orm@doc-tcpip.org

Erstellt: Dezember 2000 - Letzte Modifikation: Mai 2001

[ Main | Local ]


Wie funktioniert Traceroute?

Im IP-Trace ist auch viel DNS zu sehen..

In diesem Traceroute-Beispiel wird für jeden Schritt von Traceroute eine Namensauflösung veranlasst. Die Pakete, die zum DNS gehören, sind grün.

Das Traceroute Kommando

Dient zum zurückverfolgen einer Route im Netz. (Dazu kann man auch ping -R benutzen, aber der kann nur wenige Hops).
Aus historischen Gründen benutzt das Traceroute Kommando UDP Pakete. Ausserdem macht es immer PMTU Discovery - das ist hardcoded.

Hier die Flags, die es versteht (AIX):
-m Max_ttl Das ist die maximale TTL (time-to-live), also die höchste Zahl an Hops, die das Paket machen darf. Default ist 30.
-n Keine Namesauflösung - alles sollte dann etwas schneller gehen ;-).
-p Port Damit kann man den ersten Port setzen, von dem dann hochgezählt wird. Der Default ist 33434.
-q Nqueries Setzt die Anzahl der Proben pro Hop. Standard ist 3.
-r Ermöglicht, Pakete am normalen Routing-Mechanismus vorbei zuversenden. Das geht nur für Zielrechner auf demselben Netz. Man kann so über Interfaces pingen, die keinen Eintrag in der Routing Table haben. (Wie bei dem Problem der zwei Interfaces auf demselben Subnetz).
-s SRC_Addr Man kann hiermit die Senderadresse auf eine andere IP des lokalen Hosts setzen. Es wird dann nicht die Adresse des Ausgangs-Interfaces gesetzt.
-t TypeOfService Setzt die TypeOfService Variable der Proben. Man kann so herausfinden, ob die verschiedenen Typen anders geroutet werden. Nützlich sind: -t 16 (low delay) und -t 8 (high throughput).
-v Empfängt neben TIME_EXCEEDED und PORT_UNREACHABLE auch andere Pakete.
-w WaitTime Setzt die Zeit, die auf eine Antwort gewartet wird, Standard 3 Sekunden.

Wie es funktioniert:

Es werden UDP Pakete geschickt. Im IP-Header des Paketes wird das TTL Feld (Time to Live), also die Anzahl der Router, über die das Paket darf, langsam erhöht.
Man fängt also mit 1 an, das Paket geht raus, trifft auf den ersten Router, der nimmt das Paket, erniedrigt den TTL-Wert, und sieht dann, das die TTL 0 ist - das Paket also sterben muss. Es wird verworfen und dem sendenden Rechner wird eine ICMP Message geschickt: TIME EXCEEDED.
Darauf wird die TTL um eins erhöht, und das ganze wiederholt sich am nächsten Router (Hop). Das geht solange, bis ein Paket genau am Ziel ankommt. Dort landet das Paket dann an einem beliebig gewählten Port, auf dem kein Dienst sitzt - es gibt ein DESTINATION PORT UNREACHABLE.
Anhand dieser Pakete kann der sendende Host die einzelnen Route identifizieren und die Zeit ablesen. Das gibt er dann aus:


root@cristina#traceroute speedo.somewere.com
trying to get source for speedo.somewere.com
source should be 9.39.0.74
traceroute to speedo.somewere.com (9.3.141.79) from 9.39.0.74 (9.39.0.74), 30
hops max
outgoing MTU = 1492
1  rmss2.nbs.mainz.com (9.39.9.1)  13 ms  2 ms  2 ms
2  9.139.120.8 (9.139.120.8)  26 ms  17 ms  22 ms
3  deibm-ehwf-hssi9-0-5.rtr.emea.ibm.com (9.31.229.77)  60 ms  34 ms  47 ms
4  9.139.102.135 (9.139.102.135)  62 ms  31 ms  50 ms
5  9.32.74.53 (9.32.74.53)  168 ms  148 ms  144 ms
6  9.32.1.46 (9.32.1.46)  209 ms  179 ms  169 ms
7  aus1fr2-to-mpn.nssouth.ibm.com (9.32.105.62)  181 ms  188 ms  209 ms
8  wanfiddi-def.somewere.com (9.3.133.177)  203 ms  204 ms  236 ms
9  bb6l-901.somewere.com (9.3.63.181)  252 ms  198 ms  237 ms
10  catozzirsm.somewere.com (9.3.53.5)  218 ms  199 ms  224 ms
11  speedo.somewere.com (9.3.141.79)  219 ms  285 ms  211 ms

Es sind in diesem Beispiel 10 Rechner zwischen Cristina und Speedo. In der ersten Spalte steht die eingestellte TTL, also die Anzahl der Router (Hops). In der zweiten Spalte steht der Hostname - da, wo die Namensauflösung nicht geklappt hat, steht die IP Adresse. Pro Schritt werden 3 Pakete verschickt, um sicherzustellen, das eines auch bei lange Strecken und mauen Netzen ankommt - es ist ja UDP, also unsicher. Wenn Traceroute eine Antwort auf ein Paket bekommt, dann gibt es die Zeit an, die es warten mußte. Oft ist die erste Zeit viel länger - das liegt an ARP auf lokalen Netzen und an DNS. Aus den Differenzen kann man sich die Zeiten zwischen den Hops berechnen. Wenn Traceroute innerhalb von 3 Sekunden keine Antwort bekommt, dann wird ein Sternchen ausgegeben. Allerdings läuft Traceroute weiter, es ist egal, ob es weiterkommt oder nicht. Es erhöht die TTL bis zum Limit (30 Hops) und terminiert dann.

Probleme mit Traceroute:

Den Trace habe ich so gefahren (dabei muss man daran denken, das so etwas mehr mitgetraced wird - ich habe mit grep -p -v alles über lo0 und einige DCE Geschichten rausgeworfen):

startsrc -s iptrace -a "-a -s cristina -b /tmp/udp5.bin"
ipreport -rnsv /tmp/udp5.bin > /orm/Tips/TODO/traceroute.iptrace

Hier der Trace


Packet Number 1
TOK: ====( 89 bytes transmitted on interface tr0 )==== 13:46:16.969701602
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 08:00:5a:0d:9e:0c]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=67, ip_id=48790, ip_off=0
IP:  	ip_ttl=30, ip_sum=cac9, ip_p = 17 (UDP)
UDP: 	< source port=32795, < destination port=53(domain) >
UDP: 	[ udp length = 47 | udp checksum = 8046 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34411, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
speedo.somewere.com, type = A, class = IN

Zuallererst wird der Hostname des Zieles per DNS aufgelöst (Type A).


Packet Number 2
TOK: ====( 354 bytes received on interface tr0 )==== 13:46:17.015806136
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 08:00:5a:0d:9e:0c, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=332, ip_id=53998, ip_off=0
IP:  	ip_ttl=30, ip_sum=b568, ip_p = 17 (UDP)
UDP: 	< source port=53(domain), < destination port=32795 >
UDP: 	[ udp length = 312 | udp checksum = 4535 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34411, rcode = NOERROR
header flags:  response, want recursion, recursion avail.
questions = 1,  answers = 1,  authority records = 6,  additional = 6

QUESTIONS:
speedo.somewere.com, type = A, class = IN
ANSWERS:
->  speedo.somewere.com
internet address = 9.3.141.79
ttl = 20408 (5 hours 40 mins 8 secs)
AUTHORITY RECORDS:
->  somewere.com
nameserver = ausname1.somewere.com
ttl = 43200 (12 hours)
ADDITIONAL RECORDS:
->  ausname1.somewere.com
internet address = 9.53.248.2
ttl = 43200 (12 hours)

Das ist die Antwort - ich habe sie erheblich gekürzt... Jedenfalls weiss ich jetzt die IP, und es kann losgehen.


Packet Number 3
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:46:17.047723877
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42284, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f2a, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33435 >
UDP: 	[ udp length = 1472 | udp checksum = a226 ]
UDP: 00000000     01010000 3a9e4499 0000b96d 00000000     |....:.D....m....|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |

Das ist das erste eigentlich Traceroute Paket. Wie gesagt, UDP. Man beachte die TTL: ip_ttl=1, also es stirbt auf dem nächsten Hop. Der Port ist 33435, das Paket wird mit Nullen auf 1472 Byte aufgefüllt.
Das steht als Nutzlast im Paket: 01010000 3a9e4499 0000b96d 00000000.
Im ersten Byte zählt die laufende Nummer des Paketes hoch, im zweiten Byte die eingestellte TTL, also die Serie. Dann kommt ein Zeitstempel:
4 Byte Sekunden seit Epoch, und 4 Byte für den dezimalen Teil des Zeitstempels.


Packet Number 4
TOK: ====( 78 bytes received on interface tr0 )==== 13:46:17.050015778
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =        9.39.9.1 >  (rmss2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=56, ip_id=39461, ip_off=0
IP:  	ip_ttl=64, ip_sum=c507, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42284, ip_off=0DF
IP:  	ip_ttl=0, ip_sum=2f2a, ip_p = 17 (UDP)
IP:  00000000     f642829b 05c0a226                       |.B.....&        |

Hier die Antwort des ersten Hops, 9.39.9.1. Er hat das Paket genommen, die TTL erniedrigt, gesehn das sie Null ist und dann das Paket weggeworfen. Und er hat an den Sender diese ICMP Nachricht (ip_p=1, IP Protokoll 1: ICMP) verschickt: icmp_type=11 (TIME_EXCEEDED) icmp_code=0(IN_TRANSIT).
Darunter wird nochmal der Header referenziert. Allerdings nicht vollständig, das Paket bricht nach erreichen der Mindestgröße einfach ab.



Packet Number 5
TOK: ====( 89 bytes transmitted on interface tr0 )==== 13:46:17.052951047
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 08:00:5a:0d:9e:0c]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=67, ip_id=48791, ip_off=0
IP:  	ip_ttl=30, ip_sum=cac8, ip_p = 17 (UDP)
UDP: 	< source port=32797, < destination port=53(domain) >
UDP: 	[ udp length = 47 | udp checksum = 21d4 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34412, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
1.9.39.9.in-addr.arpa, type = PTR, class = IN

Jetzt wissen wir den ersten Hop, und wollen den Namen zur IP-Adresse. Deshalb diese Anfrage an den Nameserver (Type=PTR, reverse Namensauflösung).


Packet Number 6
TOK: ====( 298 bytes received on interface tr0 )==== 13:46:17.156210461
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 08:00:5a:0d:9e:0c, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=276, ip_id=54001, ip_off=0
IP:  	ip_ttl=30, ip_sum=b59d, ip_p = 17 (UDP)
UDP: 	< source port=53(domain), < destination port=32797 >
UDP: 	[ udp length = 256 | udp checksum = f5ff ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34412, rcode = NOERROR
header flags:  response, auth. answer, want recursion, recursion avail.
questions = 1,  answers = 1,  authority records = 4,  additional = 4

QUESTIONS:
1.9.39.9.in-addr.arpa, type = PTR, class = IN
ANSWERS:
->  1.9.39.9.in-addr.arpa
name = rmss2.nbs.mainz.com
ttl = 14400 (4 hours)
AUTHORITY RECORDS:
->  9.39.9.IN-ADDR.ARPA
nameserver = ns.nbs.mainz.com
ttl = 14400 (4 hours)
ADDITIONAL RECORDS:
->  ns.nbs.mainz.com
internet address = 9.39.0.32
ttl = 14400 (4 hours)

Und die Antwort darauf...



Packet Number 7
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:46:17.159115220
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42285, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f29, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33436 >
UDP: 	[ udp length = 1472 | udp checksum = ef76 ]
UDP: 00000000     02010000 3a9e4499 00026b1a 00000000     |....:.D...k.....|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |

Das ist jetzt das zweite Paket der ersten Dreiergruppe: ip_ttl=1.
Die Portnummer ist um 1 erhöht worden: 33436
Und die Information in der Payload hat sich auch geändert:
02010000 3a9e4499 00026b1a Vorher war es so:
01010000 3a9e4499 0000b96d


Packet Number 8
TOK: ====( 78 bytes received on interface tr0 )==== 13:46:17.160692440
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =        9.39.9.1 >  (rmss2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=56, ip_id=39462, ip_off=0
IP:  	ip_ttl=64, ip_sum=c506, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42285, ip_off=0DF
IP:  	ip_ttl=0, ip_sum=2f29, ip_p = 17 (UDP)
IP:  00000000     f642829c 05c0ef76                       |.B.....v        |

Und wieder die ICMP Type 11 Message (TIME_EXCEEDED).


Packet Number 9
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:46:17.162776122
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42286, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f28, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33437 >
UDP: 	[ udp length = 1472 | udp checksum = decc ]
UDP: 00000000     03010000 3a9e4499 00027ac3 00000000     |....:.D...z.....|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |

Das dritte Paket in der ersten Serie, der Port ist wieder erhöht und die Info in der Payload auch: 03010000 3a9e4499 00027ac3


Packet Number 10
TOK: ====( 78 bytes received on interface tr0 )==== 13:46:17.164251279
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =        9.39.9.1 >  (rmss2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=56, ip_id=39463, ip_off=0
IP:  	ip_ttl=64, ip_sum=c505, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42286, ip_off=0DF
IP:  	ip_ttl=0, ip_sum=2f28, ip_p = 17 (UDP)
IP:  00000000     f642829d 05c0decc                       |.B......        |

Die ICMP Message dazu.


Packet Number 11
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:46:17.168809924
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42287, ip_off=0DF
IP:  	ip_ttl=2, ip_sum=2e27, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33438 >
UDP: 	[ udp length = 1472 | udp checksum = c689 ]
UDP: 00000000     04020000 3a9e4499 00029204 00000000     |....:.D.........|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |

Das ist jetzt das erste Paket der 2 Serie: ip_ttl=2.
Dieses Paket wird also den 1 Router (Hop) passieren und erst auf dem zweiten sterben. Der Port zählt hoch wie gehabt, und die Info in der Payload auch:
04020000 3a9e4499 00029204


Packet Number 12
TOK: ====( 78 bytes received on interface tr0 )==== 13:46:17.184416871
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0c:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =     9.139.120.8 >
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=36072, ip_off=0
IP:  	ip_ttl=254, ip_sum=a418, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42287, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f27, ip_p = 17 (UDP)
IP:  00000000     f642829e 05c0c689                       |.B......        |

Das ist das ICMP Paket von diesem zweiten Router.


Packet Number 13
TOK: ====( 92 bytes transmitted on interface tr0 )==== 13:46:17.186609657
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 08:00:5a:0d:9e:0c]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=70, ip_id=48792, ip_off=0
IP:  	ip_ttl=30, ip_sum=cac4, ip_p = 17 (UDP)
UDP: 	< source port=32798, < destination port=53(domain) >
UDP: 	[ udp length = 50 | udp checksum = 62f5 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34413, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
8.120.139.9.in-addr.arpa, type = PTR, class = IN

Wir machen eine reverse Hostauflösung...


