arcker Posted December 13, 2010 Share Posted December 13, 2010 Well, the GET method works, I had some server problems before.Instead, the POST fails.What's wrong with the above POST code?Same here.Don't use addrequestheaders.Prefer fill the header buffer ( create it before ) and sending it in second parameters of the send function. -- Arck System _ Soon -- Ideas make everything "La critique est facile, l'art est difficile" Projects :[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list] Link to comment Share on other sites More sharing options...
frank10 Posted December 13, 2010 Share Posted December 13, 2010 So, if I put the headers in the SendRequest: $data = "action=autoit" ; Data encoded $type = "Content-Type: application/x-www-form-urlencoded"&@CRLF $agent = "User-Agent: Mozilla/4.0"&@CRlf $newdata = $agent & $type $sendrequest = _WinINet_HttpSendRequest($httprequest, $newdata , StringToBinary( $data) ) ; ConsoleWrite($sendrequest & @CRLF) I get received data = "". And no other data from the server (I have other echos before the POST data) . Instead, with Default as a second header parameter: $sendrequest = _WinINet_HttpSendRequest($httprequest, Default , StringToBinary( $data) ) ; I get the echos from the server but again NO post data. Using echo $_REQUEST['action']; I get "" You get data from the server with POST? Link to comment Share on other sites More sharing options...
arcker Posted December 13, 2010 Share Posted December 13, 2010 as far as i remember i didn't use stringtobinary in my sendrequest. + for internetreadfile, in the function i've replace "byte[" by "char[" i've not the script here, but i'll have on thursday. -- Arck System _ Soon -- Ideas make everything "La critique est facile, l'art est difficile" Projects :[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list] Link to comment Share on other sites More sharing options...
arcker Posted December 13, 2010 Share Posted December 13, 2010 (edited) So, if I put the headers in the SendRequest: $data = "action=autoit" ; Data encoded $type = "Content-Type: application/x-www-form-urlencoded"&@CRLF $agent = "User-Agent: Mozilla/4.0"&@CRlf $newdata = $agent & $type $sendrequest = _WinINet_HttpSendRequest($httprequest, $newdata , StringToBinary( $data) ) ; ConsoleWrite($sendrequest & @CRLF) I get received data = "". And no other data from the server (I have other echos before the POST data) . Instead, with Default as a second header parameter: $sendrequest = _WinINet_HttpSendRequest($httprequest, Default , StringToBinary( $data) ) ; I get the echos from the server but again NO post data. Using echo $_REQUEST['action']; I get "" You get data from the server with POST? i didn't see that you didn't $newdata like it should $tbuffer = dllstrucreate("char[" stringlen($newdata) "]") dllstructsetdata($tbuffer,$newdata) $newdata must be in a dllstruct, then you pass this structure, or the pointer of this structure. Look the sendrequest function to know. edit : i remember something like tINTERNETBUFFER. if i remember well ( again ) it is not declared in constants or is NULL, and it is needed to fill the headers with this struct. If you can wait on thursday, i'll post the source. Edited December 13, 2010 by arcker -- Arck System _ Soon -- Ideas make everything "La critique est facile, l'art est difficile" Projects :[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list] Link to comment Share on other sites More sharing options...
frank10 Posted December 13, 2010 Share Posted December 13, 2010 Thank you arcker. Yes, I can wait till Thurdsay. In the meantime I use GET. Infact, I think it's not extremely important having the POST method inside Autoit because in every case the GET url is not visible, as there is no browser. The POST is useful to avoid showing vars in the url or if you have a lot of long variables exceeding the length limit. Anyway, we are making tests, if we can have a correct POST method is better. Link to comment Share on other sites More sharing options...
arcker Posted December 14, 2010 Share Posted December 14, 2010 POST is usefull nowadays to make application uses XMLHTTP standard. My VMWARE udf needed this. Before wininet I used libcurl. -- Arck System _ Soon -- Ideas make everything "La critique est facile, l'art est difficile" Projects :[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list] Link to comment Share on other sites More sharing options...
arcker Posted December 16, 2010 Share Posted December 16, 2010 (edited) compromis, chose due as we said in french, here is my working example : just add necessary thing at the start and you're good to go. I really think that you missed the content-lenght header. I missed too and it didn't work. I just remembered that. Hope this help : expandcollapse popupLocal $toSend = 'User-Agent: VMware VI Client' & @CRLF & _ ; don't set vmware :), set what you want 'Expect: 100-continue' & @CRLF & _ 'Content-Type: text/xml; charset=utf-8' & @CRLF & _ 'SOAPAction: ""' & @CRLF & _ 'Host: ' & $VIADRESS & @CRLF ; $tosend is equivalent to your header, i've let it to show you Local $hOpenRequest = _WinINet_HttpOpenRequest($hInternetConnect, "POST", $sPOSTWhat, $INTERNET_FLAG_SECURE) If @error Then ConsoleWrite(5 & @CRLF) Else ConsoleWrite("hOpenRequest " & $hOpenRequest & @CRLF) EndIf $toSend &= 'Content-Length: ' & StringLen($sPostData) ; REALLY , REALLY IMPORTANT !!!!!!! ( doesn't work if you omit this ) _WinINet_HttpSendRequest($hOpenRequest, $toSend, StringToBinary($sPostData)); just to get 12044 error Local $readfile = "" Do $readfile &= _WinINet_InternetReadFile_2($hOpenRequest, 5000, True) Until @error Or Not @extended Func _WinINet_InternetReadFile_2($hInternet, $iNumberOfBytesToRead,$ConvertToChar = False ) ; I've added this parameter. ( converttochar ) ; Set data/structures up Local $tNumberOfBytesRead = DllStructCreate("dword") if $ConvertToChar then Local $tBuffer = DllStructCreate("char[" & $iNumberOfBytesToRead & "]") Else Local $tBuffer = DllStructCreate("byte[" & $iNumberOfBytesToRead & "]") EndIf ; Make DLL call Local $avResult = DllCall($__WinINet_hDLL, _ "int", "InternetReadFile", _ "ptr", $hInternet, _ "ptr", DllStructGetPtr($tBuffer), _ "dword", $iNumberOfBytesToRead, _ "ptr", DllStructGetPtr($tNumberOfBytesRead) _ ) ; Return response If @error Or Not $avResult[0] Then Return SetError(1, 0, Binary("")) Local $iNumberOfBytesRead = DllStructGetData($tNumberOfBytesRead, 1) if $ConvertToChar then Return SetError(0, $iNumberOfBytesRead, stringMid(DllStructGetData($tBuffer, 1), 1, $iNumberOfBytesRead)) Else Return SetError(0, $iNumberOfBytesRead, BinaryMid(DllStructGetData($tBuffer, 1), 1, $iNumberOfBytesRead)) EndIf EndFunc ;==>_WinINet_InternetReadFile_2 Edited December 16, 2010 by arcker -- Arck System _ Soon -- Ideas make everything "La critique est facile, l'art est difficile" Projects :[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list] Link to comment Share on other sites More sharing options...
frank10 Posted December 16, 2010 Share Posted December 16, 2010 (edited) Thank you, but I can't make it work. I tried your code: expandcollapse popup#include <WinINet.au3> _WinINet_Startup() $hInternetOpen = _WinINet_InternetOpen("Mozilla/5.0 Firefox/3.0.1", $INTERNET_OPEN_TYPE_DIRECT, 0, Default, Default) $hInternetConnect = _WinINet_InternetConnect($hInternetOpen, $INTERNET_SERVICE_HTTP, "MyServerAddress", 0, 0, Default, Default, 0) $agent = "User-Agent: Mozilla/4.0"&@CRLF $type = "Content-Type: application/x-www-form-urlencoded"&@CRLF & _ 'Content-Type: text/xml; charset=utf-8' & @CRLF $toSend = $agent & $type Local $hOpenRequest = _WinINet_HttpOpenRequest($hInternetConnect, "POST", "/public/Files/PHP/content.php", $INTERNET_FLAG_SECURE) $data = "action=autoit" If @error Then ConsoleWrite(5 & @CRLF) Else ConsoleWrite("hOpenRequest " & $hOpenRequest & @CRLF) EndIf $toSend &= 'Content-Length: ' & StringLen($data) ; REALLY , REALLY IMPORTANT !!!!!!! ( doesn't work if you omit this ) _WinINet_HttpSendRequest($hOpenRequest, $toSend, StringToBinary($data) ); just to get 12044 error Local $readfile = "" Do $readfile &= _WinINet_InternetReadFile_2($hOpenRequest, 5000, True) Until @error Or Not @extended ConsoleWrite( $readfile); Func _WinINet_InternetReadFile_2($hOpenRequest, $iNumberOfBytesToRead,$ConvertToChar = False ) ; I've added this parameter. ( converttochar ) ; Set data/structures up Local $tNumberOfBytesRead = DllStructCreate("dword") if $ConvertToChar then Local $tBuffer = DllStructCreate("char[" & $iNumberOfBytesToRead & "]") Else Local $tBuffer = DllStructCreate("byte[" & $iNumberOfBytesToRead & "]") EndIf ; Make DLL call Local $avResult = DllCall($__WinINet_hDLL, _ "int", "InternetReadFile", _ "ptr", $hOpenRequest, _ "ptr", DllStructGetPtr($tBuffer), _ "dword", $iNumberOfBytesToRead, _ "ptr", DllStructGetPtr($tNumberOfBytesRead) _ ) ; Return response If @error Or Not $avResult[0] Then Return SetError(1, 0, Binary("")) Local $iNumberOfBytesRead = DllStructGetData($tNumberOfBytesRead, 1) if $ConvertToChar then Return SetError(0, $iNumberOfBytesRead, stringMid(DllStructGetData($tBuffer, 1), 1, $iNumberOfBytesRead)) Else Return SetError(0, $iNumberOfBytesRead, BinaryMid(DllStructGetData($tBuffer, 1), 1, $iNumberOfBytesRead)) EndIf EndFunc ;==>_WinINet_InternetReadFile_2 It gives me only this: hOpenRequest 0x00CC000C and no return data from the server. Nor echos neither specific POST data. Edited December 16, 2010 by frank10 Link to comment Share on other sites More sharing options...
