Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox And Ie Are Always "waiting" Trying To Load Certain Sites


  • This topic is locked This topic is locked
18 replies to this topic

#1 elf.i.am

elf.i.am

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 02 June 2008 - 06:21 PM

In short: when I try to access some sites, they never load. This seems to be a cross-browser problem but occurs particularly in my user account and not the "owner" account.

In detail: All of this began when my computer was infected with spyware and/or adware. I used superantispyware and avg anitvirus to get rid of the problem. But around the same time, I realized that certain sites such as bleepingcomputer.com and yahoo.com don't load. The status bar just keeps on saying "waiting for ..." when I try to go to these sites. I also have a similar problem with google. I can access the google home page but when I enter a search query and press enter, I get the same "waiting for..." message in the status bar. I disabled all add-ons, worked in safe mode and even restored the computer back about two days (I don't know why but that's the only restore point available) but the problem persists.

I can also get to the Gmail login page. But after I sign in, I see an empty page and the "waiting for ..." message. However, if I go to the google search page, I can see my e-mail address. This means even if I can't access my e-mail account, the google servers are still able to receive my sign-in request. This has been happening for a week and half now. But a few days earlier, I realized that when I sign in to gmail, and get the blank screen (with the "waiting for ") and the address bar looks something like "http://www.mail.google.com/mail/45JHSF98...." . If I remove the stuff after mail/, my account loads properly. I know that this happens in IE and Opera too, so its a cross-browser problem. But surprisingly, the problem seems to affect only my user account. I don't know about the other users, but the problem doesn't occur in the "owner" account.

Computer info: I have Windows XP Home Edition (with service pack 2), IE 7, Firefox 2

I would appreciate any help with this problem. Thanks.

BC AdBot (Login to Remove)

 


m

#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:52 PM

Posted 04 June 2008 - 06:37 AM

Hi elf.i.am,

You may try this, if you haven't yet, it does no harm. Post back if it didn't help.

Log in with your user account (the one wich is not working) then:

Download http://wiki.djlizard.net/Dial-a-fix.

* Press double green checkmark "Check all" to turn everything on.
* Close all other open windows.
* Press Go.
* Reboot after it is finished, important.



#3 forrestmage

forrestmage

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 05 June 2008 - 02:20 PM

it may not have anything to do with it, but for kicks and giggles, post the contents of your hosts file. (generally found in c:\WINDOWS\system32\dirvers\etc) open it with notepad and copy and paste into here.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,656 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:52 PM

Posted 05 June 2008 - 02:26 PM

There are other forums at BC handling malware questions, people can open a topic there, this is one of them: Am I infected? What do I do?

#5 elf.i.am

elf.i.am
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 05 June 2008 - 09:49 PM

I tried running Dial-a-Fix but it didn't fix the problem. Thankyou anyways farbar.
Following is the contents of my hosts file. There is only localhost loopback which I think is a good thing.

# Copyright © 1993-2004 Microsoft Corp.
#
# AutoGenerated by Microsoft ® Windows ® Malicious Software Removal Tool.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

#6 forrestmage

forrestmage

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 06 June 2008 - 10:28 AM

yep, that's a good thing :thumbsup:
I was afraid you were being sent to forged sites to harvest your login info.

The next step I would do is to download wireshark and run a packet capture while you try to do your google search.
http://www.wireshark.org/download.html

#7 bizarrechaos

bizarrechaos

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 06 June 2008 - 04:35 PM

Im having the same problem
http://www.bleepingcomputer.com/forums/ind...mp;#entry845725

#8 elf.i.am

elf.i.am
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 06 June 2008 - 05:43 PM

Ok, now the problem is creeping into the "owner" account too. I just got the idea to activate the guest user account. The internet in this account is working reliably and fast! I don't know if the guest account will start showing the same problem. I just downloaded wireshark and I'm about to try it.

