Frame 1 (222 bytes on wire, 222 bytes captured) Arrival Time: Aug 14, 2006 14:25:01.263533000 Time delta from previous packet: 0.000000000 seconds Time since reference or first frame: 0.000000000 seconds Frame Number: 1 Packet Length: 222 bytes Capture Length: 222 bytes Protocols in frame: eth:ip:udp:isakmp Ethernet II, Src: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa), Dst: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30) Destination: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30) Source: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.150 (165.227.249.150), Dst: 165.227.249.118 (165.227.249.118) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 208 Identification: 0x0317 (791) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: UDP (0x11) Header checksum: 0xf831 [correct] Good: True Bad : False Source: 165.227.249.150 (165.227.249.150) Destination: 165.227.249.118 (165.227.249.118) User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500) Source port: 500 (500) Destination port: 500 (500) Length: 188 Checksum: 0xe578 [correct] Internet Security Association and Key Management Protocol Initiator cookie: 0x55EE8EEA0AA7019F Responder cookie: 0x0000000000000000 Next payload: Security Association (1) Version: 1.0 Exchange type: Identity Protection (Main Mode) (2) Flags .... ...0 = Not encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x00000000 Length: 180 Security Association payload Next payload: Vendor ID (13) Length: 52 Domain of interpretation: IPSEC (1) Situation: IDENTITY (1) Proposal payload # 1 Next payload: NONE (0) Length: 40 Proposal number: 1 Protocol ID: ISAKMP (1) SPI size: 0 Number of transforms: 1 Transform payload # 1 Next payload: NONE (0) Length: 32 Transform number: 1 Transform ID: KEY_IKE (1) Encryption-Algorithm (1): 3DES-CBC (5) Hash-Algorithm (2): SHA (2) Group-Description (4): Alternate 1024-bit MODP group (2) Authentication-Method (3): PSK (1) Life-Type (11): Seconds (1) Life-Duration (12): Duration-Value (28800) Vendor ID payload Next payload: Vendor ID (13) Length: 20 Vendor ID: unknown vendor ID: 0x4A131C81070358455C5728F20E95452F Vendor ID payload Next payload: Vendor ID (13) Length: 20 Vendor ID: draft-ietf-ipsec-nat-t-ike-03 Vendor ID payload Next payload: Vendor ID (13) Length: 20 Vendor ID: draft-ietf-ipsec-nat-t-ike-02 Vendor ID payload Next payload: Vendor ID (13) Length: 20 Vendor ID: draft-ietf-ipsec-nat-t-ike-00 Vendor ID payload Next payload: NONE (0) Length: 20 Vendor ID: RFC 3706 Detecting Dead IKE Peers (DPD) 0000 00 13 19 ca ce 30 00 0c 29 96 e1 fa 08 00 45 00 .....0..).....E. 0010 00 d0 03 17 00 00 80 11 f8 31 a5 e3 f9 96 a5 e3 .........1...... 0020 f9 76 01 f4 01 f4 00 bc e5 78 55 ee 8e ea 0a a7 .v.......xU..... 0030 01 9f 00 00 00 00 00 00 00 00 01 10 02 00 00 00 ................ 0040 00 00 00 00 00 b4 0d 00 00 34 00 00 00 01 00 00 .........4...... 0050 00 01 00 00 00 28 01 01 00 01 00 00 00 20 01 01 .....(....... .. 0060 00 00 80 01 00 05 80 02 00 02 80 04 00 02 80 03 ................ 0070 00 01 80 0b 00 01 80 0c 70 80 0d 00 00 14 4a 13 ........p.....J. 0080 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 ....XE\W(...E/.. 0090 00 14 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 ..}...S..o,....R 00a0 9d 56 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 .V........>.in.c 00b0 81 b5 ec 42 7b 1f 0d 00 00 14 44 85 15 2d 18 b6 ...B{.....D..-.. 