├── host_stop.sh
├── rage.h
├── makefile
├── libmutant.h
├── .gitignore
├── host_rage.sh
├── todo.txt
├── README.md
├── libmutant.c
├── rage.c
└── master_packets.txt


/host_stop.sh:
--------------------------------------------------------------------------------
1 | killall -9 rage
2 | 


--------------------------------------------------------------------------------
/rage.h:
--------------------------------------------------------------------------------
1 | 
2 | extern int debug;
3 | 


--------------------------------------------------------------------------------
/makefile:
--------------------------------------------------------------------------------
1 | all:
2 | 	$(CC) -Wall -o rage rage.c libmutant.c 
3 | 


--------------------------------------------------------------------------------
/libmutant.h:
--------------------------------------------------------------------------------
1 | #include <stdio.h>
2 | 
3 | unsigned char* do_fuzz_random(unsigned char *databuf, int data_buffer_len);
4 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # Object files
 2 | *.o
 3 | *.ko
 4 | *.obj
 5 | *.elf
 6 | 
 7 | # Precompiled Headers
 8 | *.gch
 9 | *.pch
10 | 
11 | # Libraries
12 | *.lib
13 | *.a
14 | *.la
15 | *.lo
16 | 
17 | # Shared objects (inc. Windows DLLs)
18 | *.dll
19 | *.so
20 | *.so.*
21 | *.dylib
22 | 
23 | # Executables
24 | *.exe
25 | *.out
26 | *.app
27 | *.i*86
28 | *.x86_64
29 | *.hex
30 | 
31 | # Debug files
32 | *.dSYM/
33 | 
34 | # mine
35 | seeds.log
36 | rage
37 | 


--------------------------------------------------------------------------------
/host_rage.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set +v
 4 | if [ -n "$1" ]
 5 | then
 6 |   echo 'about to rage against host: ' $1
 7 |   command -v nmap > /dev/null 2>&1 || { echo "You dont appear to have nmap. exiting"; exit 1; }
 8 |   for portnum in `nmap $1 -sT | grep open | cut -d '/' -f 1`; 
 9 |     do 
10 |     echo $portnum
11 |     screen -S ragePort$portnum -d -m ./rage -p $portnum -f ./master_packets.txt -t $1 
12 |     done;
13 | else
14 |   echo 'must give me a target host. exiting'
15 |   exit
16 | fi
17 | 


--------------------------------------------------------------------------------
/todo.txt:
--------------------------------------------------------------------------------
 1 | todo
 2 | 
 3 | - exit after N packets/seconds (to enable re-seed)
 4 | 
 5 | - tidy up/refactor: consistent style, fix shitty code, refactor
 6 | - debug should be -D
 7 | 
 8 | - randomize which packet is chosen to randomly string together handshake sequences
 9 | 
10 | --libmutant--
11 | - specific byte-range-offset mutation - target specific part of proto (libmutant)
12 | - configurable percent-mutate
13 | - different mutate strategies (radamsa)/libmutant +inject +bitflip +nullbyte
14 | 
15 | - event/poll IO
16 | 
17 | - remote ssh process/log watch
18 | 
19 | - metrics, performance stats
20 | - more L3,L4 network
21 | - server coverage tracing
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | rage against the network
 2 | ========================
 3 | 
 4 | a dumb protocol-unaware packet fuzzer/replayer
 5 | ----------------------------------------------
 6 | 
 7 | ## Basic ideas:
 8 | * ridiculously easy to use (near-zero setup cost)
 9 | * protocol-unaware; blind brute-force fuzzing
10 | * fairly quick (todo: proper epoll)
11 | * comes with a collection of packets for common protocols ready to go
12 | 
13 | ## Current status:
14 | * IP only (TCP and UDP)
15 | * Client-side only
16 | * not particularly fast (single-thread blocking)
17 | * deterministic; fuzz-runs can be repeated given the seed of a prior run
18 | * target process monitoring is left as an excersize to the reader
19 | * naive unconfigurable mutations
20 | 
21 | ## Usage
22 | ```
23 | Usage: rage [-d] -p <port> -t <target> -f <filename>
24 |         -f filename      file to read packet zoo from
25 |         -d               enable debug [excessive]
26 |         -l               print out all packets in file
27 |         -p portnum       specify target port for fuzzing
28 |         -t host          specify target host for fuzzing
29 |         -s milliseconds  specify a send delay 
30 |         -b               don't fuzz, send original packets and exit 
31 |         -r               provide a seed for srand (repeat a fuzz run)
32 |         -c               number of packets sent before forced reconnect
33 |         -z               a dummy arg to ID different fuzzers on same host
34 | 
35 | ```
36 | ## packet file format
37 | todo
38 | 
39 | ## doing a fuzz run
40 | todo
41 | 
42 | ## bugs found
43 | todo
44 | 


--------------------------------------------------------------------------------
/libmutant.c:
--------------------------------------------------------------------------------
 1 | /* basic mutation stuff */
 2 | 
 3 | #include <stdlib.h>
 4 | #include <stdio.h>
 5 | #include "rage.h"
 6 | 
 7 | #define FUZZ_RATIO_PC 0.05
 8 | #define CHUNK_DUPE_MAX_PC 0.25
 9 | 
10 | unsigned char* do_byte_percent_mutate(unsigned char *databuf, unsigned int data_buffer_len)
11 | {
12 | 	unsigned int bytes_to_fuzz, i, location;
13 | 	unsigned char mutatedbyte;
14 | 	bytes_to_fuzz = (data_buffer_len * FUZZ_RATIO_PC);
15 | 	for (i=0; i<bytes_to_fuzz; i++)
16 | 	{
17 | 		location = rand() % data_buffer_len;
18 | 		mutatedbyte = rand() % 256;
19 | 		databuf[location] = mutatedbyte;
20 | 	}
21 | 	return databuf;
22 | }
23 | 
24 | //TODO: incomplete
25 | unsigned char* do_chunk_duplicate(unsigned char *databuf, unsigned int data_buffer_len)
26 | {
27 |   int chunk_len;
28 |   int dupe_num;
29 |   int bufsz;
30 |   int location;
31 |   unsigned char *retbuf;
32 |   dupe_num = rand() % 20;
33 |   chunk_len = (rand() % data_buffer_len) * CHUNK_DUPE_MAX_PC;
34 |   if (debug) {printf("packet len:%d, chosen chunk len:%d, dupe size:%d\n",data_buffer_len,chunk_len,dupe_num);}
35 |   bufsz = data_buffer_len + (dupe_num*chunk_len);
36 |   retbuf = malloc(bufsz);
37 |   location = rand() % data_buffer_len;
38 |   if (location+chunk_len > data_buffer_len)
39 |   {
40 |     location = data_buffer_len - chunk_len;
41 |   }
42 |   retbuf=NULL;
43 |   return retbuf;
44 | }
45 | 
46 | unsigned char* do_fuzz_random(unsigned char *databuf, unsigned int data_buffer_len)
47 | {
48 |   unsigned char *retbuf;
49 |   retbuf = do_byte_percent_mutate(databuf, data_buffer_len);
50 |   return retbuf;
51 | }
52 | 


--------------------------------------------------------------------------------
/rage.c:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <unistd.h>
  3 | #include <string.h>
  4 | #include <stdlib.h>
  5 | #include <errno.h>
  6 | #include <sys/socket.h>
  7 | #include <netinet/in.h>
  8 | #include <arpa/inet.h>
  9 | #include <resolv.h>
 10 | #include <time.h>
 11 | #include <stdint.h>
 12 | 
 13 | #include "libmutant.h"
 14 | #include "rage.h"
 15 | 
 16 | #define MAX_SOCKET_ERRORS 10
 17 | #define MAX_CONNECT_ERRORS 10
 18 | 
 19 | #if defined(__APPLE__) || defined(__MACH__)
 20 | # ifndef MSG_NOSIGNAL
 21 | #   define MSG_NOSIGNAL SO_NOSIGPIPE
 22 | # endif
 23 | #endif
 24 | 
 25 | int debug =0;
 26 | int udpmode=0;
 27 | int send_delay=0;
 28 | int print_packets=0;
 29 | int modify_payload=1;
 30 | int packet_loop_counter=0;
 31 | int packet_loop_counter_max=10;
 32 | int socket_errors=0;
 33 | int connect_errors =0;
 34 | float FUZZ_RATIO = 0.05;
 35 | 
 36 | int sockfd = (uintptr_t)NULL;
 37 | 
 38 | void init_sock();
 39 | 
 40 | struct packetDescription
 41 | {
 42 |   char l3[4];
 43 |   char l4[4];
 44 |   int sport;
 45 |   int dport;
 46 |   char direction[4];
 47 |   char* hexdata; 
 48 |   char* comment;
 49 |   struct packetDescription *next;
 50 | };
 51 | 
 52 | struct packetDescription *head = NULL;
 53 | struct packetDescription *current = NULL;
 54 | 
 55 | void usage()
 56 | {
 57 |   printf("Usage: rage [-d] -p <port> -t <target> -f <filename>\n");
 58 |   printf("        -f filename      file to read packet zoo from\n");
 59 |   printf("        -d               enable debug [excessive]\n");
 60 |   printf("        -u               UDP mode\n");
 61 |   printf("        -l               print out all packets in file\n");
 62 |   printf("        -p portnum       specify target port for fuzzing\n");
 63 |   printf("        -t host          specify target host for fuzzing\n");
 64 |   printf("        -s milliseconds  specify a send delay \n");
 65 |   printf("        -b               don't fuzz, send original packets and exit \n");
 66 |   printf("        -r seed          provide a seed for srand (repeat a fuzz run)\n");
 67 |   printf("        -c               number of packets sent before forced reconnect\n");
 68 |   printf("        -z               a dummy arg to ID different fuzzers on same host\n");
 69 |   printf("        -h               this help screen\n");
 70 |   exit(1);
 71 | }
 72 | 
 73 | 
 74 | void addToList(char *line)
 75 | {
 76 |   struct packetDescription *newpkt
 77 |     = (struct packetDescription*)malloc(sizeof(struct packetDescription));
 78 |   char *token;
 79 |   int field=0;
 80 |   if (line[0]=='#')
 81 |   {
 82 |     if (debug) {printf("Bailing on line with comment\n");}
 83 |     free(newpkt);
 84 |     return;
 85 |   }
 86 |   char *c;
 87 |   c = strchr(line,'\n');
 88 |   *c = '\0';
 89 |   if (debug) {printf("Full Line: ----%s----\n",line);}
 90 |   token = strtok(line,":");
 91 |   while (token !=NULL)
 92 |   {
 93 |     if (field==0) {
 94 |       strcpy(newpkt->l3,token);
 95 |       if (debug) {printf("l3: %s\n",token);}
 96 |     } else if (field==1) {
 97 |       strcpy(newpkt->l4,token);
 98 |       if (debug) {printf("l4: %s\n",token);}
 99 |     } else if (field==2) {
100 |       newpkt->sport=atoi(token);
101 |       if (debug) {printf("sport: %d\n",newpkt->sport);}
102 |     } else if (field==3) {
103 |       newpkt->dport=atoi(token);