#9 bizarrechaos

bizarrechaos

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 06 June 2008 - 05:51 PM

How exactly do I use wire shark

#10 elf.i.am

elf.i.am
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 06 June 2008 - 06:20 PM

I think I figured out how to run Wireshark. After downloading it, I changed the the capture from Dialup to the Microsoft Scheduler one in the options dialog box. I tried to go to yahoo.com and this is what I got: (screen shots followed by a text file)

Posted Image

Posted Image

Posted Image



No. Time Source Destination Protocol Info
1 0.000000 192.168.1.101 68.87.73.242 DNS Standard query A yahoo.com

Frame 1 (69 bytes on wire, 69 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 68.87.73.242 (68.87.73.242)
User Datagram Protocol, Src Port: sasg (3744), Dst Port: domain (53)
Domain Name System (query)

No. Time Source Destination Protocol Info
2 0.020336 68.87.73.242 192.168.1.101 DNS Standard query response A 206.190.60.37 A 68.180.206.184

Frame 2 (101 bytes on wire, 101 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 68.87.73.242 (68.87.73.242), Dst: 192.168.1.101 (192.168.1.101)
User Datagram Protocol, Src Port: domain (53), Dst Port: sasg (3744)
Domain Name System (response)

No. Time Source Destination Protocol Info
3 0.021757 192.168.1.101 206.190.60.37 TCP iclpv-sas > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460

Frame 3 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 206.190.60.37 (206.190.60.37)
Transmission Control Protocol, Src Port: iclpv-sas (1391), Dst Port: http (80), Seq: 0, Len: 0

No. Time Source Destination Protocol Info
4 0.043853 206.190.60.37 192.168.1.101 TCP http > iclpv-sas [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460

Frame 4 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 206.190.60.37 (206.190.60.37), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-sas (1391), Seq: 0, Ack: 1, Len: 0

No. Time Source Destination Protocol Info
5 0.043900 192.168.1.101 206.190.60.37 TCP iclpv-sas > http [ACK] Seq=1 Ack=1 Win=65535 Len=0

Frame 5 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 206.190.60.37 (206.190.60.37)
Transmission Control Protocol, Src Port: iclpv-sas (1391), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0

No. Time Source Destination Protocol Info
6 0.044122 192.168.1.101 206.190.60.37 HTTP GET / HTTP/1.1

Frame 6 (536 bytes on wire, 536 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 206.190.60.37 (206.190.60.37)
Transmission Control Protocol, Src Port: iclpv-sas (1391), Dst Port: http (80), Seq: 1, Ack: 1, Len: 482
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
7 0.070959 206.190.60.37 192.168.1.101 TCP [TCP Previous segment lost] http > iclpv-sas [FIN, ACK] Seq=355 Ack=483 Win=32850 Len=0

Frame 7 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 206.190.60.37 (206.190.60.37), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-sas (1391), Seq: 355, Ack: 483, Len: 0

No. Time Source Destination Protocol Info
8 0.070997 192.168.1.101 206.190.60.37 TCP [TCP Dup ACK 6#1] iclpv-sas > http [ACK] Seq=483 Ack=1 Win=65535 Len=0

Frame 8 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 206.190.60.37 (206.190.60.37)
Transmission Control Protocol, Src Port: iclpv-sas (1391), Dst Port: http (80), Seq: 483, Ack: 1, Len: 0

No. Time Source Destination Protocol Info
9 0.071323 206.190.60.37 192.168.1.101 HTTP [TCP Out-Of-Order] HTTP/1.1 301 Moved Permanently (text/html)

Frame 9 (408 bytes on wire, 408 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 206.190.60.37 (206.190.60.37), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-sas (1391), Seq: 1, Ack: 483, Len: 354
Hypertext Transfer Protocol
Line-based text data: text/html

No. Time Source Destination Protocol Info
10 0.071356 192.168.1.101 206.190.60.37 TCP iclpv-sas > http [ACK] Seq=483 Ack=356 Win=65181 Len=0

Frame 10 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 206.190.60.37 (206.190.60.37)
Transmission Control Protocol, Src Port: iclpv-sas (1391), Dst Port: http (80), Seq: 483, Ack: 356, Len: 0

No. Time Source Destination Protocol Info
11 0.071740 192.168.1.101 206.190.60.37 TCP iclpv-sas > http [FIN, ACK] Seq=483 Ack=356 Win=65181 Len=0