00c0 bb cd 0b e8 a8 46 95 79 dd cc 00 00 00 14 af ca .....F.y........ 00d0 d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 ..h...k...wW.. Frame 2 (142 bytes on wire, 142 bytes captured) Arrival Time: Aug 14, 2006 14:25:01.291160000 Time delta from previous packet: 0.027627000 seconds Time since reference or first frame: 0.027627000 seconds Frame Number: 2 Packet Length: 142 bytes Capture Length: 142 bytes Protocols in frame: eth:ip:udp:isakmp Ethernet II, Src: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30), Dst: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa) Destination: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa) Source: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.118 (165.227.249.118), Dst: 165.227.249.150 (165.227.249.150) Version: 4 Header length: 20 bytes Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00) 1100 00.. = Differentiated Services Codepoint: Class Selector 6 (0x30) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 128 Identification: 0x3e3b (15931) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 255 Protocol: UDP (0x11) Header checksum: 0x3d9d [correct] Good: True Bad : False Source: 165.227.249.118 (165.227.249.118) Destination: 165.227.249.150 (165.227.249.150) User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500) Source port: 500 (500) Destination port: 500 (500) Length: 108 Checksum: 0xba68 [correct] Internet Security Association and Key Management Protocol Initiator cookie: 0x55EE8EEA0AA7019F Responder cookie: 0xBE62B7B478976D5D Next payload: Security Association (1) Version: 1.0 Exchange type: Identity Protection (Main Mode) (2) Flags .... ...0 = Not encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x00000000 Length: 100 Security Association payload Next payload: Vendor ID (13) Length: 52 Domain of interpretation: IPSEC (1) Situation: IDENTITY (1) Proposal payload # 1 Next payload: NONE (0) Length: 40 Proposal number: 1 Protocol ID: ISAKMP (1) SPI size: 0 Number of transforms: 1 Transform payload # 1 Next payload: NONE (0) Length: 32 Transform number: 1 Transform ID: KEY_IKE (1) Encryption-Algorithm (1): 3DES-CBC (5) Hash-Algorithm (2): SHA (2) Group-Description (4): Alternate 1024-bit MODP group (2) Authentication-Method (3): PSK (1) Life-Type (11): Seconds (1) Life-Duration (12): Duration-Value (28800) Vendor ID payload Next payload: NONE (0) Length: 20 Vendor ID: draft-ietf-ipsec-nat-t-ike-03 0000 00 0c 29 96 e1 fa 00 13 19 ca ce 30 08 00 45 c0 ..)........0..E. 0010 00 80 3e 3b 00 00 ff 11 3d 9d a5 e3 f9 76 a5 e3 ..>;....=....v.. 0020 f9 96 01 f4 01 f4 00 6c ba 68 55 ee 8e ea 0a a7 .......l.hU..... 0030 01 9f be 62 b7 b4 78 97 6d 5d 01 10 02 00 00 00 ...b..x.m]...... 0040 00 00 00 00 00 64 0d 00 00 34 00 00 00 01 00 00 .....d...4...... 0050 00 01 00 00 00 28 01 01 00 01 00 00 00 20 01 01 .....(....... .. 0060 00 00 80 01 00 05 80 02 00 02 80 04 00 02 80 03 ................ 0070 00 01 80 0b 00 01 80 0c 70 80 00 00 00 14 7d 94 ........p.....}. 0080 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 ..S..o,....R.V Frame 3 (270 bytes on wire, 270 bytes captured) Arrival Time: Aug 14, 2006 14:25:01.309190000 Time delta from previous packet: 0.018030000 seconds Time since reference or first frame: 0.045657000 seconds Frame Number: 3 Packet Length: 270 bytes Capture Length: 270 bytes Protocols in frame: eth:ip:udp:isakmp Ethernet II, Src: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa), Dst: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30) Destination: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30) Source: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.150 (165.227.249.150), Dst: 165.227.249.118 (165.227.249.118) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 256 Identification: 0x0318 (792) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: UDP (0x11) Header checksum: 0xf800 [correct] Good: True Bad : False Source: 165.227.249.150 (165.227.249.150) Destination: 165.227.249.118 (165.227.249.118) User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500) Source port: 500 (500) Destination port: 500 (500) Length: 236 Checksum: 0x66ab [correct] Internet Security Association and Key Management Protocol Initiator cookie: 0x55EE8EEA0AA7019F Responder cookie: 0xBE62B7B478976D5D Next payload: Key Exchange (4) Version: 1.0 Exchange type: Identity Protection (Main Mode) (2) Flags .... ...0 = Not encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x00000000 Length: 228 Key Exchange payload Next payload: Nonce (10) Length: 132 Key Exchange Data Nonce payload Next payload: NAT-D (draft-ietf-ipsec-nat-t-ike-01 to 03) (130) Length: 20 Nonce Data NAT-D (draft-ietf-ipsec-nat-t-ike-01 to 03) payload Next payload: NAT-D (draft-ietf-ipsec-nat-t-ike-01 to 03) (130) Length: 24 Hash of address and port: EA84B9D28398FC3A0F05995AF1CD0A82B748DCA8 NAT-D (draft-ietf-ipsec-nat-t-ike-01 to 03) payload Next payload: NONE (0) Length: 24 Hash of address and port: E1FE677C7BCE18D3356C1438B8A0C77C475F085D 0000 00 13 19 ca ce 30 00 0c 29 96 e1 fa 08 00 45 00 .....0..).....E. 0010 01 00 03 18 00 00 80 11 f8 00 a5 e3 f9 96 a5 e3 ................ 0020 f9 76 01 f4 01 f4 00 ec 66 ab 55 ee 8e ea 0a a7 .v......f.U..... 0030 01 9f be 62 b7 b4 78 97 6d 5d 04 10 02 00 00 00 ...b..x.m]...... 0040 00 00 00 00 00 e4 0a 00 00 84 46 c5 ec 40 fc 8f ..........F..@.. 0050 c4 83 db c7 1f 2f 17 85 f6 eb c7 04 a3 09 d5 8e ...../.......... 0060 b2 a7 a9 22 8d 99 05 a7 a6 f9 3f 01 11 26 1a b8 ..."......?..&.. 0070 d4 d8 9c b0 96 ec 68 49 02 fe e1 91 5a 0c 12 f3 ......hI....Z... 0080 c7 49 0e 76 48 de a6 c8 9a 45 6e ed ae 0e e8 5c .I.vH....En....\ 0090 c1 5b a7 ea 46 3b 1b 05 23 6e 21 a9 cd 42 00 ca .[..F;..#n!..B.. 00a0 06 f1 96 79 50 29 a3 a4 5c 17 86 be 6f 30 1c 3f ...yP)..\...o0.? 00b0 87 cc 3d 14 da 8b ef 6e c1 cf a0 a5 fd c1 c1 b9 ..=....n........ 00c0 f8 2a 51 d7 eb b7 90 cf 54 3b 82 00 00 14 44 2b .*Q.....T;....D+ 00d0 5b 6b e2 a1 ea bf 9e 33 ff 46 54 df 2f fa 82 00 [k.....3.FT./... 00e0 00 18 ea 84 b9 d2 83 98 fc 3a 0f 05 99 5a f1 cd .........:...Z.. 00f0 0a 82 b7 48 dc a8 00 00 00 18 e1 fe 67 7c 7b ce ...H........g|{. 0100 18 d3 35 6c 14 38 b8 a0 c7 7c 47 5f 08 5d ..5l.8...|G_.] Frame 4 (346 bytes on wire, 346 bytes captured) Arrival Time: Aug 14, 2006 14:25:01.348497000 Time delta from previous packet: 0.039307000 seconds Time since reference or first frame: 0.084964000 seconds Frame Number: 4 Packet Length: 346 bytes Capture Length: 346 bytes Protocols in frame: eth:ip:udp:isakmp Ethernet II, Src: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30), Dst: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa) Destination: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa) Source: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.118 (165.227.249.118), Dst: 165.227.249.150 (165.227.249.150) Version: 4 Header length: 20 bytes Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00) 1100 00.. = Differentiated Services Codepoint: Class Selector 6 (0x30) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 332 Identification: 0x3e3c (15932) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 255 Protocol: UDP (0x11) Header checksum: 0x3cd0 [correct] Good: True Bad : False Source: 165.227.249.118 (165.227.249.118) Destination: 165.227.249.150 (165.227.249.150) User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500) Source port: 500 (500) Destination port: 500 (500) Length: 312 Checksum: 0x0e59 [correct] Internet Security Association and Key Management Protocol Initiator cookie: 0x55EE8EEA0AA7019F Responder cookie: 0xBE62B7B478976D5D Next payload: Key Exchange (4) Version: 1.0 Exchange type: Identity Protection (Main Mode) (2) Flags .... ...0 = Not encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x00000000 Length: 304 Key Exchange payload Next payload: Nonce (10) Length: 132 Key Exchange Data Nonce payload Next payload: Vendor ID (13) Length: 24 Nonce Data Vendor ID payload Next payload: Vendor ID (13) Length: 20 Vendor ID: unknown vendor ID: 0x12F5F28C457168A9702D9FE274CC0100 Vendor ID payload Next payload: Vendor ID (13) Length: 20 Vendor ID: RFC 3706 Detecting Dead IKE Peers (DPD) Vendor ID payload Next payload: Vendor ID (13) Length: 20 Vendor ID: unknown vendor ID: 0x4BA510A978966D5D2C10F78147958CDB Vendor ID payload Next payload: NAT-D (draft-ietf-ipsec-nat-t-ike-01 to 03) (130) Length: 12 Vendor ID: draft-beaulieu-ike-xauth-02.txt NAT-D (draft-ietf-ipsec-nat-t-ike-01 to 03) payload Next payload: NAT-D (draft-ietf-ipsec-nat-t-ike-01 to 03) (130) Length: 24 Hash of address and port: E1FE677C7BCE18D3356C1438B8A0C77C475F085D NAT-D (draft-ietf-ipsec-nat-t-ike-01 to 03) payload Next payload: NONE (0) Length: 24 Hash of address and port: EA84B9D28398FC3A0F05995AF1CD0A82B748DCA8 0000 00 0c 29 96 e1 fa 00 13 19 ca ce 30 08 00 45 c0 ..)