1 |
Hi guys, and Holly, :D |
2 |
|
3 |
I'm on dial-up and try to watch my traffic and every once in a while I |
4 |
see a little blip on gkrellm. I fired up ethreal and started to sniff |
5 |
around. Parden the pun there. LOL This is what it says though which |
6 |
is strange. It's really the last two lines that matter but I am putting |
7 |
the whole thing here just in case. Sorry so long. |
8 |
|
9 |
> No. Time Source Destination |
10 |
> Protocol Info |
11 |
> 1 0.000000 215.146.157.191 205.208.159.31 |
12 |
> Messenger NetrSendMessage request |
13 |
> |
14 |
> Frame 1 (710 bytes on wire, 710 bytes captured) |
15 |
> Arrival Time: Dec 25, 2005 22:50:19.101533000 |
16 |
> Time delta from previous packet: 0.000000000 seconds |
17 |
> Time since reference or first frame: 0.000000000 seconds |
18 |
> Frame Number: 1 |
19 |
> Packet Length: 710 bytes |
20 |
> Capture Length: 710 bytes |
21 |
> Protocols in frame: sll:ip:udp:dcerpc |
22 |
> Linux cooked capture |
23 |
> Packet type: Unicast to us (0) |
24 |
> Link-layer address type: 512 |
25 |
> Link-layer address length: 0 |
26 |
> Source: <MISSING> |
27 |
> Protocol: IP (0x0800) |
28 |
> Internet Protocol, Src: 215.146.157.191 (215.146.157.191), Dst: |
29 |
> 205.208.159.31 (205.208.159.31) |
30 |
> Version: 4 |
31 |
> Header length: 20 bytes |
32 |
> Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) |
33 |
> 0000 00.. = Differentiated Services Codepoint: Default (0x00) |
34 |
> .... ..0. = ECN-Capable Transport (ECT): 0 |
35 |
> .... ...0 = ECN-CE: 0 |
36 |
> Total Length: 694 |
37 |
> Identification: 0x7411 (29713) |
38 |
> Flags: 0x00 |
39 |
> 0... = Reserved bit: Not set |
40 |
> .0.. = Don't fragment: Not set |
41 |
> ..0. = More fragments: Not set |
42 |
> Fragment offset: 0 |
43 |
> Time to live: 53 |
44 |
> Protocol: UDP (0x11) |
45 |
> Header checksum: 0x2ce4 [correct] |
46 |
> Good: True |
47 |
> Bad : False |
48 |
> Source: 215.146.157.191 (215.146.157.191) |
49 |
> Destination: 205.208.159.31 (205.208.159.31) |
50 |
> User Datagram Protocol, Src Port: 44356 (44356), Dst Port: 1026 (1026) |
51 |
> Source port: 44356 (44356) |
52 |
> Destination port: 1026 (1026) |
53 |
> Length: 674 |
54 |
> Checksum: 0x0000 (none) |
55 |
> DCE RPC Request, Seq: 0, Serial: 0, Frag: 0, FragLen: 583 |
56 |
> Version: 4 |
57 |
> Packet type: Request (0) |
58 |
> Flags1: 0x78 "Broadcast" "Idempotent" "Maybe" "No Fack" |
59 |
> 0... .... = Reserved: Not set |
60 |
> .1.. .... = Broadcast: Set |
61 |
> ..1. .... = Idempotent: Set |
62 |
> ...1 .... = Maybe: Set |
63 |
> .... 1... = No Fack: Set |
64 |
> .... .0.. = Fragment: Not set |
65 |
> .... ..0. = Last Fragment: Not set |
66 |
> .... ...0 = Reserved: Not set |
67 |
> Flags2: 0x00 |
68 |
> 0... .... = Reserved: Not set |
69 |
> .0.. .... = Reserved: Not set |
70 |
> ..0. .... = Reserved: Not set |
71 |
> ...0 .... = Reserved: Not set |
72 |
> .... 0... = Reserved: Not set |
73 |
> .... .0.. = Reserved: Not set |
74 |
> .... ..0. = Cancel Pending: Not set |
75 |
> .... ...0 = Reserved: Not set |
76 |
