search

seclab-ucr / INTANG

GNU General Public License v3.0
2.86k stars 567 forks source link

Not Working on ubuntu-16.04 #4

Open liword opened 6 years ago

liword commented 6 years ago

Can not open any blocked website, like google, twitter, dropbox, facebook etc.

1509702764.838159 [INFO] Current version: 7 1509702764.838264 [INFO] Starting redis server. 1509702764.885679 [INFO] Building sync connection with redis server. 1509702764.885919 [INFO] Sync connection built successfully. 1509702764.886024 [INFO] Loading historical results from redis. 1509702764.890654 [INFO] Loading TTL from redis. 1509702764.895369 [INFO] Async connection built successfully. 1509702764.896830 [INFO] Connecting to TCP DNS server. 1509702764.954859 [INFO] Connected to TCP DNS server. 1509702788.365938 [INFO] [EVAL] STRATEGY SUCCEEDED. 117440522_18625_2151024480_20480_11 1509702802.768291 [INFO] [EVAL] STRATEGY SUCCEEDED. 117440522_23773_457910551_20480_8 1509702803.030838 [INFO] [EVAL] STRATEGY SUCCEEDED. 117440522_21681_502076021_20480_2

gkso commented 6 years ago

Please be advised: 1) Google/Twitter/Facebook are now IP-blocked by the GFW, our approach is focusing on evading connection RST attack. IP-blocking can be only bypassed with the help of proxy-like infrastructure, e.g. proxy, VPN, decoy routing. 2) Dropbox can be visited with our tool, but you may need to enable DNS forwarding by editing the main.c file. specifically turning on the "opt_protect_dns_protocol" option. Because Dropbox is not IP-blocked but only DNS poisoned. 3) The main use case of INTANG and TCP-layer censorship evasion techniques are to prevent the GFW from performing Deep Packet Inspection on your traffic, and circumvent content detection/filtering.

liword commented 6 years ago

Dropbox still not working after enable DNS forwarding. Still can not find any website works. 1509712208.151733 [INFO] Current version: 7 1509712208.151982 [INFO] Starting redis server. 1509712208.161194 [DEBUG] unbinding existing nf_queue handler for AF_INET (if any) 1509712208.161287 [DEBUG] binding nfnetlink_queue as nf_queue handler for AF_INET 1509712208.161297 [DEBUG] binding this socket to queue 1 1509712208.161305 [DEBUG] setting copy_packet mode 1509712208.219837 [INFO] Building sync connection with redis server. 1509712208.220476 [DEBUG] Using public DNS resolver #4: 208.67.220.220 1509712208.220499 [INFO] Connecting to TCP DNS server. 1509712208.220554 [DEBUG] [TCP] This packet goes from 10.0.0.8:34254 to 208.67.220.220:53 1509712208.220563 [DEBUG] TCP flags: SYN, 1509712208.220569 [DEBUG] Using strategy dummy 1509712208.220324 [INFO] Sync connection built successfully. 1509712208.220798 [INFO] Loading historical results from redis. 1509712208.222917 [DEBUG] 44 records loaded. 1509712208.222941 [INFO] Loading TTL from redis. 1509712208.223500 [DEBUG] 17 records loaded. 1509712208.223533 [INFO] Async connection built successfully. 1509712208.288644 [DEBUG] [TCP] This packet goes from 208.67.220.220:53 to 10.0.0.8:34254 1509712208.288690 [DEBUG] TCP flags: SYN,ACK, 1509712208.288772 [DEBUG] [TCP] This packet goes from 10.0.0.8:34254 to 208.67.220.220:53 1509712208.288787 [DEBUG] TCP flags: ACK, 1509712208.288901 [INFO] Connected to TCP DNS server. 1509712209.648699 [DEBUG] [TCP] This packet goes from 10.0.0.8:38158 to 216.239.38.21:80 1509712209.648729 [DEBUG] TCP flags: FIN,ACK, 1509712209.700499 [DEBUG] [TCP] This packet goes from 10.0.0.8:38154 to 216.239.38.21:80 1509712209.700543 [DEBUG] TCP flags: ACK, 1509712209.712954 [DEBUG] [TCP] This packet goes from 10.0.0.8:38158 to 216.239.38.21:80 1509712209.712991 [DEBUG] TCP flags: ACK, 1509712210.468560 [DEBUG] [TCP] This packet goes from 10.0.0.8:48398 to 203.208.51.39:80 1509712210.468596 [DEBUG] TCP flags: ACK, 1509712210.468704 [DEBUG] [TCP] This packet goes from 10.0.0.8:48396 to 203.208.51.39:80 1509712210.468715 [DEBUG] TCP flags: ACK, 1509712211.236662 [DEBUG] [TCP] This packet goes from 10.0.0.8:53076 to 203.208.43.77:80 1509712211.236698 [DEBUG] TCP flags: ACK, 1509712211.236822 [DEBUG] [TCP] This packet goes from 10.0.0.8:53074 to 203.208.43.77:80 1509712211.236833 [DEBUG] TCP flags: ACK, 1509712211.492632 [DEBUG] [TCP] This packet goes from 10.0.0.8:53072 to 203.208.43.77:80 1509712211.492667 [DEBUG] TCP flags: ACK, 1509712211.492823 [DEBUG] [TCP] This packet goes from 10.0.0.8:53080 to 203.208.43.77:80 1509712211.492833 [DEBUG] TCP flags: ACK, 1509712211.492880 [DEBUG] [TCP] This packet goes from 10.0.0.8:53078 to 203.208.43.77:80 1509712211.492889 [DEBUG] TCP flags: ACK, 1509712211.748758 [DEBUG] [TCP] This packet goes from 10.0.0.8:57152 to 203.208.51.44:80 1509712211.748792 [DEBUG] TCP flags: ACK, 1509712211.748906 [DEBUG] [TCP] This packet goes from 10.0.0.8:57320 to 203.208.51.63:80 1509712211.748917 [DEBUG] TCP flags: ACK, 1509712212.004732 [DEBUG] [TCP] This packet goes from 10.0.0.8:57150 to 203.208.51.44:80 1509712212.004768 [DEBUG] TCP flags: ACK, 1509712212.004883 [DEBUG] [TCP] This packet goes from 10.0.0.8:53082 to 203.208.43.77:80 1509712212.004894 [DEBUG] TCP flags: ACK, 1509712212.004951 [DEBUG] [TCP] This packet goes from 10.0.0.8:57318 to 203.208.51.63:80 1509712212.004960 [DEBUG] TCP flags: ACK, 1509712212.649968 [DEBUG] [TCP] This packet goes from 10.0.0.8:38154 to 216.239.38.21:80 1509712212.650000 [DEBUG] TCP flags: FIN,ACK, 1509712212.717176 [DEBUG] [TCP] This packet goes from 10.0.0.8:38154 to 216.239.38.21:80 1509712212.717220 [DEBUG] TCP flags: ACK, 1509712212.772875 [DEBUG] [TCP] This packet goes from 10.0.0.8:38156 to 216.239.38.21:80 1509712212.772919 [DEBUG] TCP flags: ACK, 1509712213.540932 [DEBUG] [TCP] This packet goes from 10.0.0.8:33286 to 203.208.48.58:80 1509712213.540984 [DEBUG] TCP flags: ACK, 1509712213.651437 [DEBUG] [TCP] This packet goes from 10.0.0.8:48396 to 203.208.51.39:80 1509712213.651468 [DEBUG] TCP flags: FIN,ACK, 1509712213.651695 [DEBUG] [TCP] This packet goes from 10.0.0.8:48398 to 203.208.51.39:80 1509712213.651722 [DEBUG] TCP flags: FIN,ACK, 1509712213.691527 [DEBUG] [TCP] This packet goes from 10.0.0.8:48396 to 203.208.51.39:80 1509712213.691558 [DEBUG] TCP flags: ACK, 1509712213.691644 [DEBUG] [TCP] This packet goes from 10.0.0.8:48398 to 203.208.51.39:80 1509712213.691655 [DEBUG] TCP flags: ACK, 1509712213.796551 [DEBUG] [TCP] This packet goes from 10.0.0.8:33272 to 203.208.48.58:80 1509712213.796583 [DEBUG] TCP flags: ACK, 1509712214.564966 [DEBUG] [TCP] This packet goes from 10.0.0.8:53600 to 203.208.43.89:80 1509712214.565006 [DEBUG] TCP flags: ACK, 1509712214.565210 [DEBUG] [TCP] This packet goes from 10.0.0.8:53610 to 203.208.43.89:80 1509712214.565222 [DEBUG] TCP flags: ACK, 1509712214.565288 [DEBUG] [TCP] This packet goes from 10.0.0.8:53590 to 203.208.43.89:80 1509712214.565298 [DEBUG] TCP flags: ACK, 1509712214.652196 [DEBUG] [TCP] This packet goes from 10.0.0.8:53078 to 203.208.43.77:80 1509712214.652226 [DEBUG] TCP flags: FIN,ACK, 1509712214.652441 [DEBUG] [TCP] This packet goes from 10.0.0.8:57150 to 203.208.51.44:80 1509712214.652454 [DEBUG] TCP flags: FIN,ACK, 1509712214.652565 [DEBUG] [TCP] This packet goes from 10.0.0.8:57152 to 203.208.51.44:80 1509712214.652576 [DEBUG] TCP flags: FIN,ACK, 