104 |       if (debug) {printf("dport: %d\n",newpkt->dport);}
105 |     } else if (field==4) {
106 |       strcpy(newpkt->direction,token);
107 |       if (debug) {printf("direction: %s\n",token);}
108 |     } else if (field==5) {
109 |       newpkt->hexdata = malloc(strlen(token)+1);
110 |       strcpy(newpkt->hexdata,token);
111 |       if (debug) {printf("hexdata: %s\n",token);}
112 |     } else if (field==6) {
113 |       newpkt->comment = malloc(strlen(token)+1);
114 |       strcpy(newpkt->comment,token);
115 |       if (debug) {printf("comment: %s\n",token);}
116 |     }
117 |     token = strtok(NULL,":");
118 |     field++;
119 |   }
120 |   if (head==NULL)
121 |   {
122 |     head = newpkt;
123 |     newpkt->next=NULL;
124 |   } else {
125 |     newpkt->next = head;
126 |     head = newpkt;
127 |   }
128 |   return;
129 | }
130 | 
131 | int ascii_char_to_num(char c)
132 | {
133 |   int i = strtol((char []){c,0},NULL,16);
134 |   return i;
135 | }
136 | 
137 | void get_raw_from_ascii_hex(char *input, unsigned char *output)
138 | {
139 |   if (debug) {printf("debug: get_raw_from_ascii_hex\n");}
140 |   int bytelen;
141 |   int i;
142 |   bytelen = strlen(input); 
143 |   if (debug) {printf("debug: input len: %d\n",bytelen);}
144 | 
145 |   char *ptr;
146 |   ptr = input;
147 | 
148 |   for (i=0;i<bytelen;i=i+2)
149 |   {
150 |     unsigned char result;
151 |     unsigned char c1, c2;
152 |     c1 = ascii_char_to_num(ptr[i])*16;
153 |     c2 = ascii_char_to_num(ptr[i+1]);
154 |     result = c1+c2;
155 |     if (debug) {printf("[0x%02x] ",result);}
156 |     output[i/2] = (unsigned char)result;
157 |   }
158 |   output[i/2]='\0';
159 | }
160 | 
161 | void printByPortNo(int portNo)
162 | {
163 |   current = head;
164 |   while (current!=NULL)
165 |   {
166 |     if (current->dport==portNo)
167 |     {
168 |       printf("PacketComment port %d: %s\n",portNo,current->comment);
169 |     }
170 |     current=current->next;
171 |   }
172 |   return;
173 | }
174 | 
175 | void getPacketDescriptions(FILE *fp)
176 | {
177 |   char line[12000];//todo wtf
178 |   void *r;
179 |   int total_lines=0;
180 |   r=fgets(line,12000,fp);
181 |   while (r!=NULL)
182 |   {
183 |     addToList(line);
184 |     r=fgets(line,12000,fp);
185 |     total_lines++;
186 |   }
187 |   printf("[+] reading %d lines complete\n",total_lines);
188 |   return;
189 | }
190 | 
191 | void print_all_packets(int portnum)
192 | {
193 |   if (debug) {printf("Printing all packets with portnum %d\n",portnum);}
194 |   current = head;
195 |   while (current != NULL)
196 |   {
197 |     char sport_text[8];
198 |     char dport_text[8];
199 |     char direction[4];
200 |     char outtext[128];
201 |     int outlen=0;
202 |     int i;
203 |     if (portnum!=0 && portnum!=current->dport)
204 |     {
205 |       current=current->next;
206 |       continue;
207 |     }
208 |     if (current->sport==0)
209 |     {
210 |       strcpy(sport_text,"*");
211 |     }
212 |     else
213 |     {
214 |       sprintf(sport_text,"%d",current->sport);
215 |     }
216 |     if (current->dport==0)
217 |     {
218 |       strcpy(dport_text,"*");
219 |     }
220 |     else
221 |     {
222 |       sprintf(dport_text,"%d",current->dport);
223 |     }
224 |     if (strcmp(current->direction,"CS"))
225 |     {
226 |       strcpy(direction,"<--");
227 |     } else
228 |     {
229 |       strcpy(direction,"-->");
230 |     }
231 |     sprintf(outtext,"%s/%s [ %s %s %s ]",current->l3,current->l4,sport_text,direction,dport_text);
232 |     outlen = strlen(outtext);
233 |     for (i=24;i>outlen;i--) strcat(outtext," ");
234 |     strcat(outtext,current->comment);
235 |     printf("%s\n",outtext);
236 |     current=current->next;
237 |   }
238 |   return;
239 | }
240 | 
241 | unsigned char * ascii_to_binary(char *input)
242 | {
243 |   if (debug) {printf("debug: called into ascii_to_binary with %u bytes\n",(unsigned int)strlen(input));}
244 |   if (debug) {printf("debug: ascii_to_binary in: %s\n",input);}
245 |   unsigned char *output;
246 |   output = malloc((strlen(input)/2)+1);
247 |   get_raw_from_ascii_hex(input,output);
248 |   return output;
249 | }
250 | 
251 | 
252 | void send_packet(unsigned char *databuf,int portnum,char *target_host, int data_buffer_len)
253 | {
254 |   struct sockaddr_in dest;
255 |   int sendval;
256 |   int sendtoerr;
257 | 
258 |   bzero((char *)&dest, sizeof(dest));
259 |   dest.sin_family = AF_INET;
260 |   dest.sin_port = htons(portnum);
261 | 
262 |   if (inet_aton(target_host, (struct in_addr *)&dest.sin_addr.s_addr)==0)
263 |   {
264 |     printf("Error with address\n");
265 |     exit(errno);
266 |   }
267 |   if (debug) {printf("Addr: %s\n",target_host);}
268 |   if (debug) {printf("Send()ing %d bytes thru sock: 0x%x\n",data_buffer_len,sockfd); }
269 |   if (udpmode) 
270 |   {
271 |     sendtoerr = sendto(sockfd,databuf,data_buffer_len,0,(struct sockaddr*)&dest,sizeof(dest));
272 |     if (sendtoerr < 0)
273 |     {
274 |       perror("sendto() failed");
275 |       exit(1);
276 |     } 
277 |   } else { 
278 |     sendval = send(sockfd, databuf, data_buffer_len, MSG_NOSIGNAL);
279 |    if (sendval == -1)
280 |    {
281 |      if (debug) {printf("send() failed: %d, reconnecting\n",sendval);}
282 |      if (connect(sockfd, (struct sockaddr*)&dest, sizeof(dest)) !=0)
283 |      {
284 |        if (debug) {printf("\n\nConnect() error, try new socket");}
285 |        init_sock();
286 |        if (connect(sockfd, (struct sockaddr*)&dest, sizeof(dest)) !=0)
287 |        {
288 |          connect_errors++;
289 |          if (connect_errors>MAX_CONNECT_ERRORS)
290 |          {
291 |            printf("\n\nConnect() error, exiting\n\n");
292 |            exit(errno);
293 |          }
294 |          usleep(1000);
295 |          return;
296 |        }
297 |      }
298 |      sendval = send(sockfd, databuf, data_buffer_len, 0);
299 |      if (debug) {printf("send() retval after reconnect: %d\n",sendval);}
300 |     }
301 |   } 
302 |   if (debug) {printf("appears to have send() successfully\n");}
303 |   packet_loop_counter++;
304 |   if (packet_loop_counter>packet_loop_counter_max)
305 |   {
306 |     packet_loop_counter=0;
307 |     close(sockfd);
308 |     init_sock();
309 |   }
310 |   return;
311 | }
312 | 
313 | void init_sock()
314 | {
315 |     if (udpmode)
316 |     {
317 |       sockfd = socket(AF_INET,SOCK_DGRAM, IPPROTO_UDP);
318 |     } else {  
319 |       sockfd = socket(AF_INET,SOCK_STREAM,0);
320 |     }
321 |     if (sockfd <0)
322 |     {
323 |       socket_errors +=1;
324 |       usleep(1000);
325 |       if (socket_errors>MAX_SOCKET_ERRORS)
326 |       {
327 |         printf("\n%d Socket errors, exiting\n",MAX_SOCKET_ERRORS);
328 |         exit(errno);
329 |       }
330 |     }
331 | }
332 | 
333 | int port_count(int portnum)
334 | {
335 |   int count=0;
336 |   current = head;
337 |   while (current->next != NULL)
338 |   {
339 |     if (current->dport == portnum && 
340 |         ((udpmode && strcmp("UDP",current->l4)==0) || 
341 |           (!udpmode && strcmp("TCP",current->l4)==0)))
342 |     {
343 |       count++;
344 |     }
345 |     current = current->next;
346 |   }
347 |   return count;
348 | }
349 | 
350 | void begin_fuzzer(int portnum, char *target_host)
351 | {
352 |   char port_print[8];
353 |   unsigned char *data_buffer;
354 |   unsigned int data_buffer_len;
355 |   int outbuflen=0;
356 |   char outbuffer[64];
357 |   int packets_sent=0;
358 |   if (portnum==0)
359 |   {
360 |     strcpy(port_print,"ALL");
361 |   } else {
362 |     sprintf(port_print,"%d",portnum);
363 |   }
364 |   init_sock();
365 |   printf("[+] beginning fuzz run against: %s:%s\n\n",target_host,port_print);
366 |   if (port_count(portnum)==0)
367 |   {
368 |     printf("ERR: we don't have any packets for this port. Exiting\n");
369 |     exit(1);
370 |   }
371 |   while (1)
372 |   {
373 |     current = head;
374 |     while (current!=NULL)
375 |     {
376 |       if (current->dport!=portnum || 
377 |         (udpmode && strcmp(current->l4,"UDP")!=0) ||
378 |         (!udpmode && strcmp(current->l4,"TCP")!=0))
379 |       {
380 |         if (debug) printf("Skipping this packet..\n");
381 |         current=current->next;
382 |         continue;
383 |       }
384 |       data_buffer = ascii_to_binary(current->hexdata);
385 |       data_buffer_len = (strlen(current->hexdata)/2);
386 |       if (packets_sent%100==0)
387 |       {
388 |         for(;outbuflen>0;outbuflen--)
389 |         {
390 |           printf("\b");
391 |         }
392 |         sprintf(outbuffer,"Sent %d packets",packets_sent);
393 |         outbuflen = strlen(outbuffer);
394 |         printf("%s",outbuffer);
395 |         fflush(stdout);
396 |       }
397 |       if (modify_payload)
398 |       {
399 |         data_buffer = do_fuzz_random(data_buffer,data_buffer_len);
400 |       }
401 |       if (debug) {printf("Attempting to send data\n");}
402 |       usleep(send_delay*1000);
403 |       send_packet(data_buffer,portnum,target_host,data_buffer_len);
404 |       packets_sent++;
405 |       free(data_buffer);
406 |       current=current->next;
407 |     }
408 |     if (modify_payload==0)
409 |     {
410 |       printf("\n\nSent all packets unmodified, exiting\n\n");
411 |       exit(0);
412 |     }
413 |   }
414 | }
415 | 
416 | void save_seed(int seed, char *fullCmdLine)
417 | {
418 |   time_t sec;
419 |   char *time_str;
420 |   sec = time(NULL);
421 |   time_str = ctime(&sec);
422 |   time_str[strlen(time_str)-1] = '\0';
423 |   FILE *seedFile = fopen("seeds.log","a");
424 |   fprintf(seedFile,"%s, cmd:%s seed was: %d\n",time_str,fullCmdLine,seed);
425 |   fclose(seedFile);
426 | }
427 | 
428 | int main(int argc, char **argv)
429 | {
430 |   FILE *fp;
431 |   printf("rage network dumbfuzzer\n");
432 |   char *fileName = NULL;
433 |   char *target_host = NULL;
434 |   unsigned int supplied_seed =0;
435 |   int portnum=0;
436 |   int c;