........0..E. 0010 01 4c 3e 3c 00 00 ff 11 3c d0 a5 e3 f9 76 a5 e3 .L><....<....v.. 0020 f9 96 01 f4 01 f4 01 38 0e 59 55 ee 8e ea 0a a7 .......8.YU..... 0030 01 9f be 62 b7 b4 78 97 6d 5d 04 10 02 00 00 00 ...b..x.m]...... 0040 00 00 00 00 01 30 0a 00 00 84 5e 3a ba 73 a6 f0 .....0....^:.s.. 0050 ed 30 e2 c0 e4 93 8a ed 46 b3 19 b2 43 f2 d4 04 .0......F...C... 0060 4e f4 d6 97 91 6d fb 65 83 87 21 67 cd 7d 0b d1 N....m.e..!g.}.. 0070 9a 3e 38 07 5d 37 f8 8e d8 af 22 53 a1 c4 b3 47 .>8.]7...."S...G 0080 51 22 ca bf 19 11 55 9d f8 76 e3 3b e6 d4 eb 94 Q"....U..v.;.... 0090 6e 96 23 85 23 89 da ea 40 3e 4e a9 30 57 5b 1d n.#.#...@>N.0W[. 00a0 00 44 25 95 48 73 23 96 5f be 4a db 8d d7 6d 57 .D%.Hs#._.J...mW 00b0 21 1e 77 61 ae 54 f6 c3 71 9e b7 7b 79 7c 28 6b !.wa.T..q..{y|(k 00c0 91 64 ed c5 f5 12 7c e5 2a 9e 0d 00 00 18 ab df .d....|.*....... 00d0 dc 8b 9f 45 ad 70 27 67 bd 9d 61 b5 7a 53 73 6d ...E.p'g..a.zSsm 00e0 c0 c7 0d 00 00 14 12 f5 f2 8c 45 71 68 a9 70 2d ..........Eqh.p- 00f0 9f e2 74 cc 01 00 0d 00 00 14 af ca d7 13 68 a1 ..t...........h. 0100 f1 c9 6b 86 96 fc 77 57 01 00 0d 00 00 14 4b a5 ..k...wW......K. 0110 10 a9 78 96 6d 5d 2c 10 f7 81 47 95 8c db 82 00 ..x.m],...G..... 0120 00 0c 09 00 26 89 df d6 b7 12 82 00 00 18 e1 fe ....&........... 0130 67 7c 7b ce 18 d3 35 6c 14 38 b8 a0 c7 7c 47 5f g|{...5l.8...|G_ 0140 08 5d 00 00 00 18 ea 84 b9 d2 83 98 fc 3a 0f 05 .]...........:.. 0150 99 5a f1 cd 0a 82 b7 48 dc a8 .Z.....H.. Frame 5 (142 bytes on wire, 142 bytes captured) Arrival Time: Aug 14, 2006 14:25:01.397006000 Time delta from previous packet: 0.048509000 seconds Time since reference or first frame: 0.133473000 seconds Frame Number: 5 Packet Length: 142 bytes Capture Length: 142 bytes Protocols in frame: eth:ip:udp:isakmp Ethernet II, Src: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa), Dst: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30) Destination: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30) Source: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.150 (165.227.249.150), Dst: 165.227.249.118 (165.227.249.118) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 128 Identification: 0x0319 (793) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: UDP (0x11) Header checksum: 0xf87f [correct] Good: True Bad : False Source: 165.227.249.150 (165.227.249.150) Destination: 165.227.249.118 (165.227.249.118) User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500) Source port: 500 (500) Destination port: 500 (500) Length: 108 Checksum: 0xc347 [correct] Internet Security Association and Key Management Protocol Initiator cookie: 0x55EE8EEA0AA7019F Responder cookie: 0xBE62B7B478976D5D Next payload: Identification (5) Version: 1.0 Exchange type: Identity Protection (Main Mode) (2) Flags .... ...1 = Encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x00000000 Length: 100 Encrypted payload (72 bytes) 0000 00 13 19 ca ce 30 00 0c 29 96 e1 fa 08 00 45 00 .....0..).....E. 0010 00 80 03 19 00 00 80 11 f8 7f a5 e3 f9 96 a5 e3 ................ 0020 f9 76 01 f4 01 f4 00 6c c3 47 55 ee 8e ea 0a a7 .v.....l.GU..... 0030 01 9f be 62 b7 b4 78 97 6d 5d 05 10 02 01 00 00 ...b..x.m]...... 0040 00 00 00 00 00 64 20 34 47 23 46 92 ec ac 88 d0 .....d 4G#F..... 0050 df f6 e7 5b bf 2a 6d 95 d6 6d 80 7d 8d 66 4b 17 ...[.*m..m.}.fK. 0060 f3 0a df 2c 07 df 4e 91 4f a7 f3 61 ee c7 d0 7e ...,..N.O..a...