Frame 1 (162 bytes on wire, 162 bytes captured) Arrival Time: Dec 10, 2007 13:11:45.139946000 Time delta from previous packet: 0.000000000 seconds Time since reference or first frame: 0.000000000 seconds Frame Number: 1 Packet Length: 162 bytes Capture Length: 162 bytes Protocols in frame: eth:ip:udp:isakmp Ethernet II, Src: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab), Dst: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0) Destination: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0) Source: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.115 (165.227.249.115), Dst: 165.227.249.153 (165.227.249.153) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 148 Identification: 0x0495 (1173) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: UDP (0x11) Header checksum: 0xf6ef [correct] Good: True Bad : False Source: 165.227.249.115 (165.227.249.115) Destination: 165.227.249.153 (165.227.249.153) User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500) Source port: 500 (500) Destination port: 500 (500) Length: 128 Checksum: 0x8017 [correct] Internet Security Association and Key Management Protocol Initiator cookie: 0x0BC030FA2F40A102 Responder cookie: 0x0000000000000000 Next payload: Security Association (1) Version: 1.0 Exchange type: Identity Protection (Main Mode) (2) Flags .... ...0 = Not encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x00000000 Length: 120 Security Association payload Next payload: Vendor ID (13) Length: 52 Domain of interpretation: IPSEC (1) Situation: IDENTITY (1) Proposal payload # 1 Next payload: NONE (0) Length: 40 Proposal number: 1 Protocol ID: ISAKMP (1) SPI size: 0 Number of transforms: 1 Transform payload # 1 Next payload: NONE (0) Length: 32 Transform number: 1 Transform ID: KEY_IKE (1) Encryption-Algorithm (1): 3DES-CBC (5) Hash-Algorithm (2): SHA (2) Group-Description (4): Alternate 1024-bit MODP group (2) Authentication-Method (3): PSK (1) Life-Type (11): Seconds (1) Life-Duration (12): Duration-Value (3600) Vendor ID payload Next payload: Vendor ID (13) Length: 20 Vendor ID: draft-ietf-ipsec-nat-t-ike-00 Vendor ID payload Next payload: NONE (0) Length: 20 Vendor ID: draft-ietf-ipsec-nat-t-ike-02 0000 00 1b 11 4d 7e f0 00 0c 29 ab 06 ab 08 00 45 00 ...M~...).....E. 0010 00 94 04 95 00 00 80 11 f6 ef a5 e3 f9 73 a5 e3 .............s.. 0020 f9 99 01 f4 01 f4 00 80 80 17 0b c0 30 fa 2f 40 ............0./@ 0030 a1 02 00 00 00 00 00 00 00 00 01 10 02 00 00 00 ................ 0040 00 00 00 00 00 78 0d 00 00 34 00 00 00 01 00 00 .....x...4...... 0050 00 01 00 00 00 28 01 01 00 01 00 00 00 20 01 01 .....(....... .. 0060 00 00 80 01 00 05 80 02 00 02 80 04 00 02 80 03 ................ 0070 00 01 80 0b 00 01 80 0c 0e 10 0d 00 00 14 44 85 ..............D. 0080 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc 00 00 .-.......F.y.... 0090 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 ......