1509712214.652660 [DEBUG] [TCP] This packet goes from 10.0.0.8:57318 to 203.208.51.63:80 1509712214.652670 [DEBUG] TCP flags: FIN,ACK, 1509712214.652751 [DEBUG] [TCP] This packet goes from 10.0.0.8:57320 to 203.208.51.63:80 1509712214.652761 [DEBUG] TCP flags: FIN,ACK, 1509712214.652860 [DEBUG] [TCP] This packet goes from 10.0.0.8:53082 to 203.208.43.77:80 1509712214.652870 [DEBUG] TCP flags: FIN,ACK, 1509712214.652965 [DEBUG] [TCP] This packet goes from 10.0.0.8:53074 to 203.208.43.77:80 1509712214.652975 [DEBUG] TCP flags: FIN,ACK, 1509712214.653051 [DEBUG] [TCP] This packet goes from 10.0.0.8:53080 to 203.208.43.77:80 1509712214.653061 [DEBUG] TCP flags: FIN,ACK, 1509712214.653137 [DEBUG] [TCP] This packet goes from 10.0.0.8:53072 to 203.208.43.77:80 1509712214.653147 [DEBUG] TCP flags: FIN,ACK, 1509712214.653223 [DEBUG] [TCP] This packet goes from 10.0.0.8:53076 to 203.208.43.77:80 1509712214.653233 [DEBUG] TCP flags: FIN,ACK, 1509712214.682504 [DEBUG] [TCP] This packet goes from 10.0.0.8:53078 to 203.208.43.77:80 1509712214.682537 [DEBUG] TCP flags: ACK, 1509712214.683170 [DEBUG] [TCP] This packet goes from 10.0.0.8:53080 to 203.208.43.77:80 1509712214.683187 [DEBUG] TCP flags: ACK, 1509712214.683262 [DEBUG] [TCP] This packet goes from 10.0.0.8:53082 to 203.208.43.77:80 1509712214.683272 [DEBUG] TCP flags: ACK, 1509712214.683324 [DEBUG] [TCP] This packet goes from 10.0.0.8:53074 to 203.208.43.77:80 1509712214.683333 [DEBUG] TCP flags: ACK, 1509712214.683383 [DEBUG] [TCP] This packet goes from 10.0.0.8:53072 to 203.208.43.77:80 1509712214.683391 [DEBUG] TCP flags: ACK, 1509712214.683440 [DEBUG] [TCP] This packet goes from 10.0.0.8:53076 to 203.208.43.77:80 1509712214.683449 [DEBUG] TCP flags: ACK, 1509712214.688992 [DEBUG] [TCP] This packet goes from 10.0.0.8:57320 to 203.208.51.63:80 1509712214.689022 [DEBUG] TCP flags: ACK, 1509712214.692605 [DEBUG] [TCP] This packet goes from 10.0.0.8:57318 to 203.208.51.63:80 1509712214.692638 [DEBUG] TCP flags: ACK, 1509712214.692733 [DEBUG] [TCP] This packet goes from 10.0.0.8:57150 to 203.208.51.44:80 1509712214.692744 [DEBUG] TCP flags: ACK, 1509712214.692797 [DEBUG] [TCP] This packet goes from 10.0.0.8:57152 to 203.208.51.44:80 1509712214.692806 [DEBUG] TCP flags: ACK, 1509712215.530250 [DEBUG] DNS Query: services.addons.mozilla.org 1 1 1509712215.530315 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712215.534884 [DEBUG] DNS Query: services.addons.mozilla.org 1 1 1509712215.534965 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712215.535590 [DEBUG] DNS Query: services.addons.mozilla.org 28 1 1509712215.535639 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712215.540202 [DEBUG] DNS Query: services.addons.mozilla.org 28 1 1509712215.540247 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712215.653149 [DEBUG] [TCP] This packet goes from 10.0.0.8:38156 to 216.239.38.21:80 1509712215.653195 [DEBUG] TCP flags: FIN,ACK, 1509712215.715546 [DEBUG] [TCP] This packet goes from 10.0.0.8:38156 to 216.239.38.21:80 1509712215.715574 [DEBUG] TCP flags: ACK, 1509712215.970619 [DEBUG] DNS Query: ocsp.digicert.com 1 1 1509712215.970679 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712215.975127 [DEBUG] DNS Query: ocsp.digicert.com 1 1 1509712215.975178 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712215.982830 [DEBUG] [TCP] This packet goes from 10.0.0.8:55342 to 117.18.237.29:80 1509712215.982857 [DEBUG] TCP flags: SYN, 1509712215.982865 [DEBUG] Using strategy rst_super 1509712216.015470 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55342 1509712216.015512 [DEBUG] TCP flags: SYN,ACK, 1509712216.015574 [DEBUG] [TCP] This packet goes from 10.0.0.8:55342 to 117.18.237.29:80 1509712216.015587 [DEBUG] TCP flags: ACK, 1509712216.019166 [DEBUG] [TCP] This packet goes from 10.0.0.8:55342 to 117.18.237.29:80 1509712216.019208 [DEBUG] TCP flags: PSH,ACK, 1509712216.019218 [DEBUG] [TCP] Sent a HTTP request from 10.0.0.8:55342 to 117.18.237.29:80. 1509712216.019227 [DEBUG] [TCP] POST ocsp.digicert.com/ HTTP/1.1 1509712216.188750 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55342 1509712216.188796 [DEBUG] TCP flags: PSH,ACK, 1509712216.188835 [DEBUG] [TCP] Got a HTTP response from 117.18.237.29:80 to 10.0.0.8:55342. 1509712216.189057 [DEBUG] [TCP] This packet goes from 10.0.0.8:55342 to 117.18.237.29:80 1509712216.189170 [DEBUG] TCP flags: ACK, 1509712216.299856 [DEBUG] Keep alive packet sent. 1509712216.300116 [DEBUG] [TCP] This packet goes from 10.0.0.8:34254 to 208.67.220.220:53 1509712216.300140 [DEBUG] TCP flags: PSH,ACK, 1509712216.300147 [DEBUG] [TCP] Sent a DNS request from 10.0.0.8:34254 to 208.67.220.220:53. 1509712216.473116 [DEBUG] [TCP] This packet goes from 208.67.220.220:53 to 10.0.0.8:34254 1509712216.473149 [DEBUG] TCP flags: PSH,ACK, 1509712216.473155 [DEBUG] [TCP] Got a DNS response from 208.67.220.220:53 to 10.0.0.8:34254. 1509712216.473160 [DEBUG] DNS Query: www.aiojewewrrewqddsag.com 1 1 1509712216.473249 [DEBUG] [TCP] This packet goes from 10.0.0.8:34254 to 208.67.220.220:53 1509712216.473257 [DEBUG] TCP flags: ACK, 1509712216.473480 [DEBUG] No DNS request info or DNS response has been received. 6751 www.aiojewewrrewqddsag.com 1509712216.483124 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 1 1 1509712216.483161 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712216.483314 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 28 1 1509712216.483334 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712216.490281 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 1 1 1509712216.490324 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712216.490412 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 28 1 1509712216.490427 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712216.492502 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 1 1 1509712216.492539 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712216.497476 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 1 1 1509712216.497528 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712216.498821 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 28 1 1509712216.498859 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712216.503186 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 28 1 1509712216.503229 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712216.504961 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 1 1 1509712216.504997 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712216.510222 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 1 1 1509712216.510275 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712216.510654 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 28 1 1509712216.510681 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712216.515181 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 28 1 1509712216.515222 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712216.518936 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 1 1 1509712216.518975 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712216.519156 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 28 1 1509712216.519178 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712216.525188 