~ 0070 35 23 72 4e 44 62 49 f3 ae d2 ec c8 d6 8f 0c 74 5#rNDbI........t 0080 67 a0 5c 9a 08 3b d4 9f 9b a0 4c 40 f5 38 g.\..;....L@.8 Frame 6 (110 bytes on wire, 110 bytes captured) Arrival Time: Aug 14, 2006 14:25:01.400847000 Time delta from previous packet: 0.003841000 seconds Time since reference or first frame: 0.137314000 seconds Frame Number: 6 Packet Length: 110 bytes Capture Length: 110 bytes Protocols in frame: eth:ip:udp:isakmp Ethernet II, Src: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30), Dst: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa) Destination: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa) Source: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.118 (165.227.249.118), Dst: 165.227.249.150 (165.227.249.150) Version: 4 Header length: 20 bytes Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00) 1100 00.. = Differentiated Services Codepoint: Class Selector 6 (0x30) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 96 Identification: 0x3e3d (15933) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 255 Protocol: UDP (0x11) Header checksum: 0x3dbb [correct] Good: True Bad : False Source: 165.227.249.118 (165.227.249.118) Destination: 165.227.249.150 (165.227.249.150) User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500) Source port: 500 (500) Destination port: 500 (500) Length: 76 Checksum: 0xd273 [correct] Internet Security Association and Key Management Protocol Initiator cookie: 0x55EE8EEA0AA7019F Responder cookie: 0xBE62B7B478976D5D Next payload: Identification (5) Version: 1.0 Exchange type: Identity Protection (Main Mode) (2) Flags .... ...1 = Encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0x00000000 Length: 68 Encrypted payload (40 bytes) 0000 00 0c 29 96 e1 fa 00 13 19 ca ce 30 08 00 45 c0 ..)........0..E. 0010 00 60 3e 3d 00 00 ff 11 3d bb a5 e3 f9 76 a5 e3 .`>=....=....v.. 0020 f9 96 01 f4 01 f4 00 4c d2 73 55 ee 8e ea 0a a7 .......L.sU..... 0030 01 9f be 62 b7 b4 78 97 6d 5d 05 10 02 01 00 00 ...b..x.m]...... 0040 00 00 00 00 00 44 2e 77 76 ec 2e cc 4d 66 b2 d1 .....D.wv...Mf.. 0050 cf 7e 16 bd 9c 7b 89 c9 6d 98 5c 70 04 10 53 64 .~...{..m.\p..Sd 0060 8d d4 10 7f ea 06 65 a9 97 77 d4 27 39 9c ......e..w.'9. Frame 7 (334 bytes on wire, 334 bytes captured) Arrival Time: Aug 14, 2006 14:25:01.427602000 Time delta from previous packet: 0.026755000 seconds Time since reference or first frame: 0.164069000 seconds Frame Number: 7 Packet Length: 334 bytes Capture Length: 334 bytes Protocols in frame: eth:ip:udp:isakmp Ethernet II, Src: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa), Dst: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30) Destination: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30) Source: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.150 (165.227.249.150), Dst: 165.227.249.118 (165.227.249.118) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 320 Identification: 0x031a (794) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: UDP (0x11) Header checksum: 0xf7be [correct] Good: True Bad : False Source: 165.227.249.150 (165.227.249.150) Destination: 165.227.249.118 (165.227.249.118) User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500) Source port: 500 (500) Destination port: 500 (500) Length: 300 Checksum: 0x222e [correct] Internet Security Association and Key Management Protocol Initiator cookie: 0x55EE8EEA0AA7019F Responder cookie: 0xBE62B7B478976D5D Next payload: Hash (8) Version: 1.0 Exchange type: Quick Mode (32) Flags .... ...1 = Encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0xCDBEB65D Length: 292 Encrypted payload (264 bytes) 0000 00 13 19 ca ce 30 00 0c 29 96 e1 fa 08 00 45 00 .....0..).....E. 0010 01 40 03 1a 00 00 80 11 f7 be a5 e3 f9 96 a5 e3 .@.............. 0020 f9 76 01 f4 01 f4 01 2c 22 2e 55 ee 8e ea 0a a7 .v.....,".U..... 0030 01 9f be 62 b7 b4 78 97 6d 5d 08 10 20 01 cd be ...b..x.m].. ... 0040 b6 5d 00 00 01 24 e3 74 e4 9e bd 77 22 77 c1 09 .]