Skeeve-1.0 - README Copyright (C) 2004 Ilya Zelenchuk < dnetc [at] inbox.ru > =============================================================================== This file is part of Skeeve v1.0 (C) 2004 Ilya Zelenchuk Skeeve is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. Skeeve is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with Skeeve; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA =============================================================================== =============================================================================== GRAY-WORLD.NET / Skeeve ======================= The Skeeve program is part of the Gray-World.net projects. Our Gray-World Team presents on the http://gray-world.net website the projects and publications we are working on which are related to the NACS (Network Access Control System) bypassing research field and to the computer and network security topics. =============================================================================== ------------ INTRODUCTION ------------ With this tool, you can simply create an ICMP tunnel between two computers, which may be located in different networks and separated by a firewall. Skeeve utilizes ICMP packets and IP address spoofing technology to create a data channel in order to redirect TCP connections inside this channel. ------------ HOW IT WORKS ------------ Skeeve creates an ICMP tunnel which is based on the use of a Bounce server. This method relies upon the basic IP address spoofing technology. The Client of the tunnel is trying to send a packet to the Bounce server with an address of the destination Server as a source IP. The Bounce Server can replay this packet and forward it to the destination Server. By adding some payload to the packet, we can establish a covert communication channel between two computers without direct network interaction. Skeeve Client accepts TCP connections and works as a converter of the IP header (by changing protocol flag from TCP to ICMP echo_request|reply and making some other slight modifications). Skeeve Server is doing the reverse procedure and restores original IP header settings. Both parts are implemented in one C program as a Loadable Kernel module. Example: ///////////////////////////////////////////////////////////////////////// TCP Client(s) TCP Server(s) | (1) | (2) | +----------------+ ------> +----------------+ | -----> +----------------+ | Skeeve Client | | Bounce Server | | | Skeeve Server | +----------------+ <------ +----------------+ | <----- +----------------+ (4) | (3) Internal network DMZ | External network firewall ///////////////////////////////////////////////////////////////////////// 1) Client sends: IP_SRC - Skeeve Server IP (spoofed address) IP_DEST - Bounce Server IP ICMP->ECHO_REQUES 2) Bounce Server catches the ICMP ECHO_REQUEST message and answer with: IP_SRC - Bounce Server IP IP_DEST - Skeeve Server IP ICMP->ECHO_REPLY All payload inside the ECHO_REQUEST will be copied into the ECHO_REPLY by kernel without any changes. The same scheme will be used for reverse data. ---------------------------- HOW SKEEVE TRANSFORMS PACKET ---------------------------- What do we HAVE, and what do we WANT? We have a TCP packet and we want to send it as an ICMP one. But on the other side, we need to receive it as a TCP one. This is one condition - first, we need to know the source port for the client part and the destination port (const.) on the server part. Hmmm. OK. So, let's begin... I'll use hereafter an ascii presentation of each packet update so that you understand stage by stage the way the covering works... Stage 1: In the IP packet change the 'protocol' field from TCP to ICMP. Stage 2: Set the ICMP 'type' field in 'ECHO'. [FAKE PACKET] 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ECHO | 0 | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identifier | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data ... | | | | | | | | | | | | | | | | | +---------------------------------------------------------------+ [REAL PACKET] 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Damage | Destination Port | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Acknowledgment Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data | |U|A|P|R|S|F| | | Offset| Reserved |R|C|S|S|Y|I| Window | | | |G|K|H|T|N|N| | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum | Urgent Pointer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Stage 3: Calculate and set the ICMP checksum. If not, network equipment can drop this packet. Send... [ OK ] [FAKE PACKET] 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ECHO | 0 | Calculate CheckSum (new) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identifier | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data ... | | | | | | | | | | | | | | | | | | | +---------------------------------------------------------------+ [REAL PACKET] 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Damage | Damage | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Acknowledgment Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data | |U|A|P|R|S|F| | | Offset| Reserved |R|C|S|S|Y|I| Window | | | |G|K|H|T|N|N| | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum | Urgent Pointer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Whoooohhhhhh. 