The “TSIG” Packets
¨02/22-15:33:19.514153 0:40:33:54:52:42 -> 0:40:33:55:A0:55 type:0x800 len:0x51
¨ATTACKER:1032 -> VICTOM:36864 TCP TTL:64 TOS:0x0 ID:6760 IpLen:20 DgmLen:67 DF
¨***AP*** Seq: 0x657DB23  Ack: 0x71CDF73  Win: 0x7D78  TcpLen: 32
¨TCP Options (3) => NOP NOP TS: 936948 275287630
¨75 6E 61 6D 65 20 2D 61 3B 20 69 64 3B 0A 00     uname -a; id;..
¨=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
¨ 
¨02/22-15:33:19.525372 0:40:33:55:A0:55 -> 0:40:33:54:52:42 type:0x800 len:0x84
¨VICTOM:36864 -> ATTACKER:1032 TCP TTL:64 TOS:0x0 ID:61858 IpLen:20 DgmLen:118 DF
¨***AP*** Seq: 0x71CDF73  Ack: 0x657DB32  Win: 0x7D78  TcpLen: 32
¨TCP Options (3) => NOP NOP TS: 275287633 936948
¨4C 69 6E 75 78 20 79 6F 64 61 20 32 2E 32 2E 31  Linux yoda 2.2.1
¨34 2D 35 2E 30 20 23 31 20 54 75 65 20 4D 61 72  4-5.0 #1 Tue Mar
¨20 37 20 32 30 3A 35 33 3A 34 31 20 45 53 54 20   7 20:53:41 EST
¨32 30 30 30 20 69 35 38 36 20 75 6E 6B 6E 6F 77  2000 i586 unknow
¨6E 0A                                            n.
¨=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
¨
¨02/22-15:33:19.541777 0:40:33:55:A0:55 -> 0:40:33:54:52:42 type:0x800 len:0x9A
¨VICTOM:36864 -> ATTACKER:1032 TCP TTL:64 TOS:0x0 ID:61859 IpLen:20 DgmLen:140 DF
¨***AP*** Seq: 0x71CDFB5  Ack: 0x657DB32  Win: 0x7D78  TcpLen: 32
¨TCP Options (3) => NOP NOP TS: 275287635 936949
¨75 69 64 3D 30 28 72 6F 6F 74 29 20 67 69 64 3D  uid=0(root) gid=
¨30 28 72 6F 6F 74 29 20 67 72 6F 75 70 73 3D 30  0(root) groups=0
¨28 72 6F 6F 74 29 2C 31 28 62 69 6E 29 2C 32 28  (root),1(bin),2(
¨64 61 65 6D 6F 6E 29 2C 33 28 73 79 73 29 2C 34  daemon),3(sys),4
¨28 61 64 6D 29 2C 36 28 64 69 73 6B 29 2C 31 30  (adm),6(disk),10
¨28 77 68 65 65 6C 29 0A                          (wheel).
¨=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
¨