...$.t...w"w.. 0050 89 ab de a9 37 16 39 bd ea f1 c8 fa df e3 e5 ee ....7.9......... 0060 2d 5d 0e cc 7d ca 74 3f 5b 81 29 cc 73 87 07 ae -]..}.t?[.).s... 0070 c7 d9 66 ae 12 ad 47 3c a6 d3 bf 5c d7 97 c9 d9 ..f...G<...\.... 0080 d1 f2 96 0d 40 48 54 f4 b3 5e c8 72 a7 a7 5f f5 ....@HT..^.r.._. 0090 c7 14 01 4a a2 35 a5 dc 20 25 81 ef e1 b8 f0 13 ...J.5.. %...... 00a0 99 4c 71 4b 1a 50 56 97 28 9e cf 8a c4 7d c0 9f .LqK.PV.(....}.. 00b0 b9 11 8c 55 36 4a b0 ab a9 87 08 6d e9 d8 02 b1 ...U6J.....m.... 00c0 18 d8 2c cb 0b 1b 0b 5e 17 bb 2d 30 e6 aa e0 64 ..,....^..-0...d 00d0 25 69 1a 13 d2 97 42 86 65 0f f0 29 fb 5e 68 b1 %i....B.e..).^h. 00e0 53 be 91 37 90 2f 79 9a b7 e7 c4 2c 98 23 48 23 S..7./y....,.#H# 00f0 21 69 38 81 0e 36 0b 6c cd 4f c3 db 61 53 8b a4 !i8..6.l.O..aS.. 0100 75 9a ce d7 07 7f be d5 5b 3e ef 01 ef 7d 0f a1 u.......[>...}.. 0110 3f e3 d3 a0 ff 59 66 a6 8b 81 c5 84 47 7b 23 05 ?....Yf.....G{#. 0120 9f f1 60 c9 a2 76 ee 5b 6e 28 27 0a 31 a2 fb 14 ..`..v.[n('.1... 0130 59 a5 ef 4b 77 3d 91 a2 7d 92 c2 ee e1 fd a4 3b Y..Kw=..}......; 0140 30 12 75 e0 d8 34 dc b6 27 af 5b 97 d4 af 0.u..4..'.[... Frame 8 (366 bytes on wire, 366 bytes captured) Arrival Time: Aug 14, 2006 14:25:01.467093000 Time delta from previous packet: 0.039491000 seconds Time since reference or first frame: 0.203560000 seconds Frame Number: 8 Packet Length: 366 bytes Capture Length: 366 bytes Protocols in frame: eth:ip:udp:isakmp Ethernet II, Src: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30), Dst: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa) Destination: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa) Source: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.118 (165.227.249.118), Dst: 165.227.249.150 (165.227.249.150) Version: 4 Header length: 20 bytes Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00) 1100 00.. = Differentiated Services Codepoint: Class Selector 6 (0x30) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 352 Identification: 0x3e3e (15934) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 255 Protocol: UDP (0x11) Header checksum: 0x3cba [correct] Good: True Bad : False Source: 165.227.249.118 (165.227.249.118) Destination: 165.227.249.150 (165.227.249.150) User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500) Source port: 500 (500) Destination port: 500 (500) Length: 332 Checksum: 0xf4e1 [correct] Internet Security Association and Key Management Protocol Initiator cookie: 0x55EE8EEA0AA7019F Responder cookie: 0xBE62B7B478976D5D Next payload: Hash (8) Version: 1.0 Exchange type: Quick Mode (32) Flags .... ...1 = Encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0xCDBEB65D Length: 324 Encrypted payload (296 bytes) 0000 00 0c 29 96 e1 fa 00 13 19 ca ce 30 08 00 45 c0 ..)........0..E. 0010 01 60 3e 3e 00 00 ff 11 3c ba a5 e3 f9 76 a5 e3 .`>>....<....v.. 0020 f9 96 01 f4 01 f4 01 4c f4 e1 55 ee 8e ea 0a a7 .......L..U..... 0030 01 9f be 62 b7 b4 78 97 6d 5d 08 10 20 01 cd be ...b..x.m].. ... 0040 b6 5d 00 00 01 44 db ae 2e b6 ea 6b db 01 49 20 .]...D.....k..I 0050 91 f6 07 a6 44 87 67 56 a1 79 25 7a a0 a9 93 3f ....D.gV.y%z...? 0060 a8 4e 15 65 2b 3a d7 b3 a5 78 76 21 6c ba 48 57 .N.e+:...xv!l.HW 0070 4e 02 0e 72 07 44 13 06 30 8c a0 9f ab 6d 9f 3e N..r.D..0....m.> 0080 8b 5b a4 5b 64 67 0f 38 dd b0 a2 40 b7 c8 91 a1 .[.[dg.8...@.... 0090 8e f6 d8 92 18 02 16 e0 4c 8b 50 cf 10 5c 63 01 ........L.P..\c. 00a0 fb 8c b1 15 34 18 65 c4 7a 00 29 d3 81 b9 a6 e3 ....4.e.z.)..... 00b0 d5 dd ac de 24 9e cb b3 5b fd 33 61 b6 a9 f3 a1 ....$...[.3a.... 00c0 08 e4 2e 10 8e 4c 73 2f 71 bd 46 31 33 dc 46 29 .....Ls/q.F13.F) 00d0 d5 bf bc 17 72 f3 dd e7 12 6f 0e 68 5e 6f af 30 ....r....o.h^o.0 00e0 98 6a 9e d2 ac 57 5d 8b 63 2a f5 b2 c4 ab 4d bc .j...W].c*....M. 00f0 e1 01 71 ea ae 99 43 cb 07 c7 f1 a4 6d c3 90 b5 ..q...C.....m... 0100 99 4d 06 e1 e7 66 e5 00 58 3e 80 43 1b 17 ed 19 .M...f..X>.C.... 0110 1e ce 99 53 7f d8 e8 ec 9e 8b 9d 03 c0 4c f8 38 ...S.........L.8 0120 95 c6 55 26 55 8c 7f fe f2 69 43 f8 28 91 b5 39 ..U&U....iC.