* Troubeleshooting a PPTP conversation
@ 2006-08-27 0:13 Greg Scott
2006-08-28 9:23 ` Patrick McHardy
0 siblings, 1 reply; 13+ messages in thread
From: Greg Scott @ 2006-08-27 0:13 UTC (permalink / raw)
To: netfilter-devel; +Cc: Mike McRae
Hello -
I have a firewall with kernel 2.6.17.1 and iptables 1.3.5. Behind it is
a Win2000 server with MS RRAS. I am using ip_nat_pptp and
ip_conntrack_pptp and trying to setup a PPTP VPN connection from my
place to this target server. I have appropriate NAT and filtering rules
set up for tcp 1723 and GRE. It all works great when I do it the first
time but began failing for some people after multiple connections or
connections from different PCs behind the same remote NAT gateway. Now
it is behaving badly for me. I had a PPTP connection from my place to
the target site last night and then it dropped unexpectedly for some
reason. Today I am not able to establish it again. It's almost as if
the firewall thinks the old connnection is still alive and it won't get
rid of a leftover bogus conntrack entry to start a new one.
Below is some tcpdump output and I am trying to understand what it is
telling me: I did a little bit of formatting to hopefully make it
readable. 66.173.97.0/27 is my place. The target site is
aaa.bbb.212.154.
Would anyone help me make sense of this conversation?
Thanks
- Greg Scott
[root@lakeville-fw firewall-scripts]# /usr/sbin/tcpdump -i eth0 net
66.173.97.0/27 and port not telnet and port not 3389 -nn -vv
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96
bytes
18:42:14.935320 IP (tos 0x0, ttl 118, id 35927, offset 0, flags [DF],
proto: TCP (6), length: 48) 66.173.97.2.2903 > aaa.bbb.212.154
.1723: S, cksum 0x6f68 (correct), 1914062274:1914062274(0) win 65535
<mss 1460,nop,nop,sackOK>
18:42:14.936354 IP (tos 0x0, ttl 126, id 54975, offset 0, flags [DF],
proto: TCP (6), length: 48) aaa.bbb.212.154.1723 > 66.173.97.2
.2903: S, cksum 0x2314 (correct), 1787486648:1787486648(0) ack
1914062275 win 65535 <mss 1460,nop,nop,sackOK>
18:42:14.972937 IP (tos 0x0, ttl 118, id 35928, offset 0, flags [DF],
proto: TCP (6), length: 196) 66.173.97.2.2903 > aaa.bbb.212.15
4.1723: P 1:157(156) ack 1 win 65535: pptp Length=156 CTRL-MSG
Magic-Cookie=1a2b3c4d CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0) FRAME_CAP(A)
BEARER_CAP(A) MAX_CHAN(0) FIRM_REV(2600) [|pptp]
18:42:14.973814 IP (tos 0x0, ttl 126, id 54976, offset 0, flags [DF],
proto: TCP (6), length: 196) aaa.bbb.212.154.1723 > 66.173.97.
2.2903: P 1:157(156) ack 157 win 65379: pptp Length=156 CTRL-MSG
Magic-Cookie=1a2b3c4d CTRL_MSGTYPE=SCCRP PROTO_VER(1.0) RESULT_CODE
(1:Successful channel establishment) ERR_CODE(0:None) FRAME_CAP(S)
BEARER_CAP(DA) MAX_CHAN(0) FIRM_REV(2195) [|pptp]
18:42:15.009843 IP (tos 0x0, ttl 118, id 35929, offset 0, flags [DF],
proto: TCP (6), length: 208) 66.173.97.2.2903 > aaa.bbb.212.15
4.1723: P 157:325(168) ack 157 win 65379: pptp Length=168 CTRL-MSG
Magic-Cookie=1a2b3c4d CTRL_MSGTYPE=OCRQ CALL_ID(256) CALL_SER_NUM
(49096) MIN_BPS(300) MAX_BPS(100000000) BEARER_TYPE(Any) FRAME_TYPE(E)
RECV_WIN(64) PROC_DELAY(0) PHONE_NO_LEN(0) [|pptp]
18:42:15.012881 IP (tos 0x0, ttl 126, id 54977, offset 0, flags [DF],
proto: TCP (6), length: 72) 10.13.1.22.1723 > 66.173.97.2.2903
: P, cksum 0xaf0c (incorrect (-> 0x4d48), 1787486805:1787486837(32) ack
1914062599 win 65211: pptp Length=32 CTRL-MSG Magic-Cookie=1
a2b3c4d CTRL_MSGTYPE=OCRP CALL_ID(999) PEER_CALL_ID(2903)
RESULT_CODE(1:Connected) ERR_CODE(0:None) CAUSE_CODE(0)
CONN_SPEED(1480832
5) RECV_WIN(16384) PROC_DELAY(0) PHY_CHAN_ID(0)
18:42:17.490606 IP (tos 0x0, ttl 118, id 35933, offset 0, flags [DF],
proto: TCP (6), length: 208) 66.173.97.2.2903 > aaa.bbb.212.15
4.1723: P 157:325(168) ack 157 win 65379: pptp Length=168 CTRL-MSG
Magic-Cookie=1a2b3c4d CTRL_MSGTYPE=OCRQ CALL_ID(512) CALL_SER_NUM
(49096) MIN_BPS(300) MAX_BPS(100000000) BEARER_TYPE(Any) FRAME_TYPE(E)
RECV_WIN(64) PROC_DELAY(0) PHONE_NO_LEN(0) [|pptp]
18:42:17.491668 IP (tos 0x0, ttl 126, id 55081, offset 0, flags [DF],
proto: TCP (6), length: 40) aaa.bbb.212.154.1723 > 66.173.97.2
.2903: ., cksum 0x4f1c (correct), 189:189(0) ack 325 win 65211
18:42:17.604154 IP (tos 0x0, ttl 126, id 55082, offset 0, flags [DF],
proto: TCP (6), length: 72) aaa.bbb.212.154.1723 > 66.173.97.2
.2903: P, cksum 0xbba4 (correct), 157:189(32) ack 325 win 65211: pptp
Length=32 CTRL-MSG Magic-Cookie=1a2b3c4d CTRL_MSGTYPE=OCRP CAL
L_ID(999) PEER_CALL_ID(512) RESULT_CODE(1:Connected) ERR_CODE(0:None)
CAUSE_CODE(0) CONN_SPEED(14808325) RECV_WIN(16384) PROC_DELAY(
0) PHY_CHAN_ID(0)
18:42:17.788927 IP (tos 0x0, ttl 118, id 35935, offset 0, flags [DF],
proto: TCP (6), length: 40) 66.173.97.2.2903 > aaa.bbb.212.154
.1723: ., cksum 0x4e94 (correct), 325:325(0) ack 189 win 65347
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: Troubeleshooting a PPTP conversation
2006-08-27 0:13 Troubeleshooting a PPTP conversation Greg Scott
@ 2006-08-28 9:23 ` Patrick McHardy
0 siblings, 0 replies; 13+ messages in thread
From: Patrick McHardy @ 2006-08-28 9:23 UTC (permalink / raw)
To: Greg Scott; +Cc: netfilter-devel, Mike McRae
Greg Scott wrote:
> Hello -
>
> I have a firewall with kernel 2.6.17.1 and iptables 1.3.5. Behind it is
> a Win2000 server with MS RRAS. I am using ip_nat_pptp and
> ip_conntrack_pptp and trying to setup a PPTP VPN connection from my
> place to this target server. I have appropriate NAT and filtering rules
> set up for tcp 1723 and GRE. It all works great when I do it the first
> time but began failing for some people after multiple connections or
> connections from different PCs behind the same remote NAT gateway. Now
> it is behaving badly for me. I had a PPTP connection from my place to
> the target site last night and then it dropped unexpectedly for some
> reason. Today I am not able to establish it again. It's almost as if
> the firewall thinks the old connnection is still alive and it won't get
> rid of a leftover bogus conntrack entry to start a new one.
What does /proc/net/ip_conntrack show?
> Below is some tcpdump output and I am trying to understand what it is
> telling me: I did a little bit of formatting to hopefully make it
> readable. 66.173.97.0/27 is my place. The target site is
> aaa.bbb.212.154.
What is 10.13.1.22? Please also show your NAT rules and explain
on which side of the firewall your sniffing.
> 18:42:15.012881 IP (tos 0x0, ttl 126, id 54977, offset 0, flags [DF],
> proto: TCP (6), length: 72) 10.13.1.22.1723 > 66.173.97.2.2903
> : P, cksum 0xaf0c (incorrect (-> 0x4d48), 1787486805:1787486837(32) ack
> 1914062599 win 65211: pptp Length=32 CTRL-MSG Magic-Cookie=1
> a2b3c4d CTRL_MSGTYPE=OCRP CALL_ID(999) PEER_CALL_ID(2903)
> RESULT_CODE(1:Connected) ERR_CODE(0:None) CAUSE_CODE(0)
> CONN_SPEED(1480832
> 5) RECV_WIN(16384) PROC_DELAY(0) PHY_CHAN_ID(0)
^ permalink raw reply [flat|nested] 13+ messages in thread
* RE: Troubeleshooting a PPTP conversation
@ 2006-08-28 13:30 Greg Scott
2006-08-28 15:14 ` Patrick McHardy
0 siblings, 1 reply; 13+ messages in thread
From: Greg Scott @ 2006-08-28 13:30 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel, Mike McRae
Below are all the rules. NAT table first, then the filter table, then
the mangle table. Apologies in advance if the text wrapping gets
butchered. There are lots of rules - just search for "1723" and you
will see the relevant ones.
I will try another connection and post /proc/net/ip_conntrack tonight
when I get back later today.
10.13.1.22 is a Windows 2000 Microsoft RRAS server behind the firewall.
Win2000 - not Win2003. I was sniffing the Internet side. Eth0 is the
Internet side, eth1 is the LAN. eth2 is a future DMZ but right now is
empty.
Here is the big picture:
My LAN----My Firewall <-Internet-> Lakeville FW --Lakeville LAN and RRAS
Server
66.173.97.0/27 aa.bb.212.154 10.13.1.0/24
10.13.1.22
I have some more data on the problem. After rebooting both the remote
and local firewalls, the symptoms stayed the same. After rebooting the
Microsoft RRAS server at 10.13.1.22, I was able to get a PPTP connection
from my place to Lakeville. After hanging up, I was not able to make
another connection. The Microsoft PPTP client keeps redialing. I went
off and did other stuff and let it redial - and then between 5 and 10
minutes later, it connected again.
[root@lakeville-fw gregs]# /usr/local/sbin/iptables -L -v -n -t nat
Chain PREROUTING (policy ACCEPT 87280 packets, 11M bytes)
pkts bytes target prot opt in out source
destination
3 376 ACCEPT esp -- eth0 * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT ah -- eth0 * 0.0.0.0/0
0.0.0.0/0
4155 894K ACCEPT all -- eth0 * 10.0.0.0/8
0.0.0.0/0
0 0 bogus_ip all -- eth0 * 10.0.0.0/8
0.0.0.0/0
0 0 bogus_ip all -- eth0 * 172.16.0.0/12
0.0.0.0/0
0 0 bogus_ip all -- eth0 * 192.168.0.0/16
0.0.0.0/0
0 0 bogus_ip all -- eth0 * 0.0.0.0/0
10.0.0.0/8
0 0 bogus_ip all -- eth0 * 0.0.0.0/0
172.16.0.0/12
0 0 bogus_ip all -- eth0 * 0.0.0.0/0
192.168.0.0/16
9 432 DNAT tcp -- eth0 * 66.173.97.0/27
aa.bb.212.154 tcp dpt:3389 to:10.13.1.22
15 720 DNAT tcp -- eth0 * 0.0.0.0/0
aa.bb.212.154 tcp dpt:1723 to:10.13.1.22
0 0 DNAT 47 -- eth0 * 0.0.0.0/0
aa.bb.212.154 to:10.13.1.22
181 8736 DNAT tcp -- eth0 * 0.0.0.0/0
aa.bb.212.154 tcp dpt:25 to:10.13.1.22
0 0 DNAT tcp -- eth0 * 0.0.0.0/0
aa.bb.212.154 tcp dpt:110 to:10.13.1.22
1 48 DNAT tcp -- eth0 * 0.0.0.0/0
aa.bb.212.154 tcp dpt:143 to:10.13.1.22
6 288 DNAT tcp -- * * 0.0.0.0/0
aa.bb.212.154 tcp dpt:80 to:10.13.1.22
0 0 DNAT tcp -- eth0 * 12.146.89.101
aa.bb.212.154 tcp dpt:23 to:10.13.1.50
0 0 DNAT tcp -- eth0 * 12.146.89.10
aa.bb.212.154 tcp dpt:23 to:10.13.1.50
0 0 DNAT icmp -- eth0 * 12.146.89.101
aa.bb.212.154 icmp type 8 to:10.13.1.50
0 0 DNAT icmp -- eth0 * 12.146.89.10
aa.bb.212.154 icmp type 8 to:10.13.1.50
Chain POSTROUTING (policy ACCEPT 25898 packets, 7486K bytes)
pkts bytes target prot opt in out source
destination
520 27496 RETURN all -- * eth0 0.0.0.0/0
10.0.0.0/8
522 25056 SNAT tcp -- * eth0 10.13.1.22
0.0.0.0/0 tcp dpt:25 to:aa.bb.212.154
0 0 MASQUERADE tcp -- * eth1 10.13.1.0/24
10.13.1.22 tcp dpt:80
0 0 SNAT icmp -- * eth0 10.13.1.50
12.146.89.101 icmp type 0 to:aa.bb.212.154
0 0 SNAT icmp -- * eth0 10.13.1.50
12.146.89.10 icmp type 0 to:aa.bb.212.154
14032 763K MASQUERADE all -- * eth0 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 150 packets, 34504 bytes)
pkts bytes target prot opt in out source
destination
Chain bogus_ip (6 references)
pkts bytes target prot opt in out source
destination
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `spoofed packet'
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
[root@lakeville-fw gregs]#
[root@lakeville-fw gregs]#
[root@lakeville-fw gregs]#
[root@lakeville-fw gregs]#
[root@lakeville-fw gregs]#
[root@lakeville-fw gregs]# /usr/local/sbin/iptables -L -v -n
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
63881 11M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
6 360 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0
127.0.0.1
0 0 ACCEPT all -- * * 127.0.0.1
0.0.0.0/0
1509 69414 ACCEPT all -- * * aa.bb.212.153
0.0.0.0/0
19670 3176K ACCEPT all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- eth2 * 0.0.0.0/0
0.0.0.0/0
3 138 ACCEPT all -- eth0 * 66.173.97.0/27
0.0.0.0/0
63 17464 ACCEPT udp -- eth0 * 0.0.0.0/0
0.0.0.0/0 udp spt:500 dpt:500
3 376 ACCEPT esp -- eth0 * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT ah -- eth0 * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- eth0 * 0.0.0.0/0
0.0.0.0/0 MARK match 0x1
0 0 ACCEPT all -- eth0 * 0.0.0.0/0
0.0.0.0/0 MARK match 0x32
0 0 allowed tcp -- * * 0.0.0.0/0
10.13.1.22 tcp dpt:1723
0 0 ACCEPT 47 -- * * 0.0.0.0/0
10.13.1.22
11 12084 icmp_packets icmp -- eth0 * 0.0.0.0/0
0.0.0.0/0
698 71992 tcp_packets tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0
182 89571 udpincoming_packets udp -- eth0 * 0.0.0.0/0
0.0.0.0/0
887 173K LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4
887 173K DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
512K 196M ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- * * aa.bb.212.153
0.0.0.0/0
12190 585K LOG tcp -- eth1 * !10.13.1.22
0.0.0.0/0 tcp dpt:25 LOG flags 0 level 4 prefix `Illeg
al outbound email '
12190 585K DROP tcp -- eth1 * !10.13.1.22
0.0.0.0/0 tcp dpt:25
160K 42M ACCEPT all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- eth2 * 0.0.0.0/0
0.0.0.0/0
14 672 ACCEPT all -- eth0 * 66.173.97.0/27
0.0.0.0/0
4162 896K ACCEPT all -- eth0 * 10.0.0.0/8
0.0.0.0/0
10 480 allowed tcp -- * * 0.0.0.0/0
10.13.1.22 tcp dpt:1723
0 0 ACCEPT 47 -- * * 0.0.0.0/0
10.13.1.22
181 8736 allowed tcp -- * * 0.0.0.0/0
10.13.1.22 tcp dpt:25
0 0 allowed tcp -- * * 0.0.0.0/0
10.13.1.22 tcp dpt:110
1 48 allowed tcp -- * * 0.0.0.0/0
10.13.1.22 tcp dpt:143
6 288 allowed tcp -- * * 0.0.0.0/0
10.13.1.22 tcp dpt:80
0 0 allowed tcp -- * * 12.146.89.101
10.13.1.50 tcp dpt:23
0 0 allowed tcp -- * * 12.146.89.10
10.13.1.50 tcp dpt:23
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
46266 13M ACCEPT all -- * eth0 0.0.0.0/0
0.0.0.0/0
30618 5013K ACCEPT all -- * eth1 0.0.0.0/0
0.0.0.0/0
84 8067 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * eth2 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- * * 127.0.0.1
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain allowed (10 references)
pkts bytes target prot opt in out source
destination
198 9552 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x17/0x02
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `Malformed packet
! '
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0
Chain icmp_packets (1 references)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT icmp -- * * 12.146.89.101
10.13.1.50 icmp type 8
0 0 ACCEPT icmp -- * * 12.146.89.10
10.13.1.50 icmp type 8
0 0 ACCEPT icmp -- * * 10.13.1.50
12.146.89.101 icmp type 0
0 0 ACCEPT icmp -- * * 10.13.1.50
12.146.89.10 icmp type 0
Chain tcp_packets (1 references)
pkts bytes target prot opt in out source
destination
0 0 allowed tcp -- eth1 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21
0 0 allowed tcp -- eth2 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21
4 216 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21 LOG flags 0 level 4 prefix `inbou
nd FTP packet'
4 216 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21
Chain udpincoming_packets (1 references)
pkts bytes target prot opt in out source
destination
[root@lakeville-fw gregs]#
[root@lakeville-fw gregs]#
[root@lakeville-fw gregs]# /usr/local/sbin/iptables -L -v -n -t mangle
Chain PREROUTING (policy ACCEPT 809K packets, 256M bytes)
pkts bytes target prot opt in out source
destination
63105 11M MARK esp -- eth0 * 0.0.0.0/0
0.0.0.0/0 MARK set 0x32
0 0 MARK all -- eth0 * 0.0.0.0/0
10.13.1.11 MARK set 0x1
Chain INPUT (policy ACCEPT 87799 packets, 15M bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 694K packets, 240M bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 93478 packets, 21M bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 760K packets, 257M bytes)
pkts bytes target prot opt in out source
destination
0 0 MARK all -- * eth0 10.13.1.11
0.0.0.0/0 MARK set 0x1
[root@lakeville-fw gregs]#
-----Original Message-----
From: Patrick McHardy [mailto:kaber@trash.net]
Sent: Monday, August 28, 2006 4:24 AM
To: Greg Scott
Cc: netfilter-devel@lists.netfilter.org; Mike McRae
Subject: Re: Troubeleshooting a PPTP conversation
Greg Scott wrote:
> Hello -
>
> I have a firewall with kernel 2.6.17.1 and iptables 1.3.5. Behind it
> is a Win2000 server with MS RRAS. I am using ip_nat_pptp and
> ip_conntrack_pptp and trying to setup a PPTP VPN connection from my
> place to this target server. I have appropriate NAT and filtering
> rules set up for tcp 1723 and GRE. It all works great when I do it
> the first time but began failing for some people after multiple
> connections or connections from different PCs behind the same remote
> NAT gateway. Now it is behaving badly for me. I had a PPTP
> connection from my place to the target site last night and then it
> dropped unexpectedly for some reason. Today I am not able to
> establish it again. It's almost as if the firewall thinks the old
> connnection is still alive and it won't get rid of a leftover bogus
conntrack entry to start a new one.