437 |   char *fullCmdLine[128]; //todo
438 |   strcpy((char *)fullCmdLine,argv[0]);
439 |   int i;
440 |   for (i=1;i<argc;i++)
441 |   {
442 |     strcat((char *)fullCmdLine," ");
443 |     strcat((char *)fullCmdLine,argv[i]);
444 |   }
445 | 	while ((c = getopt(argc, argv, "uhldbf:p:t:s:r:c:z:")) != -1)
446 | 	{
447 |     switch (c)
448 |     {
449 |       case 'h':
450 |         usage();
451 |         break;
452 |       case 'f':
453 |         fileName = optarg;
454 |         break;
455 |       case 'd':
456 |         debug=1;
457 |         break;
458 |       case 'l':
459 |         print_packets=1;
460 |         break;
461 |       case 'p':
462 |         portnum = atoi(optarg);
463 |         if (debug) {printf("debug: port %d parsed\n",portnum);}
464 |         break;
465 |       case 't':
466 |         target_host = optarg;
467 |         break;
468 |       case 'b':
469 |         modify_payload = 0;
470 |         break;
471 |       case 's':
472 |         send_delay = atoi(optarg);
473 |         break;
474 |       case 'r':
475 |         supplied_seed=atoi(optarg);
476 |         break;
477 |       case 'c':
478 |         packet_loop_counter_max = atoi(optarg);
479 |         break;
480 |       case 'z':
481 |         //do nothing - just for cmdline ID
482 |         break;
483 |       case 'u':
484 |         udpmode=1;
485 |         break;
486 |       default:
487 |         abort();
488 |     }
489 |   }
490 |   if (fileName==NULL)
491 |   {
492 |     usage();
493 |   }
494 |   if (supplied_seed)
495 |   {
496 |     printf("[+] supplied seed: %d\n",supplied_seed);
497 |     save_seed(supplied_seed,(char *)fullCmdLine);
498 |     srand(supplied_seed);
499 |   } else
500 |   {
501 |     unsigned int seed = time(NULL);
502 |     printf("[+] seed: %d\n", seed);
503 |     save_seed(seed,(char *)fullCmdLine);
504 |     srand(seed);
505 |   }
506 |   printf("[+] opening: %s\n", fileName);
507 |   fp = fopen(fileName,"r");
508 |   if (fp==NULL)
509 |   {
510 |     printf("Error: Can't open %s, exiting\n",fileName);
511 |     exit(1);
512 |   }
513 |   if (portnum==0)
514 |   {
515 |     printf("[+] Port chosen: ALL\n");
516 |   } else
517 |   {
518 |     printf("[+] Port chosen: %d\n",portnum);
519 |   }
520 |   if (udpmode)
521 |     printf("[+] UDP mode enabled\n");
522 |   getPacketDescriptions(fp);
523 |   fclose(fp);
524 |   if (print_packets)
525 |   {
526 |     print_all_packets(portnum);
527 |   }
528 |   if (target_host!=NULL && portnum!=0)
529 |   {
530 |     begin_fuzzer(portnum,target_host);
531 |   }
532 |   return 0;
533 | }
534 | 


--------------------------------------------------------------------------------
/master_packets.txt:
--------------------------------------------------------------------------------
  1 | #L3:L4:SPORT:DPORT:CS/SC:HEX:COMMENT
  2 | IP:TCP:0:548:CS:000300010000000000000002000000000f00:DSI Request GetStatus (OSX 10.9)
  3 | IP:TCP:548:0:SC:01030001000000000000013e000000000022002d005100009ff30c4f53582e46555a5a2e30303100007a008a008b00ac00ba0a4d61636d696e69352c310506414650332e3406414650332e3306414650332e3206414650332e310641465058303305094448434153543132380444485832065265636f6e310d436c69656e74204b7262207632034753534f87685201105866bd2655a26d94d1ca00011f6166707365727665722f6f73782e66757a7a2e3030314046555a5a2e303031000c4f53582e46555a5a2e30303100000080607e06062b0601050502a0743072a044304206092a864882f71201020206092a864886f71201020206062a85702b0e0306062b060105050e060a2b06010401823702020a06062b050105020706062b0601050205a32a3028a0261b246e6f745f646566696e65645f696e5f5246433431373840706c656173655f69676e6f7265:Reply GetStatus (OSX 10.9)
  4 | IP:TCP:548:0:CS:00040001000000000000000600000000010400000400:Request OpenSession (OSX 10.9)
  5 | IP:TCP:0:548:SC:01040001000000000000000c00000000000400100000020400000020:Reply OpenSession (OSX 10.9)
  6 | IP:TCP:0:548:CS:000200020000000000000015000000003f00000006414650332e3403475353030000030000:FPLoginExt request (OSX 10.9)
  7 | IP:TCP:548:0:SC:01020002ffffec7700000002000000000001:FPLoginExt reply: logincont (OSX 10.9)
  8 | IP:TCP:0:548:CS:000200030000000000000faf000000001300ffff0000000000000fa360820f9f06062b0601050502a0820f9330820f8fa00a300806062b0601050205a2820f7f04820f7b60820f7706062b06010502050501301ca11a0c1857454c4c4b4e4f574e3a434f4d2e4150504c452e4c4b44436a820f4b30820f47a103020105a20302010aa3820e5a30820e5630820e46a103020110a2820e3d04820e3930820e3580820e3130820e2d06092a864886f70d010702a0820e1e30820e1a020103310b300906052b0e03021a0500308202ff06072b060105020301a08202f2048202ee308202eaa03a3038a003020100a111180f32303135303231343132333535305aa206020417ff4281a3160414bdc6d41f622714964d92bcbbb6a8dd95b517a7caa18201a7308201a33082011706072a8648ce3e02013082010a02818100ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381ffffffffffffffff0201020281807fffffffffffffffe487ed5110b4611a62633145c06e0e68948127044533e63a0105df531d89cd9128a5043cc71a026ef7ca8cd9e69d218d98158536f92f8a1ba7f09ab6b6a8e122f242dabb312f3f637a262174d31bf6b585ffae5b7a035bf6f71c35fdad44cfd2d74f9208be258ff324943328f67329c0ffffffffffffffff0381850002818100a64168d855750026bd680fd7c02ca5e9037fa8454752235ff6c13b271fcf77f7f768998a67e11ffb4627795f377f685329d8c65c87d1e9b3c13eb510d5264d74861a19fa747f0d4e06a2c3a0cf168096d15523d82d4e3e10a797b89aa19cd3f96036e52412d4732cab6f338c06363532944ee86ef430e0671a00dd81a7c3daa9a281d43081d1300b06092a864886f70d01010d300b06092a864886f70d01010c300b06092a864886f70d01010b300b06092a864886f70d010105300b06092a864886f70d010105300b06092a864886f70d010105300b06092a864886f70d010104300806062a85702b1001300d06096086480165030402030500300d06096086480165030402020500300d06096086480165030402010500300906052b0e03021a0500300c06082a864886f70d02050500300a06082a864886f70d0307300b0609608648016503040102300b060960864801650304012aa32a0428a326887d924b63406cf0a594d98bd1b1acefa1fc6b2c38fa421d583a00a68e17e17996d26b7a6611a082098330820417308202ffa00302010202011b300d06092a864886f70d01010505003062310b300906035504061302555331133011060355040a130a4170706c6520496e632e31263024060355040b131d4170706c652043657274696669636174696f6e20417574686f72697479311630140603550403130d4170706c6520526f6f74204341301e170d3130303532363139313630395a170d3137303732363139313630395a30818a310b300906035504061302555331133011060355040a0c0a4170706c6520496e632e31263024060355040b0c1d4170706c652043657274696669636174696f6e20417574686f72697479313e303c06035504030c354170706c65204170706c69636174696f6e20496e746567726174696f6e2043657274696669636174696f6e20417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100e35bb3276a0cbf6eaa4ce7c53f6f6d4ce6a295d5ebd502af707446b9d18fac3bb7de0c84d0905fffe75943cebad5c6c5ed4ffcbfc3975939f964e80e4a9f9ff6ec7a88eadfb6e762017f9a0fc54a16ebace6985f423e82cb1db36aef1bc28bb60999c9f02c12d72b88be2aa8f6613b89eabf7f694602cc643e24e95f8ef4fbe28afe03fa292cdac99448d0deee2f884cf720b56c22cae986c54b5dcf83af4fc6b00cb3ebd0996dadf7266f092f87b8e2b432518df6cc2f8897dcd70c6b92caa71ed2fa233e81f609a6898a3d48098d080db05dba0559f17905a4095b66a6ed8b93bcc75d7937e14435918ed8d70f95926743ac752b12492336115dd3f282b8130203010001a381ae3081ab300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041431ea76a92374a5dfd4fdeea0c1a69ec6110e11ec301f0603551d230418301680142bd06947947609fef46b8d2e40a6f7474d7f085e30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6170706c652e636f6d2f6170706c6563612f726f6f742e63726c3010060a2a864886f7636406020304020500300d06092a864886f70d010105050003820101008d6584d1ff3b3d27629015f659ce3bc9c2ff9c453c8fc6f94487cbfde07936202d1ef72aca094d28f4febf3013c1917659198ac04c99ef5af5bd8e8793703b9ccc16744955653af55b6aca172be79d289398a067341ae2e9960d47efc89c37e4d3daf5a1d842ebbd51160335941d5a31423d7881fe4fa2bf3abc7809e4cb286e664fe94fb7b5d2a23d19b1231d3f6693b251c3003b92aae3fd2c1722d9409428300854f8292ad5aeed77c3d48032a0c267a361d1b167995a05d7bb5d2555bc16fd0e4e866a9e909dc8348001f42b5052ea46332054b87b23ce4d45322e665b1d8cd916ca6cad83dd04cfb6518da3b6a137a8a98b94b6c4c05a2ef8d4a3289daa308205643082044ca003020102020827403b4d0bab6a12300d06092a864886f70d01010b050030818a310b300906035504061302555331133011060355040a0c0a4170706c6520496e632e31263024060355040b0c1d4170706c652043657274696669636174696f6e20417574686f72697479313e303c06035504030c354170706c65204170706c69636174696f6e20496e746567726174696f6e2043657274696669636174696f6e20417574686f72697479301e170d3135303131353232333235345a170d3137303131343232333235345a30563154305206035504030c4b636f6d2e6170706c652e69646d732e6170706c6569642e7072642e35373730363336373333333733353739363637373437373734383334373737303665353834643636326635313364336430820122300d06092a864886f70d01010105000382010f003082010a0282010100a455dbc4257d582fec147374d52e60f0f1bc1ae9932955f38802a6ef1fef12edd24f3d1265d4ecb911c0749b682e4867b65668534fe1b02dcba73fec06d9b8f718557184fa5611374ab64e579d162e21ec6f27161c0a71f216ab670ca60cc727d412f141237c67ad8340d2d8688915af576c2d0066900f2516b8a98e9ba548008de1b6c7b90d2649855e57cb1a4e2b1b0e8c43cb9fcef6e97870b077f0aa1dfa23cab01a662d6ce694b6d08824142f4b690026c13b19c1982f51b8d6adf548c2417d25b92ccf26a1ab68b8f52d7c5c298253a447262e46d8b483c483f36acf1f3d56f2eaf5afbbe97f8439f74ccb708df39954a1825ae652993bdab735e825830203010001a38201ff308201fb304006082b0601050507010104343032303006082b060105050730018624687474703a2f2f6f6373702e6170706c652e636f6d2f6f63737030342d61616963613031301d0603551d0e0416041436ad23bcff9daf90141297db0fba3aa9bd4a587130090603551d1304023000301f0603551d2304183016801431ea76a92374a5dfd4fdeea0c1a69ec6110e11ec3082012a0603551d20048201213082011d300c060a2a864886f763640507013082010b06092a864886f7636405013081fd3081c306082b060105050702023081b60c81b352656c69616e6365206f6e207468697320636572746966696361746520627920616e7920706172747920617373756d657320616363657074616e6365206f6620746865207468656e206170706c696361626c65207374616e64617264207465726d7320616e6420636f6e646974696f6e73206f66207573652c20636572746966696361746520706f6c69637920616e642063657274696669636174696f6e2070726163746963652073746174656d656e74732e303506082b060105050702011629687474703a2f2f7777772e6170706c652e636f6d2f6