(..9 0130 ad 5f 7e 67 49 ef a8 46 15 2d 85 1a 14 5d 87 65 ._~gI..F.-...].e 0140 0a d6 9f ac ba cc 80 4d 39 23 97 5c 48 b8 42 72 .......M9#.\H.Br 0150 b0 9c 05 f9 2b 57 bf f7 af f4 70 1c d9 56 fe ae ....+W....p..V.. 0160 70 7d 90 75 44 91 32 1d de 04 3f 0f 1a 59 p}.uD.2...?..Y Frame 9 (102 bytes on wire, 102 bytes captured) Arrival Time: Aug 14, 2006 14:25:01.559173000 Time delta from previous packet: 0.092080000 seconds Time since reference or first frame: 0.295640000 seconds Frame Number: 9 Packet Length: 102 bytes Capture Length: 102 bytes Protocols in frame: eth:ip:udp:isakmp Ethernet II, Src: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa), Dst: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30) Destination: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30) Source: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.150 (165.227.249.150), Dst: 165.227.249.118 (165.227.249.118) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 88 Identification: 0x031b (795) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: UDP (0x11) Header checksum: 0xf8a5 [correct] Good: True Bad : False Source: 165.227.249.150 (165.227.249.150) Destination: 165.227.249.118 (165.227.249.118) User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500) Source port: 500 (500) Destination port: 500 (500) Length: 68 Checksum: 0xdb56 [correct] Internet Security Association and Key Management Protocol Initiator cookie: 0x55EE8EEA0AA7019F Responder cookie: 0xBE62B7B478976D5D Next payload: Hash (8) Version: 1.0 Exchange type: Quick Mode (32) Flags .... ...1 = Encrypted .... ..0. = No commit .... .0.. = No authentication Message ID: 0xCDBEB65D Length: 60 Encrypted payload (32 bytes) 0000 00 13 19 ca ce 30 00 0c 29 96 e1 fa 08 00 45 00 .....0..).....E. 0010 00 58 03 1b 00 00 80 11 f8 a5 a5 e3 f9 96 a5 e3 .X.............. 0020 f9 76 01 f4 01 f4 00 44 db 56 55 ee 8e ea 0a a7 .v.....D.VU..... 0030 01 9f be 62 b7 b4 78 97 6d 5d 08 10 20 01 cd be ...b..x.m].. ... 0040 b6 5d 00 00 00 3c 02 b6 bc 6a a2 b1 b0 10 ab b6 .]...<...j...... 0050 96 f3 3a 16 26 4f 51 29 c0 7d 78 e0 f6 f3 b3 93 ..:.&OQ).}x..... 0060 be ad 34 8f 0a 7f ..4... Frame 10 (398 bytes on wire, 398 bytes captured) Arrival Time: Aug 14, 2006 14:25:09.436543000 Time delta from previous packet: 7.877370000 seconds Time since reference or first frame: 8.173010000 seconds Frame Number: 10 Packet Length: 398 bytes Capture Length: 398 bytes Protocols in frame: eth:ip:esp:data Ethernet II, Src: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa), Dst: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30) Destination: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30) Source: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.150 (165.227.249.150), Dst: 165.227.249.118 (165.227.249.118) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 384 Identification: 0x031c (796) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: ESP (0x32) Header checksum: 0xf75b [correct] Good: True Bad : False Source: 165.227.249.150 (165.227.249.150) Destination: 165.227.249.118 (165.227.249.118) Encapsulating Security Payload SPI: 0x0fc133cc Sequence: 1 Data (356 bytes) 0000 00 13 19 ca ce 30 00 0c 29 96 e1 fa 08 00 45 00 .....0..).....E. 0010 01 80 03 1c 00 00 80 32 f7 5b a5 e3 f9 96 a5 e3 .......2.[...... 0020 f9 76 0f c1 33 cc 00 00 00 01 b3 3e 35 c4 39 15 .v..3......>5.9. 0030 05 c5 dd 1e 34 95 4b 1d c4 7e b1 46 f4 73 09 a0 ....4.K..~.F.s.. 0040 4e 38 61 7e 46 bb 7a 14 bf 10 cc ef 4c a0 63 02 N8a~F.z.....L.c. 0050 5e 1e 54 6a 02 35 ab a2 d0 0d 96 99 d5 bc 7e 29 ^.Tj.5........~) 0060 d2 b1 1b c8 3f 40 0c 99 36 50 68 49 7b de 07 6e ....?@..6PhI{..n 0070 d4 50 61 09 13 99 05 09 3a ef e8 d3 cd bc 6d 77 .Pa.....:.....mw 0080 e2 3d 94 7b 89 47 f3 d5 d3 82 e2 45 ed 37 87 8f .