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 1 1 1509712216.525230 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712216.525312 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 28 1 1509712216.525327 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712216.526824 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 1 1 1509712216.526857 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712216.533172 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 1 1 1509712216.533212 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712216.533490 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 28 1 1509712216.533510 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712216.538165 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 28 1 1509712216.538205 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712216.654163 [DEBUG] [TCP] This packet goes from 10.0.0.8:33272 to 203.208.48.58:80 1509712216.654204 [DEBUG] TCP flags: FIN,ACK, 1509712216.655431 [DEBUG] [TCP] This packet goes from 10.0.0.8:33286 to 203.208.48.58:80 1509712216.655468 [DEBUG] TCP flags: FIN,ACK, 1509712216.686553 [DEBUG] [TCP] This packet goes from 10.0.0.8:33286 to 203.208.48.58:80 1509712216.686583 [DEBUG] TCP flags: ACK, 1509712216.686667 [DEBUG] [TCP] This packet goes from 10.0.0.8:33272 to 203.208.48.58:80 1509712216.686677 [DEBUG] TCP flags: ACK, 1509712216.863130 [DEBUG] [TCP] This packet goes from 10.0.0.8:55342 to 117.18.237.29:80 1509712216.863176 [DEBUG] TCP flags: PSH,ACK, 1509712216.863219 [DEBUG] [TCP] Sent a HTTP request from 10.0.0.8:55342 to 117.18.237.29:80. 1509712216.863231 [DEBUG] [TCP] POST ocsp.digicert.com/ HTTP/1.1 1509712216.998296 [DEBUG] [TCP] This packet goes from 10.0.0.8:55356 to 117.18.237.29:80 1509712216.998331 [DEBUG] TCP flags: SYN, 1509712216.998340 [DEBUG] Using strategy rst_super 1509712216.998415 [DEBUG] [TCP] This packet goes from 10.0.0.8:55358 to 117.18.237.29:80 1509712216.998425 [DEBUG] TCP flags: SYN, 1509712216.998430 [DEBUG] Using strategy rst_wrong_ack 1509712216.998492 [DEBUG] [TCP] This packet goes from 10.0.0.8:55360 to 117.18.237.29:80 1509712216.998501 [DEBUG] TCP flags: SYN, 1509712216.998506 [DEBUG] Using strategy rst_small_ttl_and_wrong_ack 1509712217.029870 [DEBUG] [TCP] This packet goes from 10.0.0.8:55362 to 117.18.237.29:80 1509712217.029912 [DEBUG] TCP flags: SYN, 1509712217.029962 [DEBUG] Using strategy multiple_syn_wrong_checksum 1509712217.030201 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55358 1509712217.030213 [DEBUG] TCP flags: SYN,ACK, 1509712217.060651 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55356 1509712217.060693 [DEBUG] TCP flags: SYN,ACK, 1509712217.060731 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10013 1509712217.060743 [DEBUG] TCP flags: SYN,ACK, 1509712217.060769 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10015 1509712217.060780 [DEBUG] TCP flags: SYN,ACK, 1509712217.060798 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10014 1509712217.060807 [DEBUG] TCP flags: SYN,ACK, 1509712217.060827 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55342 1509712217.060836 [DEBUG] TCP flags: PSH,ACK, 1509712217.060843 [DEBUG] [TCP] Got a HTTP response from 117.18.237.29:80 to 10.0.0.8:55342. 1509712217.060969 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10029 1509712217.060983 [DEBUG] TCP flags: SYN,ACK, 1509712217.061003 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10023 1509712217.061013 [DEBUG] TCP flags: SYN,ACK, 1509712217.061032 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10028 1509712217.061041 [DEBUG] TCP flags: SYN,ACK, 1509712217.061124 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10019 1509712217.061145 [DEBUG] TCP flags: SYN,ACK, 1509712217.061168 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10020 1509712217.061174 [DEBUG] TCP flags: SYN,ACK, 1509712217.061183 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10016 1509712217.061188 [DEBUG] TCP flags: SYN,ACK, 1509712217.061196 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10026 1509712217.061200 [DEBUG] TCP flags: SYN,ACK, 1509712217.061209 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10021 1509712217.061213 [DEBUG] TCP flags: SYN,ACK, 1509712217.061222 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10022 1509712217.061226 [DEBUG] TCP flags: SYN,ACK, 1509712217.061234 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10024 1509712217.061239 [DEBUG] TCP flags: SYN,ACK, 1509712217.061248 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10017 1509712217.061253 [DEBUG] TCP flags: SYN,ACK, 1509712217.061261 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10018 1509712217.061266 [DEBUG] TCP flags: SYN,ACK, 1509712217.061274 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10025 1509712217.061279 [DEBUG] TCP flags: SYN,ACK, 1509712217.061287 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10027 1509712217.061292 [DEBUG] TCP flags: SYN,ACK, 1509712217.061301 [DEBUG] [TCP] This packet goes from 10.0.0.8:55358 to 117.18.237.29:80 1509712217.061306 [DEBUG] TCP flags: ACK, 1509712217.061514 [DEBUG] [TCP] This packet goes from 10.0.0.8:55356 to 117.18.237.29:80 1509712217.061529 [DEBUG] TCP flags: ACK, 1509712217.061614 [DEBUG] [TCP] This packet goes from 10.0.0.8:55342 to 117.18.237.29:80 1509712217.061626 [DEBUG] TCP flags: ACK, 1509712217.062324 [DEBUG] [TCP] This packet goes from 10.0.0.8:55342 to 117.18.237.29:80 1509712217.062340 [DEBUG] TCP flags: PSH,ACK, 1509712217.062344 [DEBUG] [TCP] Sent a HTTP request from 10.0.0.8:55342 to 117.18.237.29:80. 1509712217.062349 [DEBUG] [TCP] POST ocsp.digicert.com/ HTTP/1.1 1509712217.198308 [DEBUG] [TCP] This packet goes from 10.0.0.8:55358 to 117.18.237.29:80 1509712217.198340 [DEBUG] TCP flags: PSH,ACK, 1509712217.198346 [DEBUG] [TCP] Sent a HTTP request from 10.0.0.8:55358 to 117.18.237.29:80. 1509712217.198351 [DEBUG] [TCP] POST ocsp.digicert.com/ HTTP/1.1 1509712217.198473 [DEBUG] [TCP] This packet goes from 10.0.0.8:55356 to 117.18.237.29:80 1509712217.198484 [DEBUG] TCP flags: PSH,ACK, 1509712217.198488 [DEBUG] [TCP] Sent a HTTP request from 10.0.0.8:55356 to 117.18.237.29:80. 1509712217.198492 [DEBUG] [TCP] POST ocsp.digicert.com/ HTTP/1.1 1509712217.336368 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55360 1509712217.336403 [DEBUG] TCP flags: SYN,ACK, 1509712217.336556 [DEBUG] TTL probing hasn't started. 1509712217.367284 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55362 1509712217.367330 [DEBUG] TCP flags: SYN,ACK, 1509712217.367483 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55362 1509712217.367501 [DEBUG] TCP flags: SYN,ACK, 1509712217.367596 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55362 1509712217.367612 [DEBUG] TCP flags: SYN,ACK, 1509712217.367704 [DEBUG] [TCP] This packet goes from 10.0.0.8:55364 to 117.18.237.29:80 1509712217.367720 [DEBUG] TCP flags: SYN, 1509712217.367730 [DEBUG] Using strategy multiple_syn 1509712217.439272 [DEBUG] [TCP] This packet goes from 10.0.0.8:55366 to 117.18.237.29:80 1509712217.439316 [DEBUG] TCP flags: SYN, 1509712217.439325 [DEBUG] Using strategy mixed_do_ms 1509712217.439528 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55358 1509712217.439539 [DEBUG] TCP flags: PSH,ACK, 1509712217.439543 [DEBUG] [TCP] Got a HTTP response from 117.18.237.29:80 to 10.0.0.8:55358. 