Frame 11 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 206.190.60.37 (206.190.60.37)
Transmission Control Protocol, Src Port: iclpv-sas (1391), Dst Port: http (80), Seq: 483, Ack: 356, Len: 0

No. Time Source Destination Protocol Info
12 0.098340 206.190.60.37 192.168.1.101 TCP http > iclpv-sas [ACK] Seq=356 Ack=484 Win=32849 Len=0

Frame 12 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 206.190.60.37 (206.190.60.37), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-sas (1391), Seq: 356, Ack: 484, Len: 0

No. Time Source Destination Protocol Info
13 0.102059 192.168.1.101 68.87.73.242 DNS Standard query A www.yahoo.com

Frame 13 (73 bytes on wire, 73 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 68.87.73.242 (68.87.73.242)
User Datagram Protocol, Src Port: sasg (3744), Dst Port: domain (53)
Domain Name System (query)

No. Time Source Destination Protocol Info
14 0.123418 68.87.73.242 192.168.1.101 DNS Standard query response CNAME www.yahoo-ht3.akadns.net A 69.147.76.15

Frame 14 (127 bytes on wire, 127 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 68.87.73.242 (68.87.73.242), Dst: 192.168.1.101 (192.168.1.101)
User Datagram Protocol, Src Port: domain (53), Dst Port: sasg (3744)
Domain Name System (response)

No. Time Source Destination Protocol Info
15 0.125252 192.168.1.101 69.147.76.15 TCP iclpv-nls > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460

Frame 15 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 69.147.76.15 (69.147.76.15)
Transmission Control Protocol, Src Port: iclpv-nls (1393), Dst Port: http (80), Seq: 0, Len: 0

No. Time Source Destination Protocol Info
16 0.151981 69.147.76.15 192.168.1.101 TCP http > iclpv-nls [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460

Frame 16 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 0, Ack: 1, Len: 0

No. Time Source Destination Protocol Info
17 0.152029 192.168.1.101 69.147.76.15 TCP iclpv-nls > http [ACK] Seq=1 Ack=1 Win=65535 Len=0

Frame 17 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 69.147.76.15 (69.147.76.15)
Transmission Control Protocol, Src Port: iclpv-nls (1393), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0

No. Time Source Destination Protocol Info
18 0.152252 192.168.1.101 69.147.76.15 HTTP GET / HTTP/1.1

Frame 18 (540 bytes on wire, 540 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 69.147.76.15 (69.147.76.15)
Transmission Control Protocol, Src Port: iclpv-nls (1393), Dst Port: http (80), Seq: 1, Ack: 1, Len: 486
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
19 0.227483 69.147.76.15 192.168.1.101 TCP [TCP segment of a reassembled PDU]

Frame 19 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 1, Ack: 487, Len: 1460

No. Time Source Destination Protocol Info
20 0.227595 69.147.76.15 192.168.1.101 TCP [TCP segment of a reassembled PDU]

Frame 20 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 1461, Ack: 487, Len: 1460

No. Time Source Destination Protocol Info
21 0.227623 192.168.1.101 69.147.76.15 TCP iclpv-nls > http [ACK] Seq=487 Ack=2921 Win=65535 Len=0

Frame 21 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 69.147.76.15 (69.147.76.15)
Transmission Control Protocol, Src Port: iclpv-nls (1393), Dst Port: http (80), Seq: 487, Ack: 2921, Len: 0

No. Time Source Destination Protocol Info
22 0.227960 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 22 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 2921, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
23 0.227990 192.168.1.101 69.147.76.15 TCP iclpv-nls > http [ACK] Seq=487 Ack=4381 Win=65535 Len=0

Frame 23 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 69.147.76.15 (69.147.76.15)
Transmission Control Protocol, Src Port: iclpv-nls (1393), Dst Port: http (80), Seq: 487, Ack: 4381, Len: 0

No. Time Source Destination Protocol Info
24 0.228529 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 24 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 4381, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
25 0.252009 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 25 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 5841, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
26 0.252051 192.168.1.101 69.147.76.15 TCP iclpv-nls > http [ACK] Seq=487 Ack=7301 Win=65535 Len=0