>.in.c...B 00a0 7b 1f {. Frame 2 (142 bytes on wire, 142 bytes captured) Arrival Time: Dec 10, 2007 13:11:45.150628000 Time delta from previous packet: 0.010682000 seconds Time since reference or first frame: 0.010682000 seconds Frame Number: 2 Packet Length: 142 bytes Capture Length: 142 bytes Protocols in frame: eth:ip:udp:isakmp Ethernet II, Src: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0), Dst: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab) Destination: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab) Source: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.153 (165.227.249.153), Dst: 165.227.249.115 (165.227.249.115) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 128 Identification: 0x0000 (0) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (0x11) Header checksum: 0xfb98 [correct] Good: True Bad : False Source: 165.227.249.153 (165.227.249.153) Destination: 165.227.249.115 (165.227.249.115) User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500) Source port: 500 (500) Destination port: 500 (500) Length: 108 Checksum: 0x6e71 [correct] Internet Security Association and Key Management Protocol Initiator cookie: 0x0BC030FA2F40A102 Responder cookie: 0x94C558E8F4E6E0E9 Next payload: Security Association (1) Version: 1.0 Exchange type: Identity Protection (Main Mode) (2) Flags .... ...0 = Not encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x00000000 Length: 100 Security Association payload Next payload: Vendor ID (13) Length: 52 Domain of interpretation: IPSEC (1) Situation: IDENTITY (1) Proposal payload # 1 Next payload: NONE (0) Length: 40 Proposal number: 1 Protocol ID: ISAKMP (1) SPI size: 0 Number of transforms: 1 Transform payload # 1 Next payload: NONE (0) Length: 32 Transform number: 1 Transform ID: KEY_IKE (1) Encryption-Algorithm (1): 3DES-CBC (5) Hash-Algorithm (2): SHA (2) Group-Description (4): Alternate 1024-bit MODP group (2) Authentication-Method (3): PSK (1) Life-Type (11): Seconds (1) Life-Duration (12): Duration-Value (3600) Vendor ID payload Next payload: NONE (0) Length: 20 Vendor ID: RFC 3706 Detecting Dead IKE Peers (DPD) 0000 00 0c 29 ab 06 ab 00 1b 11 4d 7e f0 08 00 45 00 ..)......M~...E. 0010 00 80 00 00 40 00 40 11 fb 98 a5 e3 f9 99 a5 e3 ....@.@......... 0020 f9 73 01 f4 01 f4 00 6c 6e 71 0b c0 30 fa 2f 40 .s.....lnq..0./@ 0030 a1 02 94 c5 58 e8 f4 e6 e0 e9 01 10 02 00 00 00 ....X........... 0040 00 00 00 00 00 64 0d 00 00 34 00 00 00 01 00 00 .....d...4...... 0050 00 01 00 00 00 28 01 01 00 01 00 00 00 20 01 01 .....(....... .. 0060 00 00 80 01 00 05 80 02 00 02 80 04 00 02 80 03 ................ 0070 00 01 80 0b 00 01 80 0c 0e 10 00 00 00 14 af ca ................ 0080 d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 ..h...k...wW.. Frame 3 (298 bytes on wire, 298 bytes captured) Arrival Time: Dec 10, 2007 13:11:46.588776000 Time delta from previous packet: 1.438148000 seconds Time since reference or first frame: 1.448830000 seconds Frame Number: 3 Packet Length: 298 bytes Capture Length: 298 bytes Protocols in frame: eth:ip:udp:isakmp Ethernet II, Src: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab), Dst: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0) Destination: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0) Source: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.115 (165.227.249.115), Dst: 165.227.249.153 (165.227.249.153) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 284 Identification: 0x0496 (1174) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: UDP (0x11) Header checksum: 0xf666 [correct] Good: True Bad : False Source: 165.227.249.115 (165.227.249.115) Destination: 165.227.249.153 (165.227.249.153) User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500) Source port: 500 (500) Destination port: 500 (500) Length: 264 Checksum: 0x555d [correct] Internet Security Association and Key Management Protocol