1509712217.439625 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55342 1509712217.439633 [DEBUG] TCP flags: PSH,ACK, 1509712217.439637 [DEBUG] [TCP] Got a HTTP response from 117.18.237.29:80 to 10.0.0.8:55342. 1509712217.439650 [DEBUG] [TCP] This packet goes from 10.0.0.8:55360 to 117.18.237.29:80 1509712217.439655 [DEBUG] TCP flags: ACK, 1509712217.439711 [DEBUG] [TCP] This packet goes from 10.0.0.8:55360 to 117.18.237.29:80 1509712217.439721 [DEBUG] TCP flags: PSH,ACK, 1509712217.439725 [DEBUG] [TCP] Sent a HTTP request from 10.0.0.8:55360 to 117.18.237.29:80. 1509712217.439729 [DEBUG] [TCP] POST ocsp.digicert.com/ HTTP/1.1 1509712217.439784 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55356 1509712217.439794 [DEBUG] TCP flags: PSH,ACK, 1509712217.439798 [DEBUG] [TCP] Got a HTTP response from 117.18.237.29:80 to 10.0.0.8:55356. 1509712217.439815 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55360 1509712217.439820 [DEBUG] TCP flags: RST, 1509712217.439824 [DEBUG] [TCP] Got an incoming RST from 117.18.237.29:80 to 10.0.0.8:55360. 1509712217.439833 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55360 1509712217.439838 [DEBUG] TCP flags: RST, 1509712217.439842 [DEBUG] [TCP] Got an incoming RST from 117.18.237.29:80 to 10.0.0.8:55360. 1509712217.439850 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55360 1509712217.439855 [DEBUG] TCP flags: RST, 1509712217.439858 [DEBUG] [TCP] Got an incoming RST from 117.18.237.29:80 to 10.0.0.8:55360. 1509712217.439866 [DEBUG] [TCP] This packet goes from 10.0.0.8:55342 to 117.18.237.29:80 1509712217.439871 [DEBUG] TCP flags: PSH,ACK, 1509712217.439875 [DEBUG] [TCP] Sent a HTTP request from 10.0.0.8:55342 to 117.18.237.29:80. 1509712217.439879 [DEBUG] [TCP] POST ocsp.digicert.com/ HTTP/1.1 1509712217.575379 [DEBUG] [TCP] This packet goes from 10.0.0.8:55358 to 117.18.237.29:80 1509712217.575452 [DEBUG] TCP flags: ACK, 1509712217.575569 [DEBUG] [TCP] This packet goes from 10.0.0.8:55356 to 117.18.237.29:80 1509712217.575617 [DEBUG] TCP flags: ACK, 1509712217.575723 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55366 1509712217.575737 [DEBUG] TCP flags: SYN,ACK, 1509712217.576287 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55366 1509712217.576301 [DEBUG] TCP flags: SYN,ACK, 1509712217.576649 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55366 1509712217.576667 [DEBUG] TCP flags: SYN,ACK, 1509712217.577066 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55364 1509712217.577082 [DEBUG] TCP flags: SYN,ACK, 1509712217.577170 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55342 1509712217.577188 [DEBUG] TCP flags: PSH,ACK, 1509712217.577193 [DEBUG] [TCP] Got a HTTP response from 117.18.237.29:80 to 10.0.0.8:55342. 1509712217.577440 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55360 1509712217.577453 [DEBUG] TCP flags: PSH,ACK, 1509712217.577457 [DEBUG] [TCP] Got a HTTP response from 117.18.237.29:80 to 10.0.0.8:55360. 1509712217.577585 [DEBUG] [TCP] This packet goes from 10.0.0.8:55342 to 117.18.237.29:80 1509712217.577597 [DEBUG] TCP flags: ACK, 1509712217.577778 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55358 1509712217.577791 [DEBUG] TCP flags: PSH,ACK, 1509712217.577795 [DEBUG] [TCP] Got a HTTP response from 117.18.237.29:80 to 10.0.0.8:55358. 1509712217.577907 [DEBUG] [TCP] This packet goes from 10.0.0.8:55364 to 117.18.237.29:80 1509712217.577916 [DEBUG] TCP flags: ACK, 1509712217.577984 [DEBUG] [TCP] This packet goes from 10.0.0.8:55342 to 117.18.237.29:80 1509712217.577994 [DEBUG] TCP flags: ACK, 1509712217.578048 [DEBUG] [TCP] This packet goes from 10.0.0.8:55360 to 117.18.237.29:80 1509712217.578072 [DEBUG] TCP flags: ACK, 1509712217.578170 [DEBUG] [TCP] This packet goes from 10.0.0.8:55358 to 117.18.237.29:80 1509712217.578190 [DEBUG] TCP flags: ACK, 1509712217.608327 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55366 1509712217.608351 [DEBUG] TCP flags: RST, 1509712217.608356 [DEBUG] [TCP] Got an incoming RST from 117.18.237.29:80 to 10.0.0.8:55366. 1509712217.608469 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55366 1509712217.608479 [DEBUG] TCP flags: RST, 1509712217.608483 [DEBUG] [TCP] Got an incoming RST from 117.18.237.29:80 to 10.0.0.8:55366. 1509712217.608493 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55366 1509712217.608497 [DEBUG] TCP flags: RST, 1509712217.608501 [DEBUG] [TCP] Got an incoming RST from 117.18.237.29:80 to 10.0.0.8:55366. 1509712217.608509 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55366 1509712217.608514 [DEBUG] TCP flags: RST, 1509712217.608518 [DEBUG] [TCP] Got an incoming RST from 117.18.237.29:80 to 10.0.0.8:55366. 1509712217.608525 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55366 1509712217.608530 [DEBUG] TCP flags: RST, 1509712217.608534 [DEBUG] [TCP] Got an incoming RST from 117.18.237.29:80 to 10.0.0.8:55366. 1509712217.608541 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55366 1509712217.608546 [DEBUG] TCP flags: RST, 1509712217.608550 [DEBUG] [TCP] Got an incoming RST from 117.18.237.29:80 to 10.0.0.8:55366. 1509712217.608557 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55366 1509712217.608562 [DEBUG] TCP flags: RST, 1509712217.608566 [DEBUG] [TCP] Got an incoming RST from 117.18.237.29:80 to 10.0.0.8:55366. 1509712217.608641 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55366 1509712217.608646 [DEBUG] TCP flags: RST, 1509712217.608650 [DEBUG] [TCP] Got an incoming RST from 117.18.237.29:80 to 10.0.0.8:55366. 1509712217.608658 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55366 1509712217.608662 [DEBUG] TCP flags: RST, 1509712217.608666 [DEBUG] [TCP] Got an incoming RST from 117.18.237.29:80 to 10.0.0.8:55366. 1509712217.892406 [DEBUG] [TCP] This packet goes from 10.0.0.8:55362 to 117.18.237.29:80 1509712217.892451 [DEBUG] TCP flags: SYN, 1509712217.892466 [DEBUG] Using strategy multiple_syn 1509712217.964355 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 1 1 1509712217.964415 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712217.969874 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 1 1 1509712217.969966 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712217.970297 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 28 1 1509712217.970321 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712217.974281 [DEBUG] DNS Query: versioncheck-bg.addons.mozilla.org 28 1 1509712217.974327 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712217.997638 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55362 1509712217.997679 [DEBUG] TCP flags: SYN,ACK, 1509712217.997734 [DEBUG] [TCP] This packet goes from 10.0.0.8:55362 to 117.18.237.29:80 1509712217.997744 [DEBUG] TCP flags: ACK, 1509712218.049388 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10020 1509712218.049458 [DEBUG] TCP flags: SYN,ACK, 1509712218.064259 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10025 1509712218.064365 [DEBUG] TCP flags: SYN,ACK, 1509712218.070546 