What does /proc/net/ip_conntrack show?
> Below is some tcpdump output and I am trying to understand what it is
> telling me: I did a little bit of formatting to hopefully make it
> readable. 66.173.97.0/27 is my place. The target site is
> aaa.bbb.212.154.
What is 10.13.1.22? Please also show your NAT rules and explain on which
side of the firewall your sniffing.
> 18:42:15.012881 IP (tos 0x0, ttl 126, id 54977, offset 0, flags [DF],
> proto: TCP (6), length: 72) 10.13.1.22.1723 > 66.173.97.2.2903
> : P, cksum 0xaf0c (incorrect (-> 0x4d48), 1787486805:1787486837(32)
> ack
> 1914062599 win 65211: pptp Length=32 CTRL-MSG Magic-Cookie=1 a2b3c4d
> CTRL_MSGTYPE=OCRP CALL_ID(999) PEER_CALL_ID(2903)
> RESULT_CODE(1:Connected) ERR_CODE(0:None) CAUSE_CODE(0)
> CONN_SPEED(1480832
> 5) RECV_WIN(16384) PROC_DELAY(0) PHY_CHAN_ID(0)
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: Troubeleshooting a PPTP conversation
2006-08-28 13:30 Greg Scott
@ 2006-08-28 15:14 ` Patrick McHardy
0 siblings, 0 replies; 13+ messages in thread
From: Patrick McHardy @ 2006-08-28 15:14 UTC (permalink / raw)
To: Greg Scott; +Cc: netfilter-devel, Mike McRae
Greg Scott wrote:
> Below are all the rules. NAT table first, then the filter table, then
> the mangle table. Apologies in advance if the text wrapping gets
> butchered. There are lots of rules - just search for "1723" and you
> will see the relevant ones.
>
> I will try another connection and post /proc/net/ip_conntrack tonight
> when I get back later today.
>
> 10.13.1.22 is a Windows 2000 Microsoft RRAS server behind the firewall.
> Win2000 - not Win2003. I was sniffing the Internet side. Eth0 is the
> Internet side, eth1 is the LAN. eth2 is a future DMZ but right now is
> empty.
>
> Here is the big picture:
>
> My LAN----My Firewall <-Internet-> Lakeville FW --Lakeville LAN and RRAS
> Server
> 66.173.97.0/27 aa.bb.212.154 10.13.1.0/24
> 10.13.1.22
>
> I have some more data on the problem. After rebooting both the remote
> and local firewalls, the symptoms stayed the same. After rebooting the
> Microsoft RRAS server at 10.13.1.22, I was able to get a PPTP connection
> from my place to Lakeville. After hanging up, I was not able to make
> another connection. The Microsoft PPTP client keeps redialing. I went
> off and did other stuff and let it redial - and then between 5 and 10
> minutes later, it connected again.
>
>
>>18:42:15.012881 IP (tos 0x0, ttl 126, id 54977, offset 0, flags [DF],
>>proto: TCP (6), length: 72) 10.13.1.22.1723 > 66.173.97.2.2903
>>: P, cksum 0xaf0c (incorrect (-> 0x4d48), 1787486805:1787486837(32)
>>ack
>>1914062599 win 65211: pptp Length=32 CTRL-MSG Magic-Cookie=1 a2b3c4d
>>CTRL_MSGTYPE=OCRP CALL_ID(999) PEER_CALL_ID(2903)
>>RESULT_CODE(1:Connected) ERR_CODE(0:None) CAUSE_CODE(0)
>>CONN_SPEED(1480832
>>5) RECV_WIN(16384) PROC_DELAY(0) PHY_CHAN_ID(0)
Well, one noteable thing is that this packet from the PPtP-Server
has an incorrect checksum, and since it also doesn't have its
source address changed the checksum probably already arrived
incorrect on the firewall. The packet is send again two packets
later with the correct address and checksum, but the callids
all look mixed up somehow. What kernel are you using?
^ permalink raw reply [flat|nested] 13+ messages in thread
* RE: Troubeleshooting a PPTP conversation
@ 2006-08-28 19:14 Greg Scott
0 siblings, 0 replies; 13+ messages in thread
From: Greg Scott @ 2006-08-28 19:14 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel, Mike McRae
The firewall with the RRAS server behind it is using 2.6.17.1. I am
using 2.4.27 here at my place - one of the remote sites. Other remote
sites use various combinations of home networking stuff - Netear,
Linksys, etc. I can get packet traces from some of the other remote
sites if needed.
The problem might not be firewall related - it may be a messed up PPTP
server - but I don't know how PPTP conversations flow. That packet
trace is telling me a story but I don't know how to read it yet. I can
get some more traces if needed and I can also capture some
/proc/net/ip_conntrack output later.
- Greg Scott
-----Original Message-----
From: Patrick McHardy [mailto:kaber@trash.net]
Sent: Monday, August 28, 2006 10:14 AM
To: Greg Scott
Cc: netfilter-devel@lists.netfilter.org; Mike McRae
Subject: Re: Troubeleshooting a PPTP conversation
Greg Scott wrote:
> Below are all the rules. NAT table first, then the filter table, then
> the mangle table. Apologies in advance if the text wrapping gets
> butchered. There are lots of rules - just search for "1723" and you
> will see the relevant ones.
>
> I will try another connection and post /proc/net/ip_conntrack tonight
> when I get back later today.
>
> 10.13.1.22 is a Windows 2000 Microsoft RRAS server behind the
firewall.
> Win2000 - not Win2003. I was sniffing the Internet side. Eth0 is the
> Internet side, eth1 is the LAN. eth2 is a future DMZ but right now is
> empty.
>
> Here is the big picture:
>
> My LAN----My Firewall <-Internet-> Lakeville FW --Lakeville LAN and
> RRAS Server
> 66.173.97.0/27 aa.bb.212.154 10.13.1.0/24
> 10.13.1.22
>
> I have some more data on the problem. After rebooting both the remote
> and local firewalls, the symptoms stayed the same. After rebooting
> the Microsoft RRAS server at 10.13.1.22, I was able to get a PPTP
> connection from my place to Lakeville. After hanging up, I was not
> able to make another connection. The Microsoft PPTP client keeps
> redialing. I went off and did other stuff and let it redial - and
> then between 5 and 10 minutes later, it connected again.
>
>
>>18:42:15.012881 IP (tos 0x0, ttl 126, id 54977, offset 0, flags [DF],
>>proto: TCP (6), length: 72) 10.13.1.22.1723 > 66.173.97.2.2903
>>: P, cksum 0xaf0c (incorrect (-> 0x4d48), 1787486805:1787486837(32)
>>ack
>>1914062599 win 65211: pptp Length=32 CTRL-MSG Magic-Cookie=1 a2b3c4d
>>CTRL_MSGTYPE=OCRP CALL_ID(999) PEER_CALL_ID(2903)
>>RESULT_CODE(1:Connected) ERR_CODE(0:None) CAUSE_CODE(0)
>>CONN_SPEED(1480832
>>5) RECV_WIN(16384) PROC_DELAY(0) PHY_CHAN_ID(0)
Well, one noteable thing is that this packet from the PPtP-Server has an
incorrect checksum, and since it also doesn't have its source address
changed the checksum probably already arrived incorrect on the firewall.
The packet is send again two packets later with the correct address and
checksum, but the callids all look mixed up somehow. What kernel are you
using?
^ permalink raw reply [flat|nested] 13+ messages in thread
* RE: Troubeleshooting a PPTP conversation
@ 2006-08-29 2:24 Greg Scott
0 siblings, 0 replies; 13+ messages in thread
From: Greg Scott @ 2006-08-29 2:24 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel, Mike McRae
Here is another tcpdump trace and /proc/net/ip_conntrack. I grabbed
this while an end user was unsuccessfully trying to establish a PPTP
connection. Holey moley! That ip_conntrack output is huge!
aaa.bbb.212.154 is the firewall outside IP Address. My remote end user
is at 208.186.13.120.
So this picture looks like this:
---NAT--208.186.13.120 <--> Internet <--> Firewall Win2k PPTP
Home aa.bb.212.153 10.13.1.22
Gateway
My remote user is behind his NAT home gateway.
Searching for that IP Address in the massive pile of output from
ip_conntrack, I see a TIME_WAIT connection and another ESTABLISHED one
from that IP Address. I wonder if that Win2K system isn't dropping them
appropriately? But the problem only happens to some people. Others can
connect, drop the connection, and then connect right back up again
without problem. But this one end user can never seem to get connected
back up again. Very strange!
- Greg Scott
[root@lakeville-fw gregs]#
[root@lakeville-fw gregs]# /usr/sbin/tcpdump -i eth0 host
208.186.13.120 -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
20:59:23.621944 IP 208.186.13.120.60465 > aaa.bbb.212.154.1723: S
3486358872:3486358872(0) win 16384 <mss 1460,nop,nop,sackOK>
20:59:23.622067 IP aaa.bbb.212.154.1723 > 208.186.13.120.60465: S
84269208:84269208(0) ack 3486358873 win 65535 <mss 1460,nop,nop,sa
ckOK>
20:59:23.670009 IP 208.186.13.120.60465 > aaa.bbb.212.154.1723: P
1:157(156) ack 1 win 17520: pptp CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0)
FRAME_CAP(A) BEARER_CAP(A) MAX_CHAN(0) FIRM_REV(2600) [|pptp]
20:59:23.670266 IP aaa.bbb.212.154.1723 > 208.186.13.120.60465: P
1:157(156) ack 157 win 65379: pptp CTRL_MSGTYPE=SCCRP PROTO_VER(1.
0) RESULT_CODE(1) ERR_CODE(0) FRAME_CAP(S) BEARER_CAP(DA) MAX_CHAN(0)
FIRM_REV(2195) [|pptp]
20:59:23.721103 IP 208.186.13.120.60465 > aaa.bbb.212.154.1723: P
157:325(168) ack 157 win 17364: pptp CTRL_MSGTYPE=OCRQ CALL_ID(604
66) CALL_SER_NUM(51973) MIN_BPS(300) MAX_BPS(100000000) BEARER_TYPE(Any)
FRAME_TYPE(E) RECV_WIN(64) PROC_DELAY(0) PHONE_NO_LEN(0) [|
pptp]
20:59:23.722213 IP 10.13.1.22.1723 > 208.186.13.120.60465: P
84269365:84269397(32) ack 3486359197 win 65211: pptp CTRL_MSGTYPE=OCRP
CALL_ID(33767) PEER_CALL_ID(60465) RESULT_CODE(1) ERR_CODE(0)
CAUSE_CODE(0) CONN_SPEED(14808325) RECV_WIN(16384) PROC_DELAY(0) PHY_C
HAN_ID(0)
20:59:26.045245 IP 208.186.13.120.60465 > aaa.bbb.212.154.1723: P
157:325(168) ack 157 win 17364: pptp CTRL_MSGTYPE=OCRQ CALL_ID(604
66) CALL_SER_NUM(51973) MIN_BPS(300) MAX_BPS(100000000) BEARER_TYPE(Any)
FRAME_TYPE(E) RECV_WIN(64) PROC_DELAY(0) PHONE_NO_LEN(0) [|
pptp]
20:59:26.045435 IP aaa.bbb.212.154.1723 > 208.186.13.120.60465: . ack
325 win 65211
20:59:26.176209 IP aaa.bbb.212.154.1723 > 208.186.13.120.60465: P
157:189(32) ack 325 win 65211: pptp CTRL_MSGTYPE=OCRP CALL_ID(3376
7) PEER_CALL_ID(60466) RESULT_CODE(1) ERR_CODE(0) CAUSE_CODE(0)
CONN_SPEED(14808325) RECV_WIN(16384) PROC_DELAY(0) PHY_CHAN_ID(0)
20:59:26.340630 IP 208.186.13.120.60465 > aaa.bbb.212.154.1723: . ack
189 win 17332
10 packets captured
20 packets received by filter
0 packets dropped by kernel
[root@lakeville-fw gregs]# cat /proc/net/ip_conntrack
tcp 6 333337 ESTABLISHED src=10.13.1.22 dst=10.17.1.154 sport=1307
dport=1038 packets=113 bytes=89410 [UNREPLIED] src=10.17.1.1
54 dst=10.13.1.22 sport=1038 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 385491 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1241 packets=2 bytes=380 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1241 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 307762 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=4463
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=4463 packets=0 bytes=0 mark=0 use=1
tcp 6 410539 ESTABLISHED src=10.13.1.22 dst=10.1.1.151 sport=1307
dport=3154 packets=29 bytes=8154 [UNREPLIED] src=10.1.1.151 d
st=10.13.1.22 sport=3154 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 329330 ESTABLISHED src=10.13.1.157 dst=10.21.1.151 sport=139
dport=2484 packets=10 bytes=995 [UNREPLIED] src=10.21.1.151
dst=10.13.1.157 sport=2484 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 414096 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1625 packets=2 bytes=208 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1625 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 404178 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1026
dport=2918 packets=6 bytes=2290 [UNREPLIED] src=10.1.1.152 ds
t=10.13.1.22 sport=2918 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 382746 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1160 packets=4 bytes=570 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1160 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 412594 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=2090 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=2090 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 382819 ESTABLISHED src=10.13.1.22 dst=10.2.1.163 sport=1026
dport=3055 packets=4 bytes=570 [UNREPLIED] src=10.2.1.163 dst
=10.13.1.22 sport=3055 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 397162 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1307
dport=2734 packets=1089 bytes=67530 [UNREPLIED] src=10.2.1.20
2 dst=10.13.1.22 sport=2734 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 384922 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1026
dport=1775 packets=4 bytes=570 [UNREPLIED] src=10.2.1.202 dst
=10.13.1.22 sport=1775 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 394417 ESTABLISHED src=10.13.1.22 dst=10.1.1.151 sport=1026
dport=2275 packets=8 bytes=373 [UNREPLIED] src=10.1.1.151 dst
=10.13.1.22 sport=2275 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 406879 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1923 packets=2 bytes=208 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1923 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 7 SYN_SENT src=10.13.1.22 dst=10.1.1.21 sport=32857 dport=135
packets=3 bytes=144 [UNREPLIED] src=10.1.1.21 dst=10.13.1.2
2 sport=135 dport=32857 packets=0 bytes=0 mark=0 use=1
tcp 6 395451 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=135
dport=1363 packets=2 bytes=380 [UNREPLIED] src=10.44.1.151 ds
t=10.13.1.22 sport=1363 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 334035 ESTABLISHED src=10.13.1.157 dst=10.21.1.151 sport=139
dport=2772 packets=10 bytes=995 [UNREPLIED] src=10.21.1.151
dst=10.13.1.157 sport=2772 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 394518 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1354 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1354 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 399412 ESTABLISHED src=10.13.1.22 dst=10.11.1.152 sport=1026
dport=1191 packets=4 bytes=570 [UNREPLIED] src=10.11.1.152 d
st=10.13.1.22 sport=1191 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 406881 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1924 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1924 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 404447 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=135
dport=1106 packets=2 bytes=380 [UNREPLIED] src=10.1.1.152 dst=
10.13.1.22 sport=1106 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 419028 ESTABLISHED src=10.13.1.22 dst=10.11.1.153 sport=1307
dport=2228 packets=118 bytes=118474 [UNREPLIED] src=10.11.1.