Frame 26 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 69.147.76.15 (69.147.76.15)
Transmission Control Protocol, Src Port: iclpv-nls (1393), Dst Port: http (80), Seq: 487, Ack: 7301, Len: 0

No. Time Source Destination Protocol Info
27 0.252122 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 27 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 7301, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
28 0.252154 192.168.1.101 69.147.76.15 TCP iclpv-nls > http [ACK] Seq=487 Ack=8761 Win=65535 Len=0

Frame 28 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 69.147.76.15 (69.147.76.15)
Transmission Control Protocol, Src Port: iclpv-nls (1393), Dst Port: http (80), Seq: 487, Ack: 8761, Len: 0

No. Time Source Destination Protocol Info
29 0.252387 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 29 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 8761, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
30 0.256823 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 30 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 10221, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
31 0.256845 192.168.1.101 69.147.76.15 TCP iclpv-nls > http [ACK] Seq=487 Ack=11681 Win=65535 Len=0

Frame 31 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 69.147.76.15 (69.147.76.15)
Transmission Control Protocol, Src Port: iclpv-nls (1393), Dst Port: http (80), Seq: 487, Ack: 11681, Len: 0

No. Time Source Destination Protocol Info
32 0.257296 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 32 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 11681, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
33 0.257321 192.168.1.101 69.147.76.15 TCP iclpv-nls > http [ACK] Seq=487 Ack=13141 Win=65535 Len=0

Frame 33 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 69.147.76.15 (69.147.76.15)
Transmission Control Protocol, Src Port: iclpv-nls (1393), Dst Port: http (80), Seq: 487, Ack: 13141, Len: 0

No. Time Source Destination Protocol Info
34 0.278376 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 34 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 13141, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
35 0.278825 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 35 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 14601, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
36 0.278868 192.168.1.101 69.147.76.15 TCP iclpv-nls > http [ACK] Seq=487 Ack=16061 Win=65535 Len=0

Frame 36 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 69.147.76.15 (69.147.76.15)
Transmission Control Protocol, Src Port: iclpv-nls (1393), Dst Port: http (80), Seq: 487, Ack: 16061, Len: 0

No. Time Source Destination Protocol Info
37 0.279342 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 37 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 16061, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
38 0.279398 192.168.1.101 69.147.76.15 TCP iclpv-nls > http [ACK] Seq=487 Ack=17521 Win=65535 Len=0

Frame 38 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 69.147.76.15 (69.147.76.15)
Transmission Control Protocol, Src Port: iclpv-nls (1393), Dst Port: http (80), Seq: 487, Ack: 17521, Len: 0

No. Time Source Destination Protocol Info
39 0.279873 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 39 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 17521, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
40 0.280409 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 40 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 18981, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
41 0.280431 192.168.1.101 69.147.76.15 TCP iclpv-nls > http [ACK] Seq=487 Ack=20441 Win=65535 Len=0

Frame 41 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 69.147.76.15 (69.147.76.15)
Transmission Control Protocol, Src Port: iclpv-nls (1393), Dst Port: http (80), Seq: 487, Ack: 20441, Len: 0

No. Time Source Destination Protocol Info
42 0.287877 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 42 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 20441, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
43 0.287904 192.168.1.101 69.147.76.15 TCP iclpv-nls > http [ACK] Seq=487 Ack=21901 Win=65535 Len=0

Frame 43 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 69.147.76.15 (69.147.76.15)
Transmission Control Protocol, Src Port: iclpv-nls (1393), Dst Port: http (80), Seq: 487, Ack: 21901, Len: 0

No. Time Source Destination Protocol Info
44 0.288353 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 44 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 21901, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
45 0.289014 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 45 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 23361, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
46 0.289038 192.168.1.101 69.147.76.15 TCP iclpv-nls > http [ACK] Seq=487 Ack=24821 Win=65535 Len=0

Frame 46 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 69.147.76.15 (69.147.76.15)
Transmission Control Protocol, Src Port: iclpv-nls (1393), Dst Port: http (80), Seq: 487, Ack: 24821, Len: 0

No. Time Source Destination Protocol Info
47 0.289603 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 47 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 24821, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
48 0.289630 192.168.1.101 69.147.76.15 TCP iclpv-nls > http [ACK] Seq=487 Ack=26281 Win=65535 Len=0

Frame 48 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 69.147.76.15 (69.147.76.15)
Transmission Control Protocol, Src Port: iclpv-nls (1393), Dst Port: http (80), Seq: 487, Ack: 26281, Len: 0

No. Time Source Destination Protocol Info
49 0.290129 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 49 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 26281, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
50 0.305092 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 50 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 27741, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
51 0.305132 192.168.1.101 69.147.76.15 TCP iclpv-nls > http [ACK] Seq=487 Ack=29201 Win=65535 Len=0

Frame 51 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 69.147.76.15 (69.147.76.15)
Transmission Control Protocol, Src Port: iclpv-nls (1393), Dst Port: http (80), Seq: 487, Ack: 29201, Len: 0

No. Time Source Destination Protocol Info
52 0.305205 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 52 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 29201, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
53 0.305237 192.168.1.101 69.147.76.15 TCP iclpv-nls > http [ACK] Seq=487 Ack=30661 Win=65535 Len=0

Frame 53 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 69.147.76.15 (69.147.76.15)
Transmission Control Protocol, Src Port: iclpv-nls (1393), Dst Port: http (80), Seq: 487, Ack: 30661, Len: 0

No. Time Source Destination Protocol Info
54 0.305514 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 54 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 30661, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
55 0.309475 69.147.76.15 192.168.1.101 HTTP Continuation or non-HTTP traffic

Frame 55 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 32121, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
56 0.309510 192.168.1.101 69.147.76.15 TCP iclpv-nls > http [ACK] Seq=487 Ack=33581 Win=65535 Len=0

Frame 56 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 69.147.76.15 (69.147.76.15)
Transmission Control Protocol, Src Port: iclpv-nls (1393), Dst Port: http (80), Seq: 487, Ack: 33581, Len: 0

No. Time Source Destination Protocol Info
57 0.309574 69.147.76.15 192.168.1.101 HTTP [TCP Previous segment lost] Continuation or non-HTTP traffic

Frame 57 (284 bytes on wire, 284 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 35041, Ack: 487, Len: 230
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
58 0.309591 192.168.1.101 69.147.76.15 TCP [TCP Dup ACK 56#1] iclpv-nls > http [ACK] Seq=487 Ack=33581 Win=65535 Len=0

Frame 58 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 69.147.76.15 (69.147.76.15)
Transmission Control Protocol, Src Port: iclpv-nls (1393), Dst Port: http (80), Seq: 487, Ack: 33581, Len: 0

No. Time Source Destination Protocol Info
59 0.311185 69.147.76.15 192.168.1.101 HTTP [TCP Out-Of-Order] Continuation or non-HTTP traffic

Frame 59 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 69.147.76.15 (69.147.76.15), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: iclpv-nls (1393), Seq: 33581, Ack: 487, Len: 1460
Hypertext Transfer Protocol

No. Time Source Destination Protocol Info
60 0.311249 192.168.1.101 69.147.76.15 TCP iclpv-nls > http [ACK] Seq=487 Ack=35272 Win=65535 Len=0

Frame 60 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 69.147.76.15 (69.147.76.15)
Transmission Control Protocol, Src Port: iclpv-nls (1393), Dst Port: http (80), Seq: 487, Ack: 35272, Len: 0

No. Time Source Destination Protocol Info
61 2.269345 192.168.1.100 192.168.1.255 IP Bogus IP header length (16, must be at least 20)

Frame 61 (1189 bytes on wire, 1189 bytes captured)
Ethernet II, Src: Micro-St_11:3f:cc (00:11:09:11:3f:cc), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.255 (192.168.1.255)
User Datagram Protocol, Src Port: 6646 (6646), Dst Port: 6646 (6646)
Redback Lawful Intercept
Internet Protocol

No. Time Source Destination Protocol Info
62 10.544022 64.233.169.103 192.168.1.101 TCP https > os-licman [FIN, ACK] Seq=1 Ack=1 Win=13680 Len=0

Frame 62 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 64.233.169.103 (64.233.169.103), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: https (443), Dst Port: os-licman (1384), Seq: 1, Ack: 1, Len: 0

No. Time Source Destination Protocol Info
63 10.544067 192.168.1.101 64.233.169.103 TCP os-licman > https [ACK] Seq=1 Ack=2 Win=65535 Len=0

Frame 63 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 64.233.169.103 (64.233.169.103)
Transmission Control Protocol, Src Port: os-licman (1384), Dst Port: https (443), Seq: 1, Ack: 2, Len: 0

No. Time Source Destination Protocol Info
64 10.645617 64.233.169.103 192.168.1.101 TCP https > telesis-licman [FIN, ACK] Seq=1 Ack=1 Win=17160 Len=0

Frame 64 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 64.233.169.103 (64.233.169.103), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: https (443), Dst Port: telesis-licman (1380), Seq: 1, Ack: 1, Len: 0

No. Time Source Destination Protocol Info
65 10.645663 192.168.1.101 64.233.169.103 TCP telesis-licman > https [ACK] Seq=1 Ack=2 Win=65535 Len=0

Frame 65 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 64.233.169.103 (64.233.169.103)
Transmission Control Protocol, Src Port: telesis-licman (1380), Dst Port: https (443), Seq: 1, Ack: 2, Len: 0

No. Time Source Destination Protocol Info
66 17.028094 192.168.1.101 64.233.169.103 TLSv1 Encrypted Alert

Frame 66 (81 bytes on wire, 81 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 64.233.169.103 (64.233.169.103)
Transmission Control Protocol, Src Port: telesis-licman (1380), Dst Port: https (443), Seq: 1, Ack: 2, Len: 27
Secure Socket Layer

No. Time Source Destination Protocol Info
67 17.028165 192.168.1.101 64.233.169.103 TCP telesis-licman > https [FIN, ACK] Seq=28 Ack=2 Win=65535 Len=0

Frame 67 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 64.233.169.103 (64.233.169.103)
Transmission Control Protocol, Src Port: telesis-licman (1380), Dst Port: https (443), Seq: 28, Ack: 2, Len: 0

No. Time Source Destination Protocol Info
68 17.028516 192.168.1.101 64.233.169.103 TLSv1 Encrypted Alert

Frame 68 (81 bytes on wire, 81 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 64.233.169.103 (64.233.169.103)
Transmission Control Protocol, Src Port: os-licman (1384), Dst Port: https (443), Seq: 1, Ack: 2, Len: 27
Secure Socket Layer

No. Time Source Destination Protocol Info
69 17.028585 192.168.1.101 64.233.169.103 TCP os-licman > https [FIN, ACK] Seq=28 Ack=2 Win=65535 Len=0

Frame 69 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: Intel_aa:49:7f (00:16:76:aa:49:7f), Dst: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 64.233.169.103 (64.233.169.103)
Transmission Control Protocol, Src Port: os-licman (1384), Dst Port: https (443), Seq: 28, Ack: 2, Len: 0

No. Time Source Destination Protocol Info
70 17.067054 64.233.169.103 192.168.1.101 TCP https > telesis-licman [RST] Seq=2 Win=0 Len=0

Frame 70 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 64.233.169.103 (64.233.169.103), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: https (443), Dst Port: telesis-licman (1380), Seq: 2, Len: 0

No. Time Source Destination Protocol Info
71 17.071670 64.233.169.103 192.168.1.101 TCP https > os-licman [RST] Seq=2 Win=0 Len=0

Frame 71 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: Cisco-Li_4e:31:6b (00:18:f8:4e:31:6b), Dst: Intel_aa:49:7f (00:16:76:aa:49:7f)
Internet Protocol, Src: 64.233.169.103 (64.233.169.103), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: https (443), Dst Port: os-licman (1384), Seq: 2, Len: 0

