Method: GET
        Request URI: /public/Files/PHP/.........php
        Request Version: HTTP/1.1
    User-Agent: Mozilla//4.0\r\n
    Connection: Keep-Alive\r\n
    Cache-Control: no-cache\r\n
    Host: www..............net\r\n
    \r\n

0000  bc 05 43 45 a4 92 00 c0 9f 38 7c 56 08 00 45 00   ..CE.....8|V..E.
0010  00 bb 41 60 40 00 80 06 36 6c c0 a8 01 05 3e 95   ..A`@...6l....>.
0020  82 2e 07 47 00 50 f5 2d 00 e7 09 6d fb db 50 18   ...G.P.-...m..P.
0030  60 f4 66 91 00 00 47 45 54 20 2f 70 75 62 6c 69   `.f...GET /publi
0040  63 2f 46 69 6c 65 73 2f 50 48 50 2f 63 6f 6e 74   c/Files/PHP/cont
0050  65 6e 74 2e 70 68 70 20 48 54 54 50 2f 31 2e 31   ent.php HTTP/1.1
0060  0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 6f   ..User-Agent: Mo
0070  7a 69 6c 6c 61 2f 2f 34 2e 30 0d 0a 43 6f 6e 6e   zilla//4.0..Conn
0080  65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69   ection: Keep-Ali
0090  76 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f   ve..Cache-Contro
00a0  6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 48 6f 73   l: no-cache..Hos
00b0  74 3a 20 77 77 77 2e 64 65 76 65 72 69 74 61 74   t: www.......
00c0  65 2e 6e 65 74 0d 0a 0d 0a                        e.net....

No.     Time        Source              Destination         Protocol Info
    17 11.129899   62.149.130.46        192.168.1.5         TCP     http > msnp [ACK] Seq=1 Ack=148 Win=65388 Len=0

Frame 17: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
    Arrival Time: Jan  4, 2011 10:47:57.248273000 ora solare Europa occidentale
    Epoch Time: 1294134477.248273000 seconds
    [Time delta from previous captured frame: 0.145845000 seconds]
    [Time delta from previous displayed frame: 0.145845000 seconds]
    [Time since reference or first frame: 11.129899000 seconds]
    Frame Number: 17
    Frame Length: 60 bytes (480 bits)
    Capture Length: 60 bytes (480 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp]
Ethernet II, Src: Avm_45:a4:92 (bc:05:43:45:a4:92), Dst: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
    Destination: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: Avm_45:a4:92 (bc:05:43:45:a4:92)
        Address: Avm_45:a4:92 (bc:05:43:45:a4:92)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
    Trailer: 000000000000
Internet Protocol, Src: 62.149.130.46 (62.149.130.46), Dst: 192.168.1.5 (192.168.1.5)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 40
    Identification: 0x5f5d (24413)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 115
    Protocol: TCP (6)
    Header checksum: 0x2602 [correct]
        [Good: True]
        [Bad: False]
    Source: 62.149.130.46 (62.149.130.46)
    Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: http (80), Dst Port: msnp (1863), Seq: 1, Ack: 148, Len: 0
    Source port: http (80)
    Destination port: msnp (1863)
    [Stream index: 1]
    Sequence number: 1  (relative sequence number)
    Acknowledgement number: 148 (relative ack number)
    Header length: 20 bytes
    Flags: 0x10 (ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 65388
    Checksum: 0x2a6f [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 16]
        [The RTT to ACK the segment was: 0.145845000 seconds]

0000  00 c0 9f 38 7c 56 bc 05 43 45 a4 92 08 00 45 00   ...8|V..CE....E.
0010  00 28 5f 5d 40 00 73 06 26 02 3e 95 82 2e c0 a8   .(_]@.s.&.>.....
0020  01 05 00 50 07 47 09 6d fb db f5 2d 01 7a 50 10   ...P.G.m...-.zP.
0030  ff 6c 2a 6f 00 00 00 00 00 00 00 00               .l*o........