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10016 1509712218.070609 [DEBUG] TCP flags: SYN,ACK, 1509712218.102749 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10017 1509712218.102781 [DEBUG] TCP flags: SYN,ACK, 1509712218.111817 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10024 1509712218.111845 [DEBUG] TCP flags: SYN,ACK, 1509712218.121593 [DEBUG] DNS Query: addons.cdn.mozilla.net 1 1 1509712218.121643 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712218.121955 [DEBUG] DNS Query: addons.cdn.mozilla.net 28 1 1509712218.122020 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712218.126901 [DEBUG] DNS Query: aus5.mozilla.org 1 1 1509712218.126939 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712218.127888 [DEBUG] DNS Query: aus5.mozilla.org 1 1 1509712218.127922 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712218.128143 [DEBUG] DNS Query: addons.cdn.mozilla.net 1 1 1509712218.128227 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712218.128415 [DEBUG] DNS Query: addons.cdn.mozilla.net 28 1 1509712218.128434 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712218.130218 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10013 1509712218.130241 [DEBUG] TCP flags: SYN,ACK, 1509712218.131645 [DEBUG] DNS Query: aus5.mozilla.org 1 1 1509712218.131681 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712218.132004 [DEBUG] DNS Query: aus5.mozilla.org 28 1 1509712218.132028 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712218.132537 [DEBUG] DNS Query: aus5.mozilla.org 1 1 1509712218.132564 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712218.136604 [DEBUG] DNS Query: aus5.mozilla.org 28 1 1509712218.136642 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712218.148252 [DEBUG] [TCP] This packet goes from 10.0.0.8:55366 to 117.18.237.29:80 1509712218.148282 [DEBUG] TCP flags: SYN, 1509712218.148289 [DEBUG] Using strategy data_overlapping_combined 1509712218.150314 [DEBUG] [TCP] This packet goes from 10.0.0.8:55342 to 117.18.237.29:80 1509712218.150339 [DEBUG] TCP flags: PSH,ACK, 1509712218.150344 [DEBUG] [TCP] Sent a HTTP request from 10.0.0.8:55342 to 117.18.237.29:80. 1509712218.150349 [DEBUG] [TCP] POST ocsp.digicert.com/ HTTP/1.1 1509712218.283348 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10028 1509712218.283384 [DEBUG] TCP flags: SYN,ACK, 1509712218.283400 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55366 1509712218.283405 [DEBUG] TCP flags: SYN,ACK, 1509712218.283441 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10023 1509712218.283447 [DEBUG] TCP flags: SYN,ACK, 1509712218.283455 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10021 1509712218.283460 [DEBUG] TCP flags: SYN,ACK, 1509712218.283467 [DEBUG] [TCP] This packet goes from 10.0.0.8:55366 to 117.18.237.29:80 1509712218.283471 [DEBUG] TCP flags: ACK, 1509712218.297157 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10015 1509712218.297208 [DEBUG] TCP flags: SYN,ACK, 1509712218.318029 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55342 1509712218.318062 [DEBUG] TCP flags: PSH,ACK, 1509712218.318067 [DEBUG] [TCP] Got a HTTP response from 117.18.237.29:80 to 10.0.0.8:55342. 1509712218.318155 [DEBUG] [TCP] This packet goes from 10.0.0.8:55342 to 117.18.237.29:80 1509712218.318163 [DEBUG] TCP flags: ACK, 1509712218.320617 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10014 1509712218.320646 [DEBUG] TCP flags: SYN,ACK, 1509712218.326303 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10022 1509712218.326333 [DEBUG] TCP flags: SYN,ACK, 1509712218.328371 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10026 1509712218.328568 [DEBUG] TCP flags: SYN,ACK, 1509712218.328596 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10029 1509712218.328602 [DEBUG] TCP flags: SYN,ACK, 1509712218.345420 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10018 1509712218.345452 [DEBUG] TCP flags: SYN,ACK, 1509712218.417291 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10019 1509712218.417324 [DEBUG] TCP flags: SYN,ACK, 1509712218.479988 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10027 1509712218.480028 [DEBUG] TCP flags: SYN,ACK, 1509712218.638989 [DEBUG] DNS Query: versioncheck.addons.mozilla.org 1 1 1509712218.639043 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712218.639361 [DEBUG] DNS Query: versioncheck.addons.mozilla.org 28 1 1509712218.639402 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712218.644657 [DEBUG] DNS Query: versioncheck.addons.mozilla.org 1 1 1509712218.644695 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712218.644774 [DEBUG] DNS Query: versioncheck.addons.mozilla.org 28 1 1509712218.644788 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712218.724479 [DEBUG] DNS Query: ftp.mozilla.org 1 1 1509712218.724516 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712218.731119 [DEBUG] DNS Query: ftp.mozilla.org 1 1 1509712218.731161 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712218.731485 [DEBUG] DNS Query: ftp.mozilla.org 28 1 1509712218.731507 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712218.735992 [DEBUG] DNS Query: ftp.mozilla.org 28 1 1509712218.736033 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712219.364003 [DEBUG] DNS Query: incoming.telemetry.mozilla.org 1 1 1509712219.364044 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712219.370406 [DEBUG] DNS Query: incoming.telemetry.mozilla.org 1 1 1509712219.370448 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712219.372043 [DEBUG] DNS Query: incoming.telemetry.mozilla.org 28 1 1509712219.372091 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712219.378632 [DEBUG] DNS Query: incoming.telemetry.mozilla.org 28 1 1509712219.378669 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712220.048540 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10020 1509712220.048574 [DEBUG] TCP flags: SYN,ACK, 1509712220.064589 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10025 1509712220.064623 [DEBUG] TCP flags: SYN,ACK, 1509712220.070532 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10016 1509712220.070579 [DEBUG] TCP flags: SYN,ACK, 1509712220.103504 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10017 1509712220.103535 [DEBUG] TCP flags: SYN,ACK, 1509712220.112535 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10024 1509712220.112563 [DEBUG] TCP flags: SYN,ACK, 1509712220.130521 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10013 1509712220.130552 [DEBUG] TCP flags: SYN,ACK, 1509712220.153529 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10028 1509712220.153562 [DEBUG] TCP flags: SYN,ACK, 1509712220.252270 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10023 1509712220.252319 [DEBUG] TCP flags: SYN,ACK, 1509712220.270551 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10021 1509712220.270651 [DEBUG] TCP flags: SYN,ACK, 1509712220.297495 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10015 1509712220.297524 [DEBUG] TCP flags: SYN,ACK, 1509712220.320606 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10014 1509712220.320677 [DEBUG] TCP flags: SYN,ACK, 1509712220.326769 