No. Time Source Destination Protocol Info
72 22.283259 192.168.1.100 192.168.1.255 IP Bogus IP header length (16, must be at least 20)

Frame 72 (1189 bytes on wire, 1189 bytes captured)
Ethernet II, Src: Micro-St_11:3f:cc (00:11:09:11:3f:cc), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.255 (192.168.1.255)
User Datagram Protocol, Src Port: 6646 (6646), Dst Port: 6646 (6646)
Redback Lawful Intercept
Internet Protocol

No. Time Source Destination Protocol Info
73 25.881003 192.168.1.100 192.168.1.255 BROWSER Domain/Workgroup Announcement WORKGROUP, NT Workstation, Domain Enum

Frame 73 (249 bytes on wire, 249 bytes captured)
Ethernet II, Src: Micro-St_11:3f:cc (00:11:09:11:3f:cc), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.255 (192.168.1.255)
User Datagram Protocol, Src Port: netbios-dgm (138), Dst Port: netbios-dgm (138)
NetBIOS Datagram Service
SMB (Server Message Block Protocol)
SMB MailSlot Protocol
Microsoft Windows Browser Protocol

No. Time Source Destination Protocol Info
74 42.302180 192.168.1.100 192.168.1.255 IP Bogus IP header length (16, must be at least 20)

Frame 74 (1189 bytes on wire, 1189 bytes captured)
Ethernet II, Src: Micro-St_11:3f:cc (00:11:09:11:3f:cc), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.255 (192.168.1.255)
User Datagram Protocol, Src Port: 6646 (6646), Dst Port: 6646 (6646)
Redback Lawful Intercept
Internet Protocol

No. Time Source Destination Protocol Info
75 62.313679 192.168.1.100 192.168.1.255 IP Bogus IP header length (16, must be at least 20)

Frame 75 (1189 bytes on wire, 1189 bytes captured)
Ethernet II, Src: Micro-St_11:3f:cc (00:11:09:11:3f:cc), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.255 (192.168.1.255)
User Datagram Protocol, Src Port: 6646 (6646), Dst Port: 6646 (6646)
Redback Lawful Intercept
Internet Protocol

#11 elf.i.am

elf.i.am
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 06 June 2008 - 06:23 PM

The screen shots don't seem to be working...here are the links (copy link locations if clicking returns an error)

http://elfalem.110mb.com/wireshark/capture1.GIF

http://elfalem.110mb.com/wireshark/capture2.GIF

http://elfalem.110mb.com/wireshark/capture3.GIF

Edited by elf.i.am, 06 June 2008 - 08:45 PM.


#12 bizarrechaos

bizarrechaos

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 06 June 2008 - 11:59 PM

I resolved my issue by running HJT and removing some lines post in the HJT log section

#13 forrestmage

forrestmage

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 10 June 2008 - 11:11 AM

bizarrechaos- please post more info as to how you resolved it, such as WHICH lines you killed in HJT. Just saying you fixed it doesn't help anyone...

As for the wireshark dump, it looks ok with a precursory glance, but if you can post the actual pcap file, others can analyze it within their own wireshark app. Just save it in .pcap format and post. :thumbsup:

#14 bizarrechaos

bizarrechaos

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 10 June 2008 - 05:58 PM

Sorry for the delay i posted a HJT log on another forum same symptoms and ahter removing these
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: {4ccd3817-1add-6d28-c714-52ebb600c52c} - {c25c006b-be25-417c-82d6-dda17183dcc4} - C:\WINDOWS\system32\kbpxaqdf.dll
O4 - HKLM\..\Run: [9cc1dd92] rundll32.exe "C:\WINDOWS\system32\cmcswgyu.dll",b
O4 - HKLM\..\Run: [BM9ff2ee0e] Rundll32.exe "C:\WINDOWS\system32\bkbjfbhd.dll",s
and scanning with spybot i was all good

#15 elf.i.am

elf.i.am
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 10 June 2008 - 10:36 PM

Since bizarrechaos resolved the issue with HJT, I went ahead and did my own HJT scan and posted it. I was told to run Combfix and that has worked. As of now, my issue has been resolved. Thank you everyone for your help! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users