365727469666963617465617574686f72697479300e0603551d0f0101ff040403020388301d0603551d250416301406082b0601050507030106082b06010505070302300f06092a864886f76364040704020500300d06092a864886f70d01010b050003820101006cb78ac1242d51d271f1aaaa637555649dbd6e204634c9a298e941a3506d57559fc82485fb29eef5bcfdf459c17e7f5f5e519770f921f4fcab565f4b31e9cf6bfd2e9d68f677d7a2c4cc199a228006039e0904a431c4a85c285eb37f237af32daf815ae80731de462f5a3f740834bb16c7277f19ffccbfb9697b719c6633b189cb24f34485e7eada95ba72a6c27fe26b7da10b4c73dd127557bf810f7084a4b1456636c541f2bba55046d469193a84ef1350180b0e1f4de682f201ac290601edda602c6344224e08f4a6d13f16bb5c85107813eda997ef59536a176a6ca383c4cc7a1c4e343a4edd4a8f2167917569ee6d300a841b5b7d5f85738ca643f9d6ed3182017c30820178020101a016041436ad23bcff9daf90141297db0fba3aa9bd4a5871300906052b0e03021a0500a03d301606092a864886f70d010903310906072b060105020301302306092a864886f70d0109043116041441fbcfffd5c793b918bb8f64633bc581dbcfebba300d06092a864886f70d010105050004820100a05a872fb915b158d503efc7a5b88490edaf8a4f8a812fe63dcb7eeb0a7f01b8a93372f59b528a02e83e3698fdf3aeb76806809cb7afc3858c67c88088970a79df2f132a97bff3ac0a48e1b5a32ed34a2368953d05a99988a47fab93611773eb5a5de1b4933e825a3135ba4a32a4800f6e78a3e7ae8ac3178c1ffd0085d8a33c3dc22e7d8f5fd4a584291976a403208ded57c49a0af42ab0a792fef0d491a288e135fbaffb2c4acf14eb90168bd953df6cfa6cbec2cf64b86bed60f4648ecc9813082547b0ae60b755026cc323786fade417923edc4bf26e0e88df460de1a741cc262f5cc582c90f93547260f77f64ccd5127ecf70fbf5350a996e7116e30d1e300aa10402020084a2020400a481dc3081d9a00703050000010000a1583056a003020101a14f304d1b4b636f6d2e6170706c652e69646d732e6170706c6569642e7072642e353737303633363733333337333537393636373734373737343833343737373036653538346436363266353133643364a21a1b1857454c4c4b4e4f574e3a434f4d2e4150504c452e4c4b4443a32d302ba003020102a12430221b066b72627467741b1857454c4c4b4e4f574e3a434f4d2e4150504c452e4c4b4443a511180f32303135303231343232333535305aa706020417ff4281a80e300c020112020111020110020117:FPLoginCont request (OSX 10.9)
  9 | IP:TCP:548:0:SC:01020003ffffec770000018c000000000000000000000184a18201803082017ca0030a0101a10806062b0601050205a2820169048201656082016106062b06010502050501301ca11a0c1857454c4c4b4e4f574e3a434f4d2e4150504c452e4c4b44437e82013530820131a003020105a10302011ea411180f32303135303231343132333534385aa505020301af37a603020144a7341b324c4b44433a534841312e35444246393346463238363643394530313236353545433236463232304535413830433943323841a8583056a003020101a14f304d1b4b636f6d2e6170706c652e69646d732e6170706c6569642e7072642e353737303633363733333337333537393636373734373737343833343737373036653538346436363266353133643364a91a1b1857454c4c4b4e4f574e3a434f4d2e4150504c452e4c4b4443aa2d302ba003020102a12430221b066b72627467741b1857454c4c4b4e4f574e3a434f4d2e4150504c452e4c4b4443ab2b1b294c4b444320726566657272616c20746f20746865207265616c204c4b4443207265616c6d206e616d65:FPLoginCont reply: logincont (OSX 10.9)
 10 | IP:TCP:0:548:CS:0002000900000000000000040000000040000008:FPGetSessionToken request (OSX 10.9)
 11 | IP:TCP:548:0:SC:010200090000000000000050000000000000004c050407ff00000000000000000271b6e37149150b5289fedb0c7d98f9e078def913d390ef4be3e35f98325ff13f5722da056b027554129d04928da7cba2361a2eb3d09b76c36a69bf5f328736:FPGetSessionToken reply (OSX 10.9)
 12 | IP:TCP:0:445:CS:00000044fe534d4240000100000000000400000100000000000000000f00000000000000fffe000001000000070000009c677fd10000000000000000000000000000000004000000:SMB2 Tree Disconnect Request
 13 | IP:TCP:445:0:SC:0000004dfe534d4240000100000000000400000101000000000000000f00000000000000fffe000001000000070000009c677fd10000000000000000000000000000000004000000090000000000000000:SMB2 Tree Disconnect Response
 14 | IP:TCP:0:445:CS:00000044fe534d4240000100000000000200010000000000000000001000000000000000fffe000000000000070000009c677fd10000000000000000000000000000000004000000:SMB2 Session Logoff Request
 15 | IP:TCP:445:0:CS:00000044fe534d4240000100000000000200010001000000000000001000000000000000fffe000000000000070000009c677fd10000000000000000000000000000000004000000:SMB2 Session Logoff Response
 16 | IP:UDP:0:88:CS:6c82039c30820398a103020105a20302010ca38202d4308202d0308202cca103020101a28202c3048202bf6e8202bb308202b7a003020105a10302010ea20703050000000000a38201bb618201b7308201b3a003020105a1341b324c4b44433a534841312e35444246393346463238363643394530313236353545433236463232304535413830433943323841a2473045a003020102a13e303c1b066b72627467741b324c4b44433a534841312e35444246393346463238363643394530313236353545433236463232304535413830433943323841a382012b30820127a003020112a103020101a282011904820115222606aa5353b621a4149d440d9945673e7e662394fec7ef8529e24a7ba2541c78f900838f9e7897d5dfb12e6a8eafa318d32156180c921ade51f64f6ccd2cfa00e297ab09df64fa22ded97ba035e8daf37ae138b69c5edf6310ae681089561a6de88382988f4501811bd99366e8713a3a74686d030cddf53225609c1b39a9e5fa6ad19b8602ec97b5eca6edc506cd19e44d635376c656bad7a1d34286e69bd01f74ab709dfaba401a0fcdf0b228b6afefb2fc7608ee4687e90154447f95b47b3fe31a07305b072a22a04a54619cace7ecd629bc4b882ec1040d2bd5efbbbeb523b920bf1d41917fb73aff840ee751454e6968f7492f46d1069696347e44e47ee43d40427e735c49de9c24e35dd59be7e04094e4a0a481e23081dfa003020112a281d70481d47bfe583c04f210c9c48edab06e723a6281f825f6d14600dcf703bdb9b1b7852d5e38f85c8646926a82fa3a54fbab08174bcd94e725d4738f2ad23f35ab0d40efa9e34a058722f9061bd2c8d05f68c52c2fc810928f34e245f9d92e480a094140d9c565a981d0aa12b68ea6e9cc2231948bfa8e17bc0d09cfb37b9be01e8ce7180508ed8a3a592479f5c4f84a37fb66939fda7d6716a17962831ae8659f990c2abc345f5314571d0fc36d86e7436c96fe2e419e5a0c1820ff84ddd5379a2d31c323f06246f1830170e78717b44b81722189fc2855a481b33081b0a00703050000010000a2341b324c4b44433a534841312e35444246393346463238363643394530313236353545433236463232304535413830433943323841a3443042a003020101a13b30391b03766e631b324c4b44433a534841312e35444246393346463238363643394530313236353545433236463232304535413830433943323841a511180f31393730303130313030303030305aa7060204aa400943a80e300c020112020111020110020117:KRB5 Kerberos TGS-REQ
 17 | IP:UDP:88:0:SC:6d82037630820372a003020105a10302010da3341b324c4b44433a534841312e35444246393346463238363643394530313236353545433236463232304535413830433943323841a4153013a003020101a10c300a1b0866757a7a75736572a58201cd618201c9308201c5a003020105a1341b324c4b44433a534841312e35444246393346463238363643394530313236353545433236463232304535413830433943323841a2443042a003020101a13b30391b03766e631b324c4b44433a534841312e35444246393346463238363643394530313236353545433236463232304535413830433943323841a38201403082013ca003020112a103020101a282012e0482012a6986166fe4a2dca1311a33be0a65ba08e08147a6ab037fff1f5545d82ea4405db6ecdf4136487806251fbb75631dd3d873229bef31fbc72b0e9f86137ffe798bdbbc8d833a84a6d9372628ad41f15102c69e5f5c86b7f81c60d96f84f22545c9afcb32084567039e502c388b538cf1bbbdf861aa524e41a58304fa7b58340bffe2077fe1524a3c71fcbe0c0d9ed8bfe505ce6af032fabb89f2869c42cbc2a20d46e6818d2bdc394aefa3774478d327b01e696906f87b9d40a19c20b431d9641a29a3724665d00dbebfc7140356478f211ac2461ab815588adddd9f08dec5ebb6b36a3f8fc3b03ac25014d62e54c0d21a94dc3c3638f25b3a7f403b87b90887fd3cfa5d18b58d7e9cd8a10c74dc975462f856087f5087162f0c7589324235e9d0255b2ad57d6ff98bb7e5a682014630820142a003020112a282013904820135031d96cc9e8cd132233127a92265d0ebd3bcfdec9b0915eb1695679f5d70942eb1e4b96f6ec1b2b774286f888df273de2df3777fb1bea1d31ef707db07daf9814e2cfa421c36bc5a67cf1a7be7052bbc3814e35209f8c3d402b32fa96b971b1a79a95ddc65db8cd58564af9877dab696943549da247929542e841eb21123e868631b81d63bb5e6474367a168b0144f861643abbecd5f67f0f1e009876ccd790a32a7f43a9c181fa57d5df933d8520c4e7d3a26639baa1d5b0c29bb90981b238bf4289f5dd993babc0565fe396d378882c186d32a64835d92450a5fb70c372bd979b59fa0ecc5ae168488952cc96acc4c75e122374a7a872bc5714be5594599f9e895e40ee63a8361aa0ad3b1f566a594a1b66acd86f4c4ae449cd475f42d232023b75680fa6243c257293a75feb30d982f10834b2b:KRB5 Kerberos TGS-REP
 18 | IP:TCP:0:445:CS:00000045ff534d4272000000000801c8000000000000000000000000ffff0100ffff0000002200024e54204c4d20302e31320002534d4220322e3030320002534d4220322e3f3f3f00:SMB Negotiate Protocol Reequest
 19 | IP:TCP:0:445:CS:00000066fe534d4240000000000000000000000000000000000000000100000000000000fffe000000000000000000000000000000000000000000000000000000000000240001000100000000000000c2facecbf6575e45a6b91b59454cad2300000000000000001002:SMB2 Negotiate Protocol Request
 20 | IP:TCP:0:445:CS:00000ffbfe534d4240000100000000000100000100000000000000000200000000000000fffe0000000000000000000000000000000000000000000000000000000000001900000101000000000000005800a30f000000000000000060820f9f06062b0601050502a0820f9330820f8fa00a300806062b0601050205a2820f7f04820f7b60820f7706062b06010502050501301ca11a0c1857454c4c4b4e4f574e3a434f4d2e4150504c452e4c4b44436a820f4b30820f47a103020105a20302010aa3820e5a30820e5630820e46a103020110a2820e3d04820e3930820e3580820e3130820e2d06092a864886f70d010702a0820e1e30820e1a020103310b300906052b0e03021a0500308202ff06072b060105020301a08202f2048202ee308202eaa03a3038a003020100a111180f32303135303231343132333932365aa20602043b3bf919a316041435d206ba4ed406f57bd46a265a56156241b67708a18201a7308201a33082011706072a8648ce3e02013082010a02818100ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381ffffffffffffffff0201020281807fffffffffffffffe487ed5110b4611a62633145c06e0e68948127044533e63a0105df531d89cd9128a5043cc71a026ef7ca8cd9e69d218d98158536f92f8a1ba7f09ab6b6a8e122f242dabb312f3f637a262174d31bf6b585ffae5b7a035bf6f71c35fdad44cfd2d74f9208be258ff324943328f67329c0ffffffffffffffff0381850002818100c5701e7893d939e77a4853060f8c4e7a5d9b8750446e756f1fe3396babbd6467f54bd030f083e3775a6e4f96017a82568e90b5a2f00f864e141174f1b34516e904f45e892895dded9d951b9598ccca50350997541c2009248ced9c384f1b6890308c699467dc75182aeebe38c19ecd8bc88c28b348122e91c731c9ddd189921ca281d43081d1300b06092a864886f70d01010d300b06092a864886f70d01010c300b06092a864886f70d01010b300b06092a864886f70d010105300b06092a864886f70d010105300b06092a864886f70d010105300b06092a864886f70d010104300806062a85702b1001300d06096086480165030402030500300d06096086480165030402020500300d06096086480165030402010500300906052b0e03021a0500