Initiator cookie: 0x0BC030FA2F40A102 Responder cookie: 0x94C558E8F4E6E0E9 Next payload: Key Exchange (4) Version: 1.0 Exchange type: Identity Protection (Main Mode) (2) Flags .... ...0 = Not encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x00000000 Length: 256 Key Exchange payload Next payload: Nonce (10) Length: 132 Key Exchange Data Nonce payload Next payload: Vendor ID (13) Length: 24 Nonce Data Vendor ID payload Next payload: Vendor ID (13) Length: 48 Vendor ID: unknown vendor ID: 0x47BBE7C993F1FC13B4E6D0DB565C68E50102010102010103... Vendor ID payload Next payload: Vendor ID (13) Length: 12 Vendor ID: unknown vendor ID: 0xDA8E937880010000 Vendor ID payload Next payload: NONE (0) Length: 12 Vendor ID: draft-beaulieu-ike-xauth-02.txt 0000 00 1b 11 4d 7e f0 00 0c 29 ab 06 ab 08 00 45 00 ...M~...).....E. 0010 01 1c 04 96 00 00 80 11 f6 66 a5 e3 f9 73 a5 e3 .........f...s.. 0020 f9 99 01 f4 01 f4 01 08 55 5d 0b c0 30 fa 2f 40 ........U]..0./@ 0030 a1 02 94 c5 58 e8 f4 e6 e0 e9 04 10 02 00 00 00 ....X........... 0040 00 00 00 00 01 00 0a 00 00 84 16 13 40 fa 10 c8 ............@... 0050 a3 81 4d a7 8a da 3c ce 62 56 7f 48 3e 1c 14 11 ..M...<.bV.H>... 0060 ff c3 09 d3 b8 5a 32 f2 10 c9 25 2a c1 a3 d4 70 .....Z2...%*...p 0070 47 46 8c 54 3f 62 fd 6a 98 38 d0 af 6a de d3 bd GF.T?b.j.8..j... 0080 2b 59 ff eb 51 4d d5 a6 e6 c9 48 57 c6 93 0e ea +Y..QM....HW.... 0090 15 4e a3 07 c3 98 0a ce 76 53 16 36 02 68 a3 e0 .N......vS.6.h.. 00a0 6e 12 59 92 d9 4e 06 6c 53 6d 61 f3 65 7f 8e 0b n.Y..N.lSma.e... 00b0 bf 1d 7c 49 d9 aa f9 bb 7d e7 81 90 a7 48 c4 14 ..|I....}....H.. 00c0 ed dd fa 14 be a9 3b c3 8f 36 0d 00 00 18 23 00 ......;..6....#. 00d0 a9 f3 fe d3 04 26 50 a8 ce cd d2 17 d5 e7 8d 1c .....&P......... 00e0 62 72 0d 00 00 30 47 bb e7 c9 93 f1 fc 13 b4 e6 br...0G......... 00f0 d0 db 56 5c 68 e5 01 02 01 01 02 01 01 03 11 31 ..V\h..........1 0100 30 2e 31 2e 31 20 28 42 75 69 6c 64 20 31 30 29 0.1.1 (Build 10) 0110 00 00 0d 00 00 0c da 8e 93 78 80 01 00 00 00 00 .........x...... 0120 00 0c 09 00 26 89 df d6 b7 12 ....&..... Frame 4 (222 bytes on wire, 222 bytes captured) Arrival Time: Dec 10, 2007 13:11:46.678581000 Time delta from previous packet: 0.089805000 seconds Time since reference or first frame: 1.538635000 seconds Frame Number: 4 Packet Length: 222 bytes Capture Length: 222 bytes Protocols in frame: eth:ip:udp:isakmp Ethernet II, Src: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0), Dst: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab) Destination: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab) Source: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.153 (165.227.249.153), Dst: 165.227.249.115 (165.227.249.115) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 208 Identification: 0x0000 (0) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (0x11) Header checksum: 0xfb48 [correct] Good: True Bad : False Source: 165.227.249.153 (165.227.249.153) Destination: 165.227.249.115 (165.227.249.115) User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500) Source port: 500 (500) Destination port: 500 (500) Length: 188 Checksum: 0x0813 [correct] Internet Security Association and Key Management Protocol Initiator cookie: 0x0BC030FA2F40A102 Responder cookie: 0x94C558E8F4E6E0E9 Next payload: Key Exchange (4) Version: 1.0 Exchange type: Identity Protection (Main Mode) (2) Flags .... ...0 = Not encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x00000000 Length: 180 Key Exchange payload Next payload: Nonce (10) Length: 132 Key Exchange Data Nonce payload Next payload: NONE (0) Length: 20 Nonce Data 0000 00 0c 29 ab 06 ab 00 1b 11 4d 7e f0 08 00 45 00 ..)......M~...E. 0010 00 d0 00 00 40 00 40 11 fb 48 a5 e3 f9 99 a5 e3 ....@.@..H...... 0020 f9 73 01 f4 01 f4 00 bc 08 13 0b c0 30 fa 2f 40 .s..........0./@ 0030 a1 02 94 c5 58 e8 f4 e6 e0 e9 04 10 02 00 00 00 ....X........... 0040 00 00 00 00 00 b4 0a 00 00 84 33 be 60 1d da c1 ..........3.`... 0050 ad f1 97 77 19 f4 bf f7 e8 6e 5c bf 84 3d 33 7b ...w.....n\..=3{ 0060 95 27 e1 4f 44 04 1e aa 54 69 15 f2 29 aa 1e 92 .'.OD...Ti..)... 0070 b3 f8 b6 0a ee 92 02 40 13 f4 7c 25 21 58 42 ab .......@..|%!XB. 0080 b7 1e 5e 07 19 6c 55 da bf 15 25 12 cb 73 46 37 ..^..lU...%..sF7 0090 12 74 52 2e 29 c4 c1 ab 69 58 6c 86 54 31 52 29 .tR.)...iXl.T1R) 00a0 7d 35 be f9 3a 40 89 44 57 fb 0c cf d2 0e 17 b8 }5..:@.DW....... 00b0 ec 85 b9 a3 bc 6b 98 c2 58 ff 02 2e 7b 0e 3a b9 .....k..X...{.:. 00c0 be 43 8b 8b 16 e1 54 07 82 3c 00 00 00 14 d7 4e .C....T..<.....N 00d0 eb 47 22 4a be e1 3d c9 63 78 47 8d 07 a1 .G"J..=.cxG... Frame 5 (134 bytes on wire, 134 bytes captured) Arrival Time: Dec 10, 2007 13:11:48.261583000 Time delta from previous packet: 1.583002000 seconds Time since reference or first frame: 3.121637000 seconds Frame Number: 5 Packet Length: 134 bytes Capture Length: 134 bytes Protocols in frame: eth:ip:udp:isakmp Ethernet II, Src: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab), Dst: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0) Destination: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0) Source: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.115 (165.227.249.115), Dst: 165.227.249.153 (165.227.249.153) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 120 Identification: 0x0497 (1175) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: UDP (0x11) Header checksum: 0xf709 [correct] Good: True Bad : False Source: 165.227.249.115 (165.227.249.115) Destination: 165.227.249.153 (165.227.249.153) User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500) Source port: 500 (500) Destination port: 500 (500) Length: 100 Checksum: 0x8af5 [correct] Internet Security Association and Key Management Protocol Initiator cookie: 0x0BC030FA2F40A102 Responder cookie: 0x94C558E8F4E6E0E9 Next payload: Identification (5) Version: 1.0 Exchange type: Identity Protection (Main Mode) (2) Flags .... ...1 = Encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x00000000 Length: 92 Encrypted payload (64 bytes) 0000 00 1b 11 4d 7e f0 00 0c 29 ab 06 ab 08 00 45 00 ...M~...).....E. 0010 00 78 04 97 00 00 80 11 f7 09 a5 e3 f9 73 a5 e3 .x...........s.. 0020 f9 99 01 f4 01 f4 00 64 8a f5 0b c0 30 fa 2f 40 .......d....0./@ 0030 a1 02 94 c5 58 e8 f4 e6 e0 e9 05 10 02 01 00 00 ....X........... 0040 00 00 00 00 00 5c ff 5e 2b 31 7f d2 6a d2 55 77 .....\.^+1..j.Uw 0050 27 ea ef fe 08 f6 93 bc 01 b2 69 df 5c 7c 82 fa '.........i.\|.. 0060 75 ba a1 87 9e 21 4e 19 b7 28 a4 56 86 2b 73 39 u....!N..(.V.+s9 0070 e1 3c f5 f4 8b bf 71 d6 09 38 0c 1c f6 e1 5e ff .<....q..8....^. 0080 d5 ac 23 82 5d ad ..#.]. Frame 6 (110 bytes on wire, 110 bytes captured) Arrival Time: Dec 10, 2007 13:11:48.266905000 Time delta from previous packet: 0.005322000 seconds Time since reference or first frame: 3.126959000 seconds Frame Number: 6 Packet Length: 110 bytes Capture Length: 110 bytes Protocols in frame: eth:ip:udp:isakmp Ethernet II, Src: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0), Dst: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab) Destination: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab) Source: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.153 (165.227.249.153), Dst: 165.227.249.115 (165.227.249.115) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 96 Identification: 0x0000 (0) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (0x11) Header checksum: 0xfbb8 [correct] Good: True Bad : False Source: 165.227.249.153 (165.227.249.153) Destination: 165.227.249.115 (165.227.249.115) User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500) Source port: 500 (500) Destination port: 500 (500) Length: 76 Checksum: 0xb239 [correct] Internet Security Association and Key Management Protocol Initiator cookie: 0x0BC030FA2F40A102 Responder cookie: 0x94C558E8F4E6E0E9 Next payload: Identification (5) Version: 1.0 Exchange type: Identity Protection (Main Mode) (2) Flags .... ...1 = Encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x00000000 Length: 68 Encrypted payload (40 bytes) 0000 00 0c 29 ab 06 ab 00 1b 11 4d 7e f0 08 00 45 00 ..)......M~...E. 0010 00 60 00 00 40 00 40 11 fb b8 a5 e3 f9 99 a5 e3 .`..@.@......... 0020 f9 73 01 f4 01 f4 00 4c b2 39 0b c0 30 fa 2f 40 .s.....L.9..0./@ 0030 a1 02 94 c5 58 e8 f4 e6 e0 e9 05 10 02 01 00 00 ....X........... 0040 00 00 00 00 00 44 c1 7a 6a 2f d3 a9 8d 8a 79 c1 .....D.zj/....y. 0050 7d 16 de 5d dd aa 7b 78 2e da 9b a7 6f 1b 2d 5d }..]..{x....o.-] 0060 47 49 67 62 1c f4 a0 c2 91 80 ab e3 66 96 GIgb........f. Frame 7 (334 bytes on wire, 334 bytes captured) Arrival Time: Dec 10, 2007 13:11:50.432119000 Time delta from previous packet: 2.165214000 seconds Time since reference or first frame: 5.292173000 seconds Frame Number: 7 Packet Length: 334 bytes Capture Length: 334 bytes Protocols in frame: eth:ip:udp:isakmp Ethernet II, Src: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab), Dst: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0) Destination: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0) Source: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.115 (165.227.249.115), Dst: 165.227.249.153 (165.227.249.153) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 320 Identification: 0x0498 (1176) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: UDP (0x11) Header checksum: 0xf640 [correct] Good: True Bad : False Source: 165.227.249.115 (165.227.249.115) Destination: 165.227.249.153 (165.227.249.153) User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500) Source port: 500 (500) Destination port: 500 (500) Length: 300 Checksum: 0x5bc5 [correct] Internet Security Association and Key Management Protocol Initiator cookie: 0x0BC030FA2F40A102 Responder cookie: 0x94C558E8F4E6E0E9 Next payload: Hash (8) Version: 1.0 Exchange type: Quick Mode (32) Flags .... ...1 = Encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x6F359E78 Length: 292 Encrypted payload (264 bytes) 0000 00 1b 11 4d 7e f0 00 0c 29 ab 06 ab 08 00 45 00 ...M~...).....E. 0010 01 40 04 98 00 00 80 11 f6 40 a5 e3 f9 73 a5 e3 .@.......@...s.. 0020 f9 99 01 f4 01 f4 01 2c 5b c5 0b c0 30 fa 2f 40 .......,[...0./@ 0030 a1 02 94 c5 58 e8 f4 e6 e0 e9 08 10 20 01 6f 35 ....X....... .o5 0040 9e 78 00 00 01 24 b7 13 4f 7f 7d fc 31 ea 93 ec .x...$..O.}.1... 0050 ea eb c7 29 2b dd 15 a7 7f 2a d2 a8 d2 66 0b 34 ...)+....*...f.4 0060 80 8b bc 91 24 08 29 3c ab b7 07 0c 6c 9c e5 72 ....$.)<....l..r 0070 6e 77 7c b6 3d d2 78 09 e7 33 53 00 8a b4 08 4d nw|.=.x..3S....M 0080 f3 7a a9 6a b5 b8 0f a3 c1 69 a4 52 00 50 c8 b1 .z.j.....i.R.P.. 0090 d1 c6 93 02 b7 d4 2e ab fd b1 7c 8a ce 91 89 d9 ..........|..... 00a0 42 a1 e9 eb 43 e6 03 70 e6 1f 61 25 f6 c5 51 e9 B...C..p..a%..Q. 00b0 8a ed a4 92 3e 81 8d 4b b0 bf 3e dc 26 0f 9e 2e ....>..K..>.&... 00c0 99 25 96 3d 02 91 a6 0e 1f 43 5d 11 0f 24 9c cc .%.=.....C]..$.. 00d0 20 85 18 7c d8 99 a0 1b 2b ae e1 0a 32 cc cf eb ..|....+...2... 00e0 46 0b 31 7f 37 0d dc 96 78 22 25 9d bb 95 ea 39 F.1.7...x"%....9 00f0 88 e0 64 64 98 ee b3 9c 97 26 38 ad a2 58 91 00 ..dd.....&8..X.. 0100 e8 01 0d 62 92 95 6f 16 c4 0e 0d 5c f3 58 fe 75 ...b..o....\.X.u 0110 23 48 24 3c 8c 76 f9 da bd 0f c4 7c 24 60 ec cc #H$<.v.....|$`.. 0120 58 33 43 3f e0 38 87 ec e3 44 55 57 52 b6 18 0c X3C?.8...DUWR... 0130 26 67 91 0f 7a 6c d5 52 d1 72 fa 73 ad 67 4d c8 &g..zl.R.r.s.gM. 0140 15 e6 b0 22 90 75 45 15 da 99 00 52 b7 1c ...".uE....R.. Frame 8 (326 bytes on wire, 326 bytes captured) Arrival Time: Dec 10, 2007 13:11:50.529390000 Time delta from previous packet: 0.097271000 seconds Time since reference or first frame: 5.389444000 seconds Frame Number: 8 Packet Length: 326 bytes Capture Length: 326 bytes Protocols in frame: eth:ip:udp:isakmp Ethernet II, Src: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0), Dst: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab) Destination: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab) Source: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.153 (165.227.249.153), Dst: 165.227.249.115 (165.227.249.115) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 312 Identification: 0x0000 (0) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (0x11) Header checksum: 0xfae0 [correct] Good: True Bad : False Source: 165.227.249.153 (165.227.249.153) Destination: 165.227.249.115 (165.227.249.115) User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500) Source port: 500 (500) Destination port: 500 (500) Length: 292 Checksum: 0xe620 [correct] Internet Security Association and Key Management Protocol Initiator cookie: 0x0BC030FA2F40A102 Responder cookie: 0x94C558E8F4E6E0E9 Next payload: Hash (8) Version: 1.0 Exchange type: Quick Mode (32) Flags .... ...1 = Encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x6F359E78 Length: 284 Encrypted payload (256 bytes) 0000 00 0c 29 ab 06 ab 00 1b 11 4d 7e f0 08 00 45 00 ..)......M~...E. 0010 01 38 00 00 40 00 40 11 fa e0 a5 e3 f9 99 a5 e3 .8..@.@......... 0020 f9 73 01 f4 01 f4 01 24 e6 20 0b c0 30 fa 2f 40 .s.....$. ..0./@ 0030 a1 02 94 c5 58 e8 f4 e6 e0 e9 08 10 20 01 6f 35 ....X....... .o5 0040 9e 78 00 00 01 1c 36 57 9a 61 6c 53 7e 2d 3a 5d .x....6W.alS~-:] 0050 9b ff af 5b cc 9a cd c9 ed 52 ae 9a 4b 85 f8 9e ...[.....R..K... 0060 95 0e 31 a6 75 e1 36 13 0e 5e 38 9a 8d 07 25 d3 ..1.u.6..^8...%. 0070 2a b2 f7 8f d9 b8 03 69 f4 36 8e d7 e5 cd 12 97 *......i.6...... 0080 33 6b ea ce c0 c8 c8 25 cd 6f bb 7f 46 c7 2a 82 3k.....%.o..F.*. 0090 98 6b 00 3c 79 ef 15 3e 30 92 98 50 a3 76 f3 a2 .k.0..P.v.. 00a0 30 5e d3 88 68 f6 b8 42 32 f8 c0 9e 4e 9e f7 f1 0^..h..B2...N... 00b0 95 6a 61 b3 28 ce 16 c8 bf ee aa 0d 14 ca 89 c1 .ja.(........... 00c0 25 1c 72 a7 93 12 1f 29 96 7a 6d 24 9e 7d 5c 3f %.r....).zm$.}\? 00d0 95 12 eb d2 dd 30 57 0c 61 df ff 6e 2b 10 e0 88 .....0W.a..n+... 00e0 38 e2 e7 3e 8c 8e 6c f4 eb 6a 3a fc 37 09 35 b0 8..>..l..j:.7.5. 00f0 d3 af 7a 75 e3 e3 0f 19 95 d3 03 a6 54 b7 95 24 ..zu........T..$ 0100 ee c6 aa 15 6d e2 31 28 1f cb 7b 45 38 d0 a0 da ....m.1(..{E8... 0110 9f f0 23 8b 0a 30 ff 56 0a 47 fe a4 1d a3 26 b5 ..#..0.V.G....&. 0120 ba 00 bc 3a 7e b0 94 c4 c7 8e e1 39 21 67 1b bb ...:~......9!g.. 0130 f1 dc 3f b3 c9 ce 3e 51 f4 3b 21 36 7a 97 61 25 ..?...>Q.;!6z.a% 0140 80 d7 b2 2e f2 f1 ...... Frame 9 (94 bytes on wire, 94 bytes captured) Arrival Time: Dec 10, 2007 13:11:50.529392000 Time delta from previous packet: 0.000002000 seconds Time since reference or first frame: 5.389446000 seconds Frame Number: 9 Packet Length: 94 bytes Capture Length: 94 bytes Protocols in frame: eth:ip:udp:isakmp Ethernet II, Src: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab), Dst: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0) Destination: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0) Source: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.115 (165.227.249.115), Dst: 165.227.249.153 (165.227.249.153) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 80 Identification: 0x049a (1178) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: UDP (0x11) Header checksum: 0xf72e [correct] Good: True Bad : False Source: 165.227.249.115 (165.227.249.115) Destination: 165.227.249.153 (165.227.249.153) User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500) Source port: 500 (500) Destination port: 500 (500) Length: 60 Checksum: 0xc57c [correct] Internet Security Association and Key Management Protocol Initiator cookie: 0x0BC030FA2F40A102 Responder cookie: 0x94C558E8F4E6E0E9 Next payload: Hash (8) Version: 1.0 Exchange type: Quick Mode (32) Flags .... ...1 = Encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x6F359E78 Length: 52 Encrypted payload (24 bytes) 0000 00 1b 11 4d 7e f0 00 0c 29 ab 06 ab 08 00 45 00 ...M~...).....E. 0010 00 50 04 9a 00 00 80 11 f7 2e a5 e3 f9 73 a5 e3 .P...........s.. 0020 f9 99 01 f4 01 f4 00 3c c5 7c 0b c0 30 fa 2f 40 .......<.|..0./@ 0030 a1 02 94 c5 58 e8 f4 e6 e0 e9 08 10 20 01 6f 35 ....X....... .o5 0040 9e 78 00 00 00 34 7e e5 62 95 41 1a c8 8c 7b d9 .x...4~.b.A...{. 0050 57 07 5b 08 ff ce d3 53 fa 6f d2 49 37 e6 W.[....S.o.I7. Frame 10 (126 bytes on wire, 126 bytes captured) Arrival Time: Dec 10, 2007 13:12:02.305107000 Time delta from previous packet: 11.775715000 seconds Time since reference or first frame: 17.165161000 seconds Frame Number: 10 Packet Length: 126 bytes Capture Length: 126 bytes Protocols in frame: eth:ip:esp:data Ethernet II, Src: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab), Dst: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0) Destination: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0) Source: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.115 (165.227.249.115), Dst: 165.227.249.153 (165.227.249.153) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x0001 (1) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: ESP (0x32) Header checksum: 0xfb86 [correct] Good: True Bad : False Source: 165.227.249.115 (165.227.249.115) Destination: 165.227.249.153 (165.227.249.153) Encapsulating Security Payload SPI: 0x6781f5ed Sequence: 1 Data (84 bytes) 0000 00 1b 11 4d 7e f0 00 0c 29 ab 06 ab 08 00 45 00 ...M~...).....E. 0010 00 70 00 01 00 00 80 32 fb 86 a5 e3 f9 73 a5 e3 .p.....2.....s.. 0020 f9 99 67 81 f5 ed 00 00 00 01 8f 48 75 db 01 e5 ..g........Hu... 0030 b9 c0 d3 6f cd 2a 50 16 e7 57 b5 b9 3e d6 1d 09 ...o.*P..W..>... 0040 6e d5 99 69 b5 27 13 e1 22 0c 6b 5c 46 48 38 29 n..i.'..".k\FH8) 0050 24 67 31 8f 5b 7a 3a 5c b0 88 ba b9 4c 4b 5f 8d $g1.[z:\....LK_. 0060 34 1e 5b 87 ae d7 51 ab 57 6d 38 c2 f4 d2 3b 79 4.[...Q.Wm8...;y 0070 1e 1c de 65 4f e1 a1 92 a5 a2 94 7f c8 0e ...eO......... Frame 11 (126 bytes on wire, 126 bytes captured) Arrival Time: Dec 10, 2007 13:12:02.310407000 Time delta from previous packet: 0.005300000 seconds Time since reference or first frame: 17.170461000 seconds Frame Number: 11 Packet Length: 126 bytes Capture Length: 126 bytes Protocols in frame: eth:ip:esp:data Ethernet II, Src: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0), Dst: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab) Destination: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab) Source: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.153 (165.227.249.153), Dst: 165.227.249.115 (165.227.249.115) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0xaa5d (43613) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: ESP (0x32) Header checksum: 0x912a [correct] Good: True Bad : False Source: 165.227.249.153 (165.227.249.153) Destination: 165.227.249.115 (165.227.249.115) Encapsulating Security Payload SPI: 0xa24aec12 Sequence: 1 Data (84 bytes) 0000 00 0c 29 ab 06 ab 00 1b 11 4d 7e f0 08 00 45 00 ..)......M~...E. 0010 00 70 aa 5d 00 00 40 32 91 2a a5 e3 f9 99 a5 e3 .p.]..@2.*...... 0020 f9 73 a2 4a ec 12 00 00 00 01 25 bb a5 a3 98 e0 .s.J......%..... 0030 6f 33 41 f3 3f de fc d8 c5 d7 3c a2 34 50 6e 11 o3A.?.....<.4Pn. 0040 2b 9b 7b bd fc a2 a5 7c 28 cb 99 cc 25 b6 a2 2f +.{....|(...%../ 0050 0e 6c 04 42 f1 c4 5c f7 c5 a5 9a db ed 8a 97 66 .l.B..\........f 0060 d6 9a 7c f4 0c 84 08 64 f5 e9 67 87 ed 2c cf 33 ..|....d..g..,.3 0070 e3 71 8a 4a 8b b4 67 55 2b de 86 7b df f0 .q.J..gU+..{.. Frame 12 (126 bytes on wire, 126 bytes captured) Arrival Time: Dec 10, 2007 13:12:03.315941000 Time delta from previous packet: 1.005534000 seconds Time since reference or first frame: 18.175995000 seconds Frame Number: 12 Packet Length: 126 bytes Capture Length: 126 bytes Protocols in frame: eth:ip:esp:data Ethernet II, Src: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab), Dst: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0) Destination: 00:1b:11:4d:7e:f0 (00:1b:11:4d:7e:f0) Source: 00:0c:29:ab:06:ab (00:0c:29:ab:06:ab) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.115 (165.227.249.115), Dst: 165.227.249.153 (165.227.249.153) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 112 Identification: 0x0002 (2) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: ESP (0x32) Header checksum: 0xfb85 [correct] Good: True Bad : False Source: 165.227.249.115 (165.227.249.115) Destination: 165.227.249.153 (165.227.249.153) Encapsulating Security Payload SPI: 0x6781f5ed Sequence: 2 Data (84 bytes) 0000 00 1b 11 4d 7e f0 00 0c 29 ab 06 ab 08 00 45 00 ...M~...).....E. 0010 00 70 00 02 00 00 80 32 fb 85 a5 e3 f9 73 a5 e3 .p.....2.....s.. 0020 f9 99 67 81 f5 ed 00 00 00 02 38 c2 f4 d2 3b 79 ..g.......8...;y 0030 1e 1c ce 72 d6 ff 19 81 ec 8c 59 c5 0f ef 29 16 ...r......Y...). 0040 d9 4c 5f 27 0e 8a 7e 3c 6d 84 a0 56 24 84 21 e8 .L_'..~