> Data Representation: 100000 (Order: Little-endian, Char: ASCII, |
77 |
> Float: IEEE) |
78 |
> Byte order: Little-endian (1) |
79 |
> Character: ASCII (0) |
80 |
> Floating-point: IEEE (0) |
81 |
> Serial High: 0x00 |
82 |
> Object UUID: 00000000-0000-0000-0000-000000000000 |
83 |
> Interface: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc |
84 |
> Activity: 00000000-0000-0000-0000-000000000000 |
85 |
> Server boot time: Unknown (0) |
86 |
> Interface Ver: 1 |
87 |
> Sequence num: 0 |
88 |
> Opnum: 0 |
89 |
> Interface Hint: 0xffff |
90 |
> Activity Hint: 0xffff |
91 |
> Fragment len: 583 |
92 |
> Fragment num: 0 |
93 |
> Auth proto: None (0) |
94 |
> Serial Low: 0x00 |
95 |
> Authentication verifier |
96 |
> Microsoft Messenger Service, NetrSendMessage |
97 |
> Operation: NetrSendMessage (0) |
98 |
> Server |
99 |
> Max Count: 10 |
100 |
> Offset: 0 |
101 |
> Actual Count: 10 |
102 |
> Server: Microsoft |
103 |
> Client |
104 |
> Max Count: 35 |
105 |
> Offset: 0 |
106 |
> Actual Count: 35 |
107 |
> Client: inform you about a virus detection |
108 |
> Message |
109 |
> Max Count: 497 |
110 |
> Offset: 0 |
111 |
> Actual Count: 497 |
112 |
> Message [truncated]: Windows has detected a virus on your |
113 |
> system. In order to remove it please follow this steps:\n\n1. Start |
114 |
> Microsoft Internet Explorer or your default web browser.\n2. Type into |
115 |
> the navigation bar: http://www.cleanmyreg. |
116 |
|
117 |
|
118 |
What is this? Is this some spam and it pops up a window if I were using |
119 |
windoze? I went to the site and it looks like they want to sell |
120 |
something, which I ain't buying by the way. ;-) How can I tell them |
121 |
to stop this? Oh, only my main rig does this. My three servers which |
122 |
have no GUI stuff or browsers installed do not get this, that I can see |
123 |
anyway. |
124 |
|
125 |
Another thing a bit off topic. I noticed earlier that there was a post |
126 |
in some foreign language, looked like Japaneese or Chinese and looked |
127 |
like spam to me. Later I got one in my personal email. Can someone get |
128 |
my email address from this list? I have got a few emails from people, |
129 |
which is OK as long as it is not spam. Just curious. I like the list |
130 |
but I didn't know my private email would become public, if this is true. |
131 |
|
132 |
Thanks for any light you can shed on this. |
133 |
|
134 |
Dale |
135 |
:-) |
136 |
|
137 |
-- |
138 |
To err is human, I'm most certainly human. |
139 |
|
140 |
I have four rigs: |
141 |
|
142 |
1: Home built; Abit NF7 ver 2.0 w/ AMD 2500+ CPU, 1GB of ram and right now two 80GB hard drives. |
143 |
2: Home built; Iwill KK266-R w/ AMD 1GHz CPU, 256MBs of ram and a 4GB drive. |
144 |
3: Home built; Gigabyte GA-71XE4 w/ 800MHz CPU, 128MBs of ram and a 2.5GB drive. |
145 |
4: Compaq Proliant 6000 Server w/ Quad 200MHz CPUs, 128MBs of ram and a 4.3GB SCSI drive. |
146 |
|
147 |
All run Gentoo Linux, all run folding. #1 is my desktop, 2, 3, and 4 are set up as servers. |
148 |
|
149 |
-- |
150 |
gentoo-user@g.o mailing list |