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10022 1509712220.326811 [DEBUG] TCP flags: SYN,ACK, 1509712220.327896 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10026 1509712220.327987 [DEBUG] TCP flags: SYN,ACK, 1509712220.328638 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10029 1509712220.328670 [DEBUG] TCP flags: SYN,ACK, 1509712220.345550 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10018 1509712220.345587 [DEBUG] TCP flags: SYN,ACK, 1509712220.418063 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10019 1509712220.418093 [DEBUG] TCP flags: SYN,ACK, 1509712220.479639 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:10027 1509712220.479686 [DEBUG] TCP flags: SYN,ACK, 1509712220.967138 [DEBUG] DNS Query: cn.bing.com 1 1 1509712220.967195 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712220.967547 [DEBUG] DNS Query: cn.bing.com 28 1 1509712220.967583 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712220.968086 [DEBUG] [TCP] This packet goes from 10.0.0.8:46980 to 202.89.233.101:80 1509712220.968107 [DEBUG] TCP flags: SYN, 1509712220.968120 [DEBUG] Using strategy rst_small_ttl 1509712220.968554 [DEBUG] DNS Query: cn.bing.com 1 1 1509712220.968590 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712220.992768 [DEBUG] DNS Query: cn.bing.com 1 1 1509712220.992813 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712220.992898 [DEBUG] DNS Query: cn.bing.com 28 1 1509712220.992914 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712220.992925 [DEBUG] DNS Query: cn.bing.com 1 1 1509712220.992935 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712221.022857 [DEBUG] [TCP] This packet goes from 202.89.233.101:80 to 10.0.0.8:46980 1509712221.022889 [DEBUG] TCP flags: SYN,ACK, 1509712221.023107 [DEBUG] [TCP] This packet goes from 10.0.0.8:46980 to 202.89.233.101:80 1509712221.023119 [DEBUG] TCP flags: ACK, 1509712221.023382 [DEBUG] [TCP] This packet goes from 10.0.0.8:46980 to 202.89.233.101:80 1509712221.023394 [DEBUG] TCP flags: PSH,ACK, 1509712221.023399 [DEBUG] [TCP] Sent a HTTP request from 10.0.0.8:46980 to 202.89.233.101:80. 1509712221.023404 [DEBUG] [TCP] POST cn.bing.com/fd/ls/lsp.aspx HTTP/1.1 1509712221.115592 [DEBUG] [TCP] This packet goes from 202.89.233.101:80 to 10.0.0.8:46980 1509712221.115629 [DEBUG] TCP flags: PSH,ACK, 1509712221.115635 [DEBUG] [TCP] Got a HTTP response from 202.89.233.101:80 to 10.0.0.8:46980. 1509712221.115716 [DEBUG] [TCP] This packet goes from 10.0.0.8:46980 to 202.89.233.101:80 1509712221.115724 [DEBUG] TCP flags: ACK, 1509712221.123540 [DEBUG] Pending request expired. 134217738_11992_502076021_20480 1509712221.123426 1509712221.123818 [INFO] [EVAL] STRATEGY SUCCEEDED. 134217738_11992_502076021_20480_6 1509712221.123920 [DEBUG] Pending request expired. 134217738_52869_3705422800_13568 1509712221.300198 1509712221.332792 [DEBUG] DNS Query: cn.bing.com 1 1 1509712221.332834 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712221.333320 [DEBUG] [TCP] This packet goes from 10.0.0.8:46980 to 202.89.233.101:80 1509712221.333338 [DEBUG] TCP flags: PSH,ACK, 1509712221.333343 [DEBUG] [TCP] Sent a HTTP request from 10.0.0.8:46980 to 202.89.233.101:80. 1509712221.333348 [DEBUG] [TCP] POST cn.bing.com/fd/ls/lsp.aspx HTTP/1.1 1509712221.363914 [DEBUG] DNS Query: cn.bing.com 1 1 1509712221.364000 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712221.364828 [DEBUG] DNS Query: cn.bing.com 28 1 1509712221.364857 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712221.371632 [DEBUG] DNS Query: cn.bing.com 28 1 1509712221.371678 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712221.422809 [DEBUG] [TCP] This packet goes from 202.89.233.101:80 to 10.0.0.8:46980 1509712221.422857 [DEBUG] TCP flags: PSH,ACK, 1509712221.422865 [DEBUG] [TCP] Got a HTTP response from 202.89.233.101:80 to 10.0.0.8:46980. 1509712221.422963 [DEBUG] [TCP] This packet goes from 10.0.0.8:46980 to 202.89.233.101:80 1509712221.422975 [DEBUG] TCP flags: ACK, 1509712221.554587 [DEBUG] DNS Query: googleads.g.doubleclick.net 1 1 1509712221.554642 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712221.555438 [DEBUG] DNS Query: googleads.g.doubleclick.net 28 1 1509712221.555469 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712221.555769 [DEBUG] [TCP] This packet goes from 10.0.0.8:53600 to 203.208.43.89:80 1509712221.555787 [DEBUG] TCP flags: PSH,ACK, 1509712221.555795 [DEBUG] [TCP] Sent a HTTP request from 10.0.0.8:53600 to 203.208.43.89:80. 1509712221.555818 [DEBUG] [TCP] GET googleads.g.doubleclick.net/pagead/gen_204?id=wfocus&gqid=4WD8WYDwJZPP9AXsgLLoCw&qqid=CK3Dq-qzotcCFURevQodjRQMJA&fg=1 HTTP/1.1 1509712221.557341 [DEBUG] [TCP] This packet goes from 10.0.0.8:53590 to 203.208.43.89:80 1509712221.557377 [DEBUG] TCP flags: PSH,ACK, 1509712221.557385 [DEBUG] [TCP] Sent a HTTP request from 10.0.0.8:53590 to 203.208.43.89:80. 1509712221.557394 [DEBUG] [TCP] GET googleads.g.doubleclick.net/pagead/gen_204?id=wfocus&gqid=4WD8WbKUL9TO9AXG24jACA&qqid=CKfdtOqzotcCFVVtvQod4O8NfQ&fg=1 HTTP/1.1 1509712221.560186 [DEBUG] [TCP] This packet goes from 10.0.0.8:53610 to 203.208.43.89:80 1509712221.560264 [DEBUG] TCP flags: PSH,ACK, 1509712221.560272 [DEBUG] [TCP] Sent a HTTP request from 10.0.0.8:53610 to 203.208.43.89:80. 1509712221.560279 [DEBUG] [TCP] GET googleads.g.doubleclick.net/pagead/gen_204?id=wfocus&gqid=4WD8WcioOpH69QXPwZLoCw&qqid=CJmEwOqzotcCFUwnvQod1H8IaA&fg=1 HTTP/1.1 1509712221.561234 [DEBUG] DNS Query: googleads.g.doubleclick.net 1 1 1509712221.561285 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712221.561378 [DEBUG] DNS Query: googleads.g.doubleclick.net 28 1 1509712221.561399 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712221.640713 [DEBUG] [TCP] This packet goes from 203.208.43.89:80 to 10.0.0.8:53600 1509712221.640817 [DEBUG] TCP flags: PSH,ACK, 1509712221.640826 [DEBUG] [TCP] Got a HTTP response from 203.208.43.89:80 to 10.0.0.8:53600. 1509712221.640905 [DEBUG] [TCP] This packet goes from 203.208.43.89:80 to 10.0.0.8:53610 1509712221.640913 [DEBUG] TCP flags: PSH,ACK, 1509712221.640918 [DEBUG] [TCP] Got a HTTP response from 203.208.43.89:80 to 10.0.0.8:53610. 1509712221.640931 [DEBUG] [TCP] This packet goes from 10.0.0.8:53600 to 203.208.43.89:80 1509712221.640937 [DEBUG] TCP flags: ACK, 1509712221.641010 [DEBUG] [TCP] This packet goes from 10.0.0.8:53610 to 203.208.43.89:80 1509712221.641020 [DEBUG] TCP flags: ACK, 1509712221.641599 [DEBUG] [TCP] This packet goes from 203.208.43.89:80 to 10.0.0.8:53590 1509712221.641950 [DEBUG] TCP flags: PSH,ACK, 1509712221.641963 [DEBUG] [TCP] Got a HTTP response from 203.208.43.89:80 to 10.0.0.8:53590. 1509712221.642054 [DEBUG] [TCP] This packet goes from 10.0.0.8:53590 to 203.208.43.89:80 1509712221.642065 [DEBUG] TCP flags: ACK, 1509712221.967657 [DEBUG] Pending request expired. 134217738_11992_502076021_20480 1509712221.967413 1509712221.967939 [DEBUG] Pending request expired. 134217738_11992_502076021_20480 1509712222.167468 1509712222.198519 [DEBUG] Pending request expired. 134217738_16088_502076021_20480 1509712222.198369 1509712222.199082 [INFO] [EVAL] STRATEGY SUCCEEDED. 134217738_16088_502076021_20480_2 1509712222.199262 [DEBUG] Pending request expired. 