No.     Time        Source              Destination         Protocol Info
    18 11.131960   62.149.130.46        192.168.1.5         TCP     [TCP segment of a reassembled PDU]

Frame 18: 449 bytes on wire (3592 bits), 449 bytes captured (3592 bits)
    Arrival Time: Jan  4, 2011 10:47:57.250334000 ora solare Europa occidentale
    Epoch Time: 1294134477.250334000 seconds
    [Time delta from previous captured frame: 0.002061000 seconds]
    [Time delta from previous displayed frame: 0.002061000 seconds]
    [Time since reference or first frame: 11.131960000 seconds]
    Frame Number: 18
    Frame Length: 449 bytes (3592 bits)
    Capture Length: 449 bytes (3592 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:http]
Ethernet II, Src: Avm_45:a4:92 (bc:05:43:45:a4:92), Dst: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
    Destination: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: Avm_45:a4:92 (bc:05:43:45:a4:92)
        Address: Avm_45:a4:92 (bc:05:43:45:a4:92)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 62.149.130.46 (62.149.130.46), Dst: 192.168.1.5 (192.168.1.5)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 435
    Identification: 0x5f5e (24414)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 115
    Protocol: TCP (6)
    Header checksum: 0x2476 [correct]
        [Good: True]
        [Bad: False]
    Source: 62.149.130.46 (62.149.130.46)
    Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: http (80), Dst Port: msnp (1863), Seq: 1, Ack: 148, Len: 395
    Source port: http (80)
    Destination port: msnp (1863)
    [Stream index: 1]
    Sequence number: 1  (relative sequence number)
    [Next sequence number: 396  (relative sequence number)]
    Acknowledgement number: 148 (relative ack number)
    Header length: 20 bytes
    Flags: 0x18 (PSH, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 1... = Push: Set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 65388
    Checksum: 0x9658 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]
        [Number of bytes in flight: 395]
    TCP segment data (395 bytes)

0000  00 c0 9f 38 7c 56 bc 05 43 45 a4 92 08 00 45 00   ...8|V..CE....E.
0010  01 b3 5f 5e 40 00 73 06 24 76 3e 95 82 2e c0 a8   .._^@.s.$v>.....
0020  01 05 00 50 07 47 09 6d fb db f5 2d 01 7a 50 18   ...P.G.m...-.zP.
0030  ff 6c 96 58 00 00 48 54 54 50 2f 31 2e 31 20 32   .l.X..HTTP/1.1 2
0040  30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e   00 OK..Cache-Con
0050  74 72 6f 6c 3a 20 6e 6f 2d 73 74 6f 72 65 2c 20   trol: no-store, 
0060  6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72   no-cache, must-r
0070  65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d   evalidate, post-
0080  63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65   check=0, pre-che
0090  63 6b 3d 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e   ck=0..Connection
00a0  3a 20 63 6c 6f 73 65 0d 0a 44 61 74 65 3a 20 54   : close..Date: T
00b0  75 65 2c 20 30 34 20 4a 61 6e 20 32 30 31 31 20   ue, 04 Jan 2011 
00c0  30 39 3a 34 37 3a 34 37 20 47 4d 54 0d 0a 50 72   09:47:47 GMT..Pr
00d0  61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a   agma: no-cache..
00e0  43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65   Content-Type: te
00f0  78 74 2f 68 74 6d 6c 0d 0a 45 78 70 69 72 65 73   xt/html..Expires
0100  3a 20 54 68 75 2c 20 31 39 20 4e 6f 76 20 31 39   : Thu, 19 Nov 19
0110  38 31 20 30 38 3a 35 32 3a 30 30 20 47 4d 54 0d   81 08:52:00 GMT.
0120  0a 53 65 72 76 65 72 3a 20 4d 69 63 72 6f 73 6f   .Server: Microso
0130  66 74 2d 49 49 53 2f 36 2e 30 0d 0a 53 65 74 2d   ft-IIS/6.0..Set-
0140  43 6f 6f 6b 69 65 3a 20 50 48 50 53 45 53 53 49   Cookie: PHPSESSI
0150  44 3d 6c 66 75 6e 33 74 38 34 6e 62 74 6b 65 70   D=lfun3t84nbtkep
0160  32 67 6b 6b 35 70 6c 72 32 6e 6e 30 3b 20 70 61   2gkk5plr2nn0; pa
0170  74 68 3d 2f 0d 0a 4d 69 63 72 6f 73 6f 66 74 4f   th=/..MicrosoftO
0180  66 66 69 63 65 57 65 62 53 65 72 76 65 72 3a 20   fficeWebServer: 
0190  35 2e 30 5f 50 75 62 0d 0a 58 2d 50 6f 77 65 72   5.0_Pub..X-Power
01a0  65 64 2d 42 79 3a 20 41 53 50 2e 4e 45 54 0d 0a   ed-By: ASP.NET..
01b0  0d 0a 41 72 72 61 79 0a 28 0a 29 0a 68 65 6c 6c   ..Array.(.).hell
01c0  6f                                                o