arcker Posted December 17, 2010 Share Posted December 17, 2010 try to remove the internet flag secure in openrequest it is only needed for https. sry i've let it and not seen. -- Arck System _ Soon -- Ideas make everything "La critique est facile, l'art est difficile" Projects :[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list] Link to comment Share on other sites More sharing options...
frank10 Posted December 17, 2010 Share Posted December 17, 2010 (edited) I tried without the secure tag, but it doesn't work. I don't know why... Can you receive data with the exact code I posted (with or without the secure flag) ? Edited December 17, 2010 by frank10 Link to comment Share on other sites More sharing options...
frank10 Posted December 18, 2010 Share Posted December 18, 2010 (edited) I found out an error in the above code: In the header I wrote: $agent = "User-Agent: Mozilla/4.0"&@CRLF instead it must be: $agent = "User-Agent: Mozilla//4.0"&@CRLF and so it receive echos from the server. (without the secure flag) The problem remains in the POST data that aren't send to the server, because I check them in PHP and it says there aren't. In GET it works ok, but in POST I can't send for example, "action=autoit" $data = "action=autoit" $toSend = 'Content-Length: ' & StringLen($data) _WinINet_HttpSendRequest($hOpenRequest, $toSend, StringToBinary($data) ) How do you send your data in POST? Edited December 18, 2010 by frank10 Link to comment Share on other sites More sharing options...
arcker Posted December 20, 2010 Share Posted December 20, 2010 (edited) that's weird since i post huge xml request and it works fine. if the openrequest is ok then there is a problem in the sendrequest. i'll look deeper. edit : maybe the content-type ? "Content-Type: text/xml" is not right ? i'm sure i miss something. my data is xml encoded, Edited December 20, 2010 by arcker -- Arck System _ Soon -- Ideas make everything "La critique est facile, l'art est difficile" Projects :[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list] Link to comment Share on other sites More sharing options...
frank10 Posted December 20, 2010 Share Posted December 20, 2010 Only the user-agent needs the "//": $agent = "User-Agent: Mozilla//4.0" & @CRLF Because there's a number after the /. If you write for example, Mozilla/a4.0 works with one / only. Link to comment Share on other sites More sharing options...
arcker Posted December 23, 2010 Share Posted December 23, 2010 @frank : to be honest, i've just re-checked my script and it works fine. As an advise, you can use 2 tools ( like i use ) to monitor http connections : fiddler or httpanalyser. Fiddler is free and it will help you if you don't forget to configure wininet option. Httpanalyser is the best best software. It traps everything. -- Arck System _ Soon -- Ideas make everything "La critique est facile, l'art est difficile" Projects :[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list] Link to comment Share on other sites More sharing options...
frank10 Posted January 5, 2011 Share Posted January 5, 2011 So, now I tried Wireshark to sniff TCP: An ajax post in Firefox it works well: Frame 4: 715 bytes on wire (5720 bits), 715 bytes captured (5720 bits) Arrival Time: Jan 4, 2011 10:31:55.540160000 ora solare Europa occidentale Epoch Time: 1294133515.540160000 seconds [Time delta from previous captured frame: 0.003413000 seconds] [Time delta from previous displayed frame: 0.003413000 seconds] [Time since reference or first frame: 0.023789000 seconds] Frame Number: 4 Frame Length: 715 bytes (5720 bits) Capture Length: 715 bytes (5720 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:data-text-lines] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56), Dst: Avm_45:a4:92 (bc:05:43:45:a4:92) Destination: Avm_45:a4:92 (bc:05:43:45:a4:92) Address: Avm_45:a4:92 (bc:05:43:45:a4:92) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 62.149.130.46 (62.149.130.46) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 701 Identification: 0x05c7 (1479) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x7003 [correct] [Good: True] [bad: False] Source: 192.168.1.5 (192.168.1.5) Destination: 62.149.130.46 (62.149.130.46) Transmission Control Protocol, Src Port: 4772 (4772), Dst Port: http (80), Seq: 1, Ack: 1, Len: 661 Source port: 4772 (4772) Destination port: http (80) [stream index: 0] Sequence number: 1 (relative sequence number) [Next sequence number: 662 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 24820 Checksum: 0x9b51 [validation disabled] [Good Checksum: False] [bad Checksum: False] [sEQ/ACK analysis] [Number of bytes in flight: 661] Hypertext Transfer Protocol POST /public/Files/PHP/content.php HTTP/1.1\r\n [Expert Info (Chat/Sequence): POST /public/Files/PHP/content.php HTTP/1.1\r\n] [Message: POST /public/Files/PHP/content.php HTTP/1.1\r\n] [severity level: Chat] [Group: Sequence] Request Method: POST Request URI: /public/Files/PHP/content.php Request Version: HTTP/1.1 Host: www........net\r\n User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6\r\n Accept: */*\r\n Accept-Language: it-it,it;q=0.8,en-us;q=0.5,en;q=0.3\r\n Accept-Encoding: gzip,deflate\r\n Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n Keep-Alive: 115\r\n Connection: keep-alive\r\n Content-Type: application/x-www-form-urlencoded; charset=UTF-8\r\n X-Requested-With: XMLHttpRequest\r\n Referer: http://www.........net/public/Files/PHP/domotica/domotica2_server.htm\r\n Content-Length: 12\r\n [Content length: 12] Cookie: PHPSESSID=lfun3t84nbtkep2gkk5plr2nn0\r\n Pragma: no-cache\r\n Cache-Control: no-cache\r\n \r\n Line-based text data: application/x-www-form-urlencoded action1=ajax ################################# The packets with autoit in Post with hte code I posted, the php doesn't get the data "action=autoit". They are present in the packet, but the php doesn't get them ?? Frame 6: 246 bytes on wire (1968 bits), 246 bytes captured (1968 bits) Arrival Time: Jan 4, 2011 10:47:57.038281000 ora solare Europa occidentale Epoch Time: 1294134477.038281000 seconds [Time delta from previous captured frame: 0.000186000 seconds] [Time delta from previous displayed frame: 0.000186000 seconds] [Time since reference or first frame: 10.919907000 seconds] Frame Number: 6 Frame Length: 246 bytes (1968 bits) Capture Length: 246 bytes (1968 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:xml] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56), Dst: Avm_45:a4:92 (bc:05:43:45:a4:92) Destination: Avm_45:a4:92 (bc:05:43:45:a4:92) Address: Avm_45:a4:92 (bc:05:43:45:a4:92) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 62.149.128.160 (62.149.128.160) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 232 Identification: 0x415b (16731) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x37d2 [correct] [Good: True] [bad: False] Source: 192.168.1.5 (192.168.1.5) Destination: 62.149.128.160 (62.149.128.160) Transmission Control Protocol, Src Port: mysql-cm-agent (1862), Dst Port: http (80), Seq: 1, Ack: 1, Len: 192 Source port: mysql-cm-agent (1862) Destination port: http (80) [stream index: 0] Sequence number: 1 (relative sequence number) [Next sequence number: 193 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 24820 Checksum: 0xcf66 [validation disabled] [Good Checksum: False] [bad Checksum: False] [sEQ/ACK analysis] [Number of bytes in flight: 192] Hypertext Transfer Protocol POST /public/Files/PHP/.........php HTTP/1.1\r\n [Expert Info (Chat/Sequence): POST /public/Files/PHP/...........php HTTP/1.1\r\n] [Message: POST /public/Files/PHP/........php HTTP/1.1\r\n] [severity level: Chat] [Group: Sequence] Request Method: POST Request URI: /public/Files/PHP/.......php Request Version: HTTP/1.1 User-Agent: Mozilla//4.0\r\n Content-Type: text/xml; charset=utf-8\r\n Content-Length: 13\r\n [Content length: 13] Host: ..........net\r\n Cache-Control: no-cache\r\n \r\n eXtensible Markup Language action=autoit If you need more packets I will post them. Link to comment Share on other sites More sharing options...