134217738_15576_502076021_20480 1509712222.305490 1509712222.199614 [INFO] [EVAL] STRATEGY SUCCEEDED. 134217738_15576_502076021_20480_6 1509712222.440674 [DEBUG] Pending request expired. 134217738_16600_502076021_20480 1509712222.440078 1509712222.441200 [INFO] [EVAL] STRATEGY SUCCEEDED. 134217738_16600_502076021_20480_5 1509712222.441493 [DEBUG] Pending request expired. 134217738_11992_502076021_20480 1509712222.544422 1509712222.673985 [DEBUG] [TCP] This packet goes from 10.0.0.8:55364 to 117.18.237.29:80 1509712222.674016 [DEBUG] TCP flags: FIN,ACK, 1509712222.706070 [DEBUG] [TCP] This packet goes from 10.0.0.8:55364 to 117.18.237.29:80 1509712222.706103 [DEBUG] TCP flags: ACK, 1509712223.251762 [DEBUG] Pending request expired. 134217738_11992_502076021_20480 1509712223.252561 1509712223.675056 [DEBUG] [TCP] This packet goes from 10.0.0.8:55366 to 117.18.237.29:80 1509712223.675086 [DEBUG] TCP flags: FIN,ACK, 1509712223.675412 [DEBUG] [TCP] This packet goes from 10.0.0.8:55362 to 117.18.237.29:80 1509712223.675427 [DEBUG] TCP flags: FIN,ACK, 1509712223.707133 [DEBUG] [TCP] This packet goes from 10.0.0.8:55366 to 117.18.237.29:80 1509712223.707175 [DEBUG] TCP flags: ACK, 1509712223.708494 [DEBUG] [TCP] This packet goes from 10.0.0.8:55362 to 117.18.237.29:80 1509712223.708518 [DEBUG] TCP flags: ACK, 1509712224.308904 [DEBUG] Keep alive packet sent. 1509712224.308954 [DEBUG] [TCP] This packet goes from 10.0.0.8:34254 to 208.67.220.220:53 1509712224.308963 [DEBUG] TCP flags: PSH,ACK, 1509712224.308967 [DEBUG] [TCP] Sent a DNS request from 10.0.0.8:34254 to 208.67.220.220:53. 1509712224.377359 [DEBUG] [TCP] This packet goes from 208.67.220.220:53 to 10.0.0.8:34254 1509712224.377394 [DEBUG] TCP flags: PSH,ACK, 1509712224.377400 [DEBUG] [TCP] Got a DNS response from 208.67.220.220:53 to 10.0.0.8:34254. 1509712224.377405 [DEBUG] DNS Query: www.aiojewewrrewqddsag.com 1 1 1509712224.377492 [DEBUG] [TCP] This packet goes from 10.0.0.8:34254 to 208.67.220.220:53 1509712224.377501 [DEBUG] TCP flags: ACK, 1509712224.377706 [DEBUG] No DNS request info or DNS response has been received. 6751 www.aiojewewrrewqddsag.com 1509712226.025053 [DEBUG] Pending request expired. 134217738_33975_1709791690_20480 1509712226.023602 1509712226.025501 [INFO] [EVAL] STRATEGY SUCCEEDED. 134217738_33975_1709791690_20480_1 1509712226.334191 [DEBUG] Pending request expired. 134217738_33975_1709791690_20480 1509712226.333608 1509712226.557064 [DEBUG] Pending request expired. 134217738_24785_1496043723_20480 1509712226.555843 1509712226.557617 [DEBUG] Pending request expired. 134217738_22225_1496043723_20480 1509712226.557425 1509712226.557686 [DEBUG] Pending request expired. 134217738_27345_1496043723_20480 1509712226.560335 1509712227.461183 [DEBUG] [TCP] This packet goes from 10.0.0.8:55356 to 117.18.237.29:80 1509712227.461217 [DEBUG] TCP flags: ACK, 1509712227.588192 [DEBUG] [TCP] This packet goes from 10.0.0.8:55358 to 117.18.237.29:80 1509712227.588225 [DEBUG] TCP flags: ACK, 1509712227.622175 [DEBUG] [TCP] This packet goes from 10.0.0.8:55360 to 117.18.237.29:80 1509712227.622387 [DEBUG] TCP flags: ACK, 1509712227.657251 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55360 1509712227.657281 [DEBUG] TCP flags: RST, 1509712227.657286 [DEBUG] [TCP] Got an incoming RST from 117.18.237.29:80 to 10.0.0.8:55360. 1509712228.388412 [DEBUG] [TCP] This packet goes from 10.0.0.8:55342 to 117.18.237.29:80 1509712228.388446 [DEBUG] TCP flags: ACK, 1509712228.422443 [DEBUG] [TCP] This packet goes from 117.18.237.29:80 to 10.0.0.8:55342 1509712228.422477 [DEBUG] TCP flags: RST, 1509712228.422483 [DEBUG] [TCP] Got an incoming RST from 117.18.237.29:80 to 10.0.0.8:55342. 1509712229.309342 [DEBUG] Pending request expired. 134217738_52869_3705422800_13568 1509712229.308987 1509712231.424270 [DEBUG] [TCP] This packet goes from 10.0.0.8:46980 to 202.89.233.101:80 1509712231.424309 [DEBUG] TCP flags: ACK, 1509712231.444244 [DEBUG] [TCP] This packet goes from 10.0.0.8:46980 to 202.89.233.101:80 1509712231.444279 [DEBUG] TCP flags: FIN,ACK, 1509712231.445169 [DEBUG] [TCP] This packet goes from 10.0.0.8:55356 to 117.18.237.29:80 1509712231.445194 [DEBUG] TCP flags: FIN,ACK, 1509712231.445360 [DEBUG] [TCP] This packet goes from 10.0.0.8:55358 to 117.18.237.29:80 1509712231.445373 [DEBUG] TCP flags: FIN,ACK, 1509712231.453921 [DEBUG] [TCP] This packet goes from 10.0.0.8:53610 to 203.208.43.89:80 1509712231.453950 [DEBUG] TCP flags: FIN,ACK, 1509712231.456923 [DEBUG] [TCP] This packet goes from 10.0.0.8:53600 to 203.208.43.89:80 1509712231.456961 [DEBUG] TCP flags: FIN,ACK, 1509712231.458047 [DEBUG] [TCP] This packet goes from 10.0.0.8:53590 to 203.208.43.89:80 1509712231.458073 [DEBUG] TCP flags: FIN,ACK, 1509712231.477165 [DEBUG] [TCP] This packet goes from 10.0.0.8:55358 to 117.18.237.29:80 1509712231.477200 [DEBUG] TCP flags: ACK, 1509712231.478289 [DEBUG] [TCP] This packet goes from 10.0.0.8:55356 to 117.18.237.29:80 1509712231.478310 [DEBUG] TCP flags: ACK, 1509712231.483719 [DEBUG] [TCP] This packet goes from 10.0.0.8:53610 to 203.208.43.89:80 1509712231.483750 [DEBUG] TCP flags: ACK, 1509712231.485918 [DEBUG] [TCP] This packet goes from 10.0.0.8:53600 to 203.208.43.89:80 1509712231.485945 [DEBUG] TCP flags: ACK, 1509712231.487270 [DEBUG] [TCP] This packet goes from 10.0.0.8:53590 to 203.208.43.89:80 1509712231.487323 [DEBUG] TCP flags: ACK, 1509712231.498646 [DEBUG] [TCP] This packet goes from 10.0.0.8:46980 to 202.89.233.101:80 1509712231.498687 [DEBUG] TCP flags: ACK, 1509712232.319639 [DEBUG] Keep alive packet sent. 1509712232.319729 [DEBUG] [TCP] This packet goes from 10.0.0.8:34254 to 208.67.220.220:53 1509712232.319740 [DEBUG] TCP flags: PSH,ACK, 1509712232.319745 [DEBUG] [TCP] Sent a DNS request from 10.0.0.8:34254 to 208.67.220.220:53. 1509712232.388304 [DEBUG] [TCP] This packet goes from 208.67.220.220:53 to 10.0.0.8:34254 1509712232.388355 [DEBUG] TCP flags: PSH,ACK, 1509712232.388366 [DEBUG] [TCP] Got a DNS response from 208.67.220.220:53 to 10.0.0.8:34254. 1509712232.388374 [DEBUG] DNS Query: www.aiojewewrrewqddsag.com 1 1 1509712232.388646 [DEBUG] [TCP] This packet goes from 10.0.0.8:34254 to 208.67.220.220:53 1509712232.388662 [DEBUG] TCP flags: ACK, 1509712232.388858 [DEBUG] No DNS request info or DNS response has been received. 