No.     Time        Source              Destination         Protocol Info
    19 11.239141   62.149.130.46        192.168.1.5         HTTP    HTTP/1.1 200 OK  (text/html)

Frame 19: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
    Arrival Time: Jan  4, 2011 10:47:57.357515000 ora solare Europa occidentale
    Epoch Time: 1294134477.357515000 seconds
    [Time delta from previous captured frame: 0.107181000 seconds]
    [Time delta from previous displayed frame: 0.107181000 seconds]
    [Time since reference or first frame: 11.239141000 seconds]
    Frame Number: 19
    Frame Length: 60 bytes (480 bits)
    Capture Length: 60 bytes (480 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp:http:data-text-lines]
Ethernet II, Src: Avm_45:a4:92 (bc:05:43:45:a4:92), Dst: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
    Destination: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: Avm_45:a4:92 (bc:05:43:45:a4:92)
        Address: Avm_45:a4:92 (bc:05:43:45:a4:92)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
    Trailer: 000000000000
Internet Protocol, Src: 62.149.130.46 (62.149.130.46), Dst: 192.168.1.5 (192.168.1.5)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 40
    Identification: 0x5fc9 (24521)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 115
    Protocol: TCP (6)
    Header checksum: 0x2596 [correct]
        [Good: True]
        [Bad: False]
    Source: 62.149.130.46 (62.149.130.46)
    Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: http (80), Dst Port: msnp (1863), Seq: 396, Ack: 148, Len: 0
    Source port: http (80)
    Destination port: msnp (1863)
    [Stream index: 1]
    Sequence number: 396    (relative sequence number)
    Acknowledgement number: 148 (relative ack number)
    Header length: 20 bytes
    Flags: 0x11 (FIN, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...1 = Fin: Set
            [Expert Info (Chat/Sequence): Connection finish (FIN)]
                [Message: Connection finish (FIN)]
                [Severity level: Chat]
                [Group: Sequence]
    Window size: 65388
    Checksum: 0x28e3 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
[Reassembled TCP Segments (395 bytes): #18(395), #19(0)]
    [Frame: 18, payload: 0-394 (395 bytes)]
    [Frame: 19 (no data)]
    [Reassembled TCP length: 395]
Hypertext Transfer Protocol
    HTTP/1.1 200 OK\r\n
        [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n]
            [Message: HTTP/1.1 200 OK\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Version: HTTP/1.1
        Response Code: 200
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\n
    Connection: close\r\n
    Date: Tue, 04 Jan 2011 09:47:47 GMT\r\n
    Pragma: no-cache\r\n
    Content-Type: text/html\r\n
    Expires: Thu, 19 Nov 1981 08:52:00 GMT\r\n
    Server: Microsoft-IIS/6.0\r\n
    Set-Cookie: PHPSESSID=lfun3t84nbtkep2gkk5plr2nn0; path=/\r\n
    MicrosoftOfficeWebServer: 5.0_Pub\r\n
    X-Powered-By: ASP.NET\r\n
    \r\n
Line-based text data: text/html
    Array\n
    (\n
    )\n
    hello

Frame (60 bytes):

0000  00 c0 9f 38 7c 56 bc 05 43 45 a4 92 08 00 45 00   ...8|V..CE....E.
0010  00 28 5f c9 40 00 73 06 25 96 3e 95 82 2e c0 a8   .(_.@.s.%.>.....
0020  01 05 00 50 07 47 09 6d fd 66 f5 2d 01 7a 50 11   ...P.G.m.f.-.zP.
0030  ff 6c 28 e3 00 00 00 00 00 00 00 00               .l(.........

Reassembled TCP (395 bytes):

0000  48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d   HTTP/1.1 200 OK.
0010  0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20   .Cache-Control: 
0020  6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63   no-store, no-cac
0030  68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64   he, must-revalid
0040  61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d   ate, post-check=
0050  30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a   0, pre-check=0..
0060  43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73   Connection: clos
0070  65 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 30 34   e..Date: Tue, 04
0080  20 4a 61 6e 20 32 30 31 31 20 30 39 3a 34 37 3a   Jan 2011 09:47:
0090  34 37 20 47 4d 54 0d 0a 50 72 61 67 6d 61 3a 20   47 GMT..Pragma: 
00a0  6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e   no-cache..Conten
00b0  74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d   t-Type: text/htm
00c0  6c 0d 0a 45 78 70 69 72 65 73 3a 20 54 68 75 2c   l..Expires: Thu,
00d0  20 31 39 20 4e 6f 76 20 31 39 38 31 20 30 38 3a   19 Nov 1981 08:
00e0  35 32 3a 30 30 20 47 4d 54 0d 0a 53 65 72 76 65   52:00 GMT..Serve
00f0  72 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 49 49 53   r: Microsoft-IIS
0100  2f 36 2e 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65   /6.0..Set-Cookie
0110  3a 20 50 48 50 53 45 53 53 49 44 3d 6c 66 75 6e   : PHPSESSID=lfun
0120  33 74 38 34 6e 62 74 6b 65 70 32 67 6b 6b 35 70   3t84nbtkep2gkk5p
0130  6c 72 32 6e 6e 30 3b 20 70 61 74 68 3d 2f 0d 0a   lr2nn0; path=/..
0140  4d 69 63 72 6f 73 6f 66 74 4f 66 66 69 63 65 57   MicrosoftOfficeW
0150  65 62 53 65 72 76 65 72 3a 20 35 2e 30 5f 50 75   ebServer: 5.0_Pu
0160  62 0d 0a 58 2d 50 6f 77 65 72 65 64 2d 42 79 3a   b..X-Powered-By:
0170  20 41 53 50 2e 4e 45 54 0d 0a 0d 0a 41 72 72 61   ASP.NET....Arra
0180  79 0a 28 0a 29 0a 68 65 6c 6c 6f                  y.(.).hello

No.     Time        Source              Destination         Protocol Info
    20 11.239249   192.168.1.5          62.149.130.46       TCP     msnp > http [ACK] Seq=148 Ack=397 Win=24425 Len=0

Frame 20: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
    Arrival Time: Jan  4, 2011 10:47:57.357623000 ora solare Europa occidentale
    Epoch Time: 1294134477.357623000 seconds
    [Time delta from previous captured frame: 0.000108000 seconds]
    [Time delta from previous displayed frame: 0.000108000 seconds]
    [Time since reference or first frame: 11.239249000 seconds]
    Frame Number: 20
    Frame Length: 54 bytes (432 bits)
    Capture Length: 54 bytes (432 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp]
Ethernet II, Src: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56), Dst: Avm_45:a4:92 (bc:05:43:45:a4:92)
    Destination: Avm_45:a4:92 (bc:05:43:45:a4:92)
        Address: Avm_45:a4:92 (bc:05:43:45:a4:92)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 62.149.130.46 (62.149.130.46)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 40
    Identification: 0x4161 (16737)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (6)
    Header checksum: 0x36fe [correct]
        [Good: True]
        [Bad: False]
    Source: 192.168.1.5 (192.168.1.5)
    Destination: 62.149.130.46 (62.149.130.46)
Transmission Control Protocol, Src Port: msnp (1863), Dst Port: http (80), Seq: 148, Ack: 397, Len: 0
    Source port: msnp (1863)
    Destination port: http (80)
    [Stream index: 1]
    Sequence number: 148    (relative sequence number)
    Acknowledgement number: 397 (relative ack number)
    Header length: 20 bytes
    Flags: 0x10 (ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 24425
    Checksum: 0xc8e6 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 19]
        [The RTT to ACK the segment was: 0.000108000 seconds]

0000  bc 05 43 45 a4 92 00 c0 9f 38 7c 56 08 00 45 00   ..CE.....8|V..E.
0010  00 28 41 61 40 00 80 06 36 fe c0 a8 01 05 3e 95   .(Aa@...6.....>.
0020  82 2e 07 47 00 50 f5 2d 01 7a 09 6d fd 67 50 10   ...G.P.-.z.m.gP.
0030  5f 69 c8 e6 00 00                                 _i....

No.     Time        Source              Destination         Protocol Info
    21 11.239332   192.168.1.5          62.149.130.46       TCP     msnp > http [FIN, ACK] Seq=148 Ack=397 Win=24425 Len=0

Frame 21: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
    Arrival Time: Jan  4, 2011 10:47:57.357706000 ora solare Europa occidentale
    Epoch Time: 1294134477.357706000 seconds
    [Time delta from previous captured frame: 0.000083000 seconds]
    [Time delta from previous displayed frame: 0.000083000 seconds]
    [Time since reference or first frame: 11.239332000 seconds]
    Frame Number: 21
    Frame Length: 54 bytes (432 bits)
    Capture Length: 54 bytes (432 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp]
Ethernet II, Src: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56), Dst: Avm_45:a4:92 (bc:05:43:45:a4:92)
    Destination: Avm_45:a4:92 (bc:05:43:45:a4:92)
        Address: Avm_45:a4:92 (bc:05:43:45:a4:92)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 62.149.130.46 (62.149.130.46)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 40
    Identification: 0x4162 (16738)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (6)
    Header checksum: 0x36fd [correct]
        [Good: True]
        [Bad: False]
    Source: 192.168.1.5 (192.168.1.5)
    Destination: 62.149.130.46 (62.149.130.46)
Transmission Control Protocol, Src Port: msnp (1863), Dst Port: http (80), Seq: 148, Ack: 397, Len: 0
    Source port: msnp (1863)
    Destination port: http (80)
    [Stream index: 1]
    Sequence number: 148    (relative sequence number)
    Acknowledgement number: 397 (relative ack number)
    Header length: 20 bytes
    Flags: 0x11 (FIN, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...1 = Fin: Set
            [Expert Info (Chat/Sequence): Connection finish (FIN)]
                [Message: Connection finish (FIN)]
                [Severity level: Chat]
                [Group: Sequence]
    Window size: 24425
    Checksum: 0xc8e5 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]

0000  bc 05 43 45 a4 92 00 c0 9f 38 7c 56 08 00 45 00   ..CE.....8|V..E.
0010  00 28 41 62 40 00 80 06 36 fd c0 a8 01 05 3e 95   .(Ab@...6.....>.
0020  82 2e 07 47 00 50 f5 2d 01 7a 09 6d fd 67 50 11   ...G.P.-.z.m.gP.
0030  5f 69 c8 e5 00 00                                 _i....

No.     Time        Source              Destination         Protocol Info
    22 11.260683   62.149.130.46        192.168.1.5         TCP     http > msnp [ACK] Seq=397 Ack=149 Win=65388 Len=0

Frame 22: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
    Arrival Time: Jan  4, 2011 10:47:57.379057000 ora solare Europa occidentale
    Epoch Time: 1294134477.379057000 seconds
    [Time delta from previous captured frame: 0.021351000 seconds]
    [Time delta from previous displayed frame: 0.021351000 seconds]
    [Time since reference or first frame: 11.260683000 seconds]
    Frame Number: 22
    Frame Length: 60 bytes (480 bits)
    Capture Length: 60 bytes (480 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp]
Ethernet II, Src: Avm_45:a4:92 (bc:05:43:45:a4:92), Dst: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
    Destination: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: Avm_45:a4:92 (bc:05:43:45:a4:92)
        Address: Avm_45:a4:92 (bc:05:43:45:a4:92)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
    Trailer: 000000000000
Internet Protocol, Src: 62.149.130.46 (62.149.130.46), Dst: 192.168.1.5 (192.168.1.5)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 40
    Identification: 0x5fce (24526)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 115
    Protocol: TCP (6)
    Header checksum: 0x2591 [correct]
        [Good: True]
        [Bad: False]
    Source: 62.149.130.46 (62.149.130.46)
    Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: http (80), Dst Port: msnp (1863), Seq: 397, Ack: 149, Len: 0
    Source port: http (80)
    Destination port: msnp (1863)
    [Stream index: 1]
    Sequence number: 397    (relative sequence number)
    Acknowledgement number: 149 (relative ack number)
    Header length: 20 bytes
    Flags: 0x10 (ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 65388
    Checksum: 0x28e2 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 21]
        [The RTT to ACK the segment was: 0.021351000 seconds]

0000  00 c0 9f 38 7c 56 bc 05 43 45 a4 92 08 00 45 00   ...8|V..CE....E.
0010  00 28 5f ce 40 00 73 06 25 91 3e 95 82 2e c0 a8   .(_.@.s.%.>.....
0020  01 05 00 50 07 47 09 6d fd 67 f5 2d 01 7b 50 10   ...P.G.m.g.-.{P.
0030  ff 6c 28 e2 00 00 00 00 00 00 00 00               .l(.........

No.     Time        Source              Destination         Protocol Info
    23 13.561941   192.168.1.10         192.168.1.5         TCP     4804 > 14013 [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSV=1144632315 TSER=0 WS=2

Frame 23: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
    Arrival Time: Jan  4, 2011 10:47:59.680315000 ora solare Europa occidentale
    Epoch Time: 1294134479.680315000 seconds
    [Time delta from previous captured frame: 2.301258000 seconds]
    [Time delta from previous displayed frame: 2.301258000 seconds]
    [Time since reference or first frame: 13.561941000 seconds]
    Frame Number: 23
    Frame Length: 74 bytes (592 bits)
    Capture Length: 74 bytes (592 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:tcp]
Ethernet II, Src: Avm_45:a4:92 (bc:05:43:45:a4:92), Dst: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
    Destination: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: Avm_45:a4:92 (bc:05:43:45:a4:92)
        Address: Avm_45:a4:92 (bc:05:43:45:a4:92)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.10 (192.168.1.10), Dst: 192.168.1.5 (192.168.1.5)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 60
    Identification: 0xfcb3 (64691)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (6)
    Header checksum: 0xbaa8 [correct]
        [Good: True]
        [Bad: False]
    Source: 192.168.1.10 (192.168.1.10)
    Destination: 192.168.1.5 (192.168.1.5)
Transmission Control Protocol, Src Port: 4804 (4804), Dst Port: 14013 (14013), Seq: 0, Len: 0
    Source port: 4804 (4804)
    Destination port: 14013 (14013)
    [Stream index: 2]
    Sequence number: 0  (relative sequence number)
    Header length: 40 bytes
    Flags: 0x02 (SYN)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...0 .... = Acknowledgement: Not set
        .... 0... = Push: Not set
        .... .0.. = Reset: Not set
        .... ..1. = Syn: Set
            [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 14013]
                [Message: Connection establish request (SYN): server port 14013]
                [Severity level: Chat]
                [Group: Sequence]
        .... ...0 = Fin: Not set
    Window size: 5840
    Checksum: 0x5511 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Options: (20 bytes)
        Maximum segment size: 1460 bytes
        TCP SACK Permitted Option: True
        Timestamps: TSval 1144632315, TSecr 0
        NOP
        Window scale: 2 (multiply by 4)

0000  00 c0 9f 38 7c 56 bc 05 43 45 a4 92 08 00 45 00   ...8|V..CE....E.
0010  00 3c fc b3 40 00 40 06 ba a8 c0 a8 01 0a c0 a8   .<..@.@.........
0020  01 05 12 c4 36 bd c7 c5 4f 48 00 00 00 00 a0 02   ....6...OH......
0030  16 d0 55 11 00 00 02 04 05 b4 04 02 08 0a 44 39   ..U...........D9
0040  b3 fb 00 00 00 00 01 03 03 02                     ..........

There is the strange error 301 moved page nel frame 8 ??

and the GET request in frame 16 (I made POST not Get...)

and the answer on frame 18 from the server with the empty Array () (on the php: print_r ($_REQUEST);, so PHP hasn't get the "action= autoit")

and the "hello", a simple echo to see the responce of the server.

With wininet GET it works well at the same PHP page.

Edited by frank10
Posted (edited)

[Number of bytes in flight: 192]

Hypertext Transfer Protocol

POST /public/Files/PHP/.........php HTTP/1.1\r\n

[Expert Info (Chat/Sequence): POST /public/Files/PHP/...........php HTTP/1.1\r\n]

[Message: POST /public/Files/PHP/........php HTTP/1.1\r\n]

in your previous message, so where did they go.

do you have more messages in IIS logs ?

please use httpanalyser, trial for 15 days. It will really help here to see if the packet is well sent.

Edited by arcker

-- Arck System _ Soon -- Ideas make everything

"La critique est facile, l'art est difficile"

Projects :

[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list]
Posted

I will try httpanalyzer.

I have another weird problem.

I have a 24/24 script that connects to the server every 2 seconds. Autoit uses the Wininet func for 7-8h, then it stops sending data to the server, while the rest of the script works.

With wireshark there is no TCP activity from autoit. What happens after about 7 hours to wininet?? or is PHP that blocks it in some way?

I tried another autoit simple prog:

while 1
    _PHP_serverGET($data)
ConsoleWrite("after PHP " & @HOUR & ":" & @MIN & @CRLF)
Sleep(1500)
WEnd

and I get a simple answer from PHP, like this:

<?php

session_id("lfun3t84nbtkep2gkk5plr2nn0");
session_start();

if (  $_REQUEST['action'] == "autoit" ) 
{
    echo "hello" ;
}

?>
.

the func is the wininet GET method that works well.

Well, this one stops sending TCP packets after 3 hours! (I had the other prog running, communicating with another page on the server)

What's this? I must solve this as I need a 24/24 communication.

Posted

Well, good news!

So, I tried Httpanalyzer:

I discovered the User-agent / problem.

It gave a server error: "HTTP/1.1 999 AW Special Error".

To solve that it's sufficient to add a carachter to the user agent: it was "Mozilla/4.0" it should be:

"Mozillaa/4.0" or "Mozilla/5.0o" etc . Weird but solved.

For the post connection: it seems well formed with the data "action=autoit" present and no error from the server BUT

there is no answer from the php page... only general echo but no POST data !!

This is the RAW stream out:

POST /public/Files/PHP/content.php HTTP/1.1

User-Agent: Mozilla/5.01

Content-Type: text/plain; charset=utf-8

Content-Length: 13

Host: www.deveritate.net

Cache-Control: no-cache

action=autoit

and this the raw server answer:

HTTP/1.1 200 OK

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Connection: close

Date: Sat, 08 Jan 2011 16:24:59 GMT

Pragma: no-cache

Content-Type: text/html

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Server: Microsoft-IIS/6.0

Set-Cookie: PHPSESSID=lfun3t84nbtkep2gkk5plr2nn0; path=/

MicrosoftOfficeWebServer: 5.0_Pub

X-Powered-By: ASP.NET

hello

Instead there is a difference between an ajax browser call and the autoit one:

in the post data, the ajax has: "MimeType: application/x-www-form-urlencoded Size:12 bytes" and there is a

parameter and the value.

Instead in the autoit call there is: "MimeType:text/plain Size:13 bytes" and no couple values.

I changed the code with:

$type = "Content-Type: application/x-www-form-urlencoded"&@CRLF

instead of :

$type = "Content-Type: application/x-www-form-urlencoded"&@CRLF & _

'Content-Type: text/plain; charset=utf-8' & @CRLF

THAT was the error!

It must be the x-form method NOT the text/plain or text/xml etc...

Ok, solved.

Now, I have to solve the other problem of the termination of connection after some hours ??

I tried the POST method (it's the same with GET) with autoit in the console window, to make consolewrite of the various handlers and I get three handlers (InternetOpen, InternetConnect, OpenRequest) and true from SendRequest for three hours,

then I get 0 0 0 and false.

So the first error in the Wininet Function is in the _WinINet_InternetOpen.

from that point, I think the other calls fail.

I have:

$hInternetOpen = _WinINet_InternetOpen("Mozilla/5.0 Firefox/3.0.1", $INTERNET_OPEN_TYPE_DIRECT, 0, Default, Default)

Maybe, with Consolewrite, I found some hints: the handlers returned by the function are progressive hex numbers. Both the prog I tested with different timings stop executing when the handlers reach 0x00CCFFF4 for InternetOpen, 0x00CCFFF8 for Internet Connect and 0x00CCFFFC for OpenRequest.

So the problem could be a short address space.

Now I'm trying with:

_WinINet_InternetCloseHandle($hInternetOpen)

after every call to the server. I see all the handlers are resetted every time without incrementing.

I will report after 8-10 hours how it goes.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...