153 dst=10.13.1.22 sport=2228 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 396015 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1432 packets=32 bytes=16478 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=1432 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 414671 ESTABLISHED src=10.13.1.22 dst=10.1.1.151 sport=1026
dport=3183 packets=4 bytes=570 [UNREPLIED] src=10.1.1.151 dst
=10.13.1.22 sport=3183 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 395361 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1128
dport=1405 packets=2 bytes=220 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1405 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 405216 ESTABLISHED src=10.13.1.22 dst=10.2.1.163 sport=1026
dport=3395 packets=4 bytes=570 [UNREPLIED] src=10.2.1.163 dst
=10.13.1.22 sport=3395 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 404176 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=135
dport=2923 packets=2 bytes=380 [UNREPLIED] src=10.1.1.152 dst=
10.13.1.22 sport=2923 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 389421 ESTABLISHED src=10.13.1.22 dst=10.44.1.152 sport=1026
dport=1385 packets=11 bytes=4026 [UNREPLIED] src=10.44.1.152
dst=10.13.1.22 sport=1385 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 431931 ESTABLISHED src=10.13.1.22 dst=10.1.1.25 sport=1314
dport=1027 packets=2866 bytes=666957 [UNREPLIED] src=10.1.1.25
dst=10.13.1.22 sport=1027 dport=1314 packets=0 bytes=0 mark=0 use=1
tcp 6 405283 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1867 packets=135 bytes=93742 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=1867 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 392923 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1128
dport=1331 packets=2 bytes=220 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1331 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 397985 ESTABLISHED src=10.13.1.157 dst=10.1.1.164 sport=139
dport=3922 packets=6 bytes=1527 [UNREPLIED] src=10.1.1.164 ds
t=10.13.1.157 sport=3922 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 408127 ESTABLISHED src=10.13.1.22 dst=10.1.1.151 sport=135
dport=3102 packets=2 bytes=380 [UNREPLIED] src=10.1.1.151 dst=
10.13.1.22 sport=3102 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 405481 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1900 packets=3 bytes=660 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1900 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 404160 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=135
dport=2921 packets=2 bytes=380 [UNREPLIED] src=10.1.1.152 dst=
10.13.1.22 sport=2921 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 407873 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=2042 packets=2 bytes=208 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=2042 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 417936 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=1074 packets=59 bytes=43810 [UNREPLIED] src=10.21.1.17
0 dst=10.13.1.22 sport=1074 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 395814 ESTABLISHED src=10.13.1.157 dst=10.21.1.167 sport=139
dport=4080 packets=10 bytes=995 [UNREPLIED] src=10.21.1.167
dst=10.13.1.157 sport=4080 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 389131 ESTABLISHED src=10.13.1.22 dst=10.2.1.163 sport=1307
dport=3160 packets=119 bytes=48946 [UNREPLIED] src=10.2.1.163
dst=10.13.1.22 sport=3160 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 397162 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1026
dport=2731 packets=46 bytes=31330 [UNREPLIED] src=10.2.1.202
dst=10.13.1.22 sport=2731 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 399814 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1307
dport=2797 packets=43 bytes=12654 [UNREPLIED] src=10.2.1.202
dst=10.13.1.22 sport=2797 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 390948 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1300 packets=118 bytes=100186 [UNREPLIED] src=10.1.1.20
5 dst=10.13.1.22 sport=1300 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 382750 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1128
dport=1166 packets=2 bytes=220 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1166 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 394146 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1349 packets=33 bytes=16726 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=1349 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 366568 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=2350
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=2350 packets=0 bytes=0 mark=0 use=1
tcp 6 384030 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=135
dport=1762 packets=3 bytes=660 [UNREPLIED] src=10.2.1.202 dst=
10.13.1.22 sport=1762 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 401009 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=4779 packets=21 bytes=9650 [UNREPLIED] src=10.21.1.170
dst=10.13.1.22 sport=4779 dport=1307 packets=0 bytes=0 mark=0 use=1
udp 17 19 src=10.13.1.11 dst=255.255.255.255 sport=4101 dport=50791
packets=1 bytes=48 [UNREPLIED] src=255.255.255.255 dst=10.1
3.1.11 sport=50791 dport=4101 packets=0 bytes=0 mark=0 use=1
tcp 6 395364 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1411 packets=32 bytes=16478 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=1411 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 406975 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1930 packets=2 bytes=380 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1930 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 411415 ESTABLISHED src=10.13.1.157 dst=10.1.1.164 sport=139
dport=4052 packets=7 bytes=1633 [UNREPLIED] src=10.1.1.164 ds
t=10.13.1.157 sport=4052 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 334024 ESTABLISHED src=10.13.1.167 dst=10.21.1.151 sport=139
dport=2758 packets=10 bytes=953 [UNREPLIED] src=10.21.1.151
dst=10.13.1.167 sport=2758 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 384030 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=135
dport=1764 packets=2 bytes=380 [UNREPLIED] src=10.2.1.202 dst=
10.13.1.22 sport=1764 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 431983 ESTABLISHED src=10.13.1.22 dst=10.15.1.152 sport=32901
dport=139 packets=10 bytes=1429 src=10.15.1.152 dst=10.13.1
.22 sport=139 dport=32901 packets=8 bytes=1436 [ASSURED] mark=0 use=1
tcp 6 403808 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1026
dport=2302 packets=15 bytes=4598 [UNREPLIED] src=10.1.1.152 d
st=10.13.1.22 sport=2302 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 432000 ESTABLISHED src=66.173.97.2 dst=aaa.bbb.212.154
sport=4323 dport=23 packets=1346 bytes=55105 src=aaa.bbb.212.154 d
st=66.173.97.2 sport=23 dport=4323 packets=1107 bytes=241003 [ASSURED]
mark=0 use=1
tcp 6 403963 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1026
dport=2899 packets=9 bytes=1446 [UNREPLIED] src=10.2.1.202 ds
t=10.13.1.22 sport=2899 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 401880 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1128
dport=1720 packets=2 bytes=220 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1720 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 401880 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1722 packets=2 bytes=208 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1722 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 386424 ESTABLISHED src=10.13.1.22 dst=10.44.1.152 sport=1026
dport=1100 packets=20 bytes=6574 [UNREPLIED] src=10.44.1.152
dst=10.13.1.22 sport=1100 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 406879 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1920 packets=3 bytes=660 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1920 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 265978 ESTABLISHED src=10.13.1.22 dst=10.1.1.25 sport=1227
dport=389 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10.
13.1.22 sport=389 dport=1227 packets=0 bytes=0 mark=0 use=1
tcp 6 395362 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1404 packets=3 bytes=660 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1404 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 382750 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1168 packets=2 bytes=208 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1168 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 332140 ESTABLISHED src=10.13.1.157 dst=10.1.1.164 sport=139
dport=3543 packets=8 bytes=683 [UNREPLIED] src=10.1.1.164 dst
=10.13.1.157 sport=3543 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 415818 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1128
dport=1052 packets=2 bytes=220 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=1052 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 311713 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=3741 packets=4 bytes=570 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=3741 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 416112 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1307
dport=1664 packets=44 bytes=28606 [UNREPLIED] src=10.44.1.15
1 dst=10.13.1.22 sport=1664 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 401844 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=4800 packets=9 bytes=3050 [UNREPLIED] src=10.21.1.170
dst=10.13.1.22 sport=4800 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 409426 ESTABLISHED src=10.13.1.22 dst=10.1.1.156 sport=135
dport=3136 packets=4 bytes=940 [UNREPLIED] src=10.1.1.156 dst=
10.13.1.22 sport=3136 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 407873 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1128
dport=2040 packets=2 bytes=220 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=2040 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 406977 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1932 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1932 dport=1026 packets=0 bytes=0 mark=0 use=1
udp 17 108 src=10.13.1.26 dst=200.55.128.3 sport=1066 dport=53
packets=4 bytes=228 src=200.55.128.3 dst=aaa.bbb.212.154 sport=5
3 dport=1066 packets=4 bytes=540 [ASSURED] mark=0 use=1
tcp 6 337114 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=4050 packets=46 bytes=30154 [UNREPLIED] src=10.21.1.17
0 dst=10.13.1.22 sport=4050 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 420365 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=135
dport=1132 packets=2 bytes=380 [UNREPLIED] src=10.21.1.170 ds
t=10.13.1.22 sport=1132 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 267965 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=1308
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=1308 packets=0 bytes=0 mark=0 use=1
tcp 6 378304 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=3631
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=3631 packets=0 bytes=0 mark=0 use=1
tcp 6 407324 ESTABLISHED src=10.13.1.22 dst=10.1.1.151 sport=1307
dport=3034 packets=3807 bytes=4881258 [UNREPLIED] src=10.1.1.
151 dst=10.13.1.22 sport=3034 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 409066 ESTABLISHED src=10.13.1.22 dst=10.11.1.153 sport=1026
dport=2030 packets=6 bytes=1218 [UNREPLIED] src=10.11.1.153
dst=10.13.1.22 sport=2030 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 419236 ESTABLISHED src=10.13.1.22 dst=10.11.1.153 sport=1026
dport=2314 packets=4 bytes=570 [UNREPLIED] src=10.11.1.153 d
st=10.13.1.22 sport=2314 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 405481 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1902 packets=2 bytes=380 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1902 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 322508 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=3878 packets=38 bytes=25462 [UNREPLIED] src=10.21.1.17
0 dst=10.13.1.22 sport=3878 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 301564 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=4013
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=4013 packets=0 bytes=0 mark=0 use=1
tcp 6 371943 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=3091
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=3091 packets=0 bytes=0 mark=0 use=1
tcp 6 394137 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1342 packets=3 bytes=660 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1342 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 431955 ESTABLISHED src=10.13.1.22 dst=10.1.1.151 sport=1307
dport=3201 packets=539 bytes=136678 [UNREPLIED] src=10.1.1.15
1 dst=10.13.1.22 sport=3201 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 395364 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1408 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1408 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 427531 ESTABLISHED src=10.13.1.22 dst=10.1.1.161 sport=1026
dport=1751 packets=39 bytes=5699 [UNREPLIED] src=10.1.1.161 d
st=10.13.1.22 sport=1751 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 399814 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1026
dport=2794 packets=4 bytes=570 [UNREPLIED] src=10.2.1.202 dst
=10.13.1.22 sport=2794 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 382133 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1026
dport=1554 packets=10 bytes=3130 [UNREPLIED] src=10.2.1.202 d
st=10.13.1.22 sport=1554 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 384029 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1128
dport=1763 packets=2 bytes=220 [UNREPLIED] src=10.2.1.202 dst
=10.13.1.22 sport=1763 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 415818 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=1054 packets=2 bytes=208 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=1054 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 418400 ESTABLISHED src=10.13.1.22 dst=10.1.1.162 sport=1307
dport=2752 packets=2485 bytes=2255922 [UNREPLIED] src=10.1.1.
162 dst=10.13.1.22 sport=2752 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 401004 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=135
dport=4774 packets=2 bytes=380 [UNREPLIED] src=10.21.1.170 ds
t=10.13.1.22 sport=4774 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 408130 ESTABLISHED src=10.13.1.22 dst=10.1.1.151 sport=1026
dport=3104 packets=4 bytes=570 [UNREPLIED] src=10.1.1.151 dst
=10.13.1.22 sport=3104 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 399102 ESTABLISHED src=10.13.1.22 dst=10.11.1.152 sport=1307
dport=1077 packets=19 bytes=3422 [UNREPLIED] src=10.11.1.152
dst=10.13.1.22 sport=1077 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 400438 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=135
dport=1430 packets=3 bytes=660 [UNREPLIED] src=10.44.1.151 ds
t=10.13.1.22 sport=1430 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 419197 ESTABLISHED src=10.13.1.22 dst=10.11.1.153 sport=1307
dport=2290 packets=47 bytes=30306 [UNREPLIED] src=10.11.1.15
3 dst=10.13.1.22 sport=2290 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 395847 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1026
dport=2245 packets=12 bytes=3314 [UNREPLIED] src=10.2.1.202 d
st=10.13.1.22 sport=2245 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 267965 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=1307
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 265012 ESTABLISHED src=10.13.1.22 dst=10.1.1.158 sport=139
dport=4149 packets=1 bytes=40 [UNREPLIED] src=10.1.1.158 dst=1
0.13.1.22 sport=4149 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 412477 ESTABLISHED src=10.13.1.22 dst=10.2.1.163 sport=1026
dport=3458 packets=2 bytes=208 [UNREPLIED] src=10.2.1.163 dst
=10.13.1.22 sport=3458 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 266262 ESTABLISHED src=10.13.1.22 dst=10.1.1.25 sport=1170
dport=1232 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.22 sport=1232 dport=1170 packets=0 bytes=0 mark=0 use=1
tcp 6 266338 ESTABLISHED src=10.13.1.22 dst=10.1.1.25 sport=1487
dport=389 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10.
13.1.22 sport=389 dport=1487 packets=0 bytes=0 mark=0 use=1
tcp 6 400542 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=4770 packets=24 bytes=10078 [UNREPLIED] src=10.21.1.17
0 dst=10.13.1.22 sport=4770 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 390151 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1128
dport=4595 packets=2 bytes=220 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=4595 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 414124 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1626 packets=4 bytes=570 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1626 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 391384 ESTABLISHED src=10.13.1.157 dst=10.21.1.151 sport=139
dport=3025 packets=3 bytes=261 [UNREPLIED] src=10.21.1.151 d
st=10.13.1.157 sport=3025 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 405473 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1128
dport=3083 packets=2 bytes=220 [UNREPLIED] src=10.2.1.202 dst
=10.13.1.22 sport=3083 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 416377 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=1047 packets=4 bytes=570 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=1047 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 396013 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1128
dport=1426 packets=2 bytes=220 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1426 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 407808 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=2018 packets=3 bytes=660 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=2018 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 396015 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1429 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1429 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 328993 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=3924 packets=6 bytes=1234 [UNREPLIED] src=10.21.1.170
dst=10.13.1.22 sport=3924 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 395361 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1407 packets=2 bytes=208 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1407 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 317715 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=3814 packets=21 bytes=9606 [UNREPLIED] src=10.21.1.170
dst=10.13.1.22 sport=3814 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 384029 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1026
dport=1765 packets=2 bytes=208 [UNREPLIED] src=10.2.1.202 dst
=10.13.1.22 sport=1765 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 412590 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1128
dport=2087 packets=2 bytes=220 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=2087 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 395361 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1406 packets=2 bytes=380 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1406 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 403809 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1026
dport=2310 packets=6 bytes=651 [UNREPLIED] src=10.1.1.152 dst
=10.13.1.22 sport=2310 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 395278 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1403 packets=32 bytes=16478 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=1403 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 408126 ESTABLISHED src=10.13.1.22 dst=10.1.1.151 sport=1026
dport=3103 packets=2 bytes=208 [UNREPLIED] src=10.1.1.151 dst
=10.13.1.22 sport=3103 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 388876 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1251 packets=8 bytes=2558 [UNREPLIED] src=10.1.1.205 ds
t=10.13.1.22 sport=1251 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 414096 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1026
dport=1262 packets=4 bytes=570 [UNREPLIED] src=10.1.1.152 dst
=10.13.1.22 sport=1262 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 412059 ESTABLISHED src=10.13.1.157 dst=10.1.1.164 sport=139
dport=4060 packets=5 bytes=1431 [UNREPLIED] src=10.1.1.164 ds
t=10.13.1.157 sport=4060 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 395451 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=135
dport=1361 packets=3 bytes=660 [UNREPLIED] src=10.44.1.151 ds
t=10.13.1.22 sport=1361 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 401880 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1719 packets=3 bytes=660 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1719 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 393942 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=4647 packets=4 bytes=570 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=4647 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 396772 ESTABLISHED src=10.13.1.157 dst=10.21.1.172 sport=139
dport=2686 packets=10 bytes=995 [UNREPLIED] src=10.21.1.172
dst=10.13.1.157 sport=2686 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 420376 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=1134 packets=4 bytes=570 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=1134 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 405181 ESTABLISHED src=10.13.1.22 dst=10.2.1.163 sport=135
dport=3393 packets=2 bytes=380 [UNREPLIED] src=10.2.1.163 dst=
10.13.1.22 sport=3393 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 407875 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=2043 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=2043 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 401004 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=4775 packets=2 bytes=208 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=4775 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 397077 ESTABLISHED src=10.13.1.157 dst=10.21.1.166 sport=139
dport=3332 packets=10 bytes=995 [UNREPLIED] src=10.21.1.166
dst=10.13.1.157 sport=3332 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 383984 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1026
dport=1564 packets=7 bytes=1250 [UNREPLIED] src=10.2.1.202 ds
t=10.13.1.22 sport=1564 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 294064 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=3423
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=3423 packets=0 bytes=0 mark=0 use=1
tcp 6 331563 ESTABLISHED src=10.13.1.167 dst=10.21.1.151 sport=139
dport=2547 packets=10 bytes=953 [UNREPLIED] src=10.21.1.151
dst=10.13.1.167 sport=2547 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 389713 ESTABLISHED src=10.13.1.167 dst=10.21.1.172 sport=139
dport=1185 packets=1 bytes=40 [UNREPLIED] src=10.21.1.172 ds
t=10.13.1.167 sport=1185 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 405283 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1864 packets=6 bytes=1210 [UNREPLIED] src=10.1.1.205 ds
t=10.13.1.22 sport=1864 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 317711 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1128
dport=3808 packets=2 bytes=220 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=3808 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 419949 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=3983
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=3983 packets=0 bytes=0 mark=0 use=1
tcp 6 407787 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1128
dport=1524 packets=2 bytes=220 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1524 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 383558 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=135
dport=1200 packets=2 bytes=380 [UNREPLIED] src=10.44.1.151 ds
t=10.13.1.22 sport=1200 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 395174 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1394 packets=400 bytes=532338 [UNREPLIED] src=10.1.1.20
5 dst=10.13.1.22 sport=1394 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 412477 ESTABLISHED src=10.13.1.22 dst=10.2.1.163 sport=135
dport=3457 packets=2 bytes=380 [UNREPLIED] src=10.2.1.163 dst=
10.13.1.22 sport=3457 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 396246 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1440 packets=414 bytes=542594 [UNREPLIED] src=10.1.1.20
5 dst=10.13.1.22 sport=1440 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 316230 ESTABLISHED src=10.13.1.157 dst=10.21.1.151 sport=139
dport=2200 packets=10 bytes=995 [UNREPLIED] src=10.21.1.151
dst=10.13.1.157 sport=2200 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 407800 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1956 packets=110 bytes=99626 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=1956 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 400438 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1128
dport=1431 packets=2 bytes=220 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1431 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 345600 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=4001
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=4001 packets=0 bytes=0 mark=0 use=1
tcp 6 421227 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1128
dport=1146 packets=2 bytes=220 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=1146 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 329318 ESTABLISHED src=10.13.1.167 dst=10.21.1.151 sport=139
dport=2474 packets=10 bytes=953 [UNREPLIED] src=10.21.1.151
dst=10.13.1.167 sport=2474 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 328993 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=3927 packets=151 bytes=140782 [UNREPLIED] src=10.21.1.