6751 www.aiojewewrrewqddsag.com 1509712234.745578 [DEBUG] DNS Query: detectportal.firefox.com 1 1 1509712234.745643 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712234.747978 [DEBUG] DNS Query: detectportal.firefox.com 28 1 1509712234.748139 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712234.752306 [DEBUG] DNS Query: detectportal.firefox.com 1 1 1509712234.752364 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712234.753340 [DEBUG] DNS Query: detectportal.firefox.com 28 1 1509712234.753388 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712234.761038 [DEBUG] [TCP] This packet goes from 10.0.0.8:58090 to 65.200.22.25:80 1509712234.761071 [DEBUG] TCP flags: SYN, 1509712234.761083 [DEBUG] Using strategy rst_small_ttl_and_wrong_ack 1509712234.921324 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10028 1509712234.921356 [DEBUG] TCP flags: SYN,ACK, 1509712234.921379 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10026 1509712234.921385 [DEBUG] TCP flags: SYN,ACK, 1509712234.921394 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10016 1509712234.921398 [DEBUG] TCP flags: SYN,ACK, 1509712234.921407 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10022 1509712234.921411 [DEBUG] TCP flags: SYN,ACK, 1509712234.921419 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10024 1509712234.921424 [DEBUG] TCP flags: SYN,ACK, 1509712234.922955 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10015 1509712234.922983 [DEBUG] TCP flags: SYN,ACK, 1509712234.923005 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10020 1509712234.923010 [DEBUG] TCP flags: SYN,ACK, 1509712234.923019 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10017 1509712234.923024 [DEBUG] TCP flags: SYN,ACK, 1509712234.923032 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10018 1509712234.923037 [DEBUG] TCP flags: SYN,ACK, 1509712234.924014 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10014 1509712234.924041 [DEBUG] TCP flags: SYN,ACK, 1509712234.924061 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10025 1509712234.924066 [DEBUG] TCP flags: SYN,ACK, 1509712234.924074 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10021 1509712234.924079 [DEBUG] TCP flags: SYN,ACK, 1509712234.924086 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10029 1509712234.924091 [DEBUG] TCP flags: SYN,ACK, 1509712234.924098 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10019 1509712234.924102 [DEBUG] TCP flags: SYN,ACK, 1509712234.925288 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10027 1509712234.925320 [DEBUG] TCP flags: SYN,ACK, 1509712234.925338 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10023 1509712234.925343 [DEBUG] TCP flags: SYN,ACK, 1509712234.953995 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:58090 1509712234.954028 [DEBUG] TCP flags: SYN,ACK, 1509712234.954208 [DEBUG] TTL probing hasn't started. 1509712234.984923 [DEBUG] [TCP] This packet goes from 10.0.0.8:58090 to 65.200.22.25:80 1509712234.984951 [DEBUG] TCP flags: ACK, 1509712234.985179 [DEBUG] [TCP] This packet goes from 10.0.0.8:58090 to 65.200.22.25:80 1509712234.985192 [DEBUG] TCP flags: PSH,ACK, 1509712234.985196 [DEBUG] [TCP] Sent a HTTP request from 10.0.0.8:58090 to 65.200.22.25:80. 1509712234.985201 [DEBUG] [TCP] GET detectportal.firefox.com/success.txt HTTP/1.1 1509712235.115419 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:58090 1509712235.115473 [DEBUG] TCP flags: RST, 1509712235.115484 [DEBUG] [TCP] Got an incoming RST from 65.200.22.25:80 to 10.0.0.8:58090. 1509712235.115609 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:58090 1509712235.115626 [DEBUG] TCP flags: RST, 1509712235.115634 [DEBUG] [TCP] Got an incoming RST from 65.200.22.25:80 to 10.0.0.8:58090. 1509712235.115937 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:58090 1509712235.115957 [DEBUG] TCP flags: RST, 1509712235.115965 [DEBUG] [TCP] Got an incoming RST from 65.200.22.25:80 to 10.0.0.8:58090. 1509712235.147438 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:58090 1509712235.147477 [DEBUG] TCP flags: PSH,ACK, 1509712235.147488 [DEBUG] [TCP] Got a HTTP response from 65.200.22.25:80 to 10.0.0.8:58090. 1509712235.147603 [DEBUG] [TCP] This packet goes from 10.0.0.8:58090 to 65.200.22.25:80 1509712235.147619 [DEBUG] TCP flags: ACK, 1509712235.919787 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10028 1509712235.919822 [DEBUG] TCP flags: SYN,ACK, 1509712235.919846 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10026 1509712235.919852 [DEBUG] TCP flags: SYN,ACK, 1509712235.919860 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10016 1509712235.919865 [DEBUG] TCP flags: SYN,ACK, 1509712235.920214 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10024 1509712235.920232 [DEBUG] TCP flags: SYN,ACK, 1509712235.920245 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10022 1509712235.920250 [DEBUG] TCP flags: SYN,ACK, 1509712235.922340 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10020 1509712235.922386 [DEBUG] TCP flags: SYN,ACK, 1509712235.922421 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10015 1509712235.922433 [DEBUG] TCP flags: SYN,ACK, 1509712235.923189 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10017 1509712235.923219 [DEBUG] TCP flags: SYN,ACK, 1509712235.923250 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10018 1509712235.923262 [DEBUG] TCP flags: SYN,ACK, 1509712235.923280 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10029 1509712235.923289 [DEBUG] TCP flags: SYN,ACK, 1509712235.923305 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10021 1509712235.923313 [DEBUG] TCP flags: SYN,ACK, 1509712235.924061 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10014 1509712235.924107 [DEBUG] TCP flags: SYN,ACK, 1509712235.924136 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10025 1509712235.924147 [DEBUG] TCP flags: SYN,ACK, 1509712235.924164 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10019 1509712235.924173 [DEBUG] TCP flags: SYN,ACK, 1509712235.925154 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10027 1509712235.925181 [DEBUG] TCP flags: SYN,ACK, 1509712235.925206 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10023 1509712235.925215 [DEBUG] TCP flags: SYN,ACK, 1509712237.320309 [DEBUG] Pending request expired. 134217738_52869_3705422800_13568 1509712237.319762 1509712237.920296 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10028 1509712237.920347 [DEBUG] TCP flags: SYN,ACK, 1509712237.920377 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10016 1509712237.920388 [DEBUG] TCP flags: SYN,ACK, 1509712237.920404 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10026 1509712237.920413 [DEBUG] TCP flags: SYN,ACK, 1509712237.920448 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10024 1509712237.920459 [DEBUG] TCP flags: SYN,ACK, 1509712237.920473 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10022 1509712237.920482 [DEBUG] TCP flags: SYN,ACK, 1509712237.922705 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10020 1509712237.922790 [DEBUG] TCP flags: SYN,ACK, 1509712237.922841 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10015 1509712237.922850 [DEBUG] TCP flags: SYN,ACK, 1509712237.922861 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10017 1509712237.922868 [DEBUG] TCP flags: SYN,ACK, 1509712237.922877 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10018 1509712237.922885 [DEBUG] TCP flags: SYN,ACK, 1509712237.923474 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10014 1509712237.923535 [DEBUG] TCP flags: SYN,ACK, 1509712237.923564 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10025 1509712237.923572 [DEBUG] TCP flags: SYN,ACK, 1509712237.923585 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10019 1509712237.923593 [DEBUG] TCP flags: SYN,ACK, 1509712237.923606 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10021 1509712237.923614 [DEBUG] TCP flags: SYN,ACK, 1509712237.923632 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10029 1509712237.923641 [DEBUG] TCP flags: SYN,ACