Pastebin.com - Printed Paste ID: https://pastebin.com/

1. =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.02.02 14:18:38 =~=~=~=~=~=~=~=~=~=~=~=
2. login as: administrator
3. administrator@172.16.0.114's password:
4. Last login: Sat Feb 2 13:47:07 2013 from 172.16.1.58
5.  
6. ]0;administrator@webforms:~[?1034h[administrator@webforms ~]$ su
7. Password:
8. ]0;administrator@webforms:/home/administrator[?1034h[root@webforms administrator]# tcpdump -i em0 port 21 and port 20 and port 53
9. tcpdump: expression rejects all packets
10. ]0;administrator@webforms:/home/administrator[root@webforms administrator]# tcpdump -i em0 port 21 and port 20 and port 53
11.  tcpdump -i em0 port 21 or port 20 or
12. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
13. listening on em0, link-type EN10MB (Ethernet), capture size 65535 bytes
14. 14:22:11.780232 IP htcsta1.tsb.local.6203 > webforms.tsb.local.ftp: Flags [S], seq 3406589484, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
15. 14:22:11.780290 IP webforms.tsb.local.ftp > htcsta1.tsb.local.6203: Flags [S.], seq 353865190, ack 3406589485, win 14600, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
16. 14:22:11.780945 IP webforms.tsb.local.41085 > telecomdns.tsb.local.domain: 32542+ PTR? 114.0.16.172.in-addr.arpa. (43)
17. 14:22:11.781259 IP htcsta1.tsb.local.6203 > webforms.tsb.local.ftp: Flags [.], ack 1, win 256, length 0
18. 14:22:11.781315 IP telecomdns.tsb.local.domain > webforms.tsb.local.41085: 32542* 1/0/0 PTR webforms.tsb.local. (75)
19. 14:22:11.781501 IP webforms.tsb.local.43267 > telecomdns.tsb.local.domain: 18390+ PTR? 58.1.16.172.in-addr.arpa. (42)
20. 14:22:11.781870 IP telecomdns.tsb.local.domain > webforms.tsb.local.43267: 18390* 1/0/0 PTR htcsta1.tsb.local. (73)
21. 14:22:11.782144 IP webforms.tsb.local.47807 > telecomdns.tsb.local.domain: 27786+ PTR? 112.0.16.172.in-addr.arpa. (43)
22. 14:22:11.782484 IP telecomdns.tsb.local.domain > webforms.tsb.local.47807: 27786* 1/0/0 PTR telecomdns.tsb.local. (77)
23. 14:22:11.783285 IP webforms.tsb.local.ftp > htcsta1.tsb.local.6203: Flags [P.], seq 1:44, ack 1, win 115, length 43
24. 14:22:11.785795 IP htcsta1.tsb.local.6203 > webforms.tsb.local.ftp: Flags [P.], seq 1:19, ack 44, win 256, length 18
25. 14:22:11.785838 IP webforms.tsb.local.ftp > htcsta1.tsb.local.6203: Flags [.], ack 19, win 115, length 0
26. 14:22:11.785896 IP webforms.tsb.local.ftp > htcsta1.tsb.local.6203: Flags [P.], seq 44:78, ack 19, win 115, length 34
27. 14:22:11.791109 IP htcsta1.tsb.local.6203 > webforms.tsb.local.ftp: Flags [P.], seq 19:40, ack 78, win 256, length 21
28. 14:22:11.791974 IP webforms.tsb.local.33926 > telecomdns.tsb.local.domain: 33975+ PTR? 58.1.16.172.in-addr.arpa. (42)
29. 14:22:11.792302 IP telecomdns.tsb.local.domain > webforms.tsb.local.33926: 33975* 1/0/0 PTR htcsta1.tsb.local. (73)
30. 14:22:11.830602 IP webforms.tsb.local.ftp > htcsta1.tsb.local.6203: Flags [.], ack 40, win 115, length 0
31. 14:22:26.806287 IP webforms.tsb.local.ftp > htcsta1.tsb.local.6203: Flags [P.], seq 78:101, ack 40, win 115, length 23
32. 14:22:26.807106 IP htcsta1.tsb.local.6203 > webforms.tsb.local.ftp: Flags [P.], seq 40:54, ack 101, win 256, length 14
33. 14:22:26.807152 IP webforms.tsb.local.ftp > htcsta1.tsb.local.6203: Flags [.], ack 54, win 115, length 0
34. 14:22:26.807223 IP webforms.tsb.local.ftp > htcsta1.tsb.local.6203: Flags [P.], seq 101:127, ack 54, win 115, length 26
35. 14:22:26.813992 IP htcsta1.tsb.local.6203 > webforms.tsb.local.ftp: Flags [P.], seq 54:59, ack 127, win 256, length 5
36. 14:22:26.814098 IP webforms.tsb.local.ftp > htcsta1.tsb.local.6203: Flags [P.], seq 127:148, ack 59, win 115, length 21
37. 14:22:27.016192 IP htcsta1.tsb.local.6203 > webforms.tsb.local.ftp: Flags [.], ack 148, win 256, length 0
38. 14:22:28.449483 IP htcsta1.tsb.local.6203 > webforms.tsb.local.ftp: Flags [F.], seq 59, ack 148, win 256, length 0
39. 14:22:28.449626 IP webforms.tsb.local.ftp > htcsta1.tsb.local.6203: Flags [F.], seq 148, ack 60, win 115, length 0
40. 14:22:28.449939 IP htcsta1.tsb.local.6203 > webforms.tsb.local.ftp: Flags [.], ack 149, win 256, length 0
41. ^C
42. 27 packets captured
43. 28 packets received by filter
44. 0 packets dropped by kernel
45. ]0;administrator@webforms:/home/administrator[root@webforms administrator]#