170 dst=10.13.1.22 sport=3927 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 399410 ESTABLISHED src=10.13.1.22 dst=10.11.1.152 sport=1026
dport=1184 packets=6 bytes=2290 [UNREPLIED] src=10.11.1.152
dst=10.13.1.22 sport=1184 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 412542 ESTABLISHED src=10.13.1.22 dst=10.2.1.163 sport=1026
dport=3459 packets=8 bytes=1602 [UNREPLIED] src=10.2.1.163 ds
t=10.13.1.22 sport=3459 dport=1026 packets=0 bytes=0 mark=0 use=1
udp 17 18 src=10.13.1.26 dst=10.21.1.167 sport=53 dport=1056
packets=32 bytes=6741 [UNREPLIED] src=10.21.1.167 dst=10.13.1.26 s
port=1056 dport=53 packets=0 bytes=0 mark=0 use=1
tcp 6 398288 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1474 packets=2 bytes=208 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1474 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 402465 ESTABLISHED src=10.13.1.22 dst=10.11.1.153 sport=1026
dport=1168 packets=4 bytes=570 [UNREPLIED] src=10.11.1.153 d
st=10.13.1.22 sport=1168 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 403446 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=2191
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=2191 packets=0 bytes=0 mark=0 use=1
tcp 6 407790 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1527 packets=4 bytes=570 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1527 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 400448 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1434 packets=4 bytes=570 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1434 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 393672 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1313 packets=6 bytes=1242 [UNREPLIED] src=10.44.1.151
dst=10.13.1.22 sport=1313 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 388813 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1272 packets=10 bytes=2650 [UNREPLIED] src=10.1.1.205 d
st=10.13.1.22 sport=1272 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 395599 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1128
dport=1416 packets=2 bytes=220 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1416 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 400535 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=135
dport=4765 packets=2 bytes=380 [UNREPLIED] src=10.21.1.170 ds
t=10.13.1.22 sport=4765 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 404465 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1307
dport=1105 packets=31 bytes=19162 [UNREPLIED] src=10.1.1.152
dst=10.13.1.22 sport=1105 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 407808 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=2021 packets=2 bytes=208 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=2021 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 431956 ESTABLISHED src=10.13.1.22 dst=10.1.1.161 sport=1307
dport=1753 packets=3606 bytes=878306 [UNREPLIED] src=10.1.1.1
61 dst=10.13.1.22 sport=1753 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 398181 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1307
dport=1406 packets=1338 bytes=1929182 [UNREPLIED] src=10.44.
1.151 dst=10.13.1.22 sport=1406 dport=1307 packets=0 bytes=0 mark=0
use=1
tcp 6 390151 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=4598 packets=2 bytes=208 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=4598 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 382753 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1307
dport=1172 packets=25 bytes=13654 [UNREPLIED] src=10.44.1.15
1 dst=10.13.1.22 sport=1172 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 407873 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=2041 packets=2 bytes=380 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=2041 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 430033 ESTABLISHED src=10.13.1.22 dst=10.19.1.155 sport=1307
dport=4653 packets=1119 bytes=784998 [UNREPLIED] src=10.19.1
.155 dst=10.13.1.22 sport=4653 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 383466 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1208 packets=58 bytes=49118 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=1208 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 410539 ESTABLISHED src=10.13.1.22 dst=10.1.1.151 sport=1026
dport=3144 packets=6 bytes=766 [UNREPLIED] src=10.1.1.151 dst
=10.13.1.22 sport=3144 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 390151 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=135
dport=4597 packets=2 bytes=380 [UNREPLIED] src=10.21.1.170 ds
t=10.13.1.22 sport=4597 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 395451 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1364 packets=2 bytes=208 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1364 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 404160 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1026
dport=2917 packets=2 bytes=208 [UNREPLIED] src=10.1.1.152 dst
=10.13.1.22 sport=2917 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 395847 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1307
dport=2248 packets=730 bytes=926954 [UNREPLIED] src=10.2.1.20
2 dst=10.13.1.22 sport=2248 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 412737 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=2102 packets=35 bytes=17330 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=2102 dport=1307 packets=0 bytes=0 mark=0 use=1
udp 17 11 src=10.13.1.22 dst=10.13.1.255 sport=137 dport=137
packets=3 bytes=234 [UNREPLIED] src=10.13.1.255 dst=10.13.1.22 spo
rt=137 dport=137 packets=0 bytes=0 mark=0 use=1
tcp 6 403809 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1307
dport=2314 packets=22 bytes=2978 [UNREPLIED] src=10.1.1.152 d
st=10.13.1.22 sport=2314 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 317711 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=3810 packets=2 bytes=208 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=3810 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 398686 ESTABLISHED src=10.13.1.157 dst=10.1.1.164 sport=139
dport=3932 packets=8 bytes=3853 [UNREPLIED] src=10.1.1.164 ds
t=10.13.1.157 sport=3932 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 398579 ESTABLISHED src=10.13.1.157 dst=10.21.1.172 sport=139
dport=3230 packets=10 bytes=995 [UNREPLIED] src=10.21.1.172
dst=10.13.1.157 sport=3230 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 414095 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1026
dport=1255 packets=8 bytes=2482 [UNREPLIED] src=10.1.1.152 ds
t=10.13.1.22 sport=1255 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 406975 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1928 packets=3 bytes=660 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1928 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 389713 ESTABLISHED src=10.13.1.167 dst=10.21.1.172 sport=139
dport=1180 packets=1 bytes=40 [UNREPLIED] src=10.21.1.172 ds
t=10.13.1.167 sport=1180 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 383984 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1307
dport=1567 packets=52 bytes=17262 [UNREPLIED] src=10.2.1.202
dst=10.13.1.22 sport=1567 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 395455 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1365 packets=4 bytes=570 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1365 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 413721 ESTABLISHED src=10.13.1.22 dst=10.11.1.152 sport=1307
dport=1211 packets=12 bytes=1762 [UNREPLIED] src=10.11.1.152
dst=10.13.1.22 sport=1211 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 412477 ESTABLISHED src=10.13.1.22 dst=10.2.1.163 sport=1128
dport=3456 packets=2 bytes=220 [UNREPLIED] src=10.2.1.163 dst
=10.13.1.22 sport=3456 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 412542 ESTABLISHED src=10.13.1.22 dst=10.2.1.163 sport=1307
dport=3462 packets=153 bytes=93050 [UNREPLIED] src=10.2.1.163
dst=10.13.1.22 sport=3462 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 395653 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1419 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1419 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 419700 ESTABLISHED src=10.13.1.22 dst=10.17.1.154 sport=1026
dport=1047 packets=3 bytes=169 [UNREPLIED] src=10.17.1.154 d
st=10.13.1.22 sport=1047 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 408271 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=4908 packets=10 bytes=2858 [UNREPLIED] src=10.21.1.170
dst=10.13.1.22 sport=4908 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 419028 ESTABLISHED src=10.13.1.22 dst=10.11.1.153 sport=1026
dport=2225 packets=6 bytes=1218 [UNREPLIED] src=10.11.1.153
dst=10.13.1.22 sport=2225 dport=1026 packets=0 bytes=0 mark=0 use=1
udp 17 26 src=10.13.1.26 dst=10.21.1.167 sport=53 dport=1053
packets=10 bytes=1724 [UNREPLIED] src=10.21.1.167 dst=10.13.1.26 s
port=1053 dport=53 packets=0 bytes=0 mark=0 use=1
tcp 6 272746 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=1638
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=1638 packets=0 bytes=0 mark=0 use=1
tcp 6 395653 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1422 packets=115 bytes=113014 [UNREPLIED] src=10.1.1.20
5 dst=10.13.1.22 sport=1422 dport=1307 packets=0 bytes=0 mark=0 use=1
udp 17 175 src=10.13.1.26 dst=64.34.165.69 sport=1066 dport=53
packets=5 bytes=280 src=64.34.165.69 dst=aaa.bbb.212.154 sport=5
3 dport=1066 packets=5 bytes=670 [ASSURED] mark=0 use=1
tcp 6 358716 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=1429
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=1429 packets=0 bytes=0 mark=0 use=1
tcp 6 280866 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=2288
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=2288 packets=0 bytes=0 mark=0 use=1
tcp 6 404176 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=135
dport=2928 packets=2 bytes=380 [UNREPLIED] src=10.1.1.152 dst=
10.13.1.22 sport=2928 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 390166 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=4599 packets=4 bytes=570 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=4599 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 393672 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1307
dport=1316 packets=425 bytes=519646 [UNREPLIED] src=10.44.1.
151 dst=10.13.1.22 sport=1316 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 113 TIME_WAIT src=10.15.1.152 dst=10.13.1.22 sport=1480
dport=445 packets=17 bytes=5529 src=10.13.1.22 dst=10.15.1.152 sp
ort=445 dport=1480 packets=14 bytes=1813 [ASSURED] mark=0 use=1
tcp 6 334464 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=2844
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=2844 packets=0 bytes=0 mark=0 use=1
tcp 6 266007 ESTABLISHED src=10.13.1.22 dst=10.1.1.25 sport=1228
dport=389 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10.
13.1.22 sport=389 dport=1228 packets=0 bytes=0 mark=0 use=1
udp 17 20 src=10.13.1.154 dst=255.255.255.255 sport=138 dport=138
packets=1 bytes=229 [UNREPLIED] src=255.255.255.255 dst=10.13
.1.154 sport=138 dport=138 packets=0 bytes=0 mark=0 use=1
tcp 6 413721 ESTABLISHED src=10.13.1.22 dst=10.11.1.152 sport=1307
dport=1204 packets=17 bytes=2802 [UNREPLIED] src=10.11.1.152
dst=10.13.1.22 sport=1204 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 414096 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1128
dport=1623 packets=2 bytes=220 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1623 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 330440 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=2537
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=2537 packets=0 bytes=0 mark=0 use=1
tcp 6 396246 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1437 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1437 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 407790 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1307
dport=1530 packets=29 bytes=19338 [UNREPLIED] src=10.44.1.15
1 dst=10.13.1.22 sport=1530 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 415851 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=3591
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=3591 packets=0 bytes=0 mark=0 use=1
tcp 6 385072 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=135
dport=1221 packets=2 bytes=380 [UNREPLIED] src=10.44.1.151 ds
t=10.13.1.22 sport=1221 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 394417 ESTABLISHED src=10.13.1.22 dst=10.1.1.151 sport=1307
dport=2281 packets=4709 bytes=2479966 [UNREPLIED] src=10.1.1.
151 dst=10.13.1.22 sport=2281 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 395276 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1398 packets=2 bytes=380 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1398 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 408271 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=4911 packets=437 bytes=549622 [UNREPLIED] src=10.21.1.
170 dst=10.13.1.22 sport=4911 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 419699 ESTABLISHED src=10.13.1.22 dst=10.17.1.154 sport=1307
dport=1053 packets=759 bytes=990990 [UNREPLIED] src=10.17.1.
154 dst=10.13.1.22 sport=1053 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 390120 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=4591 packets=70 bytes=56174 [UNREPLIED] src=10.21.1.17
0 dst=10.13.1.22 sport=4591 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 431953 ESTABLISHED src=10.15.1.230 dst=10.13.1.50 sport=17591
dport=23 packets=353 bytes=14382 src=10.13.1.50 dst=10.15.1
.230 sport=23 dport=17591 packets=302 bytes=63993 [ASSURED] mark=0 use=1
tcp 6 399410 ESTABLISHED src=10.13.1.22 dst=10.11.1.152 sport=1307
dport=1188 packets=10 bytes=2330 [UNREPLIED] src=10.11.1.152
dst=10.13.1.22 sport=1188 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 384047 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1307
dport=1769 packets=371 bytes=462218 [UNREPLIED] src=10.2.1.20
2 dst=10.13.1.22 sport=1769 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 388791 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1128
dport=1269 packets=2 bytes=220 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1269 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 390056 ESTABLISHED src=10.13.1.22 dst=10.19.1.155 sport=1026
dport=4475 packets=6 bytes=1206 [UNREPLIED] src=10.19.1.155
dst=10.13.1.22 sport=4475 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 265977 ESTABLISHED src=10.13.1.22 dst=10.1.1.25 sport=1311
dport=389 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10.
13.1.22 sport=389 dport=1311 packets=0 bytes=0 mark=0 use=1
tcp 6 388791 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1271 packets=2 bytes=208 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1271 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 382818 ESTABLISHED src=10.13.1.22 dst=10.2.1.163 sport=1307
dport=3058 packets=99 bytes=66290 [UNREPLIED] src=10.2.1.163
dst=10.13.1.22 sport=3058 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 301263 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=3979
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=3979 packets=0 bytes=0 mark=0 use=1
tcp 6 390380 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1307
dport=1293 packets=1458 bytes=2066358 [UNREPLIED] src=10.44.
1.151 dst=10.13.1.22 sport=1293 dport=1307 packets=0 bytes=0 mark=0
use=1
tcp 6 430255 ESTABLISHED src=10.13.1.22 dst=10.21.1.172 sport=1026
dport=4644 packets=5 bytes=630 [UNREPLIED] src=10.21.1.172 d
st=10.13.1.22 sport=4644 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 419236 ESTABLISHED src=10.13.1.22 dst=10.11.1.153 sport=1307
dport=2317 packets=46 bytes=30762 [UNREPLIED] src=10.11.1.15
3 dst=10.13.1.22 sport=2317 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 401880 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1721 packets=2 bytes=380 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1721 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 401008 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=4776 packets=4 bytes=570 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=4776 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 383558 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1128
dport=1199 packets=2 bytes=220 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1199 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 385072 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=135
dport=1219 packets=3 bytes=660 [UNREPLIED] src=10.44.1.151 ds
t=10.13.1.22 sport=1219 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 396378 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=4696 packets=318 bytes=411598 [UNREPLIED] src=10.21.1.
170 dst=10.13.1.22 sport=4696 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 394136 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1345 packets=2 bytes=208 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1345 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 404467 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1307
dport=1112 packets=12 bytes=2062 [UNREPLIED] src=10.1.1.152 d
st=10.13.1.22 sport=1112 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 418920 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=1114 packets=4 bytes=570 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=1114 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 385494 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1243 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1243 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 334582 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=4006 packets=4 bytes=570 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=4006 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 398852 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1483 packets=6 bytes=1210 [UNREPLIED] src=10.1.1.205 ds
t=10.13.1.22 sport=1483 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 116 SYN_SENT src=10.13.1.22 dst=216.52.51.143 sport=32912
dport=25 packets=1 bytes=48 [UNREPLIED] src=216.52.51.143 dst=2
09.130.212.154 sport=25 dport=32912 packets=0 bytes=0 mark=0 use=1
tcp 6 395276 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1395 packets=3 bytes=660 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1395 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 408130 ESTABLISHED src=10.13.1.22 dst=10.1.1.151 sport=1307
dport=3107 packets=28 bytes=12238 [UNREPLIED] src=10.1.1.151
dst=10.13.1.22 sport=3107 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 266007 ESTABLISHED src=10.13.1.22 dst=10.1.1.25 sport=1310
dport=389 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10.
13.1.22 sport=389 dport=1310 packets=0 bytes=0 mark=0 use=1
tcp 6 281480 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=2434
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=2434 packets=0 bytes=0 mark=0 use=1
tcp 6 33 TIME_WAIT src=208.186.13.120 dst=aaa.bbb.212.154
sport=60462 dport=1723 packets=11 bytes=992 src=10.13.1.22 dst=208.18
6.13.120 sport=1723 dport=60462 packets=9 bytes=608 [ASSURED] mark=0
use=1
tcp 6 419204 ESTABLISHED src=10.13.1.22 dst=10.11.1.153 sport=135
dport=2310 packets=3 bytes=660 [UNREPLIED] src=10.11.1.153 ds
t=10.13.1.22 sport=2310 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 307161 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=4433
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=4433 packets=0 bytes=0 mark=0 use=1
tcp 6 394924 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1374 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1374 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 383558 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=135
dport=1198 packets=3 bytes=660 [UNREPLIED] src=10.44.1.151 ds
t=10.13.1.22 sport=1198 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 390166 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=4602 packets=26 bytes=10126 [UNREPLIED] src=10.21.1.17
0 dst=10.13.1.22 sport=4602 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 414124 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1307
dport=1629 packets=79 bytes=72474 [UNREPLIED] src=10.44.1.15
1 dst=10.13.1.22 sport=1629 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 386539 ESTABLISHED src=10.13.1.22 dst=10.19.1.155 sport=1026
dport=3282 packets=25 bytes=1802 [UNREPLIED] src=10.19.1.155
dst=10.13.1.22 sport=3282 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 401843 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=4803 packets=32 bytes=11470 [UNREPLIED] src=10.21.1.17
0 dst=10.13.1.22 sport=4803 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 404176 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1026
dport=2924 packets=2 bytes=208 [UNREPLIED] src=10.1.1.152 dst
=10.13.1.22 sport=2924 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 383466 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1203 packets=106 bytes=70430 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=1203 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 395454 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1307
dport=1368 packets=34 bytes=22394 [UNREPLIED] src=10.44.1.15
1 dst=10.13.1.22 sport=1368 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 405502 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1907 packets=65 bytes=58310 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=1907 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 310927 ESTABLISHED src=10.13.1.157 dst=10.21.1.151 sport=139
dport=2022 packets=10 bytes=995 [UNREPLIED] src=10.21.1.151
dst=10.13.1.157 sport=2022 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 407809 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=2025 packets=32 bytes=16582 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=2025 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 431997 ESTABLISHED src=208.186.13.120 dst=aaa.bbb.212.154
sport=60465 dport=1723 packets=8 bytes=856 src=10.13.1.22 dst=2
08.186.13.120 sport=1723 dport=60465 packets=7 bytes=512 [ASSURED]
mark=0 use=1
tcp 6 404467 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1026
dport=1108 packets=4 bytes=570 [UNREPLIED] src=10.1.1.152 dst
=10.13.1.22 sport=1108 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 388791 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1268 packets=3 bytes=660 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1268 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 415828 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=1055 packets=13 bytes=4870 [UNREPLIED] src=10.21.1.170
dst=10.13.1.22 sport=1055 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 322485 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1128
dport=3872 packets=2 bytes=220 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=3872 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 407873 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=2039 packets=3 bytes=660 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=2039 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 274192 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=1727
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=1727 packets=0 bytes=0 mark=0 use=1
tcp 6 400535 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=4766 packets=2 bytes=208 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=4766 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 397998 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1026
dport=2739 packets=9 bytes=1446 [UNREPLIED] src=10.2.1.202 ds
t=10.13.1.22 sport=2739 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 407875 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=2046 packets=32 bytes=16582 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=2046 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 407324 ESTABLISHED src=10.13.1.22 dst=10.1.1.151 sport=1026
dport=3008 packets=229 bytes=158682 [UNREPLIED] src=10.1.1.15
1 dst=10.13.1.22 sport=3008 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 388244 ESTABLISHED src=10.13.1.22 dst=10.44.1.152 sport=1307
dport=1173 packets=606 bytes=80034 [UNREPLIED] src=10.44.1.1
52 dst=10.13.1.22 sport=1173 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 379232 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1120 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1120 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 400447 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1307
dport=1437 packets=47 bytes=33354 [UNREPLIED] src=10.44.1.15
1 dst=10.13.1.22 sport=1437 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 314782 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=1108
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=1108 packets=0 bytes=0 mark=0 use=1
udp 17 6 src=10.13.1.152 dst=10.13.1.255 sport=138 dport=138
packets=2 bytes=458 [UNREPLIED] src=10.13.1.255 dst=10.13.1.152 sp
ort=138 dport=138 packets=0 bytes=0 mark=0 use=1
tcp 6 385491 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1242 packets=2 bytes=208 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1242 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 376817 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1098 packets=10 bytes=3154 [UNREPLIED] src=10.44.1.151
dst=10.13.1.22 sport=1098 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 395276 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1399 packets=2 bytes=208 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1399 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 398181 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1403 packets=6 bytes=1242 [UNREPLIED] src=10.44.1.151
dst=10.13.1.22 sport=1403 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 100 SYN_SENT src=10.13.1.22 dst=10.10.10.10 sport=32900
dport=25 packets=3 bytes=144 [UNREPLIED] src=10.10.10.10 dst=10.1
3.1.22 sport=25 dport=32900 packets=0 bytes=0 mark=0 use=1
tcp 6 401457 ESTABLISHED src=10.13.1.22 dst=10.44.1.156 sport=1026
dport=4517 packets=12 bytes=4434 [UNREPLIED] src=10.44.1.156
dst=10.13.1.22 sport=4517 dport=1026 packets=0 bytes=0 mark=0 use=1
udp 17 3 src=10.13.1.26 dst=10.21.1.167 sport=53 dport=1025
packets=9 bytes=1713 [UNREPLIED] src=10.21.1.167 dst=10.13.1.26 spo
rt=1025 dport=53 packets=0 bytes=0 mark=0 use=1
tcp 6 413721 ESTABLISHED src=10.13.1.22 dst=10.11.1.152 sport=1026
dport=1200 packets=11 bytes=3626 [UNREPLIED] src=10.11.1.152
dst=10.13.1.22 sport=1200 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 383144 ESTABLISHED src=10.13.1.22 dst=10.1.1.156 sport=445
dport=2775 packets=20 bytes=3163 [UNREPLIED] src=10.1.1.156 ds
t=10.13.1.22 sport=2775 dport=445 packets=0 bytes=0 mark=0 use=1
tcp 6 376816 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1307
dport=1101 packets=536 bytes=568918 [UNREPLIED] src=10.44.1.
151 dst=10.13.1.22 sport=1101 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 392922 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1332 packets=2 bytes=380 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1332 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 392335 ESTABLISHED src=10.13.1.22 dst=10.2.1.163 sport=1307
dport=3219 packets=150 bytes=110342 [UNREPLIED] src=10.2.1.16
3 dst=10.13.1.22 sport=3219 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 404447 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=135
dport=1111 packets=2 bytes=380 [UNREPLIED] src=10.1.1.152 dst=
10.13.1.22 sport=1111 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 407787 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1526 packets=2 bytes=208 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1526 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 401883 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1723 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1723 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 426755 ESTABLISHED src=10.13.1.22 dst=10.1.1.164 sport=1026
dport=3841 packets=33 bytes=5797 [UNREPLIED] src=10.1.1.164 d
st=10.13.1.22 sport=3841 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 383561 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1202 packets=4 bytes=570 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1202 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 391369 ESTABLISHED src=10.13.1.167 dst=10.21.1.151 sport=139
dport=3014 packets=1 bytes=40 [UNREPLIED] src=10.21.1.151 ds
t=10.13.1.167 sport=3014 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 406976 ESTABLISHED src=10.13.1.157 dst=10.1.1.164 sport=139
dport=4006 packets=6 bytes=1593 [UNREPLIED] src=10.1.1.164 ds
t=10.13.1.157 sport=4006 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 402465 ESTABLISHED src=10.13.1.22 dst=10.11.1.153 sport=1307
dport=1171 packets=290 bytes=369850 [UNREPLIED] src=10.11.1.
153 dst=10.13.1.22 sport=1171 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 392922 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1330 packets=3 bytes=660 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1330 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 382753 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1169 packets=4 bytes=570 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1169 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 384921 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1307
dport=1778 packets=44 bytes=12814 [UNREPLIED] src=10.2.1.202
dst=10.13.1.22 sport=1778 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 334582 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=4009 packets=155 bytes=147646 [UNREPLIED] src=10.21.1.
170 dst=10.13.1.22 sport=4009 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 415405 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1647 packets=4 bytes=570 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1647 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 406171 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=4845 packets=4 bytes=570 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=4845 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 419203 ESTABLISHED src=10.13.1.22 dst=10.11.1.153 sport=1128
dport=2311 packets=2 bytes=220 [UNREPLIED] src=10.11.1.153 d
st=10.13.1.22 sport=2311 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 398123 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1450 packets=467 bytes=554426 [UNREPLIED] src=10.1.1.20
5 dst=10.13.1.22 sport=1450 dport=1307 packets=0 bytes=0 mark=0 use=1
udp 17 6 src=10.13.1.22 dst=10.1.1.152 sport=123 dport=123
packets=1 bytes=96 [UNREPLIED] src=10.1.1.152 dst=10.13.1.22 sport=1
23 dport=123 packets=0 bytes=0 mark=0 use=1
tcp 6 430582 ESTABLISHED src=10.13.1.157 dst=10.21.1.151 sport=139
dport=3973 packets=10 bytes=995 [UNREPLIED] src=10.21.1.151
dst=10.13.1.157 sport=3973 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 406879 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1128
dport=1921 packets=2 bytes=220 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1921 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 416091 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1661 packets=5 bytes=1154 [UNREPLIED] src=10.44.1.151
dst=10.13.1.22 sport=1661 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 409066 ESTABLISHED src=10.13.1.22 dst=10.11.1.153 sport=1307
dport=2033 packets=41 bytes=26118 [UNREPLIED] src=10.11.1.15
3 dst=10.13.1.22 sport=2033 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 406975 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1128
dport=1929 packets=2 bytes=220 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1929 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 395599 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1418 packets=2 bytes=208 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1418 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 30 SYN_SENT src=10.13.1.154 dst=10.1.1.25 sport=1336
dport=445 packets=1 bytes=48 [UNREPLIED] src=10.1.1.25 dst=10.13.1.1
54 sport=445 dport=1336 packets=0 bytes=0 mark=0 use=1
tcp 6 389712 ESTABLISHED src=10.13.1.167 dst=10.21.1.172 sport=139
dport=1188 packets=1 bytes=40 [UNREPLIED] src=10.21.1.172 ds
t=10.13.1.167 sport=1188 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 413565 ESTABLISHED src=10.13.1.22 dst=10.1.1.158 sport=1307
dport=4813 packets=1402 bytes=998078 [UNREPLIED] src=10.1.1.1
58 dst=10.13.1.22 sport=4813 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 322485 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=135
dport=3873 packets=2 bytes=380 [UNREPLIED] src=10.21.1.170 ds
t=10.13.1.22 sport=3873 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 405363 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1899 packets=34 bytes=16994 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=1899 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 424438 ESTABLISHED src=10.13.1.22 dst=10.19.1.155 sport=1026
dport=4650 packets=12 bytes=3151 [UNREPLIED] src=10.19.1.155
dst=10.13.1.22 sport=4650 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 392944 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1337 packets=359 bytes=483626 [UNREPLIED] src=10.1.1.20
5 dst=10.13.1.22 sport=1337 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 404721 ESTABLISHED src=10.13.1.22 dst=10.44.1.152 sport=1026
dport=2187 packets=10 bytes=1806 [UNREPLIED] src=10.44.1.152
dst=10.13.1.22 sport=2187 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 388244 ESTABLISHED src=10.13.1.22 dst=10.44.1.152 sport=1026
dport=1170 packets=36 bytes=14150 [UNREPLIED] src=10.44.1.15
2 dst=10.13.1.22 sport=1170 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 392944 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1334 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1334 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 419701 ESTABLISHED src=10.13.1.22 dst=10.17.1.154 sport=1026
dport=1057 packets=19 bytes=1583 [UNREPLIED] src=10.17.1.154
dst=10.13.1.22 sport=1057 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 415818 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=135
dport=1051 packets=3 bytes=660 [UNREPLIED] src=10.21.1.170 ds
t=10.13.1.22 sport=1051 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 387982 ESTABLISHED src=10.13.1.157 dst=10.44.1.153 sport=139
dport=1027 packets=5 bytes=419 [UNREPLIED] src=10.44.1.153 d
st=10.13.1.157 sport=1027 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 316219 ESTABLISHED src=10.13.1.167 dst=10.21.1.151 sport=139
dport=2186 packets=10 bytes=953 [UNREPLIED] src=10.21.1.151
dst=10.13.1.167 sport=2186 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 418401 ESTABLISHED src=10.13.1.22 dst=10.1.1.162 sport=1026
dport=2749 packets=11 bytes=1409 [UNREPLIED] src=10.1.1.162 d
st=10.13.1.22 sport=2749 dport=1026 packets=0 bytes=0 mark=0 use=1
udp 17 179 src=10.13.1.26 dst=206.165.6.11 sport=1066 dport=53
packets=55227 bytes=3367907 src=206.165.6.11 dst=aaa.bbb.212.154
sport=53 dport=1066 packets=55222 bytes=11955351 [ASSURED] mark=0 use=1
tcp 6 390211 ESTABLISHED src=10.13.1.22 dst=10.1.1.156 sport=1026
dport=2770 packets=8 bytes=1552 [UNREPLIED] src=10.1.1.156 ds
t=10.13.1.22 sport=2770 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 332452 ESTABLISHED src=10.13.1.167 dst=10.21.1.151 sport=139
dport=2656 packets=10 bytes=953 [UNREPLIED] src=10.21.1.151
dst=10.13.1.167 sport=2656 dport=139 packets=0 bytes=0 mark=0 use=1
udp 17 1 src=10.13.1.26 dst=10.21.1.167 sport=53 dport=1052
packets=10 bytes=1925 [UNREPLIED] src=10.21.1.167 dst=10.13.1.26 sp
ort=1052 dport=53 packets=0 bytes=0 mark=0 use=1
tcp 6 419197 ESTABLISHED src=10.13.1.22 dst=10.11.1.153 sport=1026
dport=2287 packets=6 bytes=1218 [UNREPLIED] src=10.11.1.153
dst=10.13.1.22 sport=2287 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 407787 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=135
dport=1525 packets=2 bytes=380 [UNREPLIED] src=10.44.1.151 ds
t=10.13.1.22 sport=1525 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 403159 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1307
dport=1480 packets=65 bytes=60194 [UNREPLIED] src=10.44.1.15
1 dst=10.13.1.22 sport=1480 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 394136 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1344 packets=2 bytes=380 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1344 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 407320 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1026
dport=1142 packets=4 bytes=570 [UNREPLIED] src=10.1.1.152 dst
=10.13.1.22 sport=1142 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 404178 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1307
dport=2929 packets=12 bytes=2062 [UNREPLIED] src=10.1.1.152 d
st=10.13.1.22 sport=2929 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 407800 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1953 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1953 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 399101 ESTABLISHED src=10.13.1.22 dst=10.11.1.152 sport=1026
dport=1073 packets=15 bytes=5186 [UNREPLIED] src=10.11.1.152
dst=10.13.1.22 sport=1073 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 406171 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=4848 packets=36 bytes=20858 [UNREPLIED] src=10.21.1.17
0 dst=10.13.1.22 sport=4848 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 414096 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=135
dport=1624 packets=2 bytes=380 [UNREPLIED] src=10.44.1.151 ds
t=10.13.1.22 sport=1624 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 373468 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=3232
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=3232 packets=0 bytes=0 mark=0 use=1
tcp 6 310915 ESTABLISHED src=10.13.1.167 dst=10.21.1.151 sport=139
dport=2000 packets=10 bytes=953 [UNREPLIED] src=10.21.1.151
dst=10.13.1.167 sport=2000 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 407318 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1307
dport=1139 packets=118 bytes=98646 [UNREPLIED] src=10.1.1.152
dst=10.13.1.22 sport=1139 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 389712 ESTABLISHED src=10.13.1.167 dst=10.21.1.172 sport=139
dport=1189 packets=1 bytes=40 [UNREPLIED] src=10.21.1.172 ds
t=10.13.1.167 sport=1189 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 382746 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1307
dport=1163 packets=64 bytes=44566 [UNREPLIED] src=10.44.1.15
1 dst=10.13.1.22 sport=1163 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 404721 ESTABLISHED src=10.13.1.22 dst=10.44.1.152 sport=1307
dport=2190 packets=10 bytes=2570 [UNREPLIED] src=10.44.1.152
dst=10.13.1.22 sport=2190 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 401456 ESTABLISHED src=10.13.1.22 dst=10.44.1.156 sport=1307
dport=4520 packets=4136 bytes=1720354 [UNREPLIED] src=10.44.
1.156 dst=10.13.1.22 sport=4520 dport=1307 packets=0 bytes=0 mark=0
use=1
tcp 6 398852 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1486 packets=71 bytes=49498 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=1486 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 392662 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1310 packets=696 bytes=943994 [UNREPLIED] src=10.1.1.20
5 dst=10.13.1.22 sport=1310 dport=1307 packets=0 bytes=0 mark=0 use=1
udp 17 175 src=10.13.1.26 dst=192.41.162.30 sport=1066 dport=53
packets=5 bytes=280 src=192.41.162.30 dst=aaa.bbb.212.154 sport
=53 dport=1066 packets=5 bytes=670 [ASSURED] mark=0 use=1
tcp 6 419951 ESTABLISHED src=10.13.1.22 dst=10.44.1.152 sport=1307
dport=1511 packets=2097 bytes=1999674 [UNREPLIED] src=10.44.
1.152 dst=10.13.1.22 sport=1511 dport=1307 packets=0 bytes=0 mark=0
use=1
tcp 6 391369 ESTABLISHED src=10.13.1.167 dst=10.21.1.151 sport=139
dport=3011 packets=1 bytes=40 [UNREPLIED] src=10.21.1.151 ds
t=10.13.1.167 sport=3011 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 385490 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1128
dport=1240 packets=2 bytes=220 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1240 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 389712 ESTABLISHED src=10.13.1.167 dst=10.21.1.172 sport=139
dport=1186 packets=1 bytes=40 [UNREPLIED] src=10.21.1.172 ds
t=10.13.1.167 sport=1186 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 390425 ESTABLISHED src=10.44.1.156 dst=165.193.22.75
sport=4556 dport=80 packets=2 bytes=184 [UNREPLIED] src=165.193.22.7
5 dst=aaa.bbb.212.154 sport=80 dport=4556 packets=0 bytes=0 mark=0 use=1
tcp 6 404694 ESTABLISHED src=10.13.1.22 dst=10.44.1.152 sport=1128
dport=2184 packets=4 bytes=460 [UNREPLIED] src=10.44.1.152 d
st=10.13.1.22 sport=2184 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 390947 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1297 packets=9 bytes=2038 [UNREPLIED] src=10.1.1.205 ds
t=10.13.1.22 sport=1297 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 421227 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=135
dport=1145 packets=3 bytes=660 [UNREPLIED] src=10.21.1.170 ds
t=10.13.1.22 sport=1145 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 400438 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=135
dport=1432 packets=2 bytes=380 [UNREPLIED] src=10.44.1.151 ds
t=10.13.1.22 sport=1432 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 398287 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1471 packets=3 bytes=660 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1471 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 396651 ESTABLISHED src=10.13.1.22 dst=10.21.1.165 sport=135
dport=3967 packets=2 bytes=380 [UNREPLIED] src=10.21.1.165 ds
t=10.13.1.22 sport=3967 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 332463 ESTABLISHED src=10.13.1.157 dst=10.21.1.151 sport=139
dport=2670 packets=10 bytes=995 [UNREPLIED] src=10.21.1.151
dst=10.13.1.157 sport=2670 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 406881 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1927 packets=32 bytes=16582 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=1927 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 384047 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1026
dport=1766 packets=4 bytes=570 [UNREPLIED] src=10.2.1.202 dst
=10.13.1.22 sport=1766 dport=1026 packets=0 bytes=0 mark=0 use=1
udp 17 179 src=10.13.1.26 dst=206.165.6.12 sport=1066 dport=53
packets=494 bytes=29428 src=206.165.6.12 dst=aaa.bbb.212.154 spo
rt=53 dport=1066 packets=492 bytes=50639 [ASSURED] mark=0 use=1
tcp 6 337113 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=4047 packets=4 bytes=570 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=4047 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 399102 ESTABLISHED src=10.13.1.22 dst=10.11.1.152 sport=1307
dport=1084 packets=679 bytes=33882 [UNREPLIED] src=10.11.1.1
52 dst=10.13.1.22 sport=1084 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 383466 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1200 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1200 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 408126 ESTABLISHED src=10.13.1.22 dst=10.1.1.151 sport=135
dport=3100 packets=3 bytes=660 [UNREPLIED] src=10.1.1.151 dst=
10.13.1.22 sport=3100 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 394923 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1377 packets=497 bytes=682002 [UNREPLIED] src=10.1.1.20
5 dst=10.13.1.22 sport=1377 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 400535 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=135
dport=4763 packets=3 bytes=660 [UNREPLIED] src=10.21.1.170 ds
t=10.13.1.22 sport=4763 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 431953 ESTABLISHED src=10.15.1.230 dst=10.13.1.50 sport=17592
dport=23 packets=317 bytes=12950 src=10.13.1.50 dst=10.15.1
.230 sport=23 dport=17592 packets=262 bytes=31919 [ASSURED] mark=0 use=1
tcp 6 407809 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=2022 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=2022 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 340345 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=3453
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=3453 packets=0 bytes=0 mark=0 use=1
tcp 6 412477 ESTABLISHED src=10.13.1.22 dst=10.2.1.163 sport=135
dport=3455 packets=3 bytes=660 [UNREPLIED] src=10.2.1.163 dst=
10.13.1.22 sport=3455 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 413721 ESTABLISHED src=10.13.1.22 dst=10.11.1.152 sport=1026
dport=1207 packets=5 bytes=610 [UNREPLIED] src=10.11.1.152 d
st=10.13.1.22 sport=1207 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 405181 ESTABLISHED src=10.13.1.22 dst=10.2.1.163 sport=1128
dport=3392 packets=2 bytes=220 [UNREPLIED] src=10.2.1.163 dst
=10.13.1.22 sport=3392 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 393942 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=4650 packets=314 bytes=418282 [UNREPLIED] src=10.21.1.
170 dst=10.13.1.22 sport=4650 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 405503 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1026
dport=3086 packets=10 bytes=2714 [UNREPLIED] src=10.2.1.202 d
st=10.13.1.22 sport=3086 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 317711 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=135
dport=3809 packets=2 bytes=380 [UNREPLIED] src=10.21.1.170 ds
t=10.13.1.22 sport=3809 dport=135 packets=0 bytes=0 mark=0 use=1
udp 17 25 src=10.13.1.26 dst=63.149.146.4 sport=1066 dport=53
packets=1 bytes=58 [UNREPLIED] src=63.149.146.4 dst=aaa.bbb.212.1
54 sport=53 dport=1066 packets=0 bytes=0 mark=0 use=1
tcp 6 415399 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1128
dport=1644 packets=2 bytes=220 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1644 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 421227 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=135
dport=1147 packets=2 bytes=380 [UNREPLIED] src=10.21.1.170 ds
t=10.13.1.22 sport=1147 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 389131 ESTABLISHED src=10.13.1.22 dst=10.2.1.163 sport=1026
dport=3157 packets=8 bytes=1602 [UNREPLIED] src=10.2.1.163 ds
t=10.13.1.22 sport=3157 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 388613 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1307
dport=1270 packets=57 bytes=24706 [UNREPLIED] src=10.44.1.15
1 dst=10.13.1.22 sport=1270 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 414095 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1307
dport=1266 packets=12 bytes=2062 [UNREPLIED] src=10.1.1.152 d
st=10.13.1.22 sport=1266 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 13 SYN_SENT src=10.13.1.26 dst=10.1.1.21 sport=4777 dport=135
packets=3 bytes=144 [UNREPLIED] src=10.1.1.21 dst=10.13.1.2
6 sport=135 dport=4777 packets=0 bytes=0 mark=0 use=1
tcp 6 400542 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=4767 packets=4 bytes=570 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=4767 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 411724 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=2067 packets=8 bytes=1974 [UNREPLIED] src=10.1.1.205 ds
t=10.13.1.22 sport=2067 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 385491 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1236 packets=3 bytes=660 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1236 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 406306 ESTABLISHED src=10.13.1.157 dst=10.1.1.164 sport=139
dport=3996 packets=6 bytes=503 [UNREPLIED] src=10.1.1.164 dst
=10.13.1.157 sport=3996 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 396013 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1428 packets=2 bytes=208 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1428 dport=1026 packets=0 bytes=0 mark=0 use=1
udp 17 62 src=10.13.1.26 dst=195.83.221.37 sport=1066 dport=53
packets=5 bytes=310 src=195.83.221.37 dst=aaa.bbb.212.154 sport=
53 dport=1066 packets=5 bytes=655 [ASSURED] mark=0 use=1
tcp 6 405472 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=135
dport=3082 packets=3 bytes=660 [UNREPLIED] src=10.2.1.202 dst=
10.13.1.22 sport=3082 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 395276 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1128
dport=1397 packets=2 bytes=220 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1397 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 421233 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=1152 packets=24 bytes=9882 [UNREPLIED] src=10.21.1.170
dst=10.13.1.22 sport=1152 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 431983 ESTABLISHED src=10.13.1.22 dst=10.21.1.172 sport=1307
dport=1116 packets=1725 bytes=280330 [UNREPLIED] src=10.21.1
.172 dst=10.13.1.22 sport=1116 dport=1307 packets=0 bytes=0 mark=0 use=1
udp 17 162 src=10.15.1.152 dst=10.13.1.22 sport=137 dport=137
packets=2 bytes=335 src=10.13.1.22 dst=10.15.1.152 sport=137 dpor
t=137 packets=2 bytes=425 [ASSURED] mark=0 use=1
tcp 6 419701 ESTABLISHED src=10.13.1.22 dst=10.17.1.154 sport=1307
dport=1063 packets=50 bytes=6860 [UNREPLIED] src=10.17.1.154
dst=10.13.1.22 sport=1063 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 394136 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1128
dport=1343 packets=2 bytes=220 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1343 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 398122 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1447 packets=10 bytes=2786 [UNREPLIED] src=10.1.1.205 d
st=10.13.1.22 sport=1447 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 390151 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=135
dport=4594 packets=3 bytes=660 [UNREPLIED] src=10.21.1.170 ds
t=10.13.1.22 sport=4594 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 388613 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1267 packets=10 bytes=2794 [UNREPLIED] src=10.44.1.151
dst=10.13.1.22 sport=1267 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 394145 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1346 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1346 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 410454 ESTABLISHED src=10.13.1.157 dst=10.1.1.164 sport=139
dport=4043 packets=7 bytes=2723 [UNREPLIED] src=10.1.1.164 ds
t=10.13.1.157 sport=4043 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 431930 ESTABLISHED src=10.13.1.22 dst=10.1.1.25 sport=1026
dport=4857 packets=2059 bytes=2362719 [UNREPLIED] src=10.1.1.2
5 dst=10.13.1.22 sport=4857 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 379232 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1123 packets=244 bytes=291570 [UNREPLIED] src=10.1.1.20
5 dst=10.13.1.22 sport=1123 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 399411 ESTABLISHED src=10.13.1.22 dst=10.11.1.152 sport=1307
dport=1195 packets=9 bytes=1446 [UNREPLIED] src=10.11.1.152
dst=10.13.1.22 sport=1195 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 414670 ESTABLISHED src=10.13.1.22 dst=10.1.1.151 sport=1307
dport=3186 packets=31 bytes=13138 [UNREPLIED] src=10.1.1.151
dst=10.13.1.22 sport=3186 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 415399 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1646 packets=2 bytes=208 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1646 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 405502 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1904 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1904 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 414096 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=135
dport=1622 packets=3 bytes=660 [UNREPLIED] src=10.44.1.151 ds
t=10.13.1.22 sport=1622 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 396756 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1393 packets=4 bytes=570 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1393 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 317711 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=135
dport=3807 packets=3 bytes=660 [UNREPLIED] src=10.21.1.170 ds
t=10.13.1.22 sport=3807 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 401635 ESTABLISHED src=10.13.1.22 dst=10.1.1.165 sport=135
dport=3988 packets=4 bytes=940 [UNREPLIED] src=10.1.1.165 dst=
10.13.1.22 sport=3988 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 386424 ESTABLISHED src=10.13.1.22 dst=10.44.1.152 sport=1307
dport=1108 packets=85 bytes=14074 [UNREPLIED] src=10.44.1.15
2 dst=10.13.1.22 sport=1108 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 401882 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1726 packets=32 bytes=16582 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=1726 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 405363 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1896 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1896 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 417935 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=1071 packets=7 bytes=1274 [UNREPLIED] src=10.21.1.170
dst=10.13.1.22 sport=1071 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 412736 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=2099 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=2099 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 420376 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=1137 packets=24 bytes=9882 [UNREPLIED] src=10.21.1.170
dst=10.13.1.22 sport=1137 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 388876 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1254 packets=819 bytes=946738 [UNREPLIED] src=10.1.1.20
5 dst=10.13.1.22 sport=1254 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 419203 ESTABLISHED src=10.13.1.22 dst=10.11.1.153 sport=135
dport=2312 packets=2 bytes=380 [UNREPLIED] src=10.11.1.153 ds
t=10.13.1.22 sport=2312 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 399398 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=4750 packets=898 bytes=1221798 [UNREPLIED] src=10.21.1
.170 dst=10.13.1.22 sport=4750 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 404694 ESTABLISHED src=10.13.1.22 dst=10.44.1.152 sport=1026
dport=2186 packets=4 bytes=424 [UNREPLIED] src=10.44.1.152 d
st=10.13.1.22 sport=2186 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 415405 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1307
dport=1650 packets=29 bytes=19338 [UNREPLIED] src=10.44.1.15
1 dst=10.13.1.22 sport=1650 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 398287 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1128
dport=1472 packets=2 bytes=220 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1472 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 391369 ESTABLISHED src=10.13.1.167 dst=10.21.1.151 sport=139
dport=3012 packets=1 bytes=40 [UNREPLIED] src=10.21.1.151 ds
t=10.13.1.167 sport=3012 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 405216 ESTABLISHED src=10.13.1.22 dst=10.2.1.163 sport=1307
dport=3398 packets=85 bytes=49970 [UNREPLIED] src=10.2.1.163
dst=10.13.1.22 sport=3398 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 419204 ESTABLISHED src=10.13.1.22 dst=10.11.1.153 sport=1026
dport=2313 packets=2 bytes=208 [UNREPLIED] src=10.11.1.153 d
st=10.13.1.22 sport=2313 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 322485 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=135
dport=3871 packets=3 bytes=660 [UNREPLIED] src=10.21.1.170 ds
t=10.13.1.22 sport=3871 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 431082 ESTABLISHED src=10.13.1.22 dst=10.1.1.25 sport=25878
dport=389 packets=6 bytes=240 [UNREPLIED] src=10.1.1.25 dst=1
0.13.1.22 sport=389 dport=25878 packets=0 bytes=0 mark=0 use=1
tcp 6 415399 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=135
dport=1645 packets=2 bytes=380 [UNREPLIED] src=10.44.1.151 ds
t=10.13.1.22 sport=1645 dport=135 packets=0 bytes=0 mark=0 use=1
udp 17 9 src=10.15.1.152 dst=10.13.1.26 sport=1355 dport=53
packets=1 bytes=71 src=10.13.1.26 dst=10.15.1.152 sport=53 dport=13
55 packets=1 bytes=87 mark=0 use=1
tcp 6 407319 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1026
dport=1135 packets=10 bytes=3554 [UNREPLIED] src=10.1.1.152 d
st=10.13.1.22 sport=1135 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 404176 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1307
dport=2922 packets=25 bytes=14342 [UNREPLIED] src=10.1.1.152
dst=10.13.1.22 sport=2922 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 412594 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=2093 packets=32 bytes=16558 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=2093 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 415827 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=1059 packets=42 bytes=15854 [UNREPLIED] src=10.21.1.17
0 dst=10.13.1.22 sport=1059 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 404694 ESTABLISHED src=10.13.1.22 dst=10.44.1.152 sport=135
dport=2183 packets=3 bytes=660 [UNREPLIED] src=10.44.1.152 ds
t=10.13.1.22 sport=2183 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 322485 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=3874 packets=2 bytes=208 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=3874 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 407807 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=2020 packets=2 bytes=380 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=2020 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 401004 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1128
dport=4773 packets=2 bytes=220 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=4773 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 396377 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=4693 packets=4 bytes=570 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=4693 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 395599 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1415 packets=3 bytes=660 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1415 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 394517 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1357 packets=280 bytes=340090 [UNREPLIED] src=10.1.1.20
5 dst=10.13.1.22 sport=1357 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 391369 ESTABLISHED src=10.13.1.167 dst=10.21.1.151 sport=139
dport=3010 packets=1 bytes=40 [UNREPLIED] src=10.21.1.151 ds
t=10.13.1.167 sport=3010 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 382370 ESTABLISHED src=10.13.1.157 dst=10.1.1.164 sport=139
dport=3800 packets=5 bytes=463 [UNREPLIED] src=10.1.1.164 dst
=10.13.1.157 sport=3800 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 398287 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1473 packets=2 bytes=380 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1473 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 396012 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1427 packets=2 bytes=380 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1427 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 385493 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1246 packets=33 bytes=16598 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=1246 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 409248 ESTABLISHED src=10.13.1.22 dst=10.1.1.158 sport=1026
dport=4810 packets=20 bytes=5067 [UNREPLIED] src=10.1.1.158 d
st=10.13.1.22 sport=4810 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 418920 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=1117 packets=136 bytes=158758 [UNREPLIED] src=10.21.1.
170 dst=10.13.1.22 sport=1117 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 322508 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=3875 packets=4 bytes=570 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=3875 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 406977 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1935 packets=32 bytes=16582 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=1935 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 266262 ESTABLISHED src=10.13.1.22 dst=10.1.1.25 sport=1169
dport=1232 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.22 sport=1232 dport=1169 packets=0 bytes=0 mark=0 use=1
tcp 6 333338 ESTABLISHED src=10.13.1.22 dst=10.17.1.154 sport=1026
dport=1031 packets=12 bytes=3650 [UNREPLIED] src=10.17.1.154
dst=10.13.1.22 sport=1031 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 409507 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=2889
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=2889 packets=0 bytes=0 mark=0 use=1
tcp 6 407807 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1128
dport=2019 packets=2 bytes=220 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=2019 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 385072 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1128
dport=1220 packets=2 bytes=220 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1220 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 407787 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=135
dport=1523 packets=3 bytes=660 [UNREPLIED] src=10.44.1.151 ds
t=10.13.1.22 sport=1523 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 407319 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1307
dport=1146 packets=12 bytes=2062 [UNREPLIED] src=10.1.1.152 d
st=10.13.1.22 sport=1146 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 395451 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1128
dport=1362 packets=2 bytes=220 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1362 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 430054 ESTABLISHED src=10.13.1.22 dst=10.1.1.151 sport=1026
dport=3194 packets=8 bytes=1295 [UNREPLIED] src=10.1.1.151 ds
t=10.13.1.22 sport=3194 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 420364 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1128
dport=1131 packets=2 bytes=220 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=1131 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 416377 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=1050 packets=70 bytes=42418 [UNREPLIED] src=10.21.1.17
0 dst=10.13.1.22 sport=1050 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 391369 ESTABLISHED src=10.13.1.167 dst=10.21.1.151 sport=139
dport=3013 packets=1 bytes=40 [UNREPLIED] src=10.21.1.151 ds
t=10.13.1.167 sport=3013 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 406016 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1912 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1912 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 386537 ESTABLISHED src=10.13.1.22 dst=10.19.1.155 sport=1307
dport=3284 packets=2277 bytes=376814 [UNREPLIED] src=10.19.1
.155 dst=10.13.1.22 sport=3284 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 401004 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=135
dport=4772 packets=3 bytes=660 [UNREPLIED] src=10.21.1.170 ds
t=10.13.1.22 sport=4772 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 394623 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1367 packets=35 bytes=17266 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=1367 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 421227 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=1148 packets=2 bytes=208 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=1148 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 422517 ESTABLISHED src=10.13.1.22 dst=10.44.1.159 sport=1026
dport=4045 packets=76 bytes=29487 [UNREPLIED] src=10.44.1.15
9 dst=10.13.1.22 sport=4045 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 383558 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1201 packets=2 bytes=208 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1201 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 395599 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1417 packets=2 bytes=380 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1417 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 396013 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1425 packets=3 bytes=660 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1425 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 415573 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=4952 packets=541 bytes=612946 [UNREPLIED] src=10.21.1.
170 dst=10.13.1.22 sport=4952 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 400534 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1128
dport=4764 packets=2 bytes=220 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=4764 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 414093 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1307
dport=1259 packets=50 bytes=29638 [UNREPLIED] src=10.1.1.152
dst=10.13.1.22 sport=1259 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 412589 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=2088 packets=2 bytes=380 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=2088 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 406975 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1931 packets=2 bytes=208 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1931 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 403962 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1307
dport=2902 packets=105 bytes=63770 [UNREPLIED] src=10.2.1.202
dst=10.13.1.22 sport=2902 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 388812 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1275 packets=50 bytes=22454 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=1275 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 392335 ESTABLISHED src=10.13.1.22 dst=10.2.1.163 sport=1026
dport=3216 packets=8 bytes=1602 [UNREPLIED] src=10.2.1.163 ds
t=10.13.1.22 sport=3216 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 399102 ESTABLISHED src=10.13.1.22 dst=10.11.1.152 sport=1026
dport=1080 packets=9 bytes=2010 [UNREPLIED] src=10.11.1.152
dst=10.13.1.22 sport=1080 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 406016 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1915 packets=205 bytes=245362 [UNREPLIED] src=10.1.1.20
5 dst=10.13.1.22 sport=1915 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 382229 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1307
dport=1557 packets=775 bytes=1012238 [UNREPLIED] src=10.2.1.2
02 dst=10.13.1.22 sport=1557 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 412590 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=2086 packets=3 bytes=660 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=2086 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 406895 ESTABLISHED src=10.13.1.22 dst=10.1.1.167 sport=1026
dport=1510 packets=245 bytes=260862 [UNREPLIED] src=10.1.1.16
7 dst=10.13.1.22 sport=1510 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 395174 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1391 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1391 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 418673 ESTABLISHED src=10.13.1.157 dst=10.21.1.167 sport=139
dport=3495 packets=10 bytes=995 [UNREPLIED] src=10.21.1.167
dst=10.13.1.157 sport=3495 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 392662 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1307 packets=6 bytes=1210 [UNREPLIED] src=10.1.1.205 ds
t=10.13.1.22 sport=1307 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 390056 ESTABLISHED src=10.13.1.22 dst=10.19.1.155 sport=1307
dport=4478 packets=226 bytes=225810 [UNREPLIED] src=10.19.1.
155 dst=10.13.1.22 sport=4478 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 389419 ESTABLISHED src=10.13.1.22 dst=10.44.1.152 sport=1307
dport=1388 packets=13 bytes=3050 [UNREPLIED] src=10.44.1.152
dst=10.13.1.22 sport=1388 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 422517 ESTABLISHED src=10.13.1.22 dst=10.44.1.159 sport=1307
dport=4050 packets=4875 bytes=5025314 [UNREPLIED] src=10.44.
1.159 dst=10.13.1.22 sport=4050 dport=1307 packets=0 bytes=0 mark=0
use=1
tcp 6 397998 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1307
dport=2742 packets=64 bytes=19542 [UNREPLIED] src=10.2.1.202
dst=10.13.1.22 sport=2742 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 365379 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=2255
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=2255 packets=0 bytes=0 mark=0 use=1
tcp 6 390380 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1290 packets=8 bytes=2030 [UNREPLIED] src=10.44.1.151
dst=10.13.1.22 sport=1290 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 400149 ESTABLISHED src=10.13.1.157 dst=10.21.1.172 sport=139
dport=3786 packets=10 bytes=995 [UNREPLIED] src=10.21.1.172
dst=10.13.1.157 sport=3786 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 405472 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1026
dport=3085 packets=2 bytes=208 [UNREPLIED] src=10.2.1.202 dst
=10.13.1.22 sport=3085 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 382749 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=135
dport=1167 packets=2 bytes=380 [UNREPLIED] src=10.44.1.151 ds
t=10.13.1.22 sport=1167 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 385075 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1223 packets=4 bytes=570 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1223 dport=1026 packets=0 bytes=0 mark=0 use=1
unknown 9 528 src=aaa.bbb.212.153 dst=255.255.255.255 packets=2103
bytes=96738 [UNREPLIED] src=255.255.255.255 dst=aaa.bbb.212.153
packets=0 bytes=0 mark=0 use=1
tcp 6 421233 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=1149 packets=4 bytes=570 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=1149 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 412589 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=2089 packets=2 bytes=208 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=2089 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 404466 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1026
dport=1101 packets=10 bytes=3554 [UNREPLIED] src=10.1.1.152 d
st=10.13.1.22 sport=1101 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 383561 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1307
dport=1205 packets=25 bytes=13654 [UNREPLIED] src=10.44.1.15
1 dst=10.13.1.22 sport=1205 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 403159 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1477 packets=4 bytes=570 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1477 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 390119 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=4588 packets=4 bytes=570 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=4588 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 413992 ESTABLISHED src=10.13.1.22 dst=10.1.1.167 sport=1307
dport=1513 packets=3329 bytes=948810 [UNREPLIED] src=10.1.1.1
67 dst=10.13.1.22 sport=1513 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 406879 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1922 packets=2 bytes=380 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1922 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 396756 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1307
dport=1396 packets=1361 bytes=1964538 [UNREPLIED] src=10.44.
1.151 dst=10.13.1.22 sport=1396 dport=1307 packets=0 bytes=0 mark=0
use=1
tcp 6 400437 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1433 packets=2 bytes=208 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1433 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 265012 ESTABLISHED src=10.13.1.22 dst=10.1.1.158 sport=139
dport=4148 packets=1 bytes=40 [UNREPLIED] src=10.1.1.158 dst=1
0.13.1.22 sport=4148 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 405481 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1128
dport=1901 packets=2 bytes=220 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1901 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 384235 ESTABLISHED src=10.13.1.157 dst=10.1.1.164 sport=139
dport=3831 packets=8 bytes=2763 [UNREPLIED] src=10.1.1.164 ds
t=10.13.1.157 sport=3831 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 420364 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=1133 packets=2 bytes=208 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=1133 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 385072 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1026
dport=1222 packets=2 bytes=208 [UNREPLIED] src=10.44.1.151 d
st=10.13.1.22 sport=1222 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 331574 ESTABLISHED src=10.13.1.157 dst=10.21.1.151 sport=139
dport=2557 packets=10 bytes=995 [UNREPLIED] src=10.21.1.151
dst=10.13.1.157 sport=2557 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 311713 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1307
dport=3744 packets=64 bytes=57454 [UNREPLIED] src=10.21.1.17
0 dst=10.13.1.22 sport=3744 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 428834 ESTABLISHED src=10.15.1.158 dst=10.13.1.50 sport=1707
dport=23 packets=106 bytes=4334 src=10.13.1.50 dst=10.15.1.1
58 sport=23 dport=1707 packets=77 bytes=17691 [ASSURED] mark=0 use=1
tcp 6 388791 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=135
dport=1270 packets=2 bytes=380 [UNREPLIED] src=10.1.1.205 dst=
10.13.1.22 sport=1270 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 403806 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1307
dport=2306 packets=4418 bytes=6159134 [UNREPLIED] src=10.1.1.
152 dst=10.13.1.22 sport=2306 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 405503 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=1307
dport=3089 packets=565 bytes=743962 [UNREPLIED] src=10.2.1.20
2 dst=10.13.1.22 sport=3089 dport=1307 packets=0 bytes=0 mark=0 use=1
unknown 50 593 src=71.216.115.33 dst=aaa.bbb.212.154 packets=53892
bytes=9073904 src=aaa.bbb.212.154 dst=71.216.115.33 packets=4147
1 bytes=12745208 mark=0 use=1
udp 17 25 src=10.13.1.26 dst=10.21.1.167 sport=53 dport=1050
packets=32 bytes=5353 [UNREPLIED] src=10.21.1.167 dst=10.13.1.26 s
port=1050 dport=53 packets=0 bytes=0 mark=0 use=1
tcp 6 419951 ESTABLISHED src=10.13.1.22 dst=10.44.1.152 sport=1026
dport=1311 packets=119 bytes=43687 [UNREPLIED] src=10.44.1.1
52 dst=10.13.1.22 sport=1311 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 338999 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=3300
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=3300 packets=0 bytes=0 mark=0 use=1
tcp 6 389712 ESTABLISHED src=10.13.1.167 dst=10.21.1.172 sport=139
dport=1187 packets=1 bytes=40 [UNREPLIED] src=10.21.1.172 ds
t=10.13.1.167 sport=1187 dport=139 packets=0 bytes=0 mark=0 use=1
tcp 6 418780 ESTABLISHED src=10.13.1.157 dst=10.1.1.164 sport=139
dport=4104 packets=8 bytes=683 [UNREPLIED] src=10.1.1.164 dst
=10.13.1.157 sport=4104 dport=139 packets=0 bytes=0 mark=0 use=1
udp 17 9 src=10.15.1.152 dst=10.13.1.22 sport=138 dport=138
packets=1 bytes=209 [UNREPLIED] src=10.13.1.22 dst=10.15.1.152 spor
t=138 dport=138 packets=0 bytes=0 mark=0 use=1
tcp 6 405181 ESTABLISHED src=10.13.1.22 dst=10.2.1.163 sport=1026
dport=3394 packets=2 bytes=208 [UNREPLIED] src=10.2.1.163 dst
=10.13.1.22 sport=3394 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 405481 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1903 packets=2 bytes=208 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1903 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 317715 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=3811 packets=4 bytes=570 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=3811 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 287165 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=2907
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=2907 packets=0 bytes=0 mark=0 use=1
tcp 6 100 TIME_WAIT src=10.15.1.152 dst=10.13.1.22 sport=1479
dport=139 packets=20 bytes=2681 src=10.13.1.22 dst=10.15.1.152 sp
ort=139 dport=1479 packets=19 bytes=6472 [ASSURED] mark=0 use=1
tcp 6 415399 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=135
dport=1643 packets=3 bytes=660 [UNREPLIED] src=10.44.1.151 ds
t=10.13.1.22 sport=1643 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 415572 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=4949 packets=13 bytes=4686 [UNREPLIED] src=10.21.1.170
dst=10.13.1.22 sport=4949 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 420364 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=135
dport=1130 packets=3 bytes=660 [UNREPLIED] src=10.21.1.170 ds
t=10.13.1.22 sport=1130 dport=135 packets=0 bytes=0 mark=0 use=1
udp 17 21 src=10.13.1.26 dst=10.21.1.167 sport=53 dport=1054
packets=16 bytes=3282 [UNREPLIED] src=10.21.1.167 dst=10.13.1.26 s
port=1054 dport=53 packets=0 bytes=0 mark=0 use=1
tcp 6 398291 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=1478 packets=32 bytes=16534 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=1478 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 395278 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1400 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1400 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 392922 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1333 packets=2 bytes=208 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1333 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 405472 ESTABLISHED src=10.13.1.22 dst=10.2.1.202 sport=135
dport=3084 packets=2 bytes=380 [UNREPLIED] src=10.2.1.202 dst=
10.13.1.22 sport=3084 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 394623 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1364 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1364 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 398291 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1475 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1475 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 385075 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=1307
dport=1226 packets=25 bytes=13654 [UNREPLIED] src=10.44.1.15
1 dst=10.13.1.22 sport=1226 dport=1307 packets=0 bytes=0 mark=0 use=1
udp 17 174 src=10.13.1.26 dst=64.34.168.95 sport=1066 dport=53
packets=5 bytes=280 src=64.34.168.95 dst=aaa.bbb.212.154 sport=5
3 dport=1066 packets=5 bytes=670 [ASSURED] mark=0 use=1
tcp 6 405181 ESTABLISHED src=10.13.1.22 dst=10.2.1.163 sport=135
dport=3391 packets=3 bytes=660 [UNREPLIED] src=10.2.1.163 dst=
10.13.1.22 sport=3391 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 431946 ESTABLISHED src=10.13.1.22 dst=10.1.1.164 sport=1307
dport=3844 packets=2088 bytes=1501998 [UNREPLIED] src=10.1.1.
164 dst=10.13.1.22 sport=3844 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 399398 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=1026
dport=4747 packets=4 bytes=570 [UNREPLIED] src=10.21.1.170 d
st=10.13.1.22 sport=4747 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 382749 ESTABLISHED src=10.13.1.22 dst=10.44.1.151 sport=135
dport=1165 packets=3 bytes=660 [UNREPLIED] src=10.44.1.151 ds
t=10.13.1.22 sport=1165 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 415817 ESTABLISHED src=10.13.1.22 dst=10.21.1.170 sport=135
dport=1053 packets=2 bytes=380 [UNREPLIED] src=10.21.1.170 ds
t=10.13.1.22 sport=1053 dport=135 packets=0 bytes=0 mark=0 use=1
tcp 6 411724 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=2070 packets=121 bytes=102530 [UNREPLIED] src=10.1.1.20
5 dst=10.13.1.22 sport=2070 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 408126 ESTABLISHED src=10.13.1.22 dst=10.1.1.151 sport=1128
dport=3101 packets=2 bytes=220 [UNREPLIED] src=10.1.1.151 dst
=10.13.1.22 sport=3101 dport=1128 packets=0 bytes=0 mark=0 use=1
tcp 6 404447 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1026
dport=1107 packets=2 bytes=208 [UNREPLIED] src=10.1.1.152 dst
=10.13.1.22 sport=1107 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 404178 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1026
dport=2925 packets=4 bytes=570 [UNREPLIED] src=10.1.1.152 dst
=10.13.1.22 sport=2925 dport=1026 packets=0 bytes=0 mark=0 use=1
[root@lakeville-fw gregs]#
-----Original Message-----
From: Patrick McHardy [mailto:kaber@trash.net]
Sent: Monday, August 28, 2006 10:14 AM
To: Greg Scott
Cc: netfilter-devel@lists.netfilter.org; Mike McRae
Subject: Re: Troubeleshooting a PPTP conversation
Greg Scott wrote:
> Below are all the rules. NAT table first, then the filter table, then
> the mangle table. Apologies in advance if the text wrapping gets
> butchered. There are lots of rules - just search for "1723" and you
> will see the relevant ones.
>
> I will try another connection and post /proc/net/ip_conntrack tonight
> when I get back later today.
>
> 10.13.1.22 is a Windows 2000 Microsoft RRAS server behind the
firewall.
> Win2000 - not Win2003. I was sniffing the Internet side. Eth0 is the
> Internet side, eth1 is the LAN. eth2 is a future DMZ but right now is
> empty.
>
> Here is the big picture:
>
> My LAN----My Firewall <-Internet-> Lakeville FW --Lakeville LAN and
> RRAS Server
> 66.173.97.0/27 aa.bb.212.154 10.13.1.0/24
> 10.13.1.22
>
> I have some more data on the problem. After rebooting both the remote
> and local firewalls, the symptoms stayed the same. After rebooting
> the Microsoft RRAS server at 10.13.1.22, I was able to get a PPTP
> connection from my place to Lakeville. After hanging up, I was not
> able to make another connection. The Microsoft PPTP client keeps
> redialing. I went off and did other stuff and let it redial - and
> then between 5 and 10 minutes later, it connected again.
>
>
>>18:42:15.012881 IP (tos 0x0, ttl 126, id 54977, offset 0, flags [DF],
>>proto: TCP (6), length: 72) 10.13.1.22.1723 > 66.173.97.2.2903
>>: P, cksum 0xaf0c (incorrect (-> 0x4d48), 1787486805:1787486837(32)
>>ack
>>1914062599 win 65211: pptp Length=32 CTRL-MSG Magic-Cookie=1 a2b3c4d
>>CTRL_MSGTYPE=OCRP CALL_ID(999) PEER_CALL_ID(2903)
>>RESULT_CODE(1:Connected) ERR_CODE(0:None) CAUSE_CODE(0)
>>CONN_SPEED(1480832
>>5) RECV_WIN(16384) PROC_DELAY(0) PHY_CHAN_ID(0)
Well, one noteable thing is that this packet from the PPtP-Server has an
incorrect checksum, and since it also doesn't have its source address
changed the checksum probably already arrived incorrect on the firewall.
The packet is send again two packets later with the correct address and
checksum, but the callids all look mixed up somehow. What kernel are you
using?
^ permalink raw reply [flat|nested] 13+ messages in thread
* RE: Troubeleshooting a PPTP conversation
@ 2006-08-29 12:23 Greg Scott
2006-08-29 12:54 ` Patrick McHardy
2006-09-04 14:46 ` Patrick McHardy
0 siblings, 2 replies; 13+ messages in thread
From: Greg Scott @ 2006-08-29 12:23 UTC (permalink / raw)
To: Greg Scott, Patrick McHardy; +Cc: netfilter-devel, Mike McRae
I sent this out last night but it never posted to the list. This might
be because the output from /proc/net/ip_conntrack was so huge. I will
cut out the parts I don't think are relevant and try posting this again.
- Greg Scott
-----Original Message-----
From: Greg Scott
Sent: Monday, August 28, 2006 9:24 PM
To: 'Patrick McHardy'
Cc: netfilter-devel@lists.netfilter.org; Mike McRae
Subject: RE: Troubeleshooting a PPTP conversation
Here is another tcpdump trace and /proc/net/ip_conntrack. I grabbed
this while an end user was unsuccessfully trying to establish a PPTP
connection. Holey moley! That ip_conntrack output is huge!
aaa.bbb.212.154 is the firewall outside IP Address. My remote end user
is at 208.186.13.120.
So this picture looks like this:
---NAT--208.186.13.120 <--> Internet <--> Firewall Win2k PPTP
Home aa.bb.212.153 10.13.1.22
Gateway
My remote user is behind his NAT home gateway.
Searching for that IP Address in the massive pile of output from
ip_conntrack, I see a TIME_WAIT connection and another ESTABLISHED one
from that IP Address. I wonder if that Win2K system isn't dropping them
appropriately? But the problem only happens to some people. Others can
connect, drop the connection, and then connect right back up again
without problem. But this one end user can never seem to get connected
back up again. Very strange!
- Greg Scott
[root@lakeville-fw gregs]#
[root@lakeville-fw gregs]# /usr/sbin/tcpdump -i eth0 host
208.186.13.120 -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
20:59:23.621944 IP 208.186.13.120.60465 > aaa.bbb.212.154.1723: S
3486358872:3486358872(0) win 16384 <mss 1460,nop,nop,sackOK>
20:59:23.622067 IP aaa.bbb.212.154.1723 > 208.186.13.120.60465: S
84269208:84269208(0) ack 3486358873 win 65535 <mss 1460,nop,nop,sa
ckOK>
20:59:23.670009 IP 208.186.13.120.60465 > aaa.bbb.212.154.1723: P
1:157(156) ack 1 win 17520: pptp CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0)
FRAME_CAP(A) BEARER_CAP(A) MAX_CHAN(0) FIRM_REV(2600) [|pptp]
20:59:23.670266 IP aaa.bbb.212.154.1723 > 208.186.13.120.60465: P
1:157(156) ack 157 win 65379: pptp CTRL_MSGTYPE=SCCRP PROTO_VER(1.
0) RESULT_CODE(1) ERR_CODE(0) FRAME_CAP(S) BEARER_CAP(DA) MAX_CHAN(0)
FIRM_REV(2195) [|pptp]
20:59:23.721103 IP 208.186.13.120.60465 > aaa.bbb.212.154.1723: P
157:325(168) ack 157 win 17364: pptp CTRL_MSGTYPE=OCRQ CALL_ID(604
66) CALL_SER_NUM(51973) MIN_BPS(300) MAX_BPS(100000000) BEARER_TYPE(Any)
FRAME_TYPE(E) RECV_WIN(64) PROC_DELAY(0) PHONE_NO_LEN(0) [|
pptp]
20:59:23.722213 IP 10.13.1.22.1723 > 208.186.13.120.60465: P
84269365:84269397(32) ack 3486359197 win 65211: pptp CTRL_MSGTYPE=OCRP
CALL_ID(33767) PEER_CALL_ID(60465) RESULT_CODE(1) ERR_CODE(0)
CAUSE_CODE(0) CONN_SPEED(14808325) RECV_WIN(16384) PROC_DELAY(0) PHY_C
HAN_ID(0)
20:59:26.045245 IP 208.186.13.120.60465 > aaa.bbb.212.154.1723: P
157:325(168) ack 157 win 17364: pptp CTRL_MSGTYPE=OCRQ CALL_ID(604
66) CALL_SER_NUM(51973) MIN_BPS(300) MAX_BPS(100000000) BEARER_TYPE(Any)
FRAME_TYPE(E) RECV_WIN(64) PROC_DELAY(0) PHONE_NO_LEN(0) [|
pptp]
20:59:26.045435 IP aaa.bbb.212.154.1723 > 208.186.13.120.60465: . ack
325 win 65211
20:59:26.176209 IP aaa.bbb.212.154.1723 > 208.186.13.120.60465: P
157:189(32) ack 325 win 65211: pptp CTRL_MSGTYPE=OCRP CALL_ID(3376
7) PEER_CALL_ID(60466) RESULT_CODE(1) ERR_CODE(0) CAUSE_CODE(0)
CONN_SPEED(14808325) RECV_WIN(16384) PROC_DELAY(0) PHY_CHAN_ID(0)
20:59:26.340630 IP 208.186.13.120.60465 > aaa.bbb.212.154.1723: . ack
189 win 17332
10 packets captured
20 packets received by filter
0 packets dropped by kernel
[root@lakeville-fw gregs]# cat /proc/net/ip_conntrack
tcp 6 333337 ESTABLISHED src=10.13.1.22 dst=10.17.1.154 sport=1307
dport=1038 packets=113 bytes=89410 [UNREPLIED] src=10.17.1.1
54 dst=10.13.1.22 sport=1038 dport=1307 packets=0 bytes=0 mark=0 use=1
.
. (lots of entries cut out)
.
tcp 6 281480 ESTABLISHED src=10.13.1.26 dst=10.1.1.25 sport=2434
dport=1027 packets=1 bytes=40 [UNREPLIED] src=10.1.1.25 dst=10
.13.1.26 sport=1027 dport=2434 packets=0 bytes=0 mark=0 use=1
tcp 6 33 TIME_WAIT src=208.186.13.120 dst=aaa.bbb.212.154
sport=60462 dport=1723 packets=11 bytes=992 src=10.13.1.22 dst=208.18
6.13.120 sport=1723 dport=60462 packets=9 bytes=608 [ASSURED] mark=0
use=1
tcp 6 419204 ESTABLISHED src=10.13.1.22 dst=10.11.1.153 sport=135
dport=2310 packets=3 bytes=660 [UNREPLIED] src=10.11.1.153 ds
t=10.13.1.22 sport=2310 dport=135 packets=0 bytes=0 mark=0 use=1
.
. (12 entries chopped out)
.
tcp 6 407809 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1307
dport=2025 packets=32 bytes=16582 [UNREPLIED] src=10.1.1.205
dst=10.13.1.22 sport=2025 dport=1307 packets=0 bytes=0 mark=0 use=1
tcp 6 431997 ESTABLISHED src=208.186.13.120 dst=aaa.bbb.212.154
sport=60465 dport=1723 packets=8 bytes=856 src=10.13.1.22 dst=2
08.186.13.120 sport=1723 dport=60465 packets=7 bytes=512 [ASSURED]
mark=0 use=1
tcp 6 404467 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1026
dport=1108 packets=4 bytes=570 [UNREPLIED] src=10.1.1.152 dst
=10.13.1.22 sport=1108 dport=1026 packets=0 bytes=0 mark=0 use=1
.
. (Zillions more entries chopped out)
.
tcp 6 404447 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1026
dport=1107 packets=2 bytes=208 [UNREPLIED] src=10.1.1.152 dst
=10.13.1.22 sport=1107 dport=1026 packets=0 bytes=0 mark=0 use=1
tcp 6 404178 ESTABLISHED src=10.13.1.22 dst=10.1.1.152 sport=1026
dport=2925 packets=4 bytes=570 [UNREPLIED] src=10.1.1.152 dst
=10.13.1.22 sport=2925 dport=1026 packets=0 bytes=0 mark=0 use=1
[root@lakeville-fw gregs]#
-----Original Message-----
From: Patrick McHardy [mailto:kaber@trash.net]
Sent: Monday, August 28, 2006 10:14 AM
To: Greg Scott
Cc: netfilter-devel@lists.netfilter.org; Mike McRae
Subject: Re: Troubeleshooting a PPTP conversation
Greg Scott wrote:
> Below are all the rules. NAT table first, then the filter table, then
> the mangle table. Apologies in advance if the text wrapping gets
> butchered. There are lots of rules - just search for "1723" and you
> will see the relevant ones.
>
> I will try another connection and post /proc/net/ip_conntrack tonight
> when I get back later today.
>
> 10.13.1.22 is a Windows 2000 Microsoft RRAS server behind the
firewall.
> Win2000 - not Win2003. I was sniffing the Internet side. Eth0 is the
> Internet side, eth1 is the LAN. eth2 is a future DMZ but right now is
> empty.
>
> Here is the big picture:
>
> My LAN----My Firewall <-Internet-> Lakeville FW --Lakeville LAN and
> RRAS Server
> 66.173.97.0/27 aa.bb.212.154 10.13.1.0/24
> 10.13.1.22
>
> I have some more data on the problem. After rebooting both the remote
> and local firewalls, the symptoms stayed the same. After rebooting
> the Microsoft RRAS server at 10.13.1.22, I was able to get a PPTP
> connection from my place to Lakeville. After hanging up, I was not
> able to make another connection. The Microsoft PPTP client keeps
> redialing. I went off and did other stuff and let it redial - and
> then between 5 and 10 minutes later, it connected again.
>
>
>>18:42:15.012881 IP (tos 0x0, ttl 126, id 54977, offset 0, flags [DF],
>>proto: TCP (6), length: 72) 10.13.1.22.1723 > 66.173.97.2.2903
>>: P, cksum 0xaf0c (incorrect (-> 0x4d48), 1787486805:1787486837(32)
>>ack
>>1914062599 win 65211: pptp Length=32 CTRL-MSG Magic-Cookie=1 a2b3c4d
>>CTRL_MSGTYPE=OCRP CALL_ID(999) PEER_CALL_ID(2903)
>>RESULT_CODE(1:Connected) ERR_CODE(0:None) CAUSE_CODE(0)
>>CONN_SPEED(1480832
>>5) RECV_WIN(16384) PROC_DELAY(0) PHY_CHAN_ID(0)
Well, one noteable thing is that this packet from the PPtP-Server has an
incorrect checksum, and since it also doesn't have its source address
changed the checksum probably already arrived incorrect on the firewall.
The packet is send again two packets later with the correct address and
checksum, but the callids all look mixed up somehow. What kernel are you
using?
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: Troubeleshooting a PPTP conversation
2006-08-29 12:23 Greg Scott
@ 2006-08-29 12:54 ` Patrick McHardy
2006-09-04 14:46 ` Patrick McHardy
1 sibling, 0 replies; 13+ messages in thread
From: Patrick McHardy @ 2006-08-29 12:54 UTC (permalink / raw)
To: Greg Scott; +Cc: netfilter-devel, Mike McRae
Greg Scott wrote:
> I sent this out last night but it never posted to the list. This might
> be because the output from /proc/net/ip_conntrack was so huge. I will
> cut out the parts I don't think are relevant and try posting this again.
I got it, thanks. I'll look into it later today. The list seems to be a
bit lagged currently.
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: Troubeleshooting a PPTP conversation
2006-08-29 12:23 Greg Scott
2006-08-29 12:54 ` Patrick McHardy
@ 2006-09-04 14:46 ` Patrick McHardy
1 sibling, 0 replies; 13+ messages in thread
From: Patrick McHardy @ 2006-09-04 14:46 UTC (permalink / raw)
To: Greg Scott; +Cc: netfilter-devel, Mike McRae
Greg Scott wrote:
> I sent this out last night but it never posted to the list. This might
> be because the output from /proc/net/ip_conntrack was so huge. I will
> cut out the parts I don't think are relevant and try posting this again.
I didn't notice any error .. are there still gre connection tracking
entries when this error occurs?
^ permalink raw reply [flat|nested] 13+ messages in thread
* RE: Troubeleshooting a PPTP conversation
@ 2006-09-04 15:46 Greg Scott
2006-09-04 16:12 ` Patrick McHardy
0 siblings, 1 reply; 13+ messages in thread
From: Greg Scott @ 2006-09-04 15:46 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel, Mike McRae
> I didn't notice any error .. are there still gre connection tracking
entries when this error occurs?
Yes. Searching for "1723" in the output I posted from
/proc/net/ip_conntrack, I see three entries. The first two are from my
end user. The third ons is from somewhere else - not sure where.
Curiously, all the IP Addresses on that third entry are internal. I
wonder why anyone would do a PPTP connection when they are already part
of the network? Here they are:
.
.
.
tcp 6 33 TIME_WAIT src=208.186.13.120 dst=aaa.bbb.212.154
sport=60462 dport=1723 packets=11 bytes=992 src=10.13.1.22 dst=208.18
6.13.120 sport=1723 dport=60462 packets=9 bytes=608 [ASSURED] mark=0
use=1
.
.
.
tcp 6 431997 ESTABLISHED src=208.186.13.120 dst=aaa.bbb.212.154
sport=60465 dport=1723 packets=8 bytes=856 src=10.13.1.22 dst=2
08.186.13.120 sport=1723 dport=60465 packets=7 bytes=512 [ASSURED]
mark=0 use=1
.
.
.
tcp 6 401883 ESTABLISHED src=10.13.1.22 dst=10.1.1.205 sport=1026
dport=1723 packets=4 bytes=570 [UNREPLIED] src=10.1.1.205 dst
=10.13.1.22 sport=1723 dport=1026 packets=0 bytes=0 mark=0 use=1
.
.
.
It looks like everything in here shows TCP traffic. I don't see
anything that mentions GRE specifically or protocol 47. But that may be
normal.
I am guessing that the TIME_WAIT connection never goes away. Then
another one comes in from the same IP Address and gets confused with the
TIME_WAIT one already in place. But this only happens sometimes. I am
still working on characterizing exactly what "sometimes" means.
By now it is several days later. I will look and see if that TIME_WAIT
entry is still in place.
- Greg Scott
-----Original Message-----
From: Patrick McHardy [mailto:kaber@trash.net]
Sent: Monday, September 04, 2006 9:47 AM
To: Greg Scott
Cc: netfilter-devel@lists.netfilter.org; Mike McRae
Subject: Re: Troubeleshooting a PPTP conversation
Greg Scott wrote:
> I sent this out last night but it never posted to the list. This
> might be because the output from /proc/net/ip_conntrack was so huge.
> I will cut out the parts I don't think are relevant and try posting
this again.
I didn't notice any error .. are there still gre connection tracking
entries when this error occurs?
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: Troubeleshooting a PPTP conversation
2006-09-04 15:46 Greg Scott
@ 2006-09-04 16:12 ` Patrick McHardy
0 siblings, 0 replies; 13+ messages in thread
From: Patrick McHardy @ 2006-09-04 16:12 UTC (permalink / raw)
To: Greg Scott; +Cc: netfilter-devel, Mike McRae
Greg Scott wrote:
>>I didn't notice any error .. are there still gre connection tracking
>
> entries when this error occurs?
>
> Yes. Searching for "1723" in the output I posted from
> /proc/net/ip_conntrack, I see three entries. The first two are from my
> end user. The third ons is from somewhere else - not sure where.
> Curiously, all the IP Addresses on that third entry are internal. I
> wonder why anyone would do a PPTP connection when they are already part
> of the network? Here they are:
>
> [...]
>
> It looks like everything in here shows TCP traffic. I don't see
> anything that mentions GRE specifically or protocol 47. But that may be
> normal.
Depending on the state of the connection, yes. I'm currently cleaning
the helper up and noticed a few bugs. Not sure how they could lead
to something like this but I'll prepare a patch for 2.6.17 when I'm
done if you want to test it.
^ permalink raw reply [flat|nested] 13+ messages in thread
* RE: Troubeleshooting a PPTP conversation
@ 2006-09-04 16:22 Greg Scott
2006-09-04 16:26 ` Patrick McHardy
0 siblings, 1 reply; 13+ messages in thread
From: Greg Scott @ 2006-09-04 16:22 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel, Mike McRae
OK. 2.6.18 is also coming very soon and I hope to spin out a new
version of my stuff with 2.6.18 and some POM-ng modules when 2.6.18 is
ready. So I can scrounge some hardware and also test with 2.6.18-rc6
here at my place if you want.
- Greg
-----Original Message-----
From: Patrick McHardy [mailto:kaber@trash.net]
Sent: Monday, September 04, 2006 11:12 AM
To: Greg Scott
Cc: netfilter-devel@lists.netfilter.org; Mike McRae
Subject: Re: Troubeleshooting a PPTP conversation
Greg Scott wrote:
>>I didn't notice any error .. are there still gre connection tracking
>
> entries when this error occurs?
>
> Yes. Searching for "1723" in the output I posted from
> /proc/net/ip_conntrack, I see three entries. The first two are from
> my end user. The third ons is from somewhere else - not sure where.
> Curiously, all the IP Addresses on that third entry are internal. I
> wonder why anyone would do a PPTP connection when they are already
> part of the network? Here they are:
>
> [...]
>
> It looks like everything in here shows TCP traffic. I don't see
> anything that mentions GRE specifically or protocol 47. But that may
> be normal.
Depending on the state of the connection, yes. I'm currently cleaning
the helper up and noticed a few bugs. Not sure how they could lead to
something like this but I'll prepare a patch for 2.6.17 when I'm done if
you want to test it.
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: Troubeleshooting a PPTP conversation
2006-09-04 16:22 Greg Scott
@ 2006-09-04 16:26 ` Patrick McHardy
0 siblings, 0 replies; 13+ messages in thread
From: Patrick McHardy @ 2006-09-04 16:26 UTC (permalink / raw)
To: Greg Scott; +Cc: netfilter-devel, Mike McRae
Greg Scott wrote:
> OK. 2.6.18 is also coming very soon and I hope to spin out a new
> version of my stuff with 2.6.18 and some POM-ng modules when 2.6.18 is
> ready. So I can scrounge some hardware and also test with 2.6.18-rc6
> here at my place if you want.
In that case I'm simply going to send you my entire patchset for the
PPtP helper.
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2006-09-04 16:26 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-08-27 0:13 Troubeleshooting a PPTP conversation Greg Scott
2006-08-28 9:23 ` Patrick McHardy
-- strict thread matches above, loose matches on Subject: below --
2006-08-28 13:30 Greg Scott
2006-08-28 15:14 ` Patrick McHardy
2006-08-28 19:14 Greg Scott
2006-08-29 2:24 Greg Scott
2006-08-29 12:23 Greg Scott
2006-08-29 12:54 ` Patrick McHardy
2006-09-04 14:46 ` Patrick McHardy
2006-09-04 15:46 Greg Scott
2006-09-04 16:12 ` Patrick McHardy
2006-09-04 16:22 Greg Scott
2006-09-04 16:26 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.