=.{.G.....E.7.. 0090 f6 23 20 12 b8 e0 fe 42 73 11 3f da 36 f0 63 3a .# ....Bs.?.6.c: 00a0 e0 74 a4 8f 41 ee df 9e f3 34 bd 8e f1 14 44 65 .t..A....4....De 00b0 bb 09 7d fa 91 e9 ed c0 c1 a3 24 f9 e9 44 e8 b9 ..}.......$..D.. 00c0 e6 d6 8d eb 3a dd d5 6e cc 74 e6 70 c9 d2 7c ad ....:..n.t.p..|. 00d0 d5 a4 12 a4 4d ed 90 fe 31 3f ae c7 af 28 f5 2f ....M...1?...(./ 00e0 a6 37 6b 87 a4 64 1f 48 74 06 18 8e 82 be ab 8d .7k..d.Ht....... 00f0 68 4a 8b f8 79 4f 1f ad 58 00 bc 0e 08 88 2d bf hJ..yO..X.....-. 0100 c6 a7 58 20 fe b9 ce d4 83 f0 69 a9 19 67 95 73 ..X ......i..g.s 0110 6a e7 0e 99 56 a0 cf d9 c0 5b 0c 9c 59 c4 39 4a j...V....[..Y.9J 0120 e0 96 0c 57 c1 dd 71 e3 86 49 28 e7 a4 dd ee 1b ...W..q..I(..... 0130 db a9 fb 8a 7e 38 ca 22 cc 5a 1c 5e e8 a2 3d c6 ....~8.".Z.^..=. 0140 75 c5 11 bb 04 13 e9 98 2d 1b ca 68 b7 da 91 6b u.......-..h...k 0150 31 c0 43 e7 3e 9c 75 da f2 4e 5e f1 75 e7 d0 d5 1.C.>.u..N^.u... 0160 fb 9c 7d 71 b5 8c 05 5c a0 8d eb 61 31 98 fb fb ..}q...\...a1... 0170 84 f4 6c 1d 63 5b c8 4f 70 3a d8 4d b6 c4 1b 16 ..l.c[.Op:.M.... 0180 7d ec 64 e2 0c c7 c0 c9 cd 8a 10 a1 c0 06 }.d........... Frame 11 (398 bytes on wire, 398 bytes captured) Arrival Time: Aug 14, 2006 14:25:16.870356000 Time delta from previous packet: 7.433813000 seconds Time since reference or first frame: 15.606823000 seconds Frame Number: 11 Packet Length: 398 bytes Capture Length: 398 bytes Protocols in frame: eth:ip:esp:data Ethernet II, Src: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa), Dst: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30) Destination: 00:13:19:ca:ce:30 (00:13:19:ca:ce:30) Source: 00:0c:29:96:e1:fa (00:0c:29:96:e1:fa) Type: IP (0x0800) Internet Protocol, Src: 165.227.249.150 (165.227.249.150), Dst: 165.227.249.118 (165.227.249.118) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 384 Identification: 0x031d (797) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: ESP (0x32) Header checksum: 0xf75a [correct] Good: True Bad : False Source: 165.227.249.150 (165.227.249.150) Destination: 165.227.249.118 (165.227.249.118) Encapsulating Security Payload SPI: 0x0fc133cc Sequence: 2 Data (356 bytes) 0000 00 13 19 ca ce 30 00 0c 29 96 e1 fa 08 00 45 00 .....0..).....E. 0010 01 80 03 1d 00 00 80 32 f7 5a a5 e3 f9 96 a5 e3 .......2.Z...... 0020 f9 76 0f c1 33 cc 00 00 00 02 15 c9 16 65 e9 11 .v..3........e.. 0030 5b 45 00 34 c5 02 83 99 da d0 d7 f7 b3 00 8c 01 [E.4............ 0040 5d 3a a1 9b 02 1d 33 2e ba fe 9e 12 fc ee 55 bb ]:....3.......U. 0050 b1 86 62 a7 b5 9f a0 ff 6c 51 2a fd 4d 12 20 0b ..b.....lQ*.M. . 0060 6a a6 04 96 ef ab b3 94 3d 8a c2 d3 5a 99 af f1 j.......=...Z... 0070 b1 da 56 46 58 f4 16 92 f2 09 bb 64 6d bd d4 a0 ..VFX......dm... 0080 85 1e 3e c3 b8 ed 97 63 2d 18 aa 37 ea d5 80 ec ..>....c-..7.... 0090 33 85 68 16 fa 5f 66 9f c0 a1 b0 aa a3 9c 9b a1 3.h.._f......... 00a0 24 61 ad f0 40 0a 2f 00 ec 68 e1 28 2c 43 6d 57 $a..@./..h.(,CmW 00b0 96 20 20 90 2e 9b 9a 52 e0 7f 40 a5 8e 4f 9b e3 . ....R..@..O.. 00c0 4d b2 1a 79 8b c8 3b a6 7a c3 ad 0b a6 ef a5 c0 M..y..;.z....... 00d0 3f 3b cb fa 86 5f ed e4 92 96 ad 81 d0 a1 3b 3a ?;..._........;: 00e0 76 d6 6f 72 80 58 85 69 93 dd 29 14 f9 2a 69 f2 v.or.X.i..)..*i. 00f0 cd db d5 7e df ea f8 bb 96 d3 b3 67 d4 0d 78 a6 ...~.......g..x. 0100 42 d2 0c bc 97 3f 47 1f 6e 10 47 da ca 60 64 7e B....?G.n.G..`d~ 0110 87 bc fa 52 cc 4c b3 ff 1d 69 d0 2b aa 49 38 99 ...R.L...i.+.I8. 0120 5c 3e ad 77 56 15 29 0c 6b ce e8 45 23 15 4b a7 \>.wV.).k..E#.K. 0130 5a ac a4 07 88 24 6d a5 a9 6e 1f e7 5e 77 7e 4f Z....$m..n..^w~O 0140 fc cd d3 92 b8 61 f6 7d 50 dd a4 d7 ab 44 e5 31 .....a.}P....D.1 0150 37 44 61 39 0d 1a 42 82 7a a7 86 ed 73 94 c8 95 7Da9..B.z...s... 0160 c0 b2 bd b7 80 b5 db b5 73 75 c5 d4 fe 9e 23 63 ........su....#c 0170 b7 0e 7b 92 0e fc a9 4a 11 35 c3 c4 02 50 b2 ba ..{....J.5...P.. 0180 e2 b6 56 08 9f 9c 24 d0 a3 09 b9 be b3 16 ..V...$.......