300c06082a864886f70d02050500300a06082a864886f70d0307300b0609608648016503040102300b060960864801650304012aa32a0428059a62013bf7e9d602fbdfec401bc59ee1d8ddb8d77b5bd38b9d45d3c640776d3166812e627af69ca082098330820417308202ffa00302010202011b300d06092a864886f70d01010505003062310b300906035504061302555331133011060355040a130a4170706c6520496e632e31263024060355040b131d4170706c652043657274696669636174696f6e20417574686f72697479311630140603550403130d4170706c6520526f6f74204341301e170d3130303532363139313630395a170d3137303732363139313630395a30818a310b300906035504061302555331133011060355040a0c0a4170706c6520496e632e31263024060355040b0c1d4170706c652043657274696669636174696f6e20417574686f72697479313e303c06035504030c354170706c65204170706c69636174696f6e20496e746567726174696f6e2043657274696669636174696f6e20417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100e35bb3276a0cbf6eaa4ce7c53f6f6d4ce6a295d5ebd502af707446b9d18fac3bb7de0c84d0905fffe75943cebad5c6c5ed4ffcbfc3975939f964e80e4a9f9ff6ec7a88eadfb6e762017f9a0fc54a16ebace6985f423e82cb1db36aef1bc28bb60999c9f02c12d72b88be2aa8f6613b89eabf7f694602cc643e24e95f8ef4fbe28afe03fa292cdac99448d0deee2f884cf720b56c22cae986c54b5dcf83af4fc6b00cb3ebd0996dadf7266f092f87b8e2b432518df6cc2f8897dcd70c6b92caa71ed2fa233e81f609a6898a3d48098d080db05dba0559f17905a4095b66a6ed8b93bcc75d7937e14435918ed8d70f95926743ac752b12492336115dd3f282b8130203010001a381ae3081ab300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041431ea76a92374a5dfd4fdeea0c1a69ec6110e11ec301f0603551d230418301680142bd06947947609fef46b8d2e40a6f7474d7f085e30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6170706c652e636f6d2f6170706c6563612f726f6f742e63726c3010060a2a864886f7636406020304020500300d06092a864886f70d010105050003820101008d6584d1ff3b3d27629015f659ce3bc9c2ff9c453c8fc6f94487cbfde07936202d1ef72aca094d28f4febf3013c1917659198ac04c99ef5af5bd8e8793703b9ccc16744955653af55b6aca172be79d289398a067341ae2e9960d47efc89c37e4d3daf5a1d842ebbd51160335941d5a31423d7881fe4fa2bf3abc7809e4cb286e664fe94fb7b5d2a23d19b1231d3f6693b251c3003b92aae3fd2c1722d9409428300854f8292ad5aeed77c3d48032a0c267a361d1b167995a05d7bb5d2555bc16fd0e4e866a9e909dc8348001f42b5052ea46332054b87b23ce4d45322e665b1d8cd916ca6cad83dd04cfb6518da3b6a137a8a98b94b6c4c05a2ef8d4a3289daa308205643082044ca003020102020827403b4d0bab6a12300d06092a864886f70d01010b050030818a310b300906035504061302555331133011060355040a0c0a4170706c6520496e632e31263024060355040b0c1d4170706c652043657274696669636174696f6e20417574686f72697479313e303c06035504030c354170706c65204170706c69636174696f6e20496e746567726174696f6e2043657274696669636174696f6e20417574686f72697479301e170d3135303131353232333235345a170d3137303131343232333235345a30563154305206035504030c4b636f6d2e6170706c652e69646d732e6170706c6569642e7072642e35373730363336373333333733353739363637373437373734383334373737303665353834643636326635313364336430820122300d06092a864886f70d01010105000382010f003082010a0282010100a455dbc4257d582fec147374d52e60f0f1bc1ae9932955f38802a6ef1fef12edd24f3d1265d4ecb911c0749b682e4867b65668534fe1b02dcba73fec06d9b8f718557184fa5611374ab64e579d162e21ec6f27161c0a71f216ab670ca60cc727d412f141237c67ad8340d2d8688915af576c2d0066900f2516b8a98e9ba548008de1b6c7b90d2649855e57cb1a4e2b1b0e8c43cb9fcef6e97870b077f0aa1dfa23cab01a662d6ce694b6d08824142f4b690026c13b19c1982f51b8d6adf548c2417d25b92ccf26a1ab68b8f52d7c5c298253a447262e46d8b483c483f36acf1f3d56f2eaf5afbbe97f8439f74ccb708df39954a1825ae652993bdab735e825830203010001a38201ff308201fb304006082b0601050507010104343032303006082b060105050730018624687474703a2f2f6f6373702e6170706c652e636f6d2f6f63737030342d61616963613031301d0603551d0e0416041436ad23bcff9daf90141297db0fba3aa9bd4a587130090603551d1304023000301f0603551d2304183016801431ea76a92374a5dfd4fdeea0c1a69ec6110e11ec3082012a0603551d20048201213082011d300c060a2a864886f763640507013082010b06092a864886f7636405013081fd3081c306082b060105050702023081b60c81b352656c69616e6365206f6e207468697320636572746966696361746520627920616e7920706172747920617373756d657320616363657074616e6365206f6620746865207468656e206170706c696361626c65207374616e64617264207465726d7320616e6420636f6e646974696f6e73206f66207573652c20636572746966696361746520706f6c69637920616e642063657274696669636174696f6e2070726163746963652073746174656d656e74732e303506082b060105050702011629687474703a2f2f7777772e6170706c652e636f6d2f6365727469666963617465617574686f72697479300e0603551d0f0101ff040403020388301d0603551d250416301406082b0601050507030106082b06010505070302300f06092a864886f76364040704020500300d06092a864886f70d01010b050003820101006cb78ac1242d51d271f1aaaa637555649dbd6e204634c9a298e941a3506d57559fc82485fb29eef5bcfdf459c17e7f5f5e519770f921f4fcab565f4b31e9cf6bfd2e9d68f677d7a2c4cc199a228006039e0904a431c4a85c285eb37f237af32daf815ae80731de462f5a3f740834bb16c7277f19ffccbfb9697b719c6633b189cb24f34485e7eada95ba72a6c27fe26b7da10b4c73dd127557bf810f7084a4b1456636c541f2bba55046d469193a84ef1350180b0e1f4de682f201ac290601edda602c6344224e08f4a6d13f16bb5c85107813eda997ef59536a176a6ca383c4cc7a1c4e343a4edd4a8f2167917569ee6d300a841b5b7d5f85738ca643f9d6ed3182017c30820178020101a016041436ad23bcff9daf90141297db0fba3aa9bd4a5871300906052b0e03021a0500a03d301606092a864886f70d010903310906072b060105020301302306092a864886f70d01090431160414d3128ab13918323cc7d48b18972aac0c763d19dd300d06092a864886f70d01010505000482010085da28fdc2cad73388d731a63a67341558324c1e7e560d2b592a1b2058a4d1c7114fe298262edfd22709cb10e9897e87c0b93b1754f03c3f2ded0478e72bdc5fe26d20e39dbeb9289da187fa5afd91ba5166e29a68227a57b9bb4337c3f5af4f54172f7a0a309947ee4d8b569be0ddacc6c99d727d0a1edc0cc37358c6a4ecc91a4d43413c97fb6f003d7b9c6f91bc1be0b8629f041a671b7504c5196bbc958cd1d657fbbd66a3a3496c3b287e4a58a310d430c4adb4deddaa2143a5aa78f4eb6cd811b21e5cfd063854c25ee43725bed21e6e5db6461ed54adf092c103635bb01670486e19835b1634521952e48e8e1e1bfa8a092c4d91fbda7d60d61d7833d300aa10402020084a2020400a481dc3081d9a00703050000010000a1583056a003020101a14f304d1b4b636f6d2e6170706c652e69646d732e6170706c6569642e7072642e353737303633363733333337333537393636373734373737343833343737373036653538346436363266353133643364a21a1b1857454c4c4b4e4f574e3a434f4d2e4150504c452e4c4b4443a32d302ba003020102a12430221b066b72627467741b1857454c4c4b4e4f574e3a434f4d2e4150504c452e4c4b4443a511180f32303135303231343232333932365aa70602043b3bf919a80e300c020112020111020110020117:SMB2 Session Setup Request
 21 | IP:TCP:0:445:CS:00000044fe534d4240000100000000000200010000000000000000000400000000000000fffe000000000000010000009c677fd10000000000000000000000000000000004000000:SMB2 Session Logoff Request
 22 | IP:TCP:0:445:CS:000000a2fe534d4240000100000000000100000100000000000000000500000000000000fffe00000000000000000000000000000000000000000000000000000000000019000001010000000000000058004a000000000000000000604806062b0601050502a03e303ca00e300c060a2b06010401823702020aa22a04284e544c4d535350000100000005028862000000001800000000000000180000000601b01d0f000000:SMB2 Session Setup Request, NTLMSSP_NEGOTIATE
 23 | IP:TCP:0:445:CS:000001f2fe534d4240000100000000000100000100000000000000000600000000000000fffe000000000000020000009c677fd10000000000000000000000000000000019000001010000000000000058009a010000000000000000a182019630820192a282018e0482018a4e544c4d53535000030000001800180078000000ea00ea009000000000000000580000000a000a00580000001600160062000000100010007a010000050288620601b01d0f000000d0dc4fcfbf59975ec3c25cf0ab4287c84700550045005300540077006f0072006b00730074006100740069006f006e000000000000000000000000000000000000000000000000007daff57b75b44cb56263dc8050317d16010100000000000080e9f2445348d0016ca08de048455abb00000000010006004f0053005800020006004f0053005800030018006f00730078002e00660075007a007a002e0030003000310004001000660075007a007a002e00300030003100060004000200000007000800002629435348d0010900460063006900660073002f004f00530058005c002e00460055005a005a005c002e003000300031002e005f0073006d0062002e005f007400630070002e006c006f00630061006c000a0010000000000000000000000000000000000000000000000000003d2025717baa0f139d42aecb632111ff:SMB2 Session Setup Request, NTLMSSP_AUTH, User: \GUEST
 24 | IP:TCP:0:445:CS:0000006efe534d4240000100000000000300010000000000000000000e00000000000000fffe000000000000070000009c677fd10000000000000000000000000000000009000000480026005c005c003100390032002e003100360038002e0030002e00320030005c004900500043002400:SMB2 Tree Connect Request Tree: \\192.168.0.20\IPC$
 25 | IP:TCP:0:88:CS:000000716a816e30816ba103020105a20302010aa4815e305ca00703050050800010a2041b024e4da3173015a003020100a10e300c1b066b72627467741b024e4da511180f31393730303130313030303030305aa70602041f1eb9d9a8173015020112020111020110020117020101020103020102:KRB5 Kerberos AS-REQ
 26 | IP:UDP:0:137:CS:13370000000100000000000020434b4141414141414141414141414141414141414141414141414141414141410000210001:NBNS Name query NBTSTAT
 27 | IP:TCP:0:22:CS:5353482d312e352d4e6d61704e53455f312e300a:SSHv1 Nmap
 28 | IP:TCP:0:22:CS:000004f4081476d038a5f6f3e96aa511fd1c9620c158000000b7656364682d736861322d6e697374703235362c656364682d736861322d6e697374703338342c656364682d736861322d6e697374703532312c6469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d7368613235362c6469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d736861312c6469666669652d68656c6c6d616e2d67726f757031342d736861312c6469666669652d68656c6c6d616e2d67726f7570312d736861310000013a65636473612d736861322d6e697374703235362d636572742d763031406f70656e7373682e636f6d2c65636473612d736861322d6e697374703338342d636572742d763031406f70656e7373682e636f6d2c65636473612d736861322d6e697374703532312d636572742d763031406f70656e7373682e636f6d2c7373682d7273612d636572742d763031406f70656e7373682e636f6d2c7373682d6473732d636572742d763031406f70656e7373682e636f6d2c7373682d7273612d636572742d763030406f70656e7373682e636f6d2c7373682d6473732d636572742d763030406f70656e7373682e636f6d2c65636473612d736861322d6e697374703235362c65636473612d736861322d6e697374703338342c65636473612d736861322d6e697374703532312c7373682d7273612c7373682d6473730000009d6165733132382d6374722c6165733139322d6374722c6165733235362d6374722c617263666f75723235362c617263666f75723132382c6165733132382d6362632c336465732d6362632c626c6f77666973682d6362632c636173743132382d6362632c6165733139322d6362632c6165733235362d6362632c617263666f75722c72696a6e6461656c2d636263406c797361746f722e6c69752e73650000009d6165733132382d6374722c6165733139322d6374722c6165733235362d6374722c617263666f75723235362c617263666f75723132382c6165733132382d6362632c336465732d6362632c626c6f77666973682d6362632c636173743132382d6362632c6165733139322d6362632c6165733235362d6362632c617263666f75722c72696a6e6461656c2d636263406c797361746f722e6c69752e7365000000a7686d61632d6d64352c686d61632d736861312c756d61632d3634406f70656e7373682e636f6d2c686d61632d736861322d3235362c686d61632d736861322d3235362d39362c686d61632d736861322d3531322c686d61632d736861322d3531322d39362c686d61632d726970656d643136302c686d61632d726970656d64313630406f70656e7373682e636f6d2c686d61632d736861312d39362c686d61632d6d64352d3936000000a7686d61632d6d64352c686d61632d736861312c756d61632d3634406f70656e7373682e636f6d2c686d61632d736861322d3235362c686d61632d736861322d3235362d39362c686d61632d736861322d3531322c686d61632d736861322d3531322d39362c686d61632d726970656d643136302c686d61632d726970656d64313630406f70656e7373682e636f6d2c686d61632d736861312d39362c686d61632d6d64352d39360000001a6e6f6e652c7a6c6962406f70656e7373682e636f6d2c7a6c69620000001a6e6f6e652c7a6c6962406f70656e7373682e636f6d2c7a6c6962000000000000000000000000000000000000000000:SSHv2 Client Key Exchange Init
 29 | IP:TCP:0:22:CS:000000140622000004000000040000002000000000000000:SSHv2 Client Diffie-Hellman Group Exchange Request
 30 | IP:TCP:0:22:CS:0000008c05200000008100a57de8b154994fb5e3238be29030dfe32b07f23cc3703e1d52aec69b17dd3be81dd9dee1f4689401d4ca04440811c2d205d55566eb2117c9d4dc57f968f65870e4b1c84a2b9e468975a4a82d055bb54967e7c3de1a232343f2b84f593563737e9427fc11c0056a61a46c70b35a4e8872797b92a3fcc385b48b9a94fe1c4a43790000000000:SSHv2 Client Diffie-Hellman Group Exchange Init
 31 | IP:TCP:0:22:CS:0000000c0a1500000000000000000000:SSHv2 Client New Keys
 32 | IP:TCP:0:445:CS:00000068ff534d422f000000001845680000000000000000000000000008102d000801000eff000000004000000000ffffffff08002900000029003f000000000029001201002900000100000015000601001b000102001c000103001d0004ff090005770000000000000000:SMB Write AndX Request
 33 | IP:TCP:0:21:CS:5553455220616e6f6e796d6f75730d0a:FTP Anonymous Login
 34 | IP:TCP:0:21:CS:504f5254203230352c3231372c3135332c36322c38302c38300d0a:FTP Port Command
 35 | IP:TCP:0:443:CS:16030000530100004f03003f47d7f7ba2ceeeab2607ef300fd827bb9d596c8779be6c4db3c3ddb6fef106e00002800160013000a006600050004006500640063006200610060001500120009001400110008000600030100:SSLv3 Client Hello
 36 | IP:TCP:0:443:CS:809e01030100750000002000006600006500006400006300006200003a00003900003800003500003400003300003200002f00001b00001a00001900001800001700001600001500001400001300001200001100000a0000090000080000060000050000040000030700c0060040040080030080020080010080000002000001e4693c2bf6d69bbbd3819fbf15c140a56f142c4d20c4c7e0b6b0b21ff929e898:SSLv2 Client Hello
 37 | IP:TCP:0:443:CS:1603010037010000330301550b31ad5854425042444c59494c45554852554e444c4e4d41425651464b5950000006c011003900040100000433740000:TLSv1 Client Hello
 38 | IP:TCP:0:139:CS:8100004420454d46454441444744464445444a43414341434143414341434143414341434100204545454b45454546454d454d434143414341434143414341434143414341414100:SMB NetBIOS Session Request
 39 | IP:TCP:0:139:CS:0000009bff534d4272000000001853c8000000000000000000000000fffffffe00000000007800025043204e4554574f524b2050524f4752414d20312e3000024c414e4d414e312e30000257696e646f777320666f7220576f726b67726f75707320332e316100024c4d312e325830303200024c414e4d414e322e3100024e54204c4d20302e31320002534d4220322e3030320002534d4220322e3f3f3f00:SMB Negotiate Protocol Request
 40 | IP:TCP:0:139:CS:00000064fe534d4240000100000000000300010000000000000000000400000000000000fffe0000000000007d00000000040000000000000000000000000000000000000900000048001c005c005c004c005400300036003500340039005c004900500043002400:SMB Tree Connect Request
 41 | IP:TCP:0:139:CS:00000080ff534d4225000000001807c80000000000000000000000000008d80d000800010e24000000080016110000000088130000000024005c000000000000004100005c0050004900500045005c004c0041004e004d0041004e0000000000680057724c6568447a004231364242447a0001001611ffffffff4153535552414e434500:LANMAN NetServerEnum2 Request
 42 | IP:TCP:0:3306:CS:5000000105a60f0000000001210000000000000000000000000000000000000000000000726f6f74001490215d3fa1c3f299a6b23022c68a4936a884495f6d7973716c5f6e61746976655f70617373776f726400:MySQL Login Request user=root
 43 | IP:TCP:0:80:CS:474554202f20485454502f312e310d0a486f73743a207777772e77332e6f72670d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a43616368652d436f6e74726f6c3a206d61782d6167653d300d0a4163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c696d6167652f776562702c2a2f2a3b713d302e380d0a557365722d4167656e743a204d6f7a696c6c612f352e3020285831313b204c696e7578206936383629204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f33372e302e323036322e313230205361666172692f3533372e33360d0a4163636570742d456e636f64696e673a20677a69702c6465666c6174652c736463680d0a4163636570742d4c616e67756167653a20656e2d55532c656e3b713d302e380d0a49662d4e6f6e652d4d617463683a2022396165632d353133623335613234666230303b38392d33663236626431376132663030220d0a49662d4d6f6469666965642d53696e63653a205475652c2031342041707220323031352031383a32353a313620474d540d0a0d0a:Chromium-browser web request to w3.org
 44 | IP:TCP:0:22:CS:5353482d322e302d4f70656e5353485f362e3070312044656269616e2d342b6465623775320d0a:SSHv2 Client Protocol Version
 45 | IP:TCP:0:443:CS:802e0100020015000000100100800200800300800400800500800600400700c054545454545454545454545454545454:SSLv2 Client Hello
 46 | IP:TCP:443:0:SC:857c0400010002055b00060010308205573082043fa003020102020700cdbde88a70c6300d06092a864886f70d01010505003081ca310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e31333031060355040b132a687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72793130302e06035504031327476f204461646479205365637572652043657274696669636174696f6e20417574686f726974793111300f060355040513083037393639323837301e170d3131303832343137323030305a170d3136303832343137323030305a305531173015060355040a0c0e2a2e656475706f696e742e636f6d3121301f060355040b0c18446f6d61696e20436f6e74726f6c2056616c6964617465643117301506035504030c0e2a2e656475706f696e742e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100cb66b87dfe81a2363b421d4dfc9c0fca7109e5e57547fb2bd15ca803cdf7ff58707ce7b1ffb94d27404ea038078550689f57ee8349cbccc69047b6f8c90c1f8448ec219eda3acf69559c7702b8f1ce5361fd3fd95d02e0cd5a751b94049ec0959be6798990aa122656b3641e28510d3c1a7344e3cbe68389aa70817d37c53a359d5641c07cd847ee189c37668684acd9eb4713932d2cd64fea1062020293e5f06ef8f3ed55d71456e3cb836323b44e0dcb4db314a78fd39799b1b694ddd9ca537f11d3ccf2c2a2f1aeed34d312cd44acb799463717e73b0772a1e125b7f4c59c16e4ff19136d321458b3d1d4bd6ee82c3b5ae45b6347055f2a92ddcb80c065ab0203010001a38201b4308201b0300f0603551d130101ff04053003010100301d0603551d250416301406082b0601050507030106082b06010505070302300e0603551d0f0101ff0404030205a030330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e676f64616464792e636f6d2f676473312d35352e63726c304d0603551d20044630443042060b6086480186fd6d010717013033303106082b06010505070201162568747470733a2f2f63657274732e676f64616464792e636f6d2f7265706f7369746f72792f30818006082b0601050507010104743072302406082b060105050730018618687474703a2f2f6f6373702e676f64616464792e636f6d2f304a06082b06010505073002863e687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72792f67645f696e7465726d6564696174652e637274301f0603551d23041830168014fdac6132936c45d6e2ee855f9abae7769968cce730270603551d110420301e820e2a2e656475706f696e742e636f6d820c656475706f696e742e636f6d301d0603551d0e0416041492998c1fd37675a63b1b8c6d0faa0efb3ad935d6300d06092a864886f70d01010505000382010100c262179b7261962a4f2bc6201dd83d819e2f4c347175152c4b3f15f2a2b96b4bb886aef8fdc9e60f61c765b4c98a60a629bfebc385453e38a5d710453cd68c8de2b898eb3c050a01547e0b0d6d18cc35f75739984ada40256681c75b18848fd56382c8acd690dac06f78cf335a0c5dd369c97fea57e6a98d503c7507069f5ae9350886c5815e6993033c870877d0be4a8bc17c0548add90b618c710cbb3afdc20088e6f3071f6adafe9e9b4ec411e46c038bf058af98de2bada7cefbf65e26ed927d831e016f088f9d2441f069d09acfa3e7d0ab75af87781e66fa73d5d0a89befc5b4f19d4164f5c550aff66ed170a30de92941709de352c4b2e6dbb1d27c8f0100800700c0eaf233478ae303ead0fef874e36c2a77:SSLv2 Server Hello
 47 | IP:TCP:0:443:CS:16030002b0010002ac03005540e5b12ed268ef0220fb9e000a4421bce6994f28124f18ed4fe225596adddc0002840000000100020003000400050006000700080009000a000b000c000d000e000f0010001100120013001400150016001700180019001a001b001c001d001e001f0020002100220023002400250026002700280029002a002b002c002d002e002f0030003100320033003400350036003700380039003a003b003c003d003e003f0040004100420043004400450046006700680069006a006b006c006d008400850086008700880089008a008b008c008d008e008f0090009100920093009400950096009700980099009a009b009c009d009e009f00a000a100a200a300a400a500a600a700a800a900aa00ab00ac00ad00ae00af00b000b100b200b300b400b500b600b700b800b900ba00bb00bc00bd00be00bf00c000c100c200c300c400c5c001c002c003c004c005c006c007c008c009c00ac00bc00cc00dc00ec00fc010c011c012c013c014c015c016c017c018c019c01ac01bc01cc01dc01ec01fc020c021c022c023c024c025c026c027c028c029c02ac02bc02cc02dc02ec02fc030c031c032c033c034c035c036c037c038c039c03ac03bc03cc03dc03ec03fc040c041c042c043c044c045c046c047c048c049c04ac04bc04cc04dc04ec04fc050c051c052c053c054c055c056c057c058c059c05ac05bc05cc05dc05ec05fc060c061c062c063c064c065c066c067c068c069c06ac06bc06cc06dc06ec06fc070c071c072c073c074c075c076c077c078c079c07ac07bc07cc07dc07ec07fc080c081c082c083c084c085c086c087c088c089c08ac08bc08cc08dc08ec08fc090c091c092c093c094c095c096c097c098c099c09ac09bc09cc09dc09ec09fc0a0c0a1c0a2c0a3c0a4c0a5c0a6c0a7c0a8c0a9c0aac0ab00800080008000800080004000c0020100:SSLv3 Client Hello
 48 | IP:TCP:0:443:CS:16030102b0010002ac03015540e5b2aa496a53e267bab60ff2b098f99d26da6ac386ad74a89692c3b4fc670002840000000100020003000400050006000700080009000a000b000c000d000e000f0010001100120013001400150016001700180019001a001b001c001d001e001f0020002100220023002400250026002700280029002a002b002c002d002e002f0030003100320033003400350036003700380039003a003b003c003d003e003f0040004100420043004400450046006700680069006a006b006c006d008400850086008700880089008a008b008c008d008e008f0090009100920093009400950096009700980099009a009b009c009d009e009f00a000a100a200a300a400a500a600a700a800a900aa00ab00ac00ad00ae00af00b000b100b200b300b400b500b600b700b800b900ba00bb00bc00bd00be00bf00c000c100c200c300c400c5c001c002c003c004c005c006c007c008c009c00ac00bc00cc00dc00ec00fc010c011c012c013c014c015c016c017c018c019c01ac01bc01cc01dc01ec01fc020c021c022c023c024c025c026c027c028c029c02ac02bc02cc02dc02ec02fc030c031c032c033c034c035c036c037c038c039c03ac03bc03cc03dc03ec03fc040c041c042c043c044c045c046c047c048c049c04ac04bc04cc04dc04ec04fc050c051c052c053c054c055c056c057c058c059c05ac05bc05cc05dc05ec05fc060c061c062c063c064c065c066c067c068c069c06ac06bc06cc06dc06ec06fc070c071c072c073c074c075c076c077c078c079c07ac07bc07cc07dc07ec07fc080c081c082c083c084c085c086c087c088c089c08ac08bc08cc08dc08ec08fc090c091c092c093c094c095c096c097c098c099c09ac09bc09cc09dc09ec09fc0a0c0a1c0a2c0a3c0a4c0a5c0a6c0a7c0a8c0a9c0aac0ab00800080008000800080004000c0020100:TLSv1 Client Hello
 49 | IP:TCP:0:443:CS:17030100709379a379c0b4e9e5cae5e2641da733c52c1d790fd61e7ea475c916c24ce8ea0d7a7438b39660e50921723665d9b6755b1442ceb88805faa9a5d84865774f99a516dba51f5b3387785980a00473600315eb7ee307190b66907dc41c9e78ec9c9d4d06e9e571094953b46bdc7e39f75165:TLSv1.0 App Data Protocol spdy
 50 | IP:TCP:0:443:CS:1603010200010001fc0303788503b35a47c22ab6a220a07b4d7d787e645ebd46cdec8dcb2f7370929e582e20c9591fdf78ef11c4d2e5ca44c4038759391637e808fa45399e14f4b0f3968ab4002ac02bc02f009ecc14cc13cc15c00ac0140039c009c0130033c007c011009c0035002f00050004000a00ff0100018900000022002000001d7361666562726f7773696e672d63616368652e676f6f676c652e636f6d00170000002300e4e11397074751b4907c3c9e73b9153bbae6eba67b673a2022eb6df530365fbd3cb435467c88d66702817c03b93c8ed7aad17c21050f95326c861b5f41593c71bd28033504eb5bfe9ad97d085fdbe88c4d5022cf7c7afcb814ffc0594340ff84cc658c774a5a34a4fb8a5cae360e5d9a845e2c3b0204f442333f4dead86ead6635a259095b3d0ca13446091c3ffb77c4ce4a29ba5af81078af54cefdcd165beb08cb64dd83deff8939be4518dc1df91f77ec68550d653a844eccd82465f68be54d9d29d265fa056b745aac3524368410f692987609f9f4a4dfb1730ac0d9101af2ee888890000d00160014060106030501050304010403030103030201020300050005010000000033740000001200000010001a001808687474702f312e3108737064792f332e310568322d313475500000000b00020100000a00060004001700180015001600000000000000000000000000000000000000000000:TLSv1.2 Client Hello
 51 | IP:TCP:0:443:CS:14030300010116030300a00000000000000000d81543956e0d1811bfa3730d968bd9e934504b8b08ec43616ed656a53977ee80fbb189a86e0f37947b02f1ade35cabf7359a2322bf50f2b4d723f77950c3fb1e79bd3353d998ea5c2416bac22af12fbe65340a42127698ecd3a8b46dee4be07e664032a4c5e8b0c5d866d8e533680e6ec9e29d8a655f9894127615d810806c88254ea63d9df2221d194457e277b5eed08301eb96374924bc160303002800000000000000014aedf8b9e81a9f2d70fa6452f9001dc2b75fb00eaf788b1c94ea4d5206dd749d:TLSv1.2 Change Cipher Spec, Hello Request,
 52 | IP:TCP:0:443:CS:16030300461000004241044b9fa9cc968fa66794ba825c185f26c984de52f9f856fc83cb25315d666a702194ace051428b788e4f2dd1937a78bf4251cf3ba032d46a0f8c44c2b1c499460714030300010116030300a00000000000000000a634539a10f5636970356d36918aaa8d4ebff8b3636ce2b15d3eff91ef35ecf060a9733966a5c1581f64c0b16cb77ef2c4e7f2e0a80205a0c678bfbd0f6886a000df383642e18e3ed30b0cba47e93806bbb93588e4f0587dbb1d9db90512e43d34cef9246018bc3f79b737c1cc4d44b34d4dff219208194e5ae4f8696f18060cc84ea3513f9590366bd0be3ccffe4e061c1e1250b7102e4a1603030028000000000000000161e004b61ac39f081b7b2e9ed510188f3a44b125acb07905a4a9811f05e20fe8:TLSv1.2 Client Key Exchange Change Cipher Spec Hello Request
 53 | IP:TCP:0:443:CS:1603030046100000424104d71615fa3231087b615b258d0cf96da2b47b8d55ab0db9a20f1fac01a7d8f7d16a5e34b218cb99c64d6a97b501446df5a871e8b7ab8a775755bafa788e7bd6411403030001011603030060e73e01cf369c9045885c3fc6ab27383962c91cf61bedc890370582b2fed8e4119d1866b90c1de7e2c45efe79125d545bc3036b275ca4b2860c03bb1c1e684c3d98db3dc4366422a21d99aac6f7ea446f596bc0f6b2019e51843883e89c0bc353:TLSv1.2 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
 54 | IP:TCP:0:5900:CS:050003f200a1:VNC Server Framebuffer Parameters (Small)
 55 | IP:TCP:0:5900:CS:4358ce0be86e675aa0638257e0815a5dc6f1bee299c0091cb0cbfe9d0ec6e3c6b1c0a4030a03b439c0d6005d0b8c18e06e2c03d8fb9fe650a52676af9cafbd57731edbfa1f7ecb2fc19ab6d7b08ccf21e57ab1db53feb6cedb27769a490cf05e35b3b3f8ba27fc7eb101ca6c5fee762aeb17bb3d95edcbba1d9f6db5ff553adfa172bfa8fdd9de5f5cabc8ff05ed2fe17f36fb4719c031f9bf4df53fb50ff869e4bd4499790013fe670c70a4ff990c60640d6093018461c93580b3f37f5bff33f667fd0feff3892cd9f74bdbb2f717fe67b37f9401d4b27fadff19fbebfccfda5fcaffbaec5f6b7f8aff99357fa9ef57f4fed23a14e8fdb555e07f87c8011afb63ffb3f64786067b8bd5ecfed7791fbb9f1c15ff6b4dd0b33fc7ff64cf2f6f77bdbfd4ffebf40073ff2fe6fec3fb698ae7fe23fb4bfa5f677fd600dfde1ccade5fcdff6ef8bdbf25fe07fbbbeaf9df15e97fc2fd8c014afba3ed4cff730cd0cffee5f81feceff816b27d5cd2fbfced1b99fdbfe3fc8f5c2fa74e709ea935fbdfd9f2bec03ac2a77040ae644eb0d0014fe07f540307ecfdcf5a207a832f75d59b60c0ffecfac099fdc003fba37ee0d6ff783c39402f3055d0013dff3306e8fa5feb808affd91c60bdffb169dd2bae97fb3af97d59d5b8f5bfadffddf3fe1933bdd46deb34bddce79ed06646bbdf59b4afed6b6af390137dcfce82ff151ba062789aebe51c33f69795fdabf5bf579a7d581fd778ffa3dee0be07383bff17cc00267a8029ff5794014ce4ff66f33fb2c0aeff3798ffd3328015fee71860a8ff7703fccfc9fecd91ffcbcdfe4dec7f58dfa19ffb0ff93f93fde3b9ff90ff33993f723f2ecafd71b1fbf1889e5f5afb0316e5da5f5efeafb5bf98ff250c7062ff3bc2dc806d45dc8f0d50f5bf57900b74ab9dc310af833280c63ad9fd78d4fc8fed8fc698ff05b27f26ffa7fbdf21dc8feac0f13fb81fd95fc8ffae8bb9ffcc3c805afe6f8cff75f69793ffcbf53f9301bc0deb73eb90ec8fcb18a06f7e723fcfffecdc7d25bdbeddb9c71837c1feee0df3f32d5018205960d4012b0d70e0807103ec2d70330df084fb7f79dc850b9ada1a60aeede59cb72af7e3e7d9fadfd6ffcea4ffa5dc6eccedb9eeb6eef326f298d1e6c7d7b175b27ba36f983fefca718cff514e3096f14bdd9695f1c373a8e775d9bfe21ee039ec6f4aff73d6fe88ccfd579dff13fe07075c8cffd93ee098ff3d832c17e6011c18a0c8fe710ef0b434ffb760ffa33e60a70718d6b684fedf94ff9979ff94b9ff0e619b66de3fd8a75df703bdbf83fedf42ffb3bdbf4afeef0a3e5fa7fff729f4fd5251dfef5dcc8749c5eb7ec4fdaf77bf7cff3bc8f53fd3fb4bdec5f6c523d95867644efe0fc742f93fc7feded9f5e8be2b7b1d90defad8fc78ccb03fd5005df71b38a0e901e6d72bc798ff09fb2307e4dc1f8f62dd0fa7f797fcef76dcff0ed1fb6b8ad7fe50fdefa9b6ff57f33fdb03ccfdbf9dffd90ce0a3980b3091ffbbcc1940e17f97fcde5fda17fdbfb60f3892fdb33dc0bdfd1dc201db12fe772cad4fdb4efbdf92edef1439c160a10f3635df5fbdf9dd40766e6cf91697debf8cd7c4557feddaf3780e18cd054ee1808a01526fb0c802b6db97702ce08087387e9893036cd70009f501730ef0349a03543280fb7a0690fc4f563f1720fc2fd8071cef016683a231c7c6cefa39f2fd58d5f6d6ffb6feb708ff1be371abb8efba2daff4f92bed6532eb93cfbfe9ee074bd959776de27b28bf0305dbec7f34e6f6fdcaf352c617bb5d753d5c47d671cfffb2338013f89fcdfc91fb5185d6fc707a7f715ed7ffdbf6fe96cffde764ffd6e17f936600bd390047f91f4c90dd8fc71cff4bf600cbf9ffb07d3457fe2f9401849da97300fafe47fbb75754dd730fec0fc7f95a799cd3ff9c757fbbfc5fa5ffb5f697e77ffbe80f8dfa9fd3fbdbf6ff1e98dedfbcfc9fe96f357daed2bf68bbb33f32b251fea73b60d8fad8fc782cb0bf8101c6fdefe8a1971b2ad73e3dfb33fdbf81ec9fe67f7742f93fd89fe37f6def2f67:VNC Server Framebuffer Parameters (larger)
 56 | IP:TCP:0:5900:CS:03000000000005000400:VNC Share Desktop Flag
 57 | IP:TCP:0:5900:CS:02bf000c00000006000000010000001600000015000000100000000f000000050000000200000000fffffec9ffffff11ffffff21:VNC Authentication Result (OK)
 58 | IP:TCP:0:5900:CS:f2bf2568ece8d1badbeb321b543c0bd0:VNC Authentication Challenge
 59 | IP:TCP:0:5900:CS:524642203030332e3030330a:VNC Client Protocol Version
 60 | IP:TCP:0:27017:CS:410000003a300000ffffffffd407000000000000746573742e24636d640000000000ffffffff1b0000000173657276657253746174757300000000000000f03f00:MongoDB Request Query ServerStatus
 61 | IP:TCP:0:27017:CS:430000003c300000ffffffffd40700000000000061646d696e2e24636d640000000000ffffffff1c000000016c69737444617461626173657300000000000000f03f00:MongoDB Request Query listDatabases
 62 | IP:TCP:0:27017:CS:480000000100000000000000d40700000000000061646d696e2e24636d640000000000ffffffff21000000026765744c6f670010000000737461727475705761726e696e67730000:MongoDB Request Query Getlog
 63 | IP:TCP:0:27017:CS:580000000200000000000000d40700000000000061646d696e2e24636d640000000000ffffffff31000000017265706c53657447657453746174757300000000000000f03f01666f725368656c6c00000000000000f03f00:MongoDB Request Query setGetStatus
 64 | IP:TCP:0:27017:CS:440000000e00000000000000d40700000000000061646d696e2e24636d640000000000ffffffff1d000000026765744c6f67000c0000007261746e776173686572650000:MongoDB Request Query Getlog ratnwashere
 65 | IP:TCP:0:27017:CS:4f0000000f00000000000000d407000000000000746573742e24636d640000000000ffffffff290000000169734d617374657200000000000000f03f01666f725368656c6c00000000000000f03f00:MongoDB Request Query isMaster forShell
 66 | IP:TCP:0:27017:CS:8a0000003700000000000000d407000000000000746573742e24636d640000000000ffffffff640000000264656c657465000c00000072657374617572616e7473000464656c6574657300340000000330002c00000003710015000000026e616d65000600000056656c6c610000016c696d69740000000000000000000000086f726465726564000100:MongoDB Request Query Delete
 67 | IP:TCP:0:27017:CS:7e0000005d00000000000000d407000000000000746573742e24636d640000000000ffffffff5800000002696e736572740005000000617364660004646f63756d656e7473002d00000003300025000000075f69640055f1d60ca2f0940e57877e9a026e616d6500050000006465616e000000086f726465726564000100:MongoDB Request Query Insert
 68 | IP:TCP:0:135:CS:000000a4ff534d4272000000000801400000000000000000000000000000400600000100008100025043204e4554574f524b2050524f4752414d20312e3000024d4943524f534f4654204e4554574f524b5320312e303300024d4943524f534f4654204e4554574f524b5320332e3000024c414e4d414e312e3000024c4d312e3258303032000253616d626100024e54204c414e4d414e20312e3000024e54204c4d20302e313200:DCERPC Bind Request (?)
 69 | IP:TCP:0:3389:CS:0300000b06e00000000000:TPKT/COTP (RDP) CR Connect Request
 70 | IP:TCP:0:3389:CS:0300000b06d00000123400:TPKT/COTP (RDP) CR Connect Confirm
 71 | IP:TCP:0:3389:CS:0300002a25e00000000000436f6f6b69653a206d737473686173683d726f6f740d0a0100080003000000:TPKT/COTP (RDP) CR Connect Confirm
 72 | IP:TCP:0:3389:CS:16030100d0010000cc03015608d786b3a1ea3e26219b73a1dccc9032aaefc41f523034e2edf3f40e27f61f00005ac014c00a0039003800880087c00fc00500350084c012c00800160013c00dc003000ac013c00900330032009a009900450044c00ec004002f00960041c011c007c00cc002000500040015001200090014001100080006000300ff01000049000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f0010001100230000000f000101:TPKT (RDP) Continuation
 73 | IP:TCP:0:3389:CS:0300018602f0807f6582017a0401010401010101ff30200202002202020002020200000202000102020000020200010202ffff020200023020020200010202000102020001020200010202000002020001020204200202000230200202ffff0202fc170202ffff0202000102020000020200010202ffff0202000204820107000500147c000180fe000800100001c0004475636180f001c0d800010008002003580201ca03aa09080000280a00006b0061006c00690000000000000000000000000000000000000000000000000004000000000000000c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001ca0100000000001800070001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004c00c00090000000000000002c00c000300000000000000:TPKT/COTP/T.125 (RDP)
 74 | IP:TCP:0:3389:CS:0300000c02f0800400010001:TPKT/COTP/T.125 erectDomainRequest (RDP)
 75 | IP:TCP:0:3389:CS:0300000802f08028:TPKT/COTP/T.125 attachUserRequeset (RDP)
 76 | IP:TCP:0:3389:CS:0300000c02f08038000303ec:TPKT/COTP/T.125 channelJoinRequest 1004 (RDP)
 77 | IP:TCP:0:3389:CS:0300003d02f08064000303eb70802e08000000cd2155cb61496eacd32731a6921500c04575cdb9938435686e60b78a7d8c09b859e6b2d2bf3c6de39aa9:TPKT/COTP/T.125 sendDataRequest 1003 (RDP)
 78 | IP:TCP:0:2002:CS:00080000000000080000000000000000:RPCAP Null Auth Request
 79 | IP:TCP:0:1521:CS:005a0000010000000136012c000008007fff7f08000000010020003a0000000000000000000000000000000034e600000001000000000000000028434f4e4e4543545f444154413d28434f4d4d414e443d76657273696f6e2929:TNS Connect
 80 | IP:TCP:0:1521:CS:009f0000060000000000deadbeef00950a2000000004000004000300000000000400050a20000000080001090909090909090900120001deadbeef00030000000400040001000200030001000300000000000400050a20000000020003e0e100020006fcff0002000200000000000400050a200000000c00010001080a0603020b0c0f10110003000200000000000400050a20000000060001000103040506:TNS Data, SNS
 81 | IP:TCP:0:1521:CS:0021000006000000000001060504030201004a6176615f5454432d382e322e3000:TNS Data, Java version
 82 | IP:TCP:0:1521:CS:0098000006000000000003760101010401010101050101524f4f54010d0d415554485f5445524d494e414c010707756e6b6e6f776e00010f0f415554485f50524f4752414d5f4e4d010d0d53514c20446576656c6f70657200010c0c415554485f4d414348494e45010606646a64656c6c00010808415554485f5049440104043235313200010808415554485f5349440104046465616e00:TNS Data, Auth
 83 | IP:TCP:0:1521:CS:03c8000006000000000003730201010402010101010d0101524f4f54010d0d415554485f50415353574f52440140403035433337343742413035314638463533393432414539353544313841304339423336414245454135393633393634364536334339463143374630393338453200010d0d415554485f5445524d494e414c010707756e6b6e6f776e00010c0c415554485f534553534b45590160604437454338424335424433324242434438373145323042343742413830443746333441354338374336344432443836383945323536314334423539324145393036363738343139363433324333334343313934323435393645313634313536420101010f0f415554485f50524f4752414d5f4e4d010d0d53514c20446576656c6f70657200010c0c415554485f4d414348494e45010606646a64656c6c00010808415554485f5049440104043235313200010808415554485f41434c0104043434303000011212415554485f414c5445525f53455353494f4e016363414c5445522053455353494f4e205345542054494d455f5a4f4e453d274575726f70652f4c6f6e646f6e27204e4c535f4c414e47554147453d27414d45524943414e27204e4c535f5445525249544f52593d27554e49544544204b494e47444f4d2700010101161653455353494f4e5f434c49454e545f4c4f42415454520101013100011a1a53455353494f4e5f434c49454e545f4452495645525f4e414d450108086a6462637468696e0001161653455353494f4e5f434c49454e545f56455253494f4e01090932303233373536383000011313415554485f434f4e4e4543545f535452494e47015d5d284445534352495054494f4e3d28434f4e4e4543545f444154413d285349443d5845292928414444524553533d2850524f544f434f4c3d5443502928484f53543d31302e3132382e3130382e3233322928504f52543d3135323129292900010e0e415554485f434f5059524947485401f1f1224f7261636c650a4576657279626f647920666f6c6c6f77730a53706565647920626974732065786368616e67650a537461727320617761697420746f20676c6f77220a54686520707265636564696e67206b657920697320636f707972696768746564206279204f7261636c6520436f72706f726174696f6e2e0a4475706c69636174696f6e206f662074686973206b6579206973206e6f7420616c6c6f77656420776974686f7574207065726d697373696f6e0a66726f6d204f7261636c6520436f72706f726174696f6e2e20436f707972696768742032303033204f7261636c6520436f72706f726174696f6e2e00:TNS Data, Auth with poem
 84 | IP:TCP:0:1521:CS:000b00000c000000010002:TNS Marker
 85 | IP:TCP:0:1521:CS:0091000006000000000011692f0101010102035e300280210001014201010d000004ffffffff0132047fffffff000000000000000000000001000000000073656c6563742062616e6e65722066726f6d20762476657273696f6e2077686572652062616e6e6572206c696b65202725457870726573732045646974696f6e25270101000000000000010100028000000000:TNS Data, SQL Query
 86 | IP:TCP:0:1521:CS:001100000600000000000305240104010a:TNS Data, Unknown
 87 | IP:TCP:0:111:CS:8000002872fe1d130000000000000002000186a00001977c0000000000000000000000000000000000000000:RPC Type:Proc-0 Call
 88 | IP:TCP:0:111:CS:8000002816ea6bd00000000000000002000186a0000000020000000400000000000000000000000000000000:RPC Type:V2 DUMP Call
 89 | IP:TCP:0:111:CS:800000280395bcfb0000000000000002000186a1013e39480000000000000000000000000000000000000000:RPC Type:Proc-0 RSTAT
 90 | IP:TCP:0:53:CS:001e0006010000010000000000000776657273696f6e0462696e640000100003:DNS Query version.bind
 91 | IP:TCP:0:53:CS:002a000101000001000000000001026964067365727665720000100003000029100000008000000400030000:DNS Query id.server
 92 | IP:TCP:0:53:CS:ec530100000100000000000004626c616803636f6d0000010001:DNS Query blah.com
 93 | IP:UDP:0:161:CS:304c02010004067075626c6963a03f020201590201000201003033300f060b2b060102011903020105010500300f060b2b060102011903050101010500300f060b2b060102011903050102010500:SNMP Get-Request 3x Bindings
 94 | IP:UDP:0:161:CS:303a020103300f02024a69020300ffe30401040201030410300e0400020100020100040004000400301204000400a00c020237f00201000201003000:SNMPv3 No Creds
 95 | IP:UDP:0:161:CS:302802010004067075626c6963a11b02027760020100020100300f300d06092b06010201190603010500:SNMP get-next-request
 96 | IP:UDP:0:161:CS:302f02010004067075626c6963a3220202776002010002010030163014060f2b060104010909600101010102ce0f020101:SNMP set-request
 97 | IP:UDP:0:17500:CS:7b22686f73745f696e74223a203135343736353537313934333138373139393434373335343134353332313136313938383738392c202276657273696f6e223a205b322c20305d2c2022646973706c61796e616d65323a2022222c2022706f7274223a2031373530302c20226e616d65737061636573223a205b3432363132313930335d7d:Dropbox Lan Sync (broadcast)
 98 | IP:UDP:138:138:CS:1102be7ac0a8c846008a00bb0000204648454a454f434e44494446464346474543454545494646444246414546434100204547454d4546464943414341434143414341434143414341434143414341424e00ff534d422500000000000000000000000000000000000000000000000000000011000021000000000000000000e803000000000000000021005600030001000000020032005c4d41494c534c4f545c42524f57534500010080fc0a0057494e2d38355256424448553150450006012b1080000f0155aa0001000000020032005c4d41494c534c4f545c42524f57534500010080fc0a0057494e2d38355256424448553150450006012b1080000f0155aa00:Host Announce NetBIOS/SMB (broadcast)
 99 | IP:UDP:5353:5353:CS:00000000000100000000000002363803323030033136380331393207696e2d61646472046172706100000c0001:mDNS query (broadcast)
100 | IP:UDP:0:5355:CS:937f0000000100000000000004777061640000010001: LLMNR query wpad
101 | IP:UDP:0:161:CS:302902010004067075626c6963a01c020466621fce020100020100300e300c06082b060102010101000500:SNMPv1 get-request
102 | IP:UDP:0:161:CS:307c02010330110204516aa2f4020300ffe3040107020103043230300409800000020109840301020100020100040561646d696e040c815873d38f75709e86e3647a040800000001154abfaf0430b0f1f69f637b2b10751d3723d402d06474a2418e55e0edd0f6edb3e32dc6ac275fc388700aac67b2417b1243840d67fa:SNMPv3 Encrypted PDU
103 | IP:UDP:0:161:CS:30720201033011020428cb6add020300ffe3040105020103042a30280409800000020109840301020100020100040561646d696e040c015c0638570fc6484514eeff0400302e04098000000201098403010405726f757465a11a0204327d043e020100020100300c300a06062b06010201010500:SNMPv3 get-request
104 | IP:UDP:0:1900:CS:4f5054494f4e53207369703a6e6d205349502f322e300d0a5669613a205349502f322e302f554450206e6d3b6272616e63683d666f6f3b72706f72740d0a46726f6d3a203c7369703a6e6d406e6d3e3b7461673d726f6f740d0a546f3a203c7369703a6e6d32406e6d323e0d0a43616c6c2d49443a2035303030300d0a435365713a203432204f5054494f4e530d0a4d61782d466f7277617264733a2037300d0a436f6e74656e742d4c656e6774683a20300d0a436f6e746163743a203c7369703a6e6d406e6d3e0d0a4163636570743a206170706c69636174696f6e2f7364700d0a0d0a:SIP/2.0 OPTIONS
105 | IP:UDP:0:1900:CS:4d2d534541524348202a20485454502f312e310d0a486f73743a3233392e3235352e3235352e3235303a313930300d0a53543a75706e703a726f6f746465766963650d0a4d616e3a22737364703a646973636f766572220d0a4d583a330d0a0d0a:SSDP/UPnP M-SEARCH *
106 | IP:UDP:0:68:CS:02010600afd7d9550000000000000000ac10e080ac10e0fe00000000000c2957660300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000638253633501053604ac10e0fe3304000007080104ffffff001c04ac10e0ff0304ac10e0020f0b6c6f63616c646f6d61696e0604ac10e0022c04ac10e002ff00:DHCP Ack
107 | IP:TCP:0:445:CS:000000a0fe534d4240000100000000000500000108000010000000000500000000000000fffe0000426821dba18a61540000000022e7d09cdfc8bbf4e25238105861d105390000000200000000000000000000000000000000000000000000c08000000003000000010000000000000078000c00880000001800000073007200760073007600630000000000000000001000040000000000000000004d78416300000000:SMB2 Create Request File: srvsvc
108 | IP:TCP:0:445:CS:000000c0fe534d4240000100000000000b00000108000000000000000600000000000000fffe0000426821dba18a615400000000386f73950a3103eb2acbd4db63c647643900000017c011006a2224b900000000f15c377200000000780000004800000000000000000000000000000000000100010000000000000005000b03100000004800000001000000ffffffff000000000100000000000100c84f324b7016d30112785a47bf6ee18803000000045d888aeb1cc9119fe808002b10486002000000:DCERPC Bind call_id 1, Fragment Single, 1 context items SRVSVC V3.0
109 | IP:TCP:0:445:CS:000000e0fe534d4240000100000000000b00000108000000000000000700000000000000fffe0000426821dba18a6154000000002e661e81ed77b03d587eaa9132c56d833900000017c011006a2224b900000000f15c3772000000007800000068000000000000000000000000000000000001000100000000000000050000031000000068000000000000005000000000000f00010000001000000000000000100000003100390032002e003100360038002e003100360035002e0031003200380000000100000001000000010000000000000000000000ffffffff0100000000000000:SRVSVC NetShareEnumAll request
110 | IP:TCP:0:445:CS:00000058fe534d4240000100000000000600000108000000000000000800000000000000fffe0000426821dba18a615400000000f1eb094b2a782b5de3cfe3e992bdea6c18000000000000006a2224b900000000f15c377200000000:SMB2 Close Request File srvsvc
111 | IP:TCP:0:445:CS:000c29576603f45c89b57a290800450000d0bb05400040069ecfc0a8b981c0a8a580f77b01bd801dbf5b3ad7814680181000e5d900000101080a1e9ec2530006095f00000098fe534d4240000100000000000b00000108000000000000001400000000000000fffe0000f37eb7a5a18a61540000000098de3980572ea91e26251fe9d46cf3303900000004021400ffffffffffffffffffffffffffffffff7800000020000000000000000000000000000000280000000100000000000000770000001803dab021b958af96e35f1dc118b6f7020004000202100200030203:SMB2 Ioctl Request FSCTL_VALIDATE_NEGOTIATE_INFO
112 | IP:TCP:0:445:CS:00000158fe534d4240000100000000000500000108000000980000001500000000000000fffe0000f37eb7a5a18a61540000000062151e7dcf3b41c2d35adf4f7c26bb0139000000020000000000000000000000000000000000000080001000100000000700000001000000010000007800000080000000180000000000000000000000000000001000040000000000000000004d78416300000000fe534d424000010000000000100000010c000000680000001600000000000000fffe0000f37eb7a5a18a61540000000043f535b9c0fc3b2209d8d3f32407c96a290002031800000000000000000000000000000000000000fffffffffffffffffffffffffffffffffe534d424000010000000000060000010c000000000000001700000000000000fffe0000f37eb7a5a18a615400000000d83f0bd31a83fca5f3aad0280ce139371800000000000000ffffffffffffffffffffffffffffffff:Create Request File + GetInfo Reqeust + Close Request
113 | IP:TCP:0:445:CS:00000071fe534d4240000100000000000800000108000000000000003200000000000000fffe0000f37eb7a5a18a615400000000769ebed2d9376dce3fa85759d16eea6d3100000000100000000000000000000039b2943f000000001d283636000000000100000000000000000000000000000000:Read Request Len 4096 Off 0 File .DS_Store
114 | IP:UDP:0:67:CS:010106006a59b2390000000000000000000000000000000000000000f45c89b57a290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000063825363350103370a017903060f77fc5f2c2e390205dc3d0701f45c89b57a293204c0a801d833040076a7000c094465616e732d4d4250ff0000000000000000: DHCP Request
115 | IP:UDP:67:68:SC:020106006a59b2390002000000000000c0a801d80000000000000000f45c89b57a2900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000638253633501053604c0a801013304000151800104ffffff000304c0a801010604c0a801010f1066696f732d726f757465722e686f6d6577120b66696f732d726f7574657204686f6d6500ff: DHCP Ack
116 | 


--------------------------------------------------------------------------------