Packet Number 14
TOK: ====( 92 bytes transmitted on interface tr0 )==== 13:46:22.187425919
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 08:00:5a:0d:9e:0c]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=70, ip_id=48793, ip_off=0
IP:  	ip_ttl=30, ip_sum=cac3, ip_p = 17 (UDP)
UDP: 	< source port=32799, < destination port=53(domain) >
UDP: 	[ udp length = 50 | udp checksum = 62f4 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34413, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
8.120.139.9.in-addr.arpa, type = PTR, class = IN

Aber es kommt keine Antwort, also nochmal.


Packet Number 25
TOK: ====( 92 bytes transmitted on interface tr0 )==== 13:46:32.188095887
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 08:00:5a:0d:9e:0c]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=70, ip_id=48800, ip_off=0
IP:  	ip_ttl=30, ip_sum=cabc, ip_p = 17 (UDP)
UDP: 	< source port=32800, < destination port=53(domain) >
UDP: 	[ udp length = 50 | udp checksum = 62f3 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34413, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
8.120.139.9.in-addr.arpa, type = PTR, class = IN

Und nochmal...


Packet Number 44
TOK: ====( 92 bytes transmitted on interface tr0 )==== 13:46:52.187907950
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 08:00:5a:0d:9e:0c]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=70, ip_id=48817, ip_off=0
IP:  	ip_ttl=30, ip_sum=caab, ip_p = 17 (UDP)
UDP: 	< source port=32768, < destination port=53(domain) >
UDP: 	[ udp length = 50 | udp checksum = 6313 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34413, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
8.120.139.9.in-addr.arpa, type = PTR, class = IN

Und nochmal..


Packet Number 61
TOK: ====( 92 bytes received on interface tr0 )==== 13:47:16.702507507
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 08:00:5a:0d:9e:0c, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=70, ip_id=54470, ip_off=0
IP:  	ip_ttl=30, ip_sum=b496, ip_p = 17 (UDP)
UDP: 	< source port=53(domain), < destination port=32798 >
UDP: 	[ udp length = 50 | udp checksum = e272 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34413, rcode = SERVFAIL
header flags:  response, want recursion, recursion avail.
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
8.120.139.9.in-addr.arpa, type = PTR, class = IN

Tja, leider gab es keine Antwort und wir bekommen SERVFAIL.
Da hat ein Nameserver ein Problem!


Packet Number 64
TOK: ====( 92 bytes received on interface tr0 )==== 13:47:22.073528562
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 08:00:5a:0d:9e:0c, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=70, ip_id=54495, ip_off=0
IP:  	ip_ttl=30, ip_sum=b47d, ip_p = 17 (UDP)
UDP: 	< source port=53(domain), < destination port=32799 >
UDP: 	[ udp length = 50 | udp checksum = e271 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34413, rcode = SERVFAIL
header flags:  response, want recursion, recursion avail.
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
8.120.139.9.in-addr.arpa, type = PTR, class = IN


Packet Number 65
TOK: ====( 78 bytes transmitted on interface tr0 )==== 13:47:22.073548300
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 08:00:5a:0d:9e:0c]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=56, ip_id=48828, ip_off=0
IP:  	ip_ttl=255, ip_sum=e9bd, ip_p = 1 (ICMP)
ICMP: 	icmp_type=3 (DEST UNREACH)
ICMP: 	icmp_code=3 (9.39.0.74: UDP PORT 32799 unreachable, src=53)
ICMP: 	Referenced IP header:
IP:  	< SRC =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=90, ip_id=54495, ip_off=0
IP:  	ip_ttl=30, ip_sum=b47d, ip_p = 17 (UDP)
IP:  00000000     0035801f 00320000                       |.5...2..        |


Packet Number 71
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:47:32.188206556
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42288, ip_off=0DF
IP:  	ip_ttl=2, ip_sum=2e26, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33439 >
UDP: 	[ udp length = 1472 | udp checksum = 7951 ]
UDP: 00000000     05020000 3a9e44e4 0002ddf0 00000000     |....:.D.........|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |


Packet Number 72
TOK: ====( 92 bytes received on interface tr0 )==== 13:47:32.192702796
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 08:00:5a:0d:9e:0c, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=70, ip_id=54558, ip_off=0
IP:  	ip_ttl=30, ip_sum=b43e, ip_p = 17 (UDP)
UDP: 	< source port=53(domain), < destination port=32800 >
UDP: 	[ udp length = 50 | udp checksum = e270 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34413, rcode = SERVFAIL
header flags:  response, want recursion, recursion avail.
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
8.120.139.9.in-addr.arpa, type = PTR, class = IN


Packet Number 73
TOK: ====( 78 bytes transmitted on interface tr0 )==== 13:47:32.192729275
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 08:00:5a:0d:9e:0c]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=56, ip_id=48835, ip_off=0
IP:  	ip_ttl=255, ip_sum=e9b6, ip_p = 1 (ICMP)
ICMP: 	icmp_type=3 (DEST UNREACH)
ICMP: 	icmp_code=3 (9.39.0.74: UDP PORT 32800 unreachable, src=53)
ICMP: 	Referenced IP header:
IP:  	< SRC =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=90, ip_id=54558, ip_off=0
IP:  	ip_ttl=30, ip_sum=b43e, ip_p = 17 (UDP)
IP:  00000000     00358020 00320000                       |.5. .2..        |


Packet Number 74
TOK: ====( 78 bytes received on interface tr0 )==== 13:47:32.197916185
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =     9.139.120.8 >
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=36227, ip_off=0
IP:  	ip_ttl=254, ip_sum=a37d, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42288, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f26, ip_p = 17 (UDP)
IP:  00000000     f642829f 05c07951                       |.B....yQ        |

Und nochmal...


Packet Number 75
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:47:32.198619371
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42289, ip_off=0DF
IP:  	ip_ttl=2, ip_sum=2e25, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33440 >
UDP: 	[ udp length = 1472 | udp checksum = 4f5f ]
UDP: 00000000     06020000 3a9e44e4 000306e1 00000000     |....:.D.........|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |

Das ist das 3 Paket der zweiten Serie: 06020000 3a9e44e4 000306e1. Der TTL steht jetzt auf 2.


Packet Number 76
TOK: ====( 78 bytes received on interface tr0 )==== 13:47:32.206373618
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0c:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =     9.139.120.8 >
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=36228, ip_off=0
IP:  	ip_ttl=254, ip_sum=a37c, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42289, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f25, ip_p = 17 (UDP)
IP:  00000000     f64282a0 05c04f5f                       |.B....O_        |

Die erwartete Antwort.


Packet Number 77
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:47:32.207412119
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42290, ip_off=0DF
IP:  	ip_ttl=3, ip_sum=2d24, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33441 >
UDP: 	[ udp length = 1472 | udp checksum = 2c11 ]
UDP: 00000000     07030000 3a9e44e4 0003292d 00000000     |....:.D...)-....|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |

Das erste Paket der dritten Serie. TTL ist jetzt 3.


Packet Number 78
TOK: ====( 78 bytes received on interface tr0 )==== 13:47:32.226317212
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =     9.31.229.77 >  (deibm-ehwf-hssi9-0-5.rtr.emea.ibm.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=22439, ip_off=0
IP:  	ip_ttl=253, ip_sum=6d80, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42290, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f24, ip_p = 17 (UDP)
IP:  00000000     f64282a1 05c02c11                       |.B....,.        |

Ein neuer Router meldet sich.


Packet Number 79
TOK: ====( 92 bytes transmitted on interface tr0 )==== 13:47:32.228864690
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 08:00:5a:0d:9e:0c]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=70, ip_id=48836, ip_off=0
IP:  	ip_ttl=30, ip_sum=ca98, ip_p = 17 (UDP)
UDP: 	< source port=32776, < destination port=53(domain) >
UDP: 	[ udp length = 50 | udp checksum = f86d ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34414, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
77.229.31.9.in-addr.arpa, type = PTR, class = IN

Und wir versuchen, den Namen reverse Aufzulösen.


Packet Number 80
TOK: ====( 200 bytes received on interface tr0 )==== 13:47:32.234388840
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 08:00:5a:0d:9e:0c, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=178, ip_id=54560, ip_off=0
IP:  	ip_ttl=30, ip_sum=b3d0, ip_p = 17 (UDP)
UDP: 	< source port=53(domain), < destination port=32776 >
UDP: 	[ udp length = 158 | udp checksum = 3c02 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34414, rcode = NOERROR
header flags:  response, want recursion, recursion avail.
questions = 1,  answers = 1,  authority records = 1,  additional = 1

QUESTIONS:
77.229.31.9.in-addr.arpa, type = PTR, class = IN
ANSWERS:
->  77.229.31.9.in-addr.arpa
name = deibm-ehwf-hssi9-0-5.rtr.emea.ibm.com
ttl = 11894 (3 hours 18 mins 14 secs)
AUTHORITY RECORDS:
->  229.31.9.IN-ADDR.ARPA
nameserver = ns.de.ibm.com
ttl = 86400 (1 day)
ADDITIONAL RECORDS:
->  ns.de.ibm.com
internet address = 9.165.1.10
ttl = 43200 (12 hours)

Das hat geklappt.


Packet Number 81
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:47:32.239993570
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42291, ip_off=0DF
IP:  	ip_ttl=3, ip_sum=2d23, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33442 >
UDP: 	[ udp length = 1472 | udp checksum = ac02 ]
UDP: 00000000     08030000 3a9e44e4 0003a83a 00000000     |....:.D....:....|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |

Das zweite Paket der dritten Serie.


Packet Number 82
TOK: ====( 78 bytes received on interface tr0 )==== 13:47:32.259886433
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =     9.31.229.77 >  (deibm-ehwf-hssi9-0-5.rtr.emea.ibm.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=22440, ip_off=0
IP:  	ip_ttl=253, ip_sum=6d7f, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42291, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f23, ip_p = 17 (UDP)
IP:  00000000     f64282a2 05c0ac02                       |.B......        |

Antwort darauf..


Packet Number 83
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:47:32.261950076
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42292, ip_off=0DF
IP:  	ip_ttl=3, ip_sum=2d22, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33443 >
UDP: 	[ udp length = 1472 | udp checksum = 5512 ]
UDP: 00000000     09030000 3a9e44e4 0003fe29 00000000     |....:.D....)....|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |

Drittes Paket dritte Serie - die Portnummer läuft weiter hoch.


Packet Number 84
TOK: ====( 78 bytes received on interface tr0 )==== 13:47:32.301303900
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =     9.31.229.77 >  (deibm-ehwf-hssi9-0-5.rtr.emea.ibm.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=22441, ip_off=0
IP:  	ip_ttl=253, ip_sum=6d7e, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42292, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f22, ip_p = 17 (UDP)
IP:  00000000     f64282a3 05c05512                       |.B....U.        |

Und die ICMP Message dazu.


Packet Number 85
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:47:32.303015077
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42293, ip_off=0DF
IP:  	ip_ttl=4, ip_sum=2c21, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33444 >
UDP: 	[ udp length = 1472 | udp checksum = b3b9 ]
UDP: 00000000     0a040000 3a9e44e4 00049e7f 00000000     |....:.D.........|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |

Erstes Paket der vierten Serie, TTL ist 4.


Packet Number 86
TOK: ====( 78 bytes received on interface tr0 )==== 13:47:32.329706431
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =   9.139.102.135 >
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=12769, ip_off=0
IP:  	ip_ttl=251, ip_sum=13a1, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42293, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f21, ip_p = 17 (UDP)
IP:  00000000     f64282a4 05c0b3b9                       |.B......        |

yup.


Packet Number 87
TOK: ====( 94 bytes transmitted on interface tr0 )==== 13:47:32.331912998
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 08:00:5a:0d:9e:0c]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=72, ip_id=48837, ip_off=0
IP:  	ip_ttl=30, ip_sum=ca95, ip_p = 17 (UDP)
UDP: 	< source port=32779, < destination port=53(domain) >
UDP: 	[ udp length = 52 | udp checksum = 2fd2 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34415, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
135.102.139.9.in-addr.arpa, type = PTR, class = IN

Neuer Router, also Namensauflösung.


Packet Number 89
TOK: ====( 94 bytes transmitted on interface tr0 )==== 13:47:37.332762900
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 08:00:5a:0d:9e:0c]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=72, ip_id=48839, ip_off=0
IP:  	ip_ttl=30, ip_sum=ca93, ip_p = 17 (UDP)
UDP: 	< source port=32780, < destination port=53(domain) >
UDP: 	[ udp length = 52 | udp checksum = 2fd1 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34415, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
135.102.139.9.in-addr.arpa, type = PTR, class = IN

Da gibt es wohl wieder ein Problem.


Packet Number 93
TOK: ====( 94 bytes transmitted on interface tr0 )==== 13:47:47.333396820
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 08:00:5a:0d:9e:0c]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=72, ip_id=48841, ip_off=0
IP:  	ip_ttl=30, ip_sum=ca91, ip_p = 17 (UDP)
UDP: 	< source port=32781, < destination port=53(domain) >
UDP: 	[ udp length = 52 | udp checksum = 2fd0 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34415, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
135.102.139.9.in-addr.arpa, type = PTR, class = IN

Und noch ein Versuch.


Packet Number 94
TOK: ====( 92 bytes received on interface tr0 )==== 13:47:52.124717581
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 08:00:5a:0d:9e:0c, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=70, ip_id=54699, ip_off=0
IP:  	ip_ttl=30, ip_sum=b3b1, ip_p = 17 (UDP)
UDP: 	< source port=53(domain), < destination port=32768 >
UDP: 	[ udp length = 50 | udp checksum = e290 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34413, rcode = SERVFAIL
header flags:  response, want recursion, recursion avail.
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
8.120.139.9.in-addr.arpa, type = PTR, class = IN

Mist. SERVFAIL, aber für den Versuch von vorhin.


Packet Number 100
TOK: ====( 94 bytes transmitted on interface tr0 )==== 13:48:07.333212494
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 08:00:5a:0d:9e:0c]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=72, ip_id=48845, ip_off=0
IP:  	ip_ttl=30, ip_sum=ca8d, ip_p = 17 (UDP)
UDP: 	< source port=32782, < destination port=53(domain) >
UDP: 	[ udp length = 52 | udp checksum = 2fcf ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34415, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
135.102.139.9.in-addr.arpa, type = PTR, class = IN

Wir versuchen es weiter.


Packet Number 130
TOK: ====( 94 bytes received on interface tr0 )==== 13:48:32.304393347
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 08:00:5a:0d:9e:0c, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=72, ip_id=54991, ip_off=0
IP:  	ip_ttl=30, ip_sum=b28b, ip_p = 17 (UDP)
UDP: 	< source port=53(domain), < destination port=32779 >
UDP: 	[ udp length = 52 | udp checksum = af4f ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34415, rcode = SERVFAIL
header flags:  response, want recursion, recursion avail.
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
135.102.139.9.in-addr.arpa, type = PTR, class = IN

Es war aber trotzdem nichts.


Packet Number 132
TOK: ====( 94 bytes received on interface tr0 )==== 13:48:36.646046124
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 08:00:5a:0d:9e:0c, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=72, ip_id=55027, ip_off=0
IP:  	ip_ttl=30, ip_sum=b267, ip_p = 17 (UDP)
UDP: 	< source port=53(domain), < destination port=32780 >
UDP: 	[ udp length = 52 | udp checksum = af4e ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34415, rcode = SERVFAIL
header flags:  response, want recursion, recursion avail.
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
135.102.139.9.in-addr.arpa, type = PTR, class = IN

Dito.


Packet Number 136
TOK: ====( 94 bytes received on interface tr0 )==== 13:48:46.784183282
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 08:00:5a:0d:9e:0c, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=72, ip_id=55088, ip_off=0
IP:  	ip_ttl=30, ip_sum=b22a, ip_p = 17 (UDP)
UDP: 	< source port=53(domain), < destination port=32781 >
UDP: 	[ udp length = 52 | udp checksum = af4d ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34415, rcode = SERVFAIL
header flags:  response, want recursion, recursion avail.
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
135.102.139.9.in-addr.arpa, type = PTR, class = IN

Jaaaa.


Packet Number 138
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:47.333572963
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42294, ip_off=0DF
IP:  	ip_ttl=4, ip_sum=2c20, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33445 >
UDP: 	[ udp length = 1472 | udp checksum = 3b35 ]
UDP: 00000000     0b040000 3a9e452f 000515b7 00000000     |....:.E/........|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |

Zweites Paket der vierten Serie.


Packet Number 139
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:47.395573902
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =   9.139.102.135 >
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=13072, ip_off=0
IP:  	ip_ttl=251, ip_sum=1272, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42294, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f20, ip_p = 17 (UDP)
IP:  00000000     f64282a5 05c03b35                       |.B....;5        |

Antwort dazu.


Packet Number 140
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:47.396272395
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42295, ip_off=0DF
IP:  	ip_ttl=4, ip_sum=2c1f, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33446 >
UDP: 	[ udp length = 1472 | udp checksum = 44f5 ]
UDP: 00000000     0c040000 3a9e452f 00060af5 00000000     |....:.E/........|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |

3. Paket 4. Serie....


Packet Number 141
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:47.474484112
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =   9.139.102.135 >
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=13074, ip_off=0
IP:  	ip_ttl=251, ip_sum=1270, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42295, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f1f, ip_p = 17 (UDP)
IP:  00000000     f64282a6 05c044f5                       |.B....D.        |

Antwort...


Packet Number 142
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:47.475560887
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42296, ip_off=0DF
IP:  	ip_ttl=5, ip_sum=2b1e, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33447 >
UDP: 	[ udp length = 1472 | udp checksum = e52 ]
UDP: 00000000     0d050000 3a9e452f 00074095 00000000     |....:.E/..@.....|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |

Und wir starten eine neue Serie, TTL ist jetzt 5.


Packet Number 148
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:47.663143933
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.32.74.53 >
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=19020, ip_off=0
IP:  	ip_ttl=250, ip_sum=18f3, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42296, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f1e, ip_p = 17 (UDP)
IP:  00000000     f64282a7 05c00e52                       |.B.....R        |


Packet Number 149
TOK: ====( 91 bytes transmitted on interface tr0 )==== 13:48:47.665887594
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 08:00:5a:0d:9e:0c]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=69, ip_id=48869, ip_off=0
IP:  	ip_ttl=30, ip_sum=ca78, ip_p = 17 (UDP)
UDP: 	< source port=32783, < destination port=53(domain) >
UDP: 	[ udp length = 49 | udp checksum = bed8 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34416, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
53.74.32.9.in-addr.arpa, type = PTR, class = IN


Packet Number 150
TOK: ====( 175 bytes received on interface tr0 )==== 13:48:47.751774303
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 08:00:5a:0d:9e:0c, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=153, ip_id=55094, ip_off=0
IP:  	ip_ttl=30, ip_sum=b1d3, ip_p = 17 (UDP)
UDP: 	< source port=53(domain), < destination port=32783 >
UDP: 	[ udp length = 133 | udp checksum = 1f2d ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34416, rcode = NXDOMAIN
header flags:  response, want recursion, recursion avail.
questions = 1,  answers = 0,  authority records = 1,  additional = 0

QUESTIONS:
53.74.32.9.in-addr.arpa, type = PTR, class = IN
AUTHORITY RECORDS:
->  32.9.in-addr.arpa
ttl = 9726 (2 hours 42 mins 6 secs)
origin = leda2.cwp.ibm.com
mail addr = domreq.rhqvm15.somers.hqregion.ibm.com
serial = 2001022600
refresh = 10800 (3 hours)
retry   = 3600 (1 hour)
expire  = 604800 (7 days)
minimum ttl = 86400 (1 day)


Packet Number 151
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:47.754354158
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42297, ip_off=0DF
IP:  	ip_ttl=5, ip_sum=2b1d, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33448 >
UDP: 	[ udp length = 1472 | udp checksum = cc60 ]
UDP: 00000000     0e050000 3a9e452f 000b8181 00000000     |....:.E/........|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |


Packet Number 152
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:47.930266176
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.32.74.53 >
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=19025, ip_off=0
IP:  	ip_ttl=250, ip_sum=18ee, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42297, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f1d, ip_p = 17 (UDP)
IP:  00000000     f64282a8 05c0cc60                       |.B.....`        |


Packet Number 153
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:47.932955736
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42298, ip_off=0DF
IP:  	ip_ttl=5, ip_sum=2b1c, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33449 >
UDP: 	[ udp length = 1472 | udp checksum = 11e1 ]
UDP: 00000000     0f050000 3a9e452f 000e3afd 00000000     |....:.E/..:.....|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |


Packet Number 154
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:48.133818865
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.32.74.53 >
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=19028, ip_off=0
IP:  	ip_ttl=250, ip_sum=18eb, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42298, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f1c, ip_p = 17 (UDP)
IP:  00000000     f64282a9 05c011e1                       |.B......        |


Packet Number 155
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:48.135364671
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42299, ip_off=0DF
IP:  	ip_ttl=6, ip_sum=2a1b, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33450 >
UDP: 	[ udp length = 1472 | udp checksum = 3cb3 ]
UDP: 00000000     10060000 3a9e4530 00020f34 00000000     |....:.E0...4....|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |


Packet Number 156
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:48.349389451
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.32.1.46 >
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=17856, ip_off=0
IP:  	ip_ttl=249, ip_sum=6786, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42299, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f1b, ip_p = 17 (UDP)
IP:  00000000     f64282aa 05c03cb3                       |.B....<.        |


Packet Number 157
TOK: ====( 90 bytes transmitted on interface tr0 )==== 13:48:48.351942286
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 08:00:5a:0d:9e:0c]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=68, ip_id=48870, ip_off=0
IP:  	ip_ttl=30, ip_sum=ca78, ip_p = 17 (UDP)
UDP: 	< source port=32784, < destination port=53(domain) >
UDP: 	[ udp length = 48 | udp checksum = 339d ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34417, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
46.1.32.9.in-addr.arpa, type = PTR, class = IN


Packet Number 158
TOK: ====( 174 bytes received on interface tr0 )==== 13:48:48.414799024
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 08:00:5a:0d:9e:0c, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=152, ip_id=55098, ip_off=0
IP:  	ip_ttl=30, ip_sum=b1d0, ip_p = 17 (UDP)
UDP: 	< source port=53(domain), < destination port=32784 >
UDP: 	[ udp length = 132 | udp checksum = 334f ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34417, rcode = NXDOMAIN
header flags:  response, want recursion, recursion avail.
questions = 1,  answers = 0,  authority records = 1,  additional = 0

QUESTIONS:
46.1.32.9.in-addr.arpa, type = PTR, class = IN
AUTHORITY RECORDS:
->  32.9.in-addr.arpa
ttl = 9731 (2 hours 42 mins 11 secs)
origin = leda2.cwp.ibm.com
mail addr = domreq.rhqvm15.somers.hqregion.ibm.com
serial = 2001022600
refresh = 10800 (3 hours)
retry   = 3600 (1 hour)
expire  = 604800 (7 days)
minimum ttl = 86400 (1 day)


Packet Number 159
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:48.417871861
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42300, ip_off=0DF
IP:  	ip_ttl=6, ip_sum=2a1a, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33451 >
UDP: 	[ udp length = 1472 | udp checksum = ebb6 ]
UDP: 00000000     11060000 3a9e4530 00065f2b 00000000     |....:.E0.._+....|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |


Packet Number 160
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:48.593470169
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.32.1.46 >
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=17860, ip_off=0
IP:  	ip_ttl=249, ip_sum=6782, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42300, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f1a, ip_p = 17 (UDP)
IP:  00000000     f64282ab 05c0ebb6                       |.B......        |


Packet Number 161
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:48.594250022
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42301, ip_off=0DF
IP:  	ip_ttl=6, ip_sum=2a19, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33452 >
UDP: 	[ udp length = 1472 | udp checksum = 399b ]
UDP: 00000000     12060000 3a9e4530 00091043 00000000     |....:.E0...C....|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |


Packet Number 162
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:48.766938155
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.32.1.46 >
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=17861, ip_off=0
IP:  	ip_ttl=249, ip_sum=6781, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42301, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f19, ip_p = 17 (UDP)
IP:  00000000     f64282ac 05c0399b                       |.B....9.        |


Packet Number 163
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:48.767765670
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42302, ip_off=0DF
IP:  	ip_ttl=7, ip_sum=2918, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33453 >
UDP: 	[ udp length = 1472 | udp checksum = 92cd ]
UDP: 00000000     13070000 3a9e4530 000bb60c 00000000     |....:.E0........|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |


Packet Number 164
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:48.989273593
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =     9.32.105.62 >  (aus1fr2-to-mpn.nssouth.ibm.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=29444, ip_off=0
IP:  	ip_ttl=248, ip_sum=d331, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42302, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f18, ip_p = 17 (UDP)
IP:  00000000     f64282ad 05c092cd                       |.B......        |


Packet Number 165
TOK: ====( 92 bytes transmitted on interface tr0 )==== 13:48:48.991493821
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 08:00:5a:0d:9e:0c]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=70, ip_id=48871, ip_off=0
IP:  	ip_ttl=30, ip_sum=ca75, ip_p = 17 (UDP)
UDP: 	< source port=32785, < destination port=53(domain) >
UDP: 	[ udp length = 50 | udp checksum = 263 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34418, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
62.105.32.9.in-addr.arpa, type = PTR, class = IN


Packet Number 166
TOK: ====( 275 bytes received on interface tr0 )==== 13:48:48.996462583
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 08:00:5a:0d:9e:0c, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=253, ip_id=55102, ip_off=0
IP:  	ip_ttl=30, ip_sum=b167, ip_p = 17 (UDP)
UDP: 	< source port=53(domain), < destination port=32785 >
UDP: 	[ udp length = 233 | udp checksum = 4af6 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34418, rcode = NOERROR
header flags:  response, want recursion, recursion avail.
questions = 1,  answers = 1,  authority records = 3,  additional = 3

QUESTIONS:
62.105.32.9.in-addr.arpa, type = PTR, class = IN
ANSWERS:
->  62.105.32.9.in-addr.arpa
name = aus1fr2-to-mpn.nssouth.ibm.com
ttl = 85331 (23 hours 42 mins 11 secs)
AUTHORITY RECORDS:
->  32.9.IN-ADDR.ARPA
nameserver = leda2.cwp.ibm.com
ttl = 86400 (1 day)
ADDITIONAL RECORDS:
->  leda2.cwp.ibm.com
internet address = 9.14.1.3
ttl = 43200 (12 hours)


Packet Number 167
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:48.997534423
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42303, ip_off=0DF
IP:  	ip_ttl=7, ip_sum=2917, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33454 >
UDP: 	[ udp length = 1472 | udp checksum = 1060 ]
UDP: 00000000     14070000 3a9e4530 000f3775 00000000     |....:.E0..7u....|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |


Packet Number 168
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:49.186732421
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =     9.32.105.62 >  (aus1fr2-to-mpn.nssouth.ibm.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=29445, ip_off=0
IP:  	ip_ttl=248, ip_sum=d330, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42303, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f17, ip_p = 17 (UDP)
IP:  00000000     f64282ae 05c01060                       |.B.....`        |


Packet Number 169
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:49.187559515
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42304, ip_off=0DF
IP:  	ip_ttl=7, ip_sum=2916, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33455 >
UDP: 	[ udp length = 1472 | udp checksum = 6b56 ]
UDP: 00000000     15070000 3a9e4531 0002db89 00000000     |....:.E1........|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |


Packet Number 170
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:49.369465678
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =     9.32.105.62 >  (aus1fr2-to-mpn.nssouth.ibm.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=29446, ip_off=0
IP:  	ip_ttl=248, ip_sum=d32f, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42304, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f16, ip_p = 17 (UDP)
IP:  00000000     f64282af 05c06b56                       |.B....kV        |


Packet Number 171
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:49.370437983
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42305, ip_off=0DF
IP:  	ip_ttl=8, ip_sum=2815, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33456 >
UDP: 	[ udp length = 1472 | udp checksum = 9ff4 ]
UDP: 00000000     16080000 3a9e4531 0005a5e6 00000000     |....:.E1........|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |


Packet Number 172
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:49.564563281
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =     9.3.133.177 >  (wanfiddi-def.somewere.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=22816, ip_off=0
IP:  	ip_ttl=247, ip_sum=d1bf, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42305, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f15, ip_p = 17 (UDP)
IP:  00000000     f64282b0 05c09ff4                       |.B......        |


Packet Number 173
TOK: ====( 92 bytes transmitted on interface tr0 )==== 13:48:49.566988175
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 08:00:5a:0d:9e:0c]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=70, ip_id=48872, ip_off=0
IP:  	ip_ttl=30, ip_sum=ca74, ip_p = 17 (UDP)
UDP: 	< source port=32786, < destination port=53(domain) >
UDP: 	[ udp length = 50 | udp checksum = 5dff ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34419, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
177.133.3.9.in-addr.arpa, type = PTR, class = IN


Packet Number 174
TOK: ====( 384 bytes received on interface tr0 )==== 13:48:49.570518310
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 08:00:5a:0d:9e:0c, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=362, ip_id=55105, ip_off=0
IP:  	ip_ttl=30, ip_sum=b0f7, ip_p = 17 (UDP)
UDP: 	< source port=53(domain), < destination port=32786 >
UDP: 	[ udp length = 342 | udp checksum = 2443 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34419, rcode = NOERROR
header flags:  response, want recursion, recursion avail.
questions = 1,  answers = 1,  authority records = 6,  additional = 6

QUESTIONS:
177.133.3.9.in-addr.arpa, type = PTR, class = IN
ANSWERS:
->  177.133.3.9.in-addr.arpa
name = wanfiddi-def.somewere.com
ttl = 6132 (1 hour 42 mins 12 secs)
AUTHORITY RECORDS:
->  3.9.IN-ADDR.ARPA
nameserver = ausname1.somewere.com
ttl = 86400 (1 day)
ADDITIONAL RECORDS:
->  ausname1.somewere.com
internet address = 9.53.248.2
ttl = 43200 (12 hours)


Packet Number 175
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:49.571590270
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42306, ip_off=0DF
IP:  	ip_ttl=8, ip_sum=2814, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33457 >
UDP: 	[ udp length = 1472 | udp checksum = 8d37 ]
UDP: 00000000     17080000 3a9e4531 0008b79f 00000000     |....:.E1........|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |


Packet Number 176
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:49.770330059
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =     9.3.133.177 >  (wanfiddi-def.somewere.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=22818, ip_off=0
IP:  	ip_ttl=247, ip_sum=d1bd, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42306, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f14, ip_p = 17 (UDP)
IP:  00000000     f64282b1 05c08d37                       |.B.....7        |


Packet Number 177
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:49.771100405
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42307, ip_off=0DF
IP:  	ip_ttl=8, ip_sum=2813, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33458 >
UDP: 	[ udp length = 1472 | udp checksum = 80be ]
UDP: 00000000     18080000 3a9e4531 000bc314 00000000     |....:.E1........|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |


Packet Number 182
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:49.995946131
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =     9.3.133.177 >  (wanfiddi-def.somewere.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=22819, ip_off=0
IP:  	ip_ttl=247, ip_sum=d1bc, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42307, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f13, ip_p = 17 (UDP)
IP:  00000000     f64282b2 05c080be                       |.B......        |


Packet Number 183
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:49.996957853
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42308, ip_off=0DF
IP:  	ip_ttl=9, ip_sum=2712, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33459 >
UDP: 	[ udp length = 1472 | udp checksum = da4 ]
UDP: 00000000     19090000 3a9e4531 000f3529 00000000     |....:.E1..5)....|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |


Packet Number 191
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:50.194191794
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.3.63.181 >  (bb6l-901.somewere.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=15569, ip_off=0
IP:  	ip_ttl=246, ip_sum=350b, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42308, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f12, ip_p = 17 (UDP)
IP:  00000000     f64282b3 05c00da4                       |.B......        |


Packet Number 192
TOK: ====( 91 bytes transmitted on interface tr0 )==== 13:48:50.196883400
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 08:00:5a:0d:9e:0c]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=69, ip_id=48884, ip_off=0
IP:  	ip_ttl=30, ip_sum=ca69, ip_p = 17 (UDP)
UDP: 	< source port=32787, < destination port=53(domain) >
UDP: 	[ udp length = 49 | udp checksum = bbd5 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34420, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
181.63.3.9.in-addr.arpa, type = PTR, class = IN


Packet Number 193
TOK: ====( 379 bytes received on interface tr0 )==== 13:48:50.202964322
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 08:00:5a:0d:9e:0c, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=357, ip_id=55108, ip_off=0
IP:  	ip_ttl=30, ip_sum=b0f9, ip_p = 17 (UDP)
UDP: 	< source port=53(domain), < destination port=32787 >
UDP: 	[ udp length = 337 | udp checksum = dd9a ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34420, rcode = NOERROR
header flags:  response, want recursion, recursion avail.
questions = 1,  answers = 1,  authority records = 6,  additional = 6

QUESTIONS:
181.63.3.9.in-addr.arpa, type = PTR, class = IN
ANSWERS:
->  181.63.3.9.in-addr.arpa
name = bb6l-901.somewere.com
ttl = 6132 (1 hour 42 mins 12 secs)
AUTHORITY RECORDS:
->  3.9.IN-ADDR.ARPA
nameserver = ausname1.somewere.com
ttl = 86400 (1 day)
ADDITIONAL RECORDS:
->  ausname1.somewere.com
internet address = 9.53.248.2
ttl = 43200 (12 hours)


Packet Number 194
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:50.205252251
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42309, ip_off=0DF
IP:  	ip_ttl=9, ip_sum=2711, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33460 >
UDP: 	[ udp length = 1472 | udp checksum = 2159 ]
UDP: 00000000     1a090000 3a9e4532 0003207e 00000000     |....:.E2.. ~....|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |


Packet Number 199
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:50.408016119
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.3.63.181 >  (bb6l-901.somewere.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=15572, ip_off=0
IP:  	ip_ttl=246, ip_sum=3508, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42309, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f11, ip_p = 17 (UDP)
IP:  00000000     f64282b4 05c02159                       |.B....!Y        |


Packet Number 200
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:50.408931796
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42310, ip_off=0DF
IP:  	ip_ttl=9, ip_sum=2710, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33461 >
UDP: 	[ udp length = 1472 | udp checksum = 4a7 ]
UDP: 00000000     1b090000 3a9e4532 00063c2c 00000000     |....:.E2..<,....|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |


Packet Number 201
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:50.657008429
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.3.63.181 >  (bb6l-901.somewere.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=15575, ip_off=0
IP:  	ip_ttl=246, ip_sum=3505, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42310, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f10, ip_p = 17 (UDP)
IP:  00000000     f64282b5 05c004a7                       |.B......        |


Packet Number 202
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:50.657872954
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42311, ip_off=0DF
IP:  	ip_ttl=10, ip_sum=260f, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33462 >
UDP: 	[ udp length = 1472 | udp checksum = 3709 ]
UDP: 00000000     1c0a0000 3a9e4532 000a08c4 00000000     |....:.E2........|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |


Packet Number 203
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:50.879658421
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =        9.3.53.5 >  (catozzirsm.somewere.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=6394, ip_off=0
IP:  	ip_ttl=245, ip_sum=6492, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42311, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f0f, ip_p = 17 (UDP)
IP:  00000000     f64282b6 05c03709                       |.B....7.        |


Packet Number 204
TOK: ====( 89 bytes transmitted on interface tr0 )==== 13:48:50.882014832
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 08:00:5a:0d:9e:0c]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=67, ip_id=48889, ip_off=0
IP:  	ip_ttl=30, ip_sum=ca66, ip_p = 17 (UDP)
UDP: 	< source port=32788, < destination port=53(domain) >
UDP: 	[ udp length = 47 | udp checksum = f605 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34421, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
5.53.3.9.in-addr.arpa, type = PTR, class = IN


Packet Number 205
TOK: ====( 379 bytes received on interface tr0 )==== 13:48:50.885740065
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 08:00:5a:0d:9e:0c, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=357, ip_id=55116, ip_off=0
IP:  	ip_ttl=30, ip_sum=b0f1, ip_p = 17 (UDP)
UDP: 	< source port=53(domain), < destination port=32788 >
UDP: 	[ udp length = 337 | udp checksum = dcd2 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34421, rcode = NOERROR
header flags:  response, want recursion, recursion avail.
questions = 1,  answers = 1,  authority records = 6,  additional = 6

QUESTIONS:
5.53.3.9.in-addr.arpa, type = PTR, class = IN
ANSWERS:
->  5.53.3.9.in-addr.arpa
name = catozzirsm.somewere.com
ttl = 6132 (1 hour 42 mins 12 secs)
AUTHORITY RECORDS:
->  3.9.IN-ADDR.ARPA
nameserver = ausname1.somewere.com
ttl = 86400 (1 day)
ADDITIONAL RECORDS:
->  ausname1.somewere.com
internet address = 9.53.248.2
ttl = 43200 (12 hours)


Packet Number 206
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:50.886771465
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42312, ip_off=0DF
IP:  	ip_ttl=10, ip_sum=260e, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33463 >
UDP: 	[ udp length = 1472 | udp checksum = b7e7 ]
UDP: 00000000     1d0a0000 3a9e4532 000d86e1 00000000     |....:.E2........|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |


Packet Number 207
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:51.085737345
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =        9.3.53.5 >  (catozzirsm.somewere.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=6395, ip_off=0
IP:  	ip_ttl=245, ip_sum=6491, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42312, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f0e, ip_p = 17 (UDP)
IP:  00000000     f64282b7 05c0b7e7                       |.B......        |


Packet Number 208
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:51.086515875
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42313, ip_off=0DF
IP:  	ip_ttl=10, ip_sum=260d, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33464 >
UDP: 	[ udp length = 1472 | udp checksum = ece9 ]
UDP: 00000000     1e0a0000 3a9e4533 000150e9 00000000     |....:.E3..P.....|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |


Packet Number 209
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:51.320255810
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =        9.3.53.5 >  (catozzirsm.somewere.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=192, ip_len=56, ip_id=6396, ip_off=0
IP:  	ip_ttl=245, ip_sum=6490, ip_p = 1 (ICMP)
ICMP: 	icmp_type=11 (TIME_EXCEEDED)  icmp_code=0(IN_TRANSIT)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42313, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f0d, ip_p = 17 (UDP)
IP:  00000000     f64282b8 05c0ece9                       |.B......        |


Packet Number 210
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:51.321152651
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42314, ip_off=0DF
IP:  	ip_ttl=11, ip_sum=250c, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33465 >
UDP: 	[ udp length = 1472 | udp checksum = 5762 ]
UDP: 00000000     1f0b0000 3a9e4533 0004e56b 00000000     |....:.E3...k....|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |

Jetzt kommt die Sache zu einem Ende. Das ist das erste Paket der letzten Serie. Die TTL ist jetzt 11.


Packet Number 211
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:51.601147206
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.3.141.79 >  (speedo.somewere.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=56, ip_id=53435, ip_off=0DF
IP:  	ip_ttl=244, ip_sum=1646, ip_p = 1 (ICMP)
ICMP: 	icmp_type=3 (DEST UNREACH)
ICMP: 	icmp_code=3 (9.3.141.79: UDP PORT 33465 unreachable, src=63042)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1512, ip_id=42314, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f0c, ip_p = 17 (UDP)
IP:  00000000     f64282b9 05c00000                       |.B......        |

Und wir reden jetzt tatsächlich mit Speedo. Auf diesem Rechner soll das Paket ankommen, deshalb ist die TTL auch ok. Speedo stellt fest, das es auf dem Port nichts gibt, und deshalb gibt er eine andere ICMP Message zurück: Type 3, und Code 3, DESTINATION UNREACHABLE, PORT UNREACHABLE. Das ist für Traceroute das Zeichen, das er angekommen ist. Er wird jetzt noch die anderen beiden Pakete der Serie schicken und dann aufhören.


Packet Number 212
TOK: ====( 91 bytes transmitted on interface tr0 )==== 13:48:51.603386390
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 08:00:5a:0d:9e:0c]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=69, ip_id=48890, ip_off=0
IP:  	ip_ttl=30, ip_sum=ca63, ip_p = 17 (UDP)
UDP: 	< source port=32789, < destination port=53(domain) >
UDP: 	[ udp length = 49 | udp checksum = 8efb ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34422, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0

QUESTIONS:
79.141.3.9.in-addr.arpa, type = PTR, class = IN

Er hat wohl vergessen, das Speedo Speedo heisst. Zu dumm.


Packet Number 213
TOK: ====( 377 bytes received on interface tr0 )==== 13:48:51.608974931
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 08:00:5a:0d:9e:0c, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.39.0.179 >  (dces2.nbs.mainz.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=355, ip_id=55121, ip_off=0
IP:  	ip_ttl=30, ip_sum=b0ee, ip_p = 17 (UDP)
UDP: 	< source port=53(domain), < destination port=32789 >
UDP: 	[ udp length = 335 | udp checksum = 80c6 ]
DNS Packet breakdown:
HEADER:
opcode = QUERY, id = 34422, rcode = NOERROR
header flags:  response, want recursion, recursion avail.
questions = 1,  answers = 1,  authority records = 6,  additional = 6

QUESTIONS:
79.141.3.9.in-addr.arpa, type = PTR, class = IN
ANSWERS:
->  79.141.3.9.in-addr.arpa
name = speedo.somewere.com
ttl = 6133 (1 hour 42 mins 13 secs)
AUTHORITY RECORDS:
->  3.9.IN-ADDR.ARPA
nameserver = ausname1.somewere.com
ttl = 86400 (1 day)
ADDITIONAL RECORDS:
->  ausname1.somewere.com
internet address = 9.53.248.2
ttl = 43200 (12 hours)


Packet Number 214
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:51.609995439
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42315, ip_off=0DF
IP:  	ip_ttl=11, ip_sum=250b, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33466 >
UDP: 	[ udp length = 1472 | udp checksum = ee0b ]
UDP: 00000000     200b0000 3a9e4533 00094dbc 00000000     | ...:.E3..M.....|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |


Packet Number 215
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:51.855960528
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.3.141.79 >  (speedo.somewere.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=56, ip_id=53436, ip_off=0DF
IP:  	ip_ttl=244, ip_sum=1645, ip_p = 1 (ICMP)
ICMP: 	icmp_type=3 (DEST UNREACH)
ICMP: 	icmp_code=3 (9.3.141.79: UDP PORT 33466 unreachable, src=63042)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1512, ip_id=42315, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f0b, ip_p = 17 (UDP)
IP:  00000000     f64282ba 05c00000                       |.B......        |


Packet Number 216
TOK: ====( 1514 bytes transmitted on interface tr0 )==== 13:48:51.856738396
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 0, frame control field = 40
TOK: [ src = 00:06:29:b9:50:3f, dst = 42:82:10:0d:06:02]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1492, ip_id=42316, ip_off=0DF
IP:  	ip_ttl=11, ip_sum=250a, ip_p = 17 (UDP)
UDP: 	< source port=63042, < destination port=33467 >
UDP: 	[ udp length = 1472 | udp checksum = 292e ]
UDP: 00000000     210b0000 3a9e4533 000d1195 00000000     |!...:.E3........|
UDP: 00000010     00000000 00000000 00000000 00000000     |................|
UDP: ********
UDP: 000005b0     00000000 00000000                       |........        |


Packet Number 217
TOK: ====( 78 bytes received on interface tr0 )==== 13:48:52.107753247
TOK: 802.5 packet
TOK: 802.5 MAC header:
TOK: access control field = 10, frame control field = 40
TOK: [ src = 42:82:10:0d:06:02, dst = 00:06:29:b9:50:3f]
TOK: 802.2 LLC header:
TOK: dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP:  	< SRC =      9.3.141.79 >  (speedo.somewere.com)
IP:  	< DST =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=56, ip_id=53437, ip_off=0DF
IP:  	ip_ttl=244, ip_sum=1644, ip_p = 1 (ICMP)
ICMP: 	icmp_type=3 (DEST UNREACH)
ICMP: 	icmp_code=3 (9.3.141.79: UDP PORT 33467 unreachable, src=63042)
ICMP: 	Referenced IP header:
IP:  	< SRC =       9.39.0.74 >  (cristina.nbs.mainz.com)
IP:  	< DST =      9.3.141.79 >  (speedo.somewere.com)
IP:  	ip_v=4, ip_hl=20, ip_tos=0, ip_len=1512, ip_id=42316, ip_off=0DF
IP:  	ip_ttl=1, ip_sum=2f0a, ip_p = 17 (UDP)
IP:  00000000     f64282bb 05c00000                       |.B......        |

Thats it...


[ Main | Local ]

[ Allgemein | UNIX | AIX | TCP-IP | TCP | ROUTING | DNS | NTP | NFS | FreeBSD | Linux | SMTP | Tracing | GPS ]

Copyright 2001-2014 by Orm Hager - Es gilt die GPL
Feedback bitte an: Orm Hager (orm@doc-tcpip.org )