1-st Mission accomplished. Don't stop Somewhere on the net... < Receive > So we have our icmp packet which shall now be uncovered to a tcp one. Stage 4: Heh, yes, yes, In the IP packet change the 'protocol' field from ICMP to TCP. And we have: [REAL PACKET] 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Damage | Damage | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Acknowledgment Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data | |U|A|P|R|S|F| | | Offset| Reserved |R|C|S|S|Y|I| Window | | | |G|K|H|T|N|N| | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum | Urgent Pointer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Stage 5: At this moment, we have a TCP packet with corrupted PORT field's (see right column in Stage 2 && 3). As I say - we know the source (in server part - dest.) port. Set in the TCP 'source port' field. [REAL PACKET] 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Set Source PORT | Damage | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Acknowledgment Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data | |U|A|P|R|S|F| | | Offset| Reserved |R|C|S|S|Y|I| Window | | | |G|K|H|T|N|N| | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum | Urgent Pointer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Stage 6: To complete now, the dest.(source) port must be determined. It's easy: 6.0 - set port in NULL (0); 6.1 - save the TCP 'checksum' field in the variable "REAL_CHECKSUM" and then set field to NULL (0); 6.2 - calculate the TCP checksum (with port && checksum = NULL) and save in the variable "FAKE_CHECKSUM"; 6.3 - compare checksums; 6.4 - Port = FAKE_CHECKSUM - REAL_CHECKSUM (usually, FAKE_CHECKSUM > REAL_CHECKSUM - why? read RFC 1071); 6.5 - However, the situation might have changed. When REAL_CHECKSUM > FAKE_CHECKSUM, then port = (FAKE_CHECKSUM + 65535) - REAL_CHECKSUM; 6.6 - Set the dest.(source) port && recalculate checksum. Then compare REAL_CHECKSUM & new, they MUST BE EQUAL! Else - something wrong - drop packet. 6.7 - Don't forget, set the TCP 'checksum' field as REAL_CHECKSUM; [REAL PACKET] 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Set Source PORT | Set Destination PORT | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Acknowledgment Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data | |U|A|P|R|S|F| | | Offset| Reserved |R|C|S|S|Y|I| Window | | | |G|K|H|T|N|N| | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum | Urgent Pointer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Final Stage: open beer! ------ USAGE ------ "Skeeve" is easy to use. first a wall, we need determinate the paramaters: in skeeve.c ....... #define PORT 80 #define CLIENT_IP "192.168.1.55" #define BOUNCE_IP "192.168.1.1" #define TARGET_IP "192.168.1.251" ...... PORT - which port we will listen to! (example 80) CLIENT_IP - :) it's our ip. Start CLIENT part (example: insmod np.o type=client dev=eth0); BOUNCE_IP - IP by Bounce Server (BS); TARGET_IP - Our server IP, then we run SERVER part (example: insmod np.o type=server dev=eth0); Next: MAC adress. If beetwen Bounce Server & the client we have some active equipment (Some router), and this change MAC when a packet is retranslated packet, just comment this strings :-). Kernel sets the correct MAC by default. Else, we MUST change MAC to MAC of the Bounce Server! in skeeve.c ... skb->mac.ethernet->h_dest[0]=0; skb->mac.ethernet->h_dest[1]=128; ... After the parameters are set: you sould need to compile the code as lKM: gcc -O6 -c skeeve.c -I /usr/src/linux/include then, just load the module: insmod skeeve.o type={server | client} dev={eth0 | ...} For error see kernel messages: /var/log/messages ---- TEST ---- BEWARE: "SKEEVE" HAS BEEN TESTED "ONLY" ON LOCAL NETWORK. For testing i used: Client_IP - 192.168.1.55 MAC: 00:50:56:40:47:9F Bounce_IP - 192.168.1.1 MAC: 00:80:48:B6:9F:7A Server_IP - 192.168.1.251 MAC: 00:50:56:40:41:5F I use Wget to download index.html From Server! wget http://192.168.1.251/index.html As you can see, connect to the server directly, it's very important, because all routine is hidden from the application. Full Dump: /* Start: */ No: 1-2 - Send TCP->SYN 3-4 - Recive TCP->SYN:ACK 5-6 - Send TCP->ACK - handshake 7-8 - Send HTTP /Get index.html 9-10 - Recive HTTP Data (index.html) 11-12 - continue... 13-14 - still recive :) 15-16 - Send TCP->ACK 17-18 - Send TCP->ACK 19-20 - Send TCP->ACK:FIN 21-22 - Recive TCP->ACK:FIN 23-24 - Send TCP->ACK /* END. */ No: 1 Timestamp: 20:7:44:388 MAC source address: 00:50:56:40:47:9F MAC dest address: 00:80:48:B6:9F:7A Frame type: IP Protocol: ICMP->Echo_Request Source IP address: 192.168.1.251 Dest IP address: 192.168.1.1 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 74 Packet data: 0000: 00 80 48 B6 9F 7A 00 50 56 40 47 9F 08 00 45 00 ..H..z.PV@G...E. 0010: 00 3C 04 84 40 00 40 01 B1 F0 C0 A8 01 FB C0 A8 ....@.@......... 0020: 01 01 08 00 81 19 4A 48 2F 64 00 00 00 00 A0 02 ......JH/d...... 0030: 16 D0 02 BA 00 00 02 04 05 B4 04 02 08 0A 00 06 ................ 0040: 2B E0 00 00 00 00 01 03 03 00 +......... ===================================================================== No: 2 Timestamp: 20:7:44:388 MAC source address: 00:80:48:B6:9F:7A MAC dest address: 00:50:56:40:41:5F Frame type: IP Protocol: ICMP->Echo_Reply Source IP address: 192.168.1.1 Dest IP address: 192.168.1.251 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 74 Packet data: 0000: 00 50 56 40 41 5F 00 80 48 B6 9F 7A 08 00 45 00 .PV@A_..H..z..E. 0010: 00 3C 0D 02 40 00 80 01 69 72 C0 A8 01 01 C0 A8 ....@...ir...... 0020: 01 FB 00 00 89 19 4A 48 2F 64 00 00 00 00 A0 02 ......JH/d...... 0030: 16 D0 02 BA 00 00 02 04 05 B4 04 02 08 0A 00 06 ................ 0040: 2B E0 00 00 00 00 01 03 03 00 +......... ===================================================================== No: 3 Timestamp: 20:7:44:388 MAC source address: 00:50:56:40:41:5F MAC dest address: 00:80:48:B6:9F:7A Frame type: IP Protocol: ICMP->Echo_Request Source IP address: 192.168.1.55 Dest IP address: 192.168.1.1 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 74 Packet data: 0000: 00 80 48 B6 9F 7A 00 50 56 40 41 5F 08 00 45 00 ..H..z.PV@A_..E. 0010: 00 3C 00 00 40 00 40 01 B7 38 C0 A8 01 37 C0 A8 ....@.@..8...7.. 0020: 01 01 08 00 81 19 1B 6F 67 53 4A 48 2F 65 A0 12 .......ogSJH/e.. 0030: 16 A0 87 07 00 00 02 04 05 B4 04 02 08 0A 00 04 ................ 0040: F9 0A 00 06 2B E0 01 03 03 00 ....+..... ===================================================================== No: 4 Timestamp: 20:7:44:398 MAC source address: 00:80:48:B6:9F:7A MAC dest address: 00:50:56:40:47:9F Frame type: IP Protocol: ICMP->Echo_Reply Source IP address: 192.168.1.1 Dest IP address: 192.168.1.55 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 74 Packet data: 0000: 00 50 56 40 47 9F 00 80 48 B6 9F 7A 08 00 45 00 .PV@G...H..z..E. 0010: 00 3C 0E 02 40 00 80 01 69 36 C0 A8 01 01 C0 A8 ....@...i6...... 0020: 01 37 00 00 89 19 1B 6F 67 53 4A 48 2F 65 A0 12 .7.....ogSJH/e.. 0030: 16 A0 87 07 00 00 02 04 05 B4 04 02 08 0A 00 04 ................ 0040: F9 0A 00 06 2B E0 01 03 03 00 ....+..... ===================================================================== No: 5 Timestamp: 20:7:44:398 MAC source address: 00:50:56:40:47:9F MAC dest address: 00:80:48:B6:9F:7A Frame type: IP Protocol: ICMP->Echo_Request Source IP address: 192.168.1.251 Dest IP address: 192.168.1.1 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 66 Packet data: 0000: 00 80 48 B6 9F 7A 00 50 56 40 47 9F 08 00 45 00 ..H..z.PV@G...E. 0010: 00 34 04 85 40 00 40 01 B1 F7 C0 A8 01 FB C0 A8 .4..@.@......... 0020: 01 01 08 00 81 11 4A 48 2F 65 1B 6F 67 54 80 10 ......JH/e.ogT.. 0030: 16 D0 B5 9B 00 00 01 01 08 0A 00 06 2B E1 00 04 ............+... 0040: F9 0A .. ===================================================================== No: 6 Timestamp: 20:7:44:398 MAC source address: 00:80:48:B6:9F:7A MAC dest address: 00:50:56:40:41:5F Frame type: IP Protocol: ICMP->Echo_Reply Source IP address: 192.168.1.1 Dest IP address: 192.168.1.251 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 66 Packet data: 0000: 00 50 56 40 41 5F 00 80 48 B6 9F 7A 08 00 45 00 .PV@A_..H..z..E. 0010: 00 34 0F 02 40 00 80 01 67 7A C0 A8 01 01 C0 A8 .4..@...gz...... 0020: 01 FB 00 00 89 11 4A 48 2F 65 1B 6F 67 54 80 10 ......JH/e.ogT.. 0030: 16 D0 B5 9B 00 00 01 01 08 0A 00 06 2B E1 00 04 ............+... 0040: F9 0A .. ===================================================================== No: 7 Timestamp: 20:7:44:449 MAC source address: 00:50:56:40:47:9F MAC dest address: 00:80:48:B6:9F:7A Frame type: IP Protocol: ICMP->Echo_Request Source IP address: 192.168.1.251 Dest IP address: 192.168.1.1 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 176 Packet data: 0000: 00 80 48 B6 9F 7A 00 50 56 40 47 9F 08 00 45 00 ..H..z.PV@G...E. 0010: 00 A2 04 86 40 00 40 01 B1 88 C0 A8 01 FB C0 A8 ....@.@......... 0020: 01 01 08 00 81 7F 4A 48 2F 65 1B 6F 67 54 80 18 ......JH/e.ogT.. 0030: 16 D0 A7 AF 00 00 01 01 08 0A 00 06 2B E2 00 04 ............+... 0040: F9 0A 47 45 54 20 2F 69 6E 64 65 78 2E 68 74 6D ..GET /index.htm 0050: 6C 20 48 54 54 50 2F 31 2E 30 0D 0A 55 73 65 72 l HTTP/1.0..User 0060: 2D 41 67 65 6E 74 3A 20 57 67 65 74 2F 31 2E 38 -Agent: Wget/1.8 0070: 2E 32 0D 0A 48 6F 73 74 3A 20 31 39 32 2E 31 36 .2..Host: 192.16 0080: 38 2E 31 2E 32 35 31 0D 0A 41 63 63 65 70 74 3A 8.1.251..Accept: 0090: 20 2A 2F 2A 0D 0A 43 6F 6E 6E 65 63 74 69 6F 6E */*..Connection 00A0: 3A 20 4B 65 65 70 2D 41 6C 69 76 65 0D 0A 0D 0A : Keep-Alive.... 00B0: ===================================================================== No: 8 Timestamp: 20:7:44:449 MAC source address: 00:80:48:B6:9F:7A MAC dest address: 00:50:56:40:41:5F Frame type: IP Protocol: ICMP->Echo_Reply Source IP address: 192.168.1.1 Dest IP address: 192.168.1.251 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 176 Packet data: 0000: 00 50 56 40 41 5F 00 80 48 B6 9F 7A 08 00 45 00 .PV@A_..H..z..E. 0010: 00 A2 10 02 40 00 80 01 66 0C C0 A8 01 01 C0 A8 ....@...f....... 0020: 01 FB 00 00 89 7F 4A 48 2F 65 1B 6F 67 54 80 18 ......JH/e.ogT.. 0030: 16 D0 A7 AF 00 00 01 01 08 0A 00 06 2B E2 00 04 ............+... 0040: F9 0A 47 45 54 20 2F 69 6E 64 65 78 2E 68 74 6D ..GET /index.htm 0050: 6C 20 48 54 54 50 2F 31 2E 30 0D 0A 55 73 65 72 l HTTP/1.0..User 0060: 2D 41 67 65 6E 74 3A 20 57 67 65 74 2F 31 2E 38 -Agent: Wget/1.8 0070: 2E 32 0D 0A 48 6F 73 74 3A 20 31 39 32 2E 31 36 .2..Host: 192.16 0080: 38 2E 31 2E 32 35 31 0D 0A 41 63 63 65 70 74 3A 8.1.251..Accept: 0090: 20 2A 2F 2A 0D 0A 43 6F 6E 6E 65 63 74 69 6F 6E */*..Connection 00A0: 3A 20 4B 65 65 70 2D 41 6C 69 76 65 0D 0A 0D 0A : Keep-Alive.... 00B0: ===================================================================== No: 9 Timestamp: 20:7:44:449 MAC source address: 00:50:56:40:41:5F MAC dest address: 00:80:48:B6:9F:7A Frame type: IP Protocol: ICMP->Echo_Request Source IP address: 192.168.1.55 Dest IP address: 192.168.1.1 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 66 Packet data: 0000: 00 80 48 B6 9F 7A 00 50 56 40 41 5F 08 00 45 00 ..H..z.PV@A_..E. 0010: 00 34 9E 5F 40 00 40 01 18 E1 C0 A8 01 37 C0 A8 .4._@.@......7.. 0020: 01 01 08 00 81 11 1B 6F 67 54 4A 48 2F D3 80 10 .......ogTJH/... 0030: 16 A0 B5 56 00 00 01 01 08 0A 00 04 F9 10 00 06 ...V............ 0040: 2B E2 +. ===================================================================== No: 10 Timestamp: 20:7:44:449 MAC source address: 00:80:48:B6:9F:7A MAC dest address: 00:50:56:40:47:9F Frame type: IP Protocol: ICMP->Echo_Reply Source IP address: 192.168.1.1 Dest IP address: 192.168.1.55 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 66 Packet data: 0000: 00 50 56 40 47 9F 00 80 48 B6 9F 7A 08 00 45 00 .PV@G...H..z..E. 0010: 00 34 11 02 40 00 80 01 66 3E C0 A8 01 01 C0 A8 .4..@...f....... 0020: 01 37 00 00 89 11 1B 6F 67 54 4A 48 2F D3 80 10 .7.....ogTJH/... 0030: 16 A0 B5 56 00 00 01 01 08 0A 00 04 F9 10 00 06 ...V............ 0040: 2B E2 +. ===================================================================== No: 11 Timestamp: 20:7:44:519 MAC source address: 00:50:56:40:41:5F MAC dest address: 00:80:48:B6:9F:7A Frame type: IP Protocol: ICMP->Echo_Request Source IP address: 192.168.1.55 Dest IP address: 192.168.1.1 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 1514 Packet data: 0000: 00 80 48 B6 9F 7A 00 50 56 40 41 5F 08 00 45 00 ..H..z.PV@A_..E. 0010: 05 DC 9E 60 40 00 40 01 13 38 C0 A8 01 37 C0 A8 ...`@.@..8...7.. 0020: 01 01 08 00 86 B9 1B 6F 67 54 4A 48 2F D3 80 10 .......ogTJH/... 0030: 16 A0 A0 56 00 00 01 01 08 0A 00 04 F9 14 00 06 ...V............ 0040: 2B E2 48 54 54 50 2F 31 2E 31 20 32 30 30 20 4F +.HTTP/1.1 200 O 0050: 4B 0D 0A 44 61 74 65 3A 20 54 68 75 2C 20 30 36 K..Date: Thu, 06 0060: 20 4D 61 79 20 32 30 30 34 20 30 32 3A 30 37 3A May 2004 02:07: 0070: 34 30 20 47 4D 54 0D 0A 53 65 72 76 65 72 3A 20 40 GMT..Server: 0080: 41 70 61 63 68 65 2F 32 2E 30 2E 34 39 20 28 55 Apache/2.0.49 (U 0090: 6E 69 78 29 20 50 48 50 2F 34 2E 33 2E 35 0D 0A nix) PHP/4.3.5.. 00A0: 4C 61 73 74 2D 4D 6F 64 69 66 69 65 64 3A 20 4D Last-Modified: M 00B0: 6F 6E 2C 20 31 32 20 41 70 72 20 32 30 30 34 20 on, 12 Apr 2004 00C0: 30 36 3A 30 38 3A 32 35 20 47 4D 54 0D 0A 45 54 06:08:25 GMT..ET 00D0: 61 67 3A 20 22 32 30 35 61 39 2D 35 62 30 2D 39 ag: "205a9-5b0-9 00E0: 32 62 65 38 38 34 30 22 0D 0A 41 63 63 65 70 74 2be8840"..Accept 00F0: 2D 52 61 6E 67 65 73 3A 20 62 79 74 65 73 0D 0A -Ranges: bytes.. 0100: 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 Content-Length: 0110: 31 34 35 36 0D 0A 4B 65 65 70 2D 41 6C 69 76 65 1456..Keep-Alive 0120: 3A 20 74 69 6D 65 6F 75 74 3D 31 35 2C 20 6D 61 : timeout=15, ma 0130: 78 3D 31 30 30 0D 0A 43 6F 6E 6E 65 63 74 69 6F x=100..Connectio 0140: 6E 3A 20 4B 65 65 70 2D 41 6C 69 76 65 0D 0A 43 n: Keep-Alive..C 0150: 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74 65 78 ontent-Type: tex 0160: 74 2F 68 74 6D 6C 3B 20 63 68 61 72 73 65 74 3D t/html; charset= 0170: 49 53 4F 2D 38 38 35 39 2D 31 0D 0A 0D 0A 3C 21 ISO-8859-1.....! 0180: 44 4F 43 54 59 50 45 20 68 74 6D 6C 20 50 55 42 DOCTYPE html PUB 0190: 4C 49 43 20 22 2D 2F 2F 57 33 43 2F 2F 44 54 44 LIC "-//W3C//DTD 01A0: 20 58 48 54 4D 4C 20 31 2E 30 20 54 72 61 6E 73 XHTML 1.0 Trans 01B0: 69 74 69 6F 6E 61 6C 2F 2F 45 4E 22 0A 20 20 20 itional//EN". 01C0: 20 22 68 74 74 70 3A 2F 2F 77 77 77 2E 77 33 2E "http://www.w3. 01D0: 6F 72 67 2F 54 52 2F 78 68 74 6D 6C 31 2F 44 54 org/TR/xhtml1/DT 01E0: 44 2F 78 68 74 6D 6C 31 2D 74 72 61 6E 73 69 74 D/xhtml1-transit 01F0: 69 6F 6E 61 6C 2E 64 74 64 22 3E 0A 3C 68 74 6D ional.dtd"...htm 0200: 6C 20 78 6D 6C 6E 73 3D 22 68 74 74 70 3A 2F 2F l xmlns="http:// 0210: 77 77 77 2E 77 33 2E 6F 72 67 2F 31 39 39 39 2F www.w3.org/1999/ 0220: 78 68 74 6D 6C 22 3E 0A 3C 68 65 61 64 3E 0A 3C xhtml"...head... 0230: 74 69 74 6C 65 3E 54 65 73 74 20 50 61 67 65 20 title.Test Page 0240: 66 6F 72 20 41 70 61 63 68 65 20 49 6E 73 74 61 for Apache Insta 0250: 6C 6C 61 74 69 6F 6E 3C 2F 74 69 74 6C 65 3E 0A llation./title.. 0260: 3C 2F 68 65 61 64 3E 0A 3C 21 2D 2D 20 42 61 63 ./head...!-- Bac 0270: 6B 67 72 6F 75 6E 64 20 77 68 69 74 65 2C 20 6C kground white, l 0280: 69 6E 6B 73 20 62 6C 75 65 20 28 75 6E 76 69 73 inks blue (unvis 0290: 69 74 65 64 29 2C 20 6E 61 76 79 20 28 76 69 73 ited), navy (vis 02A0: 69 74 65 64 29 2C 20 72 65 64 0A 28 61 63 74 69 ited), red.(acti 02B0: 76 65 29 20 2D 2D 3E 0A 3C 62 6F 64 79 20 62 67 ve) --...body bg 02C0: 63 6F 6C 6F 72 3D 22 23 46 46 46 46 46 46 22 20 color="#FFFFFF" 02D0: 74 65 78 74 3D 22 23 30 30 30 30 30 30 22 20 6C text="#000000" l 02E0: 69 6E 6B 3D 22 23 30 30 30 30 46 46 22 0A 76 6C ink="#0000FF".vl 02F0: 69 6E 6B 3D 22 23 30 30 30 30 38 30 22 20 61 6C ink="#000080" al 0300: 69 6E 6B 3D 22 23 46 46 30 30 30 30 22 3E 0A 3C ink="#FF0000"... 0310: 70 3E 49 66 20 79 6F 75 20 63 61 6E 20 73 65 65 p.If you can see 0320: 20 74 68 69 73 2C 20 69 74 20 6D 65 61 6E 73 20 this, it means 0330: 74 68 61 74 20 74 68 65 20 69 6E 73 74 61 6C 6C that the install 0340: 61 74 69 6F 6E 20 6F 66 20 74 68 65 20 3C 61 0A ation of the .a. 0350: 68 72 65 66 3D 22 68 74 74 70 3A 2F 2F 77 77 77 href="http://www 0360: 2E 61 70 61 63 68 65 2E 6F 72 67 2F 66 6F 75 6E .apache.org/foun 0370: 64 61 74 69 6F 6E 2F 70 72 65 46 41 51 2E 68 74 dation/preFAQ.ht 0380: 6D 6C 22 3E 41 70 61 63 68 65 20 77 65 62 0A 73 ml".Apache web.s 0390: 65 72 76 65 72 3C 2F 61 3E 20 73 6F 66 74 77 61 erver./a. softwa 03A0: 72 65 20 6F 6E 20 74 68 69 73 20 73 79 73 74 65 re on this syste 03B0: 6D 20 77 61 73 20 73 75 63 63 65 73 73 66 75 6C m was successful 03C0: 2E 20 59 6F 75 20 6D 61 79 20 6E 6F 77 20 61 64 . You may now ad 03D0: 64 0A 63 6F 6E 74 65 6E 74 20 74 6F 20 74 68 69 d.content to thi 03E0: 73 20 64 69 72 65 63 74 6F 72 79 20 61 6E 64 20 s directory and 03F0: 72 65 70 6C 61 63 65 20 74 68 69 73 20 70 61 67 replace this pag 0400: 65 2E 3C 2F 70 3E 0A 0A 3C 68 72 20 77 69 64 74 e../p....hr widt 0410: 68 3D 22 35 30 25 22 20 73 69 7A 65 3D 22 38 22 h="50%" size="8" 0420: 20 2F 3E 0A 3C 68 32 20 61 6C 69 67 6E 3D 22 63 /...h2 align="c 0430: 65 6E 74 65 72 22 3E 53 65 65 69 6E 67 20 74 68 enter".Seeing th 0440: 69 73 20 69 6E 73 74 65 61 64 20 6F 66 20 74 68 is instead of th 0450: 65 20 77 65 62 73 69 74 65 20 79 6F 75 0A 65 78 e website you.ex 0460: 70 65 63 74 65 64 3F 3C 2F 68 32 3E 0A 0A 3C 70 pected?./h2....p 0470: 3E 54 68 69 73 20 70 61 67 65 20 69 73 20 68 65 .This page is he 0480: 72 65 20 62 65 63 61 75 73 65 20 74 68 65 20 73 re because the s 0490: 69 74 65 20 61 64 6D 69 6E 69 73 74 72 61 74 6F ite administrato 04A0: 72 20 68 61 73 20 63 68 61 6E 67 65 64 20 74 68 r has changed th 04B0: 65 0A 63 6F 6E 66 69 67 75 72 61 74 69 6F 6E 20 e.configuration 04C0: 6F 66 20 74 68 69 73 20 77 65 62 20 73 65 72 76 of this web serv 04D0: 65 72 2E 20 50 6C 65 61 73 65 20 3C 73 74 72 6F er. Please .stro 04E0: 6E 67 3E 63 6F 6E 74 61 63 74 20 74 68 65 20 70 ng.contact the p 04F0: 65 72 73 6F 6E 0A 72 65 73 70 6F 6E 73 69 62 6C erson.responsibl 0500: 65 20 66 6F 72 20 6D 61 69 6E 74 61 69 6E 69 6E e for maintainin 0510: 67 20 74 68 69 73 20 73 65 72 76 65 72 20 77 69 g this server wi 0520: 74 68 20 71 75 65 73 74 69 6F 6E 73 2E 3C 2F 73 th questions../s 0530: 74 72 6F 6E 67 3E 0A 54 68 65 20 41 70 61 63 68 trong..The Apach 0540: 65 20 53 6F 66 74 77 61 72 65 20 46 6F 75 6E 64 e Software Found 0550: 61 74 69 6F 6E 2C 20 77 68 69 63 68 20 77 72 6F ation, which wro 0560: 74 65 20 74 68 65 20 77 65 62 20 73 65 72 76 65 te the web serve 0570: 72 20 73 6F 66 74 77 61 72 65 0A 74 68 69 73 20 r software.this 0580: 73 69 74 65 20 61 64 6D 69 6E 69 73 74 72 61 74 site administrat 0590: 6F 72 20 69 73 20 75 73 69 6E 67 2C 20 68 61 73 or is using, has 05A0: 20 6E 6F 74 68 69 6E 67 20 74 6F 20 64 6F 20 77 nothing to do w 05B0: 69 74 68 0A 6D 61 69 6E 74 61 69 6E 69 6E 67 20 ith.maintaining 05C0: 74 68 69 73 20 73 69 74 65 20 61 6E 64 20 63 61 this site and ca 05D0: 6E 6E 6F 74 20 68 65 6C 70 20 72 65 73 6F 6C 76 nnot help resolv 05E0: 65 20 63 6F 6E 66 69 67 75 72 e configur ===================================================================== No: 12 Timestamp: 20:7:44:519 MAC source address: 00:80:48:B6:9F:7A MAC dest address: 00:50:56:40:47:9F Frame type: IP Protocol: ICMP->Echo_Reply Source IP address: 192.168.1.1 Dest IP address: 192.168.1.55 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 1514 Packet data: 0000: 00 50 56 40 47 9F 00 80 48 B6 9F 7A 08 00 45 00 .PV@G...H..z..E. 0010: 05 DC 12 02 40 00 80 01 5F 96 C0 A8 01 01 C0 A8 ....@..._....... 0020: 01 37 00 00 8E B9 1B 6F 67 54 4A 48 2F D3 80 10 .7.....ogTJH/... 0030: 16 A0 A0 56 00 00 01 01 08 0A 00 04 F9 14 00 06 ...V............ 0040: 2B E2 48 54 54 50 2F 31 2E 31 20 32 30 30 20 4F +.HTTP/1.1 200 O 0050: 4B 0D 0A 44 61 74 65 3A 20 54 68 75 2C 20 30 36 K..Date: Thu, 06 0060: 20 4D 61 79 20 32 30 30 34 20 30 32 3A 30 37 3A May 2004 02:07: 0070: 34 30 20 47 4D 54 0D 0A 53 65 72 76 65 72 3A 20 40 GMT..Server: 0080: 41 70 61 63 68 65 2F 32 2E 30 2E 34 39 20 28 55 Apache/2.0.49 (U 0090: 6E 69 78 29 20 50 48 50 2F 34 2E 33 2E 35 0D 0A nix) PHP/4.3.5.. 00A0: 4C 61 73 74 2D 4D 6F 64 69 66 69 65 64 3A 20 4D Last-Modified: M 00B0: 6F 6E 2C 20 31 32 20 41 70 72 20 32 30 30 34 20 on, 12 Apr 2004 00C0: 30 36 3A 30 38 3A 32 35 20 47 4D 54 0D 0A 45 54 06:08:25 GMT..ET 00D0: 61 67 3A 20 22 32 30 35 61 39 2D 35 62 30 2D 39 ag: "205a9-5b0-9 00E0: 32 62 65 38 38 34 30 22 0D 0A 41 63 63 65 70 74 2be8840"..Accept 00F0: 2D 52 61 6E 67 65 73 3A 20 62 79 74 65 73 0D 0A -Ranges: bytes.. 0100: 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 Content-Length: 0110: 31 34 35 36 0D 0A 4B 65 65 70 2D 41 6C 69 76 65 1456..Keep-Alive 0120: 3A 20 74 69 6D 65 6F 75 74 3D 31 35 2C 20 6D 61 : timeout=15, ma 0130: 78 3D 31 30 30 0D 0A 43 6F 6E 6E 65 63 74 69 6F x=100..Connectio 0140: 6E 3A 20 4B 65 65 70 2D 41 6C 69 76 65 0D 0A 43 n: Keep-Alive..C 0150: 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74 65 78 ontent-Type: tex 0160: 74 2F 68 74 6D 6C 3B 20 63 68 61 72 73 65 74 3D t/html; charset= 0170: 49 53 4F 2D 38 38 35 39 2D 31 0D 0A 0D 0A 3C 21 ISO-8859-1.....! 0180: 44 4F 43 54 59 50 45 20 68 74 6D 6C 20 50 55 42 DOCTYPE html PUB 0190: 4C 49 43 20 22 2D 2F 2F 57 33 43 2F 2F 44 54 44 LIC "-//W3C//DTD 01A0: 20 58 48 54 4D 4C 20 31 2E 30 20 54 72 61 6E 73 XHTML 1.0 Trans 01B0: 69 74 69 6F 6E 61 6C 2F 2F 45 4E 22 0A 20 20 20 itional//EN". 01C0: 20 22 68 74 74 70 3A 2F 2F 77 77 77 2E 77 33 2E "http://www.w3. 01D0: 6F 72 67 2F 54 52 2F 78 68 74 6D 6C 31 2F 44 54 org/TR/xhtml1/DT 01E0: 44 2F 78 68 74 6D 6C 31 2D 74 72 61 6E 73 69 74 D/xhtml1-transit 01F0: 69 6F 6E 61 6C 2E 64 74 64 22 3E 0A 3C 68 74 6D ional.dtd"...htm 0200: 6C 20 78 6D 6C 6E 73 3D 22 68 74 74 70 3A 2F 2F l xmlns="http:// 0210: 77 77 77 2E 77 33 2E 6F 72 67 2F 31 39 39 39 2F www.w3.org/1999/ 0220: 78 68 74 6D 6C 22 3E 0A 3C 68 65 61 64 3E 0A 3C xhtml"...head... 0230: 74 69 74 6C 65 3E 54 65 73 74 20 50 61 67 65 20 title.Test Page 0240: 66 6F 72 20 41 70 61 63 68 65 20 49 6E 73 74 61 for Apache Insta 0250: 6C 6C 61 74 69 6F 6E 3C 2F 74 69 74 6C 65 3E 0A llation./title.. 0260: 3C 2F 68 65 61 64 3E 0A 3C 21 2D 2D 20 42 61 63 ./head...!-- Bac 0270: 6B 67 72 6F 75 6E 64 20 77 68 69 74 65 2C 20 6C kground white, l 0280: 69 6E 6B 73 20 62 6C 75 65 20 28 75 6E 76 69 73 inks blue (unvis 0290: 69 74 65 64 29 2C 20 6E 61 76 79 20 28 76 69 73 ited), navy (vis 02A0: 69 74 65 64 29 2C 20 72 65 64 0A 28 61 63 74 69 ited), red.(acti 02B0: 76 65 29 20 2D 2D 3E 0A 3C 62 6F 64 79 20 62 67 ve) --...body bg 02C0: 63 6F 6C 6F 72 3D 22 23 46 46 46 46 46 46 22 20 color="#FFFFFF" 02D0: 74 65 78 74 3D 22 23 30 30 30 30 30 30 22 20 6C text="#000000" l 02E0: 69 6E 6B 3D 22 23 30 30 30 30 46 46 22 0A 76 6C ink="#0000FF".vl 02F0: 69 6E 6B 3D 22 23 30 30 30 30 38 30 22 20 61 6C ink="#000080" al 0300: 69 6E 6B 3D 22 23 46 46 30 30 30 30 22 3E 0A 3C ink="#FF0000"... 0310: 70 3E 49 66 20 79 6F 75 20 63 61 6E 20 73 65 65 p.If you can see 0320: 20 74 68 69 73 2C 20 69 74 20 6D 65 61 6E 73 20 this, it means 0330: 74 68 61 74 20 74 68 65 20 69 6E 73 74 61 6C 6C that the install 0340: 61 74 69 6F 6E 20 6F 66 20 74 68 65 20 3C 61 0A ation of the .a. 0350: 68 72 65 66 3D 22 68 74 74 70 3A 2F 2F 77 77 77 href="http://www 0360: 2E 61 70 61 63 68 65 2E 6F 72 67 2F 66 6F 75 6E .apache.org/foun 0370: 64 61 74 69 6F 6E 2F 70 72 65 46 41 51 2E 68 74 dation/preFAQ.ht 0380: 6D 6C 22 3E 41 70 61 63 68 65 20 77 65 62 0A 73 ml".Apache web. 0390: 65 72 76 65 72 3C 2F 61 3E 20 73 6F 66 74 77 61 erver./a. softwa 03A0: 72 65 20 6F 6E 20 74 68 69 73 20 73 79 73 74 65 re on this syste 03B0: 6D 20 77 61 73 20 73 75 63 63 65 73 73 66 75 6C m was successful 03C0: 2E 20 59 6F 75 20 6D 61 79 20 6E 6F 77 20 61 64 . You may now ad 03D0: 64 0A 63 6F 6E 74 65 6E 74 20 74 6F 20 74 68 69 d.content to thi 03E0: 73 20 64 69 72 65 63 74 6F 72 79 20 61 6E 64 20 s directory and 03F0: 72 65 70 6C 61 63 65 20 74 68 69 73 20 70 61 67 replace this pag 0400: 65 2E 3C 2F 70 3E 0A 0A 3C 68 72 20 77 69 64 74 e../p....hr widt 0410: 68 3D 22 35 30 25 22 20 73 69 7A 65 3D 22 38 22 h="50%" size="8" 0420: 20 2F 3E 0A 3C 68 32 20 61 6C 69 67 6E 3D 22 63 /...h2 align="c 0430: 65 6E 74 65 72 22 3E 53 65 65 69 6E 67 20 74 68 enter".Seeing th 0440: 69 73 20 69 6E 73 74 65 61 64 20 6F 66 20 74 68 is instead of th 0450: 65 20 77 65 62 73 69 74 65 20 79 6F 75 0A 65 78 e website you.ex 0460: 70 65 63 74 65 64 3F 3C 2F 68 32 3E 0A 0A 3C 70 pected?./h2....p 0470: 3E 54 68 69 73 20 70 61 67 65 20 69 73 20 68 65 .This page is he 0480: 72 65 20 62 65 63 61 75 73 65 20 74 68 65 20 73 re because the s 0490: 69 74 65 20 61 64 6D 69 6E 69 73 74 72 61 74 6F ite administrato 04A0: 72 20 68 61 73 20 63 68 61 6E 67 65 64 20 74 68 r has changed th 04B0: 65 0A 63 6F 6E 66 69 67 75 72 61 74 69 6F 6E 20 e.configuration 04C0: 6F 66 20 74 68 69 73 20 77 65 62 20 73 65 72 76 of this web serv 04D0: 65 72 2E 20 50 6C 65 61 73 65 20 3C 73 74 72 6F er. Please .stro 04E0: 6E 67 3E 63 6F 6E 74 61 63 74 20 74 68 65 20 70 ng.contact the p 04F0: 65 72 73 6F 6E 0A 72 65 73 70 6F 6E 73 69 62 6C erson.responsibl 0500: 65 20 66 6F 72 20 6D 61 69 6E 74 61 69 6E 69 6E e for maintainin 0510: 67 20 74 68 69 73 20 73 65 72 76 65 72 20 77 69 g this server wi 0520: 74 68 20 71 75 65 73 74 69 6F 6E 73 2E 3C 2F 73 th questions../s 0530: 74 72 6F 6E 67 3E 0A 54 68 65 20 41 70 61 63 68 trong..The Apach 0540: 65 20 53 6F 66 74 77 61 72 65 20 46 6F 75 6E 64 e Software Found 0550: 61 74 69 6F 6E 2C 20 77 68 69 63 68 20 77 72 6F ation, which wro 0560: 74 65 20 74 68 65 20 77 65 62 20 73 65 72 76 65 te the web serve 0570: 72 20 73 6F 66 74 77 61 72 65 0A 74 68 69 73 20 r software.this 0580: 73 69 74 65 20 61 64 6D 69 6E 69 73 74 72 61 74 site administrat 0590: 6F 72 20 69 73 20 75 73 69 6E 67 2C 20 68 61 73 or is using, has 05A0: 20 6E 6F 74 68 69 6E 67 20 74 6F 20 64 6F 20 77 nothing to do w 05B0: 69 74 68 0A 6D 61 69 6E 74 61 69 6E 69 6E 67 20 ith.maintaining 05C0: 74 68 69 73 20 73 69 74 65 20 61 6E 64 20 63 61 this site and ca 05D0: 6E 6E 6F 74 20 68 65 6C 70 20 72 65 73 6F 6C 76 nnot help resolv 05E0: 65 20 63 6F 6E 66 69 67 75 72 e configur ===================================================================== No: 13 Timestamp: 23:7:44:519 MAC source address: 00:50:56:40:41:5F MAC dest address: 00:80:48:B6:9F:7A Frame type: IP Protocol: ICMP->Echo_Request Source IP address: 192.168.1.55 Dest IP address: 192.168.1.1 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 390 Packet data: 0000: 00 80 48 B6 9F 7A 00 50 56 40 41 5F 08 00 45 00 ..H..z.PV@A_..E. 0010: 01 78 9E 61 40 00 40 01 17 9B C0 A8 01 37 C0 A8 .x.a@.@......7.. 0020: 01 01 08 00 82 55 1B 6F 6C FC 4A 48 2F D3 80 18 .....U.ol.JH/... 0030: 16 A0 47 AF 00 00 01 01 08 0A 00 04 F9 14 00 06 ..G............. 0040: 2B E2 61 74 69 6F 6E 0A 69 73 73 75 65 73 2E 3C +.ation.issues.. 0050: 2F 70 3E 0A 0A 3C 68 72 20 77 69 64 74 68 3D 22 /p....hr width=" 0060: 35 30 25 22 20 73 69 7A 65 3D 22 38 22 20 2F 3E 50%" size="8" /. 0070: 0A 3C 70 3E 54 68 65 20 41 70 61 63 68 65 20 3C ..p.The Apache . 0080: 61 20 68 72 65 66 3D 22 6D 61 6E 75 61 6C 2F 22 a href="manual/" 0090: 3E 64 6F 63 75 6D 65 6E 74 61 74 69 6F 6E 3C 2F .documentation./ 00A0: 61 3E 20 68 61 73 20 62 65 65 6E 20 69 6E 63 6C a. has been incl 00B0: 75 64 65 64 0A 77 69 74 68 20 74 68 69 73 20 64 uded.with this d 00C0: 69 73 74 72 69 62 75 74 69 6F 6E 2E 3C 2F 70 3E istribution../p. 00D0: 0A 0A 3C 70 3E 59 6F 75 20 61 72 65 20 66 72 65 ...p.You are fre 00E0: 65 20 74 6F 20 75 73 65 20 74 68 65 20 69 6D 61 e to use the ima 00F0: 67 65 20 62 65 6C 6F 77 20 6F 6E 20 61 6E 20 41 ge below on an A 0100: 70 61 63 68 65 2D 70 6F 77 65 72 65 64 20 77 65 pache-powered we 0110: 62 0A 73 65 72 76 65 72 2E 20 54 68 61 6E 6B 73 b.server. Thanks 0120: 20 66 6F 72 20 75 73 69 6E 67 20 41 70 61 63 68 for using Apach 0130: 65 21 3C 2F 70 3E 0A 0A 3C 64 69 76 20 61 6C 69 e!./p....div ali 0140: 67 6E 3D 22 63 65 6E 74 65 72 22 3E 3C 69 6D 67 gn="center"..img 0150: 20 73 72 63 3D 22 61 70 61 63 68 65 5F 70 62 2E src="apache_pb. 0160: 67 69 66 22 20 61 6C 74 3D 22 22 20 2F 3E 3C 2F gif" alt="" /../ 0170: 64 69 76 3E 0A 3C 2F 62 6F 64 79 3E 0A 3C 2F 68 div.../body.../h 0180: 74 6D 6C 3E 0A 0A tml... ===================================================================== No: 14 Timestamp: 20:7:44:529 MAC source address: 00:80:48:B6:9F:7A MAC dest address: 00:50:56:40:47:9F Frame type: IP Protocol: ICMP->Echo_Reply Source IP address: 192.168.1.1 Dest IP address: 192.168.1.55 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 390 Packet data: 0000: 00 50 56 40 47 9F 00 80 48 B6 9F 7A 08 00 45 00 .PV@G...H..z..E. 0010: 01 78 13 02 40 00 80 01 62 FA C0 A8 01 01 C0 A8 .x..@...b....... 0020: 01 37 00 00 8A 55 1B 6F 6C FC 4A 48 2F D3 80 18 .7...U.ol.JH/... 0030: 16 A0 47 AF 00 00 01 01 08 0A 00 04 F9 14 00 06 ..G............. 0040: 2B E2 61 74 69 6F 6E 0A 69 73 73 75 65 73 2E 3C +.ation.issues.. 0050: 2F 70 3E 0A 0A 3C 68 72 20 77 69 64 74 68 3D 22 /p....hr width= 0060: 35 30 25 22 20 73 69 7A 65 3D 22 38 22 20 2F 3E 50%" size="8" /. 0070: 0A 3C 70 3E 54 68 65 20 41 70 61 63 68 65 20 3C ..p.The Apache . 0080: 61 20 68 72 65 66 3D 22 6D 61 6E 75 61 6C 2F 22 a href="manual/" 0090: 3E 64 6F 63 75 6D 65 6E 74 61 74 69 6F 6E 3C 2F .documentation./ 00A0: 61 3E 20 68 61 73 20 62 65 65 6E 20 69 6E 63 6C a. has been incl 00B0: 75 64 65 64 0A 77 69 74 68 20 74 68 69 73 20 64 uded.with this d 00C0: 69 73 74 72 69 62 75 74 69 6F 6E 2E 3C 2F 70 3E istribution../p. 00D0: 0A 0A 3C 70 3E 59 6F 75 20 61 72 65 20 66 72 65 ...p.You are fre 00E0: 65 20 74 6F 20 75 73 65 20 74 68 65 20 69 6D 61 e to use the ima 00F0: 67 65 20 62 65 6C 6F 77 20 6F 6E 20 61 6E 20 41 ge below on an A 0100: 70 61 63 68 65 2D 70 6F 77 65 72 65 64 20 77 65 pache-powered we 0110: 62 0A 73 65 72 76 65 72 2E 20 54 68 61 6E 6B 73 b.server. Thanks 0120: 20 66 6F 72 20 75 73 69 6E 67 20 41 70 61 63 68 for using Apach 0130: 65 21 3C 2F 70 3E 0A 0A 3C 64 69 76 20 61 6C 69 e!./p....div ali 0140: 67 6E 3D 22 63 65 6E 74 65 72 22 3E 3C 69 6D 67 gn="center"..img 0150: 20 73 72 63 3D 22 61 70 61 63 68 65 5F 70 62 2E src="apache_pb. 0160: 67 69 66 22 20 61 6C 74 3D 22 22 20 2F 3E 3C 2F gif" alt="" /../ 0170: 64 69 76 3E 0A 3C 2F 62 6F 64 79 3E 0A 3C 2F 68 div.../body.../h 0180: 74 6D 6C 3E 0A 0A tml... ===================================================================== No: 15 Timestamp: 20:7:44:539 MAC source address: 00:50:56:40:47:9F MAC dest address: 00:80:48:B6:9F:7A Frame type: IP Protocol: ICMP->Echo_Request Source IP address: 192.168.1.251 Dest IP address: 192.168.1.1 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 66 Packet data: 0000: 00 80 48 B6 9F 7A 00 50 56 40 47 9F 08 00 45 00 ..H..z.PV@G...E. 0010: 00 34 04 87 40 00 40 01 B1 F5 C0 A8 01 FB C0 A8 .4..@.@......... 0020: 01 01 08 00 81 11 4A 48 2F D3 1B 6F 6C FC 80 10 ......JH/..ol... 0030: 21 F0 A4 54 00 00 01 01 08 0A 00 06 2B E8 00 04 !..T........+... 0040: F9 14 .. ===================================================================== No: 16 Timestamp: 20:7:44:539 MAC source address: 00:80:48:B6:9F:7A MAC dest address: 00:50:56:40:41:5F Frame type: IP Protocol: ICMP->Echo_Reply Source IP address: 192.168.1.1 Dest IP address: 192.168.1.251 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 66 Packet data: 0000: 00 50 56 40 41 5F 00 80 48 B6 9F 7A 08 00 45 00 .PV@A_..H..z..E. 0010: 00 34 14 02 40 00 80 01 62 7A C0 A8 01 01 C0 A8 .4..@...bz...... 0020: 01 FB 00 00 89 11 4A 48 2F D3 1B 6F 6C FC 80 10 ......JH/..ol... 0030: 21 F0 A4 54 00 00 01 01 08 0A 00 06 2B E8 00 04 !..T........+... 0040: F9 14 .. ===================================================================== No: 17 Timestamp: 20:7:44:549 MAC source address: 00:50:56:40:47:9F MAC dest address: 00:80:48:B6:9F:7A Frame type: IP Protocol: ICMP->Echo_Request Source IP address: 192.168.1.251 Dest IP address: 192.168.1.1 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 66 Packet data: 0000: 00 80 48 B6 9F 7A 00 50 56 40 47 9F 08 00 45 00 ..H..z.PV@G...E. 0010: 00 34 04 88 40 00 40 01 B1 F4 C0 A8 01 FB C0 A8 .4..@.@......... 0020: 01 01 08 00 81 11 4A 48 2F D3 1B 6F 6E 40 80 10 ......JH/..on@.. 0030: 21 F0 A3 10 00 00 01 01 08 0A 00 06 2B E8 00 04 !...........+... 0040: F9 14 .. ===================================================================== No: 18 Timestamp: 20:7:44:549 MAC source address: 00:80:48:B6:9F:7A MAC dest address: 00:50:56:40:41:5F Frame type: IP Protocol: ICMP->Echo_Reply Source IP address: 192.168.1.1 Dest IP address: 192.168.1.251 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 66 Packet data: 0000: 00 50 56 40 41 5F 00 80 48 B6 9F 7A 08 00 45 00 .PV@A_..H..z..E. 0010: 00 34 15 02 40 00 80 01 61 7A C0 A8 01 01 C0 A8 .4..