arcker Posted January 6, 2011 Share Posted January 6, 2011 weird.so the function works ?eXtensible Markup Language = XML action=autoitcan you try to post another thing ? "toto" or something, just to understand how the php server get it.What is your webserver ? Apache ? lighttpd ? another ? -- Arck System _ Soon -- Ideas make everything "La critique est facile, l'art est difficile" Projects :[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list] Link to comment Share on other sites More sharing options...
frank10 Posted January 6, 2011 Share Posted January 6, 2011 (edited) I have this webserver: .NET Framework version: 3.5.30729.01Sistema Operativo: Microsoft Windows 2003IIS: Microsoft-IIS/6.0server These are the other packets:expandcollapse popupFrame 7: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Arrival Time: Jan 4, 2011 10:47:57.063487000 ora solare Europa occidentale Epoch Time: 1294134477.063487000 seconds [Time delta from previous captured frame: 0.025206000 seconds] [Time delta from previous displayed frame: 0.025206000 seconds] [Time since reference or first frame: 10.945113000 seconds] Frame Number: 7 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Avm_45:a4:92 (bc:05:43:45:a4:92), Dst: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Destination: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Avm_45:a4:92 (bc:05:43:45:a4:92) Address: Avm_45:a4:92 (bc:05:43:45:a4:92) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src: 62.149.128.160 (62.149.128.160), Dst: 192.168.1.5 (192.168.1.5) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x32f2 (13042) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 50 Protocol: TCP (6) Header checksum: 0x94fb [correct] [Good: True] [Bad: False] Source: 62.149.128.160 (62.149.128.160) Destination: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: http (80), Dst Port: mysql-cm-agent (1862), Seq: 1, Ack: 193, Len: 0 Source port: http (80) Destination port: mysql-cm-agent (1862) [Stream index: 0] Sequence number: 1 (relative sequence number) Acknowledgement number: 193 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 6912 (scaled) Checksum: 0x5e04 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 6] [The RTT to ACK the segment was: 0.025206000 seconds] 0000 00 c0 9f 38 7c 56 bc 05 43 45 a4 92 08 00 45 00 ...8|V..CE....E. 0010 00 28 32 f2 40 00 32 06 94 fb 3e 95 80 a0 c0 a8 .(2.@.2...>..... 0020 01 05 00 50 07 46 9c 68 a9 3c 42 ff 39 f3 50 10 ...P.F.h.<B.9.P. 0030 06 c0 5e 04 00 00 00 00 00 00 00 00 ..^......... No. Time Source Destination Protocol Info 8 10.947603 62.149.128.160 192.168.1.5 HTTP HTTP/1.1 301 Moved Permanently (text/html) Frame 8: 554 bytes on wire (4432 bits), 554 bytes captured (4432 bits) Arrival Time: Jan 4, 2011 10:47:57.065977000 ora solare Europa occidentale Epoch Time: 1294134477.065977000 seconds [Time delta from previous captured frame: 0.002490000 seconds] [Time delta from previous displayed frame: 0.002490000 seconds] [Time since reference or first frame: 10.947603000 seconds] Frame Number: 8 Frame Length: 554 bytes (4432 bits) Capture Length: 554 bytes (4432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:data-text-lines] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Avm_45:a4:92 (bc:05:43:45:a4:92), Dst: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Destination: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Avm_45:a4:92 (bc:05:43:45:a4:92) Address: Avm_45:a4:92 (bc:05:43:45:a4:92) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 62.149.128.160 (62.149.128.160), Dst: 192.168.1.5 (192.168.1.5) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 540 Identification: 0x32f4 (13044) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 50 Protocol: TCP (6) Header checksum: 0x9305 [correct] [Good: True] [Bad: False] Source: 62.149.128.160 (62.149.128.160) Destination: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: http (80), Dst Port: mysql-cm-agent (1862), Seq: 1, Ack: 193, Len: 500 Source port: http (80) Destination port: mysql-cm-agent (1862) [Stream index: 0] Sequence number: 1 (relative sequence number) [Next sequence number: 501 (relative sequence number)] Acknowledgement number: 193 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 6912 (scaled) Checksum: 0x145d [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Number of bytes in flight: 500] Hypertext Transfer Protocol HTTP/1.1 301 Moved Permanently\r\n [Expert Info (Chat/Sequence): HTTP/1.1 301 Moved Permanently\r\n] [Message: HTTP/1.1 301 Moved Permanently\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Response Code: 301 Date: Tue, 04 Jan 2011 09:47:46 GMT\r\n Server: Apache\r\n Location: http://www........./public/Files/PHP/.......php\r\n Content-Length: 262\r\n [Content length: 262] Connection: close\r\n Content-Type: text/html; charset=iso-8859-1\r\n \r\n Line-based text data: text/html <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">\n <html><head>\n <title>301 Moved Permanently</title>\n </head><body>\n <h1>Moved Permanently</h1>\n <p>The document has moved <a href="http://www.........net/public/Files/PHP/.........php">here</a>.</p>\n </body></html>\n 0000 00 c0 9f 38 7c 56 bc 05 43 45 a4 92 08 00 45 00 ...8|V..CE....E. 0010 02 1c 32 f4 40 00 32 06 93 05 3e 95 80 a0 c0 a8 ..2.@.2...>..... 0020 01 05 00 50 07 46 9c 68 a9 3c 42 ff 39 f3 50 18 ...P.F.h.<B.9.P. 0030 06 c0 14 5d 00 00 48 54 54 50 2f 31 2e 31 20 33 ...]..HTTP/1.1 3 0040 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 01 Moved Permane 0050 6e 74 6c 79 0d 0a 44 61 74 65 3a 20 54 75 65 2c ntly..Date: Tue, 0060 20 30 34 20 4a 61 6e 20 32 30 31 31 20 30 39 3a 04 Jan 2011 09: 0070 34 37 3a 34 36 20 47 4d 54 0d 0a 53 65 72 76 65 47:46 GMT..Serve 0080 72 3a 20 41 70 61 63 68 65 0d 0a 4c 6f 63 61 74 r: Apache..Locat 0090 69 6f 6e 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e ion: http://www. 00a0 64 65 76 65 72 69 74 61 74 65 2e 6e 65 74 2f 70 ...........net/p 00b0 75 62 6c 69 63 2f 46 69 6c 65 73 2f 50 48 50 2f ublic/Files/PHP/ 00c0 63 6f 6e 74 65 6e 74 2e 70 68 70 0d 0a 43 6f 6e .......php..Con 00d0 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 36 32 tent-Length: 262 00e0 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c ..Connection: cl 00f0 6f 73 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 ose..Content-Typ 0100 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 e: text/html; ch 0110 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 arset=iso-8859-1 0120 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 ....<!DOCTYPE HT 0130 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 ML PUBLIC "-//IE 0140 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 TF//DTD HTML 2.0 0150 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 //EN">.<html><he 0160 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d ad>.<title>301 M 0170 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 oved Permanently 0180 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e </title>.</head> 0190 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 <body>.<h1>Moved 01a0 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 Permanently</h1 01b0 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e >.<p>The documen 01c0 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 t has moved <a h 01d0 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e ref="http://www. 01e0 64 65 76 65 72 69 74 61 74 65 2e 6e 65 74 2f 70 ...........net/p 01f0 75 62 6c 69 63 2f 46 69 6c 65 73 2f 50 48 50 2f ublic/Files/PHP/ 0200 63 6f 6e 74 65 6e 74 2e 70 68 70 22 3e 68 65 72 .........php">her 0210 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 e</a>.</p>.</bod 0220 79 3e 3c 2f 68 74 6d 6c 3e 0a y></html>. No. Time Source Destination Protocol Info 9 10.948045 62.149.128.160 192.168.1.5 TCP http > mysql-cm-agent [FIN, ACK] Seq=501 Ack=193 Win=6912 Len=0 Frame 9: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Arrival Time: Jan 4, 2011 10:47:57.066419000 ora solare Europa occidentale Epoch Time: 1294134477.066419000 seconds [Time delta from previous captured frame: 0.000442000 seconds] [Time delta from previous displayed frame: 0.000442000 seconds] [Time since reference or first frame: 10.948045000 seconds] Frame Number: 9 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Avm_45:a4:92 (bc:05:43:45:a4:92), Dst: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Destination: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Avm_45:a4:92 (bc:05:43:45:a4:92) Address: Avm_45:a4:92 (bc:05:43:45:a4:92) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src: 62.149.128.160 (62.149.128.160), Dst: 192.168.1.5 (192.168.1.5) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x32f6 (13046) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 50 Protocol: TCP (6) Header checksum: 0x94f7 [correct] [Good: True] [Bad: False] Source: 62.149.128.160 (62.149.128.160) Destination: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: http (80), Dst Port: mysql-cm-agent (1862), Seq: 501, Ack: 193, Len: 0 Source port: http (80) Destination port: mysql-cm-agent (1862) [Stream index: 0] Sequence number: 501 (relative sequence number) Acknowledgement number: 193 (relative ack number) Header length: 20 bytes Flags: 0x11 (FIN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Message: Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] Window size: 6912 (scaled) Checksum: 0x5c0f [validation disabled] [Good Checksum: False] [Bad Checksum: False] 0000 00 c0 9f 38 7c 56 bc 05 43 45 a4 92 08 00 45 00 ...8|V..CE....E. 0010 00 28 32 f6 40 00 32 06 94 f7 3e 95 80 a0 c0 a8 .(2.@.2...>..... 0020 01 05 00 50 07 46 9c 68 ab 30 42 ff 39 f3 50 11 ...P.F.h.0B.9.P. 0030 06 c0 5c 0f 00 00 00 00 00 00 00 00 ..\......... No. Time Source Destination Protocol Info 10 10.948105 192.168.1.5 62.149.128.160 TCP mysql-cm-agent > http [ACK] Seq=193 Ack=502 Win=24320 Len=0 Frame 10: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Arrival Time: Jan 4, 2011 10:47:57.066479000 ora solare Europa occidentale Epoch Time: 1294134477.066479000 seconds [Time delta from previous captured frame: 0.000060000 seconds] [Time delta from previous displayed frame: 0.000060000 seconds] [Time since reference or first frame: 10.948105000 seconds] Frame Number: 10 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56), Dst: Avm_45:a4:92 (bc:05:43:45:a4:92) Destination: Avm_45:a4:92 (bc:05:43:45:a4:92) Address: Avm_45:a4:92 (bc:05:43:45:a4:92) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 62.149.128.160 (62.149.128.160) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x415c (16732) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x3891 [correct] [Good: True] [Bad: False] Source: 192.168.1.5 (192.168.1.5) Destination: 62.149.128.160 (62.149.128.160) Transmission Control Protocol, Src Port: mysql-cm-agent (1862), Dst Port: http (80), Seq: 193, Ack: 502, Len: 0 Source port: mysql-cm-agent (1862) Destination port: http (80) [Stream index: 0] Sequence number: 193 (relative sequence number) Acknowledgement number: 502 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 24320 Checksum: 0x03cf [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 9] [The RTT to ACK the segment was: 0.000060000 seconds] 0000 bc 05 43 45 a4 92 00 c0 9f 38 7c 56 08 00 45 00 ..CE.....8|V..E. 0010 00 28 41 5c 40 00 80 06 38 91 c0 a8 01 05 3e 95 .(A\@...8.....>. 0020 80 a0 07 46 00 50 42 ff 39 f3 9c 68 ab 31 50 10 ...F.PB.9..h.1P. 0030 5f 00 03 cf 00 00 _..... No. Time Source Destination Protocol Info 11 10.948159 192.168.1.5 62.149.128.160 TCP mysql-cm-agent > http [FIN, ACK] Seq=193 Ack=502 Win=24320 Len=0 Frame 11: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Arrival Time: Jan 4, 2011 10:47:57.066533000 ora solare Europa occidentale Epoch Time: 1294134477.066533000 seconds [Time delta from previous captured frame: 0.000054000 seconds] [Time delta from previous displayed frame: 0.000054000 seconds] [Time since reference or first frame: 10.948159000 seconds] Frame Number: 11 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56), Dst: Avm_45:a4:92 (bc:05:43:45:a4:92) Destination: Avm_45:a4:92 (bc:05:43:45:a4:92) Address: Avm_45:a4:92 (bc:05:43:45:a4:92) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 62.149.128.160 (62.149.128.160) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x415d (16733) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x3890 [correct] [Good: True] [Bad: False] Source: 192.168.1.5 (192.168.1.5) Destination: 62.149.128.160 (62.149.128.160) Transmission Control Protocol, Src Port: mysql-cm-agent (1862), Dst Port: http (80), Seq: 193, Ack: 502, Len: 0 Source port: mysql-cm-agent (1862) Destination port: http (80) [Stream index: 0] Sequence number: 193 (relative sequence number) Acknowledgement number: 502 (relative ack number) Header length: 20 bytes Flags: 0x11 (FIN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Message: Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] Window size: 24320 Checksum: 0x03ce [validation disabled] [Good Checksum: False] [Bad Checksum: False] 0000 bc 05 43 45 a4 92 00 c0 9f 38 7c 56 08 00 45 00 ..CE.....8|V..E. 0010 00 28 41 5d 40 00 80 06 38 90 c0 a8 01 05 3e 95 .(A]@...8.....>. 0020 80 a0 07 46 00 50 42 ff 39 f3 9c 68 ab 31 50 11 ...F.PB.9..h.1P. 0030 5f 00 03 ce 00 00 _..... No. Time Source Destination Protocol Info 12 10.964015 192.168.1.5 62.149.130.46 TCP msnp > http [SYN] Seq=0 Win=24820 Len=0 MSS=1460 WS=0 SACK_PERM=1 Frame 12: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Arrival Time: Jan 4, 2011 10:47:57.082389000 ora solare Europa occidentale Epoch Time: 1294134477.082389000 seconds [Time delta from previous captured frame: 0.015856000 seconds] [Time delta from previous displayed frame: 0.015856000 seconds] [Time since reference or first frame: 10.964015000 seconds] Frame Number: 12 Frame Length: 66 bytes (528 bits) Capture Length: 66 bytes (528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56), Dst: Avm_45:a4:92 (bc:05:43:45:a4:92) Destination: Avm_45:a4:92 (bc:05:43:45:a4:92) Address: Avm_45:a4:92 (bc:05:43:45:a4:92) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 62.149.130.46 (62.149.130.46) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x415e (16734) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x36f5 [correct] [Good: True] [Bad: False] Source: 192.168.1.5 (192.168.1.5) Destination: 62.149.130.46 (62.149.130.46) Transmission Control Protocol, Src Port: msnp (1863), Dst Port: http (80), Seq: 0, Len: 0 Source port: msnp (1863) Destination port: http (80) [Stream index: 1] Sequence number: 0 (relative sequence number) Header length: 32 bytes Flags: 0x02 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgement: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish request (SYN): server port http] [Message: Connection establish request (SYN): server port http] [Severity level: Chat] [Group: Sequence] .... ...0 = Fin: Not set Window size: 24820 Checksum: 0x8e08 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) Maximum segment size: 1460 bytes NOP Window scale: 0 (multiply by 1) NOP NOP TCP SACK Permitted Option: True 0000 bc 05 43 45 a4 92 00 c0 9f 38 7c 56 08 00 45 00 ..CE.....8|V..E. 0010 00 34 41 5e 40 00 80 06 36 f5 c0 a8 01 05 3e 95 .4A^@...6.....>. 0020 82 2e 07 47 00 50 f5 2d 00 e6 00 00 00 00 80 02 ...G.P.-........ 0030 60 f4 8e 08 00 00 02 04 05 b4 01 03 03 00 01 01 `............... 0040 04 02 .. No. Time Source Destination Protocol Info 13 10.970133 62.149.128.160 192.168.1.5 TCP http > mysql-cm-agent [ACK] Seq=502 Ack=194 Win=6912 Len=0 Frame 13: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Arrival Time: Jan 4, 2011 10:47:57.088507000 ora solare Europa occidentale Epoch Time: 1294134477.088507000 seconds [Time delta from previous captured frame: 0.006118000 seconds] [Time delta from previous displayed frame: 0.006118000 seconds] [Time since reference or first frame: 10.970133000 seconds] Frame Number: 13 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Avm_45:a4:92 (bc:05:43:45:a4:92), Dst: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Destination: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Avm_45:a4:92 (bc:05:43:45:a4:92) Address: Avm_45:a4:92 (bc:05:43:45:a4:92) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src: 62.149.128.160 (62.149.128.160), Dst: 192.168.1.5 (192.168.1.5) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x32f8 (13048) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 50 Protocol: TCP (6) Header checksum: 0x94f5 [correct] [Good: True] [Bad: False] Source: 62.149.128.160 (62.149.128.160) Destination: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: http (80), Dst Port: mysql-cm-agent (1862), Seq: 502, Ack: 194, Len: 0 Source port: http (80) Destination port: mysql-cm-agent (1862) [Stream index: 0] Sequence number: 502 (relative sequence number) Acknowledgement number: 194 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 6912 (scaled) Checksum: 0x5c0e [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 11] [The RTT to ACK the segment was: 0.021974000 seconds] 0000 00 c0 9f 38 7c 56 bc 05 43 45 a4 92 08 00 45 00 ...8|V..CE....E. 0010 00 28 32 f8 40 00 32 06 94 f5 3e 95 80 a0 c0 a8 .(2.@.2...>..... 0020 01 05 00 50 07 46 9c 68 ab 31 42 ff 39 f4 50 10 ...P.F.h.1B.9.P. 0030 06 c0 5c 0e 00 00 00 00 00 00 00 00 ..\......... No. Time Source Destination Protocol Info 14 10.983790 62.149.130.46 192.168.1.5 TCP http > msnp [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1430 WS=0 SACK_PERM=1 Frame 14: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) Arrival Time: Jan 4, 2011 10:47:57.102164000 ora solare Europa occidentale Epoch Time: 1294134477.102164000 seconds [Time delta from previous captured frame: 0.013657000 seconds] [Time delta from previous displayed frame: 0.013657000 seconds] [Time since reference or first frame: 10.983790000 seconds] Frame Number: 14 Frame Length: 66 bytes (528 bits) Capture Length: 66 bytes (528 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: Avm_45:a4:92 (bc:05:43:45:a4:92), Dst: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Destination: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Avm_45:a4:92 (bc:05:43:45:a4:92) Address: Avm_45:a4:92 (bc:05:43:45:a4:92) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 62.149.130.46 (62.149.130.46), Dst: 192.168.1.5 (192.168.1.5) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 52 Identification: 0x5ece (24270) Flags: 0x00 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 115 Protocol: TCP (6) Header checksum: 0x6685 [correct] [Good: True] [Bad: False] Source: 62.149.130.46 (62.149.130.46) Destination: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: http (80), Dst Port: msnp (1863), Seq: 0, Ack: 1, Len: 0 Source port: http (80) Destination port: msnp (1863) [Stream index: 1] Sequence number: 0 (relative sequence number) Acknowledgement number: 1 (relative ack number) Header length: 32 bytes Flags: 0x12 (SYN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port http] [Message: Connection establish acknowledge (SYN+ACK): server port http] [Severity level: Chat] [Group: Sequence] .... ...0 = Fin: Not set Window size: 16384 Checksum: 0xa9c1 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (12 bytes) Maximum segment size: 1430 bytes NOP Window scale: 0 (multiply by 1) NOP NOP TCP SACK Permitted Option: True [SEQ/ACK analysis] [This is an ACK to the segment in frame: 12] [The RTT to ACK the segment was: 0.019775000 seconds] 0000 00 c0 9f 38 7c 56 bc 05 43 45 a4 92 08 00 45 00 ...8|V..CE....E. 0010 00 34 5e ce 00 00 73 06 66 85 3e 95 82 2e c0 a8 .4^...s.f.>..... 0020 01 05 00 50 07 47 09 6d fb da f5 2d 00 e7 80 12 ...P.G.m...-.... 0030 40 00 a9 c1 00 00 02 04 05 96 01 03 03 00 01 01 @............... 0040 04 02 .. No. Time Source Destination Protocol Info 15 10.983888 192.168.1.5 62.149.130.46 TCP msnp > http [ACK] Seq=1 Ack=1 Win=24820 Len=0 Frame 15: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Arrival Time: Jan 4, 2011 10:47:57.102262000 ora solare Europa occidentale Epoch Time: 1294134477.102262000 seconds [Time delta from previous captured frame: 0.000098000 seconds] [Time delta from previous displayed frame: 0.000098000 seconds] [Time since reference or first frame: 10.983888000 seconds] Frame Number: 15 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] [Coloring Rule Name: HTTP] [Coloring Rule String: http || tcp.port == 80] Ethernet II, Src: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56), Dst: Avm_45:a4:92 (bc:05:43:45:a4:92) Destination: Avm_45:a4:92 (bc:05:43:45:a4:92) Address: Avm_45:a4:92 (bc:05:43:45:a4:92) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 62.149.130.46 (62.149.130.46) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x415f (16735) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x3700 [correct] [Good: True] [Bad: False] Source: 192.168.1.5 (192.168.1.5) Destination: 62.149.130.46 (62.149.130.46) Transmission Control Protocol, Src Port: msnp (1863), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0 Source port: msnp (1863) Destination port: http (80) [Stream index: 1] Sequence number: 1 (relative sequence number) Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 24820 Checksum: 0xc97a [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 14] [The RTT to ACK the segment was: 0.000098000 seconds] 0000 bc 05 43 45 a4 92 00 c0 9f 38 7c 56 08 00 45 00 ..CE.....8|V..E. 0010 00 28 41 5f 40 00 80 06 37 00 c0 a8 01 05 3e 95 .(A_@...7.....>. 0020 82 2e 07 47 00 50 f5 2d 00 e7 09 6d fb db 50 10 ...G.P.-...m..P. 0030 60 f4 c9 7a 00 00 `..z.. No. Time Source Destination Protocol Info 16 10.984054 192.168.1.5 62.149.130.46 HTTP GET /public/Files/PHP/.........php HTTP/1.1 Frame 16: 201 bytes on wire (1608 bits), 201 bytes captured (1608 bits) Arrival Time: Jan 4, 2011 10:47:57.102428000 ora solare Europa occidentale Epoch Time: 1294134477.102428000 seconds [Time delta from previous captured frame: 0.000166000 seconds] [Time delta from previous displayed frame: 0.000166000 seconds] [Time since reference or first frame: 10.984054000 seconds] Frame Number: 16 Frame Length: 201 bytes (1608 bits) Capture Length: 201 bytes (1608 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] Ethernet II, Src: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56), Dst: Avm_45:a4:92 (bc:05:43:45:a4:92) Destination: Avm_45:a4:92 (bc:05:43:45:a4:92) Address: Avm_45:a4:92 (bc:05:43:45:a4:92) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 62.149.130.46 (62.149.130.46) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 187 Identification: 0x4160 (16736) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x366c [correct] [Good: True] [Bad: False] Source: 192.168.1.5 (192.168.1.5) Destination: 62.149.130.46 (62.149.130.46) Transmission Control Protocol, Src Port: msnp (1863), Dst Port: http (80), Seq: 1, Ack: 1, Len: 147 Source port: msnp (1863) Destination port: http (80) [Stream index: 1] Sequence number: 1 (relative sequence number) [Next sequence number: 148 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 24820 Checksum: 0x6691 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Number of bytes in flight: 147] Hypertext Transfer Protocol GET /public/Files/PHP/.........php HTTP/1.1\r\n [Expert Info (Chat/Sequence): GET /public/Files/PHP/.........php HTTP/1.1\r\n] [Message: GET /public/Files/PHP/.........php HTTP/1.1\r\n] [Severity level: Chat] [Group: Sequence] Request Method: GET Request URI: /public/Files/PHP/.........php Request Version: HTTP/1.1 User-Agent: Mozilla//4.0\r\n Connection: Keep-Alive\r\n Cache-Control: no-cache\r\n Host: www..............net\r\n \r\n 0000 bc 05 43 45 a4 92 00 c0 9f 38 7c 56 08 00 45 00 ..CE.....8|V..E. 0010 00 bb 41 60 40 00 80 06 36 6c c0 a8 01 05 3e 95 ..A`@...6l....>. 0020 82 2e 07 47 00 50 f5 2d 00 e7 09 6d fb db 50 18 ...G.P.-...m..P. 0030 60 f4 66 91 00 00 47 45 54 20 2f 70 75 62 6c 69 `.f...GET /publi 0040 63 2f 46 69 6c 65 73 2f 50 48 50 2f 63 6f 6e 74 c/Files/PHP/cont 0050 65 6e 74 2e 70 68 70 20 48 54 54 50 2f 31 2e 31 ent.php HTTP/1.1 0060 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 6f ..User-Agent: Mo 0070 7a 69 6c 6c 61 2f 2f 34 2e 30 0d 0a 43 6f 6e 6e zilla//4.0..Conn 0080 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 ection: Keep-Ali 0090 76 65 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f ve..Cache-Contro 00a0 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 48 6f 73 l: no-cache..Hos 00b0 74 3a 20 77 77 77 2e 64 65 76 65 72 69 74 61 74 t: www....... 00c0 65 2e 6e 65 74 0d 0a 0d 0a e.net.... No. Time Source Destination Protocol Info 17 11.129899 62.149.130.46 192.168.1.5 TCP http > msnp [ACK] Seq=1 Ack=148 Win=65388 Len=0 Frame 17: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Arrival Time: Jan 4, 2011 10:47:57.248273000 ora solare Europa occidentale Epoch Time: 1294134477.248273000 seconds [Time delta from previous captured frame: 0.145845000 seconds] [Time delta from previous displayed frame: 0.145845000 seconds] [Time since reference or first frame: 11.129899000 seconds] Frame Number: 17 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] Ethernet II, Src: Avm_45:a4:92 (bc:05:43:45:a4:92), Dst: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Destination: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Avm_45:a4:92 (bc:05:43:45:a4:92) Address: Avm_45:a4:92 (bc:05:43:45:a4:92) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src: 62.149.130.46 (62.149.130.46), Dst: 192.168.1.5 (192.168.1.5) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5f5d (24413) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 115 Protocol: TCP (6) Header checksum: 0x2602 [correct] [Good: True] [Bad: False] Source: 62.149.130.46 (62.149.130.46) Destination: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: http (80), Dst Port: msnp (1863), Seq: 1, Ack: 148, Len: 0 Source port: http (80) Destination port: msnp (1863) [Stream index: 1] Sequence number: 1 (relative sequence number) Acknowledgement number: 148 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65388 Checksum: 0x2a6f [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 16] [The RTT to ACK the segment was: 0.145845000 seconds] 0000 00 c0 9f 38 7c 56 bc 05 43 45 a4 92 08 00 45 00 ...8|V..CE....E. 0010 00 28 5f 5d 40 00 73 06 26 02 3e 95 82 2e c0 a8 .(_]@.s.&.>..... 0020 01 05 00 50 07 47 09 6d fb db f5 2d 01 7a 50 10 ...P.G.m...-.zP. 0030 ff 6c 2a 6f 00 00 00 00 00 00 00 00 .l*o........ No. Time Source Destination Protocol Info 18 11.131960 62.149.130.46 192.168.1.5 TCP [TCP segment of a reassembled PDU] Frame 18: 449 bytes on wire (3592 bits), 449 bytes captured (3592 bits) Arrival Time: Jan 4, 2011 10:47:57.250334000 ora solare Europa occidentale Epoch Time: 1294134477.250334000 seconds [Time delta from previous captured frame: 0.002061000 seconds] [Time delta from previous displayed frame: 0.002061000 seconds] [Time since reference or first frame: 11.131960000 seconds] Frame Number: 18 Frame Length: 449 bytes (3592 bits) Capture Length: 449 bytes (3592 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http] Ethernet II, Src: Avm_45:a4:92 (bc:05:43:45:a4:92), Dst: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Destination: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Avm_45:a4:92 (bc:05:43:45:a4:92) Address: Avm_45:a4:92 (bc:05:43:45:a4:92) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 62.149.130.46 (62.149.130.46), Dst: 192.168.1.5 (192.168.1.5) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 435 Identification: 0x5f5e (24414) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 115 Protocol: TCP (6) Header checksum: 0x2476 [correct] [Good: True] [Bad: False] Source: 62.149.130.46 (62.149.130.46) Destination: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: http (80), Dst Port: msnp (1863), Seq: 1, Ack: 148, Len: 395 Source port: http (80) Destination port: msnp (1863) [Stream index: 1] Sequence number: 1 (relative sequence number) [Next sequence number: 396 (relative sequence number)] Acknowledgement number: 148 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65388 Checksum: 0x9658 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Number of bytes in flight: 395] TCP segment data (395 bytes) 0000 00 c0 9f 38 7c 56 bc 05 43 45 a4 92 08 00 45 00 ...8|V..CE....E. 0010 01 b3 5f 5e 40 00 73 06 24 76 3e 95 82 2e c0 a8 .._^@.s.$v>..... 0020 01 05 00 50 07 47 09 6d fb db f5 2d 01 7a 50 18 ...P.G.m...-.zP. 0030 ff 6c 96 58 00 00 48 54 54 50 2f 31 2e 31 20 32 .l.X..HTTP/1.1 2 0040 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 00 OK..Cache-Con 0050 74 72 6f 6c 3a 20 6e 6f 2d 73 74 6f 72 65 2c 20 trol: no-store, 0060 6e 6f 2d 63 61 63 68 65 2c 20 6d 75 73 74 2d 72 no-cache, must-r 0070 65 76 61 6c 69 64 61 74 65 2c 20 70 6f 73 74 2d evalidate, post- 0080 63 68 65 63 6b 3d 30 2c 20 70 72 65 2d 63 68 65 check=0, pre-che 0090 63 6b 3d 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e ck=0..Connection 00a0 3a 20 63 6c 6f 73 65 0d 0a 44 61 74 65 3a 20 54 : close..Date: T 00b0 75 65 2c 20 30 34 20 4a 61 6e 20 32 30 31 31 20 ue, 04 Jan 2011 00c0 30 39 3a 34 37 3a 34 37 20 47 4d 54 0d 0a 50 72 09:47:47 GMT..Pr 00d0 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a agma: no-cache.. 00e0 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 Content-Type: te 00f0 78 74 2f 68 74 6d 6c 0d 0a 45 78 70 69 72 65 73 xt/html..Expires 0100 3a 20 54 68 75 2c 20 31 39 20 4e 6f 76 20 31 39 : Thu, 19 Nov 19 0110 38 31 20 30 38 3a 35 32 3a 30 30 20 47 4d 54 0d 81 08:52:00 GMT. 0120 0a 53 65 72 76 65 72 3a 20 4d 69 63 72 6f 73 6f .Server: Microso 0130 66 74 2d 49 49 53 2f 36 2e 30 0d 0a 53 65 74 2d ft-IIS/6.0..Set- 0140 43 6f 6f 6b 69 65 3a 20 50 48 50 53 45 53 53 49 Cookie: PHPSESSI 0150 44 3d 6c 66 75 6e 33 74 38 34 6e 62 74 6b 65 70 D=lfun3t84nbtkep 0160 32 67 6b 6b 35 70 6c 72 32 6e 6e 30 3b 20 70 61 2gkk5plr2nn0; pa 0170 74 68 3d 2f 0d 0a 4d 69 63 72 6f 73 6f 66 74 4f th=/..MicrosoftO 0180 66 66 69 63 65 57 65 62 53 65 72 76 65 72 3a 20 fficeWebServer: 0190 35 2e 30 5f 50 75 62 0d 0a 58 2d 50 6f 77 65 72 5.0_Pub..X-Power 01a0 65 64 2d 42 79 3a 20 41 53 50 2e 4e 45 54 0d 0a ed-By: ASP.NET.. 01b0 0d 0a 41 72 72 61 79 0a 28 0a 29 0a 68 65 6c 6c ..Array.(.).hell 01c0 6f o No. Time Source Destination Protocol Info 19 11.239141 62.149.130.46 192.168.1.5 HTTP HTTP/1.1 200 OK (text/html) Frame 19: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Arrival Time: Jan 4, 2011 10:47:57.357515000 ora solare Europa occidentale Epoch Time: 1294134477.357515000 seconds [Time delta from previous captured frame: 0.107181000 seconds] [Time delta from previous displayed frame: 0.107181000 seconds] [Time since reference or first frame: 11.239141000 seconds] Frame Number: 19 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp:http:data-text-lines] Ethernet II, Src: Avm_45:a4:92 (bc:05:43:45:a4:92), Dst: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Destination: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Avm_45:a4:92 (bc:05:43:45:a4:92) Address: Avm_45:a4:92 (bc:05:43:45:a4:92) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src: 62.149.130.46 (62.149.130.46), Dst: 192.168.1.5 (192.168.1.5) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5fc9 (24521) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 115 Protocol: TCP (6) Header checksum: 0x2596 [correct] [Good: True] [Bad: False] Source: 62.149.130.46 (62.149.130.46) Destination: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: http (80), Dst Port: msnp (1863), Seq: 396, Ack: 148, Len: 0 Source port: http (80) Destination port: msnp (1863) [Stream index: 1] Sequence number: 396 (relative sequence number) Acknowledgement number: 148 (relative ack number) Header length: 20 bytes Flags: 0x11 (FIN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Message: Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] Window size: 65388 Checksum: 0x28e3 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [Reassembled TCP Segments (395 bytes): #18(395), #19(0)] [Frame: 18, payload: 0-394 (395 bytes)] [Frame: 19 (no data)] [Reassembled TCP length: 395] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [Message: HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Request Version: HTTP/1.1 Response Code: 200 Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\n Connection: close\r\n Date: Tue, 04 Jan 2011 09:47:47 GMT\r\n Pragma: no-cache\r\n Content-Type: text/html\r\n Expires: Thu, 19 Nov 1981 08:52:00 GMT\r\n Server: Microsoft-IIS/6.0\r\n Set-Cookie: PHPSESSID=lfun3t84nbtkep2gkk5plr2nn0; path=/\r\n MicrosoftOfficeWebServer: 5.0_Pub\r\n X-Powered-By: ASP.NET\r\n \r\n Line-based text data: text/html Array\n (\n )\n hello Frame (60 bytes): 0000 00 c0 9f 38 7c 56 bc 05 43 45 a4 92 08 00 45 00 ...8|V..CE....E. 0010 00 28 5f c9 40 00 73 06 25 96 3e 95 82 2e c0 a8 .