@...az...... 0020: 01 FB 00 00 89 11 4A 48 2F D3 1B 6F 6E 40 80 10 ......JH/..on@.. 0030: 21 F0 A3 10 00 00 01 01 08 0A 00 06 2B E8 00 04 !...........+... 0040: F9 14 .. ===================================================================== No: 19 Timestamp: 20:7:44:669 MAC source address: 00:50:56:40:47:9F MAC dest address: 00:80:48:B6:9F:7A Frame type: IP Protocol: ICMP->Echo_Request Source IP address: 192.168.1.251 Dest IP address: 192.168.1.1 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 66 Packet data: 0000: 00 80 48 B6 9F 7A 00 50 56 40 47 9F 08 00 45 00 ..H..z.PV@G...E. 0010: 00 34 04 89 40 00 40 01 B1 F3 C0 A8 01 FB C0 A8 .4..@.@......... 0020: 01 01 08 00 81 11 4A 48 2F D3 1B 6F 6E 40 80 11 ......JH/..on@.. 0030: 21 F0 A3 0A 00 00 01 01 08 0A 00 06 2B ED 00 04 !...........+... 0040: F9 14 .. ===================================================================== No: 20 Timestamp: 20:7:44:669 MAC source address: 00:80:48:B6:9F:7A MAC dest address: 00:50:56:40:41:5F Frame type: IP Protocol: ICMP->Echo_Reply Source IP address: 192.168.1.1 Dest IP address: 192.168.1.251 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 66 Packet data: 0000: 00 50 56 40 41 5F 00 80 48 B6 9F 7A 08 00 45 00 .PV@A_..H..z..E. 0010: 00 34 16 02 40 00 80 01 60 7A C0 A8 01 01 C0 A8 .4..@...`z...... 0020: 01 FB 00 00 89 11 4A 48 2F D3 1B 6F 6E 40 80 11 ......JH/..on@.. 0030: 21 F0 A3 0A 00 00 01 01 08 0A 00 06 2B ED 00 04 !...........+... 0040: F9 14 .. ===================================================================== No: 21 Timestamp: 20:7:44:669 MAC source address: 00:50:56:40:41:5F MAC dest address: 00:80:48:B6:9F:7A Frame type: IP Protocol: ICMP->Echo_Request Source IP address: 192.168.1.55 Dest IP address: 192.168.1.1 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 66 Packet data: 0000: 00 80 48 B6 9F 7A 00 50 56 40 41 5F 08 00 45 00 ..H..z.PV@A_..E. 0010: 00 34 9E 62 40 00 40 01 18 DE C0 A8 01 37 C0 A8 .4.b@.@......7.. 0020: 01 01 08 00 81 11 1B 6F 6E 40 4A 48 2F D4 80 11 .......on@JH/... 0030: 16 A0 AE 4A 00 00 01 01 08 0A 00 04 F9 23 00 06 ...J.........#.. 0040: 2B ED +. ===================================================================== No: 22 Timestamp: 20:7:44:669 MAC source address: 00:80:48:B6:9F:7A MAC dest address: 00:50:56:40:47:9F Frame type: IP Protocol: ICMP->Echo_Reply Source IP address: 192.168.1.1 Dest IP address: 192.168.1.55 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 66 Packet data: 0000: 00 50 56 40 47 9F 00 80 48 B6 9F 7A 08 00 45 00 .PV@G...H..z..E. 0010: 00 34 17 02 40 00 80 01 60 3E C0 A8 01 01 C0 A8 .4..@...`....... 0020: 01 37 00 00 89 11 1B 6F 6E 40 4A 48 2F D4 80 11 .7.....on@JH/... 0030: 16 A0 AE 4A 00 00 01 01 08 0A 00 04 F9 23 00 06 ...J.........#.. 0040: 2B ED +. ===================================================================== No: 23 Timestamp: 20:7:44:679 MAC source address: 00:50:56:40:47:9F MAC dest address: 00:80:48:B6:9F:7A Frame type: IP Protocol: ICMP->Echo_Request Source IP address: 192.168.1.251 Dest IP address: 192.168.1.1 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 66 Packet data: 0000: 00 80 48 B6 9F 7A 00 50 56 40 47 9F 08 00 45 00 ..H..z.PV@G...E. 0010: 00 34 04 8A 40 00 40 01 B1 F2 C0 A8 01 FB C0 A8 .4..@.@......... 0020: 01 01 08 00 81 11 4A 48 2F D4 1B 6F 6E 41 80 10 ......JH/..onA.. 0030: 21 F0 A2 FA 00 00 01 01 08 0A 00 06 2B ED 00 04 !...........+... 0040: F9 23 .# ===================================================================== No: 24 Timestamp: 20:7:44:679 MAC source address: 00:80:48:B6:9F:7A MAC dest address: 00:50:56:40:41:5F Frame type: IP Protocol: ICMP->Echo_Reply Source IP address: 192.168.1.1 Dest IP address: 192.168.1.251 Source port: --- Destination port: --- SEQ: --- ACK: --- Packet size: 66 Packet data: 0000: 00 50 56 40 41 5F 00 80 48 B6 9F 7A 08 00 45 00 .PV@A_..H..z..E. 0010: 00 34 18 02 40 00 80 01 5E 7A C0 A8 01 01 C0 A8 .4..@...^z...... 0020: 01 FB 00 00 89 11 4A 48 2F D4 1B 6F 6E 41 80 10 ......JH/..onA.. 0030: 21 F0 A2 FA 00 00 01 01 08 0A 00 06 2B ED 00 04 !...........+... 0040: F9 23 .# ===================================================================== ---- BUGS ---- After you load the module, don't try to ping the Bounce Server!!! you can't catch ICMP_REPLY from the BOUNCE Server because I just can't identify real ECHO_REPLY. So, any ECHO_REPLY that will you come from the BOUNCE Server will be transformed to TCP & as a result - Bad port :) ------- LICENSE ------- "Skeeve" is distributed under the terms of the GNU General Public License v2.0 and is copyright (c) 2004 Ilya Zelenchuk . See the file COPYING for details. ------ AUTHOR ------ Ilya Zelenchuk ------ THANKS ------ Alex Dyatlov I would like to thanks Alex Dyatlov from Russia for his support & help in the development of this tool. Simon Castro Special thanks to Simon Castro from France for his online lessons :) Also, i would like send big thanks to all other guy's from... another world... from... gray-world.net, it's a pleasure for me, to be published on this site 2 NecroZz - thank's for you advices & free beer! my Friend :) ---------------------------------------------------------- Our life is like an IP packet, who knows, which route we have? @ROFL ------