(_.@.s.%.>..... 0020 01 05 00 50 07 47 09 6d fd 66 f5 2d 01 7a 50 11 ...P.G.m.f.-.zP. 0030 ff 6c 28 e3 00 00 00 00 00 00 00 00 .l(......... Reassembled TCP (395 bytes): 0000 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d HTTP/1.1 200 OK. 0010 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 .Cache-Control: 0020 6e 6f 2d 73 74 6f 72 65 2c 20 6e 6f 2d 63 61 63 no-store, no-cac 0030 68 65 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 he, must-revalid 0040 61 74 65 2c 20 70 6f 73 74 2d 63 68 65 63 6b 3d ate, post-check= 0050 30 2c 20 70 72 65 2d 63 68 65 63 6b 3d 30 0d 0a 0, pre-check=0.. 0060 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 Connection: clos 0070 65 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 30 34 e..Date: Tue, 04 0080 20 4a 61 6e 20 32 30 31 31 20 30 39 3a 34 37 3a Jan 2011 09:47: 0090 34 37 20 47 4d 54 0d 0a 50 72 61 67 6d 61 3a 20 47 GMT..Pragma: 00a0 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e no-cache..Conten 00b0 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d t-Type: text/htm 00c0 6c 0d 0a 45 78 70 69 72 65 73 3a 20 54 68 75 2c l..Expires: Thu, 00d0 20 31 39 20 4e 6f 76 20 31 39 38 31 20 30 38 3a 19 Nov 1981 08: 00e0 35 32 3a 30 30 20 47 4d 54 0d 0a 53 65 72 76 65 52:00 GMT..Serve 00f0 72 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 49 49 53 r: Microsoft-IIS 0100 2f 36 2e 30 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 /6.0..Set-Cookie 0110 3a 20 50 48 50 53 45 53 53 49 44 3d 6c 66 75 6e : PHPSESSID=lfun 0120 33 74 38 34 6e 62 74 6b 65 70 32 67 6b 6b 35 70 3t84nbtkep2gkk5p 0130 6c 72 32 6e 6e 30 3b 20 70 61 74 68 3d 2f 0d 0a lr2nn0; path=/.. 0140 4d 69 63 72 6f 73 6f 66 74 4f 66 66 69 63 65 57 MicrosoftOfficeW 0150 65 62 53 65 72 76 65 72 3a 20 35 2e 30 5f 50 75 ebServer: 5.0_Pu 0160 62 0d 0a 58 2d 50 6f 77 65 72 65 64 2d 42 79 3a b..X-Powered-By: 0170 20 41 53 50 2e 4e 45 54 0d 0a 0d 0a 41 72 72 61 ASP.NET....Arra 0180 79 0a 28 0a 29 0a 68 65 6c 6c 6f y.(.).hello No. Time Source Destination Protocol Info 20 11.239249 192.168.1.5 62.149.130.46 TCP msnp > http [ACK] Seq=148 Ack=397 Win=24425 Len=0 Frame 20: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Arrival Time: Jan 4, 2011 10:47:57.357623000 ora solare Europa occidentale Epoch Time: 1294134477.357623000 seconds [Time delta from previous captured frame: 0.000108000 seconds] [Time delta from previous displayed frame: 0.000108000 seconds] [Time since reference or first frame: 11.239249000 seconds] Frame Number: 20 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] Ethernet II, Src: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56), Dst: Avm_45:a4:92 (bc:05:43:45:a4:92) Destination: Avm_45:a4:92 (bc:05:43:45:a4:92) Address: Avm_45:a4:92 (bc:05:43:45:a4:92) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 62.149.130.46 (62.149.130.46) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x4161 (16737) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x36fe [correct] [Good: True] [Bad: False] Source: 192.168.1.5 (192.168.1.5) Destination: 62.149.130.46 (62.149.130.46) Transmission Control Protocol, Src Port: msnp (1863), Dst Port: http (80), Seq: 148, Ack: 397, Len: 0 Source port: msnp (1863) Destination port: http (80) [Stream index: 1] Sequence number: 148 (relative sequence number) Acknowledgement number: 397 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 24425 Checksum: 0xc8e6 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 19] [The RTT to ACK the segment was: 0.000108000 seconds] 0000 bc 05 43 45 a4 92 00 c0 9f 38 7c 56 08 00 45 00 ..CE.....8|V..E. 0010 00 28 41 61 40 00 80 06 36 fe c0 a8 01 05 3e 95 .(Aa@...6.....>. 0020 82 2e 07 47 00 50 f5 2d 01 7a 09 6d fd 67 50 10 ...G.P.-.z.m.gP. 0030 5f 69 c8 e6 00 00 _i.... No. Time Source Destination Protocol Info 21 11.239332 192.168.1.5 62.149.130.46 TCP msnp > http [FIN, ACK] Seq=148 Ack=397 Win=24425 Len=0 Frame 21: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Arrival Time: Jan 4, 2011 10:47:57.357706000 ora solare Europa occidentale Epoch Time: 1294134477.357706000 seconds [Time delta from previous captured frame: 0.000083000 seconds] [Time delta from previous displayed frame: 0.000083000 seconds] [Time since reference or first frame: 11.239332000 seconds] Frame Number: 21 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] Ethernet II, Src: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56), Dst: Avm_45:a4:92 (bc:05:43:45:a4:92) Destination: Avm_45:a4:92 (bc:05:43:45:a4:92) Address: Avm_45:a4:92 (bc:05:43:45:a4:92) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 192.168.1.5 (192.168.1.5), Dst: 62.149.130.46 (62.149.130.46) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x4162 (16738) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x36fd [correct] [Good: True] [Bad: False] Source: 192.168.1.5 (192.168.1.5) Destination: 62.149.130.46 (62.149.130.46) Transmission Control Protocol, Src Port: msnp (1863), Dst Port: http (80), Seq: 148, Ack: 397, Len: 0 Source port: msnp (1863) Destination port: http (80) [Stream index: 1] Sequence number: 148 (relative sequence number) Acknowledgement number: 397 (relative ack number) Header length: 20 bytes Flags: 0x11 (FIN, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Message: Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] Window size: 24425 Checksum: 0xc8e5 [validation disabled] [Good Checksum: False] [Bad Checksum: False] 0000 bc 05 43 45 a4 92 00 c0 9f 38 7c 56 08 00 45 00 ..CE.....8|V..E. 0010 00 28 41 62 40 00 80 06 36 fd c0 a8 01 05 3e 95 .(Ab@...6.....>. 0020 82 2e 07 47 00 50 f5 2d 01 7a 09 6d fd 67 50 11 ...G.P.-.z.m.gP. 0030 5f 69 c8 e5 00 00 _i.... No. Time Source Destination Protocol Info 22 11.260683 62.149.130.46 192.168.1.5 TCP http > msnp [ACK] Seq=397 Ack=149 Win=65388 Len=0 Frame 22: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Arrival Time: Jan 4, 2011 10:47:57.379057000 ora solare Europa occidentale Epoch Time: 1294134477.379057000 seconds [Time delta from previous captured frame: 0.021351000 seconds] [Time delta from previous displayed frame: 0.021351000 seconds] [Time since reference or first frame: 11.260683000 seconds] Frame Number: 22 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] Ethernet II, Src: Avm_45:a4:92 (bc:05:43:45:a4:92), Dst: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Destination: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Avm_45:a4:92 (bc:05:43:45:a4:92) Address: Avm_45:a4:92 (bc:05:43:45:a4:92) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Trailer: 000000000000 Internet Protocol, Src: 62.149.130.46 (62.149.130.46), Dst: 192.168.1.5 (192.168.1.5) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 40 Identification: 0x5fce (24526) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 115 Protocol: TCP (6) Header checksum: 0x2591 [correct] [Good: True] [Bad: False] Source: 62.149.130.46 (62.149.130.46) Destination: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: http (80), Dst Port: msnp (1863), Seq: 397, Ack: 149, Len: 0 Source port: http (80) Destination port: msnp (1863) [Stream index: 1] Sequence number: 397 (relative sequence number) Acknowledgement number: 149 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgement: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 65388 Checksum: 0x28e2 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 21] [The RTT to ACK the segment was: 0.021351000 seconds] 0000 00 c0 9f 38 7c 56 bc 05 43 45 a4 92 08 00 45 00 ...8|V..CE....E. 0010 00 28 5f ce 40 00 73 06 25 91 3e 95 82 2e c0 a8 .(_.@.s.%.>..... 0020 01 05 00 50 07 47 09 6d fd 67 f5 2d 01 7b 50 10 ...P.G.m.g.-.{P. 0030 ff 6c 28 e2 00 00 00 00 00 00 00 00 .l(......... No. Time Source Destination Protocol Info 23 13.561941 192.168.1.10 192.168.1.5 TCP 4804 > 14013 [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSV=1144632315 TSER=0 WS=2 Frame 23: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) Arrival Time: Jan 4, 2011 10:47:59.680315000 ora solare Europa occidentale Epoch Time: 1294134479.680315000 seconds [Time delta from previous captured frame: 2.301258000 seconds] [Time delta from previous displayed frame: 2.301258000 seconds] [Time since reference or first frame: 13.561941000 seconds] Frame Number: 23 Frame Length: 74 bytes (592 bits) Capture Length: 74 bytes (592 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ip:tcp] Ethernet II, Src: Avm_45:a4:92 (bc:05:43:45:a4:92), Dst: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Destination: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) Address: QuantaCo_38:7c:56 (00:c0:9f:38:7c:56) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: Avm_45:a4:92 (bc:05:43:45:a4:92) Address: Avm_45:a4:92 (bc:05:43:45:a4:92) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 192.168.1.10 (192.168.1.10), Dst: 192.168.1.5 (192.168.1.5) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 60 Identification: 0xfcb3 (64691) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0xbaa8 [correct] [Good: True] [Bad: False] Source: 192.168.1.10 (192.168.1.10) Destination: 192.168.1.5 (192.168.1.5) Transmission Control Protocol, Src Port: 4804 (4804), Dst Port: 14013 (14013), Seq: 0, Len: 0 Source port: 4804 (4804) Destination port: 14013 (14013) [Stream index: 2] Sequence number: 0 (relative sequence number) Header length: 40 bytes Flags: 0x02 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgement: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 14013] [Message: Connection establish request (SYN): server port 14013] [Severity level: Chat] [Group: Sequence] .... ...0 = Fin: Not set Window size: 5840 Checksum: 0x5511 [validation disabled] [Good Checksum: False] [Bad Checksum: False] Options: (20 bytes) Maximum segment size: 1460 bytes TCP SACK Permitted Option: True Timestamps: TSval 1144632315, TSecr 0 NOP Window scale: 2 (multiply by 4) 0000 00 c0 9f 38 7c 56 bc 05 43 45 a4 92 08 00 45 00 ...8|V..CE....E. 0010 00 3c fc b3 40 00 40 06 ba a8 c0 a8 01 0a c0 a8 .<..@.@......... 0020 01 05 12 c4 36 bd c7 c5 4f 48 00 00 00 00 a0 02 ....6...OH...... 0030 16 d0 55 11 00 00 02 04 05 b4 04 02 08 0a 44 39 ..U...........D9 0040 b3 fb 00 00 00 00 01 03 03 02 ..........There is the strange error 301 moved page nel frame 8 ??and the GET request in frame 16 (I made POST not Get...)and the answer on frame 18 from the server with the empty Array () (on the php: print_r ($_REQUEST);, so PHP hasn't get the "action= autoit")and the "hello", a simple echo to see the responce of the server.With wininet GET it works well at the same PHP page. Edited January 6, 2011 by frank10 Link to comment Share on other sites More sharing options...
arcker Posted January 7, 2011 Share Posted January 7, 2011 (edited) [Number of bytes in flight: 192] Hypertext Transfer Protocol POST /public/Files/PHP/.........php HTTP/1.1\r\n [Expert Info (Chat/Sequence): POST /public/Files/PHP/...........php HTTP/1.1\r\n] [Message: POST /public/Files/PHP/........php HTTP/1.1\r\n] in your previous message, so where did they go. do you have more messages in IIS logs ? please use httpanalyser, trial for 15 days. It will really help here to see if the packet is well sent. Edited January 7, 2011 by arcker -- Arck System _ Soon -- Ideas make everything "La critique est facile, l'art est difficile" Projects :[list] [*]Au3Service : Run your exe as service V3 / Updated 29/07/2013 Get it Here [/list] Link to comment Share on other sites More sharing options...
frank10 Posted January 7, 2011 Share Posted January 7, 2011 I will try httpanalyzer. I have another weird problem. I have a 24/24 script that connects to the server every 2 seconds. Autoit uses the Wininet func for 7-8h, then it stops sending data to the server, while the rest of the script works. With wireshark there is no TCP activity from autoit. What happens after about 7 hours to wininet?? or is PHP that blocks it in some way? I tried another autoit simple prog: while 1 _PHP_serverGET($data) ConsoleWrite("after PHP " & @HOUR & ":" & @MIN & @CRLF) Sleep(1500) WEnd and I get a simple answer from PHP, like this: <?php session_id("lfun3t84nbtkep2gkk5plr2nn0"); session_start(); if ( $_REQUEST['action'] == "autoit" ) { echo "hello" ; } ?>. the func is the wininet GET method that works well. Well, this one stops sending TCP packets after 3 hours! (I had the other prog running, communicating with another page on the server) What's this? I must solve this as I need a 24/24 communication. Link to comment Share on other sites More sharing options...
frank10 Posted January 9, 2011 Share Posted January 9, 2011 Well, good news! So, I tried Httpanalyzer: I discovered the User-agent / problem. It gave a server error: "HTTP/1.1 999 AW Special Error". To solve that it's sufficient to add a carachter to the user agent: it was "Mozilla/4.0" it should be: "Mozillaa/4.0" or "Mozilla/5.0o" etc . Weird but solved. For the post connection: it seems well formed with the data "action=autoit" present and no error from the server BUT there is no answer from the php page... only general echo but no POST data !! This is the RAW stream out: POST /public/Files/PHP/content.php HTTP/1.1 User-Agent: Mozilla/5.01 Content-Type: text/plain; charset=utf-8 Content-Length: 13 Host: www.deveritate.net Cache-Control: no-cache action=autoit and this the raw server answer: HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 08 Jan 2011 16:24:59 GMT Pragma: no-cache Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Server: Microsoft-IIS/6.0 Set-Cookie: PHPSESSID=lfun3t84nbtkep2gkk5plr2nn0; path=/ MicrosoftOfficeWebServer: 5.0_Pub X-Powered-By: ASP.NET hello Instead there is a difference between an ajax browser call and the autoit one: in the post data, the ajax has: "MimeType: application/x-www-form-urlencoded Size:12 bytes" and there is a parameter and the value. Instead in the autoit call there is: "MimeType:text/plain Size:13 bytes" and no couple values. I changed the code with: $type = "Content-Type: application/x-www-form-urlencoded"&@CRLF instead of : $type = "Content-Type: application/x-www-form-urlencoded"&@CRLF & _ 'Content-Type: text/plain; charset=utf-8' & @CRLF THAT was the error! It must be the x-form method NOT the text/plain or text/xml etc... Ok, solved. Now, I have to solve the other problem of the termination of connection after some hours ?? I tried the POST method (it's the same with GET) with autoit in the console window, to make consolewrite of the various handlers and I get three handlers (InternetOpen, InternetConnect, OpenRequest) and true from SendRequest for three hours, then I get 0 0 0 and false. So the first error in the Wininet Function is in the _WinINet_InternetOpen. from that point, I think the other calls fail. I have: $hInternetOpen = _WinINet_InternetOpen("Mozilla/5.0 Firefox/3.0.1", $INTERNET_OPEN_TYPE_DIRECT, 0, Default, Default) Maybe, with Consolewrite, I found some hints: the handlers returned by the function are progressive hex numbers. Both the prog I tested with different timings stop executing when the handlers reach 0x00CCFFF4 for InternetOpen, 0x00CCFFF8 for Internet Connect and 0x00CCFFFC for OpenRequest. So the problem could be a short address space. Now I'm trying with: _WinINet_InternetCloseHandle($hInternetOpen) after every call to the server. I see all the handlers are resetted every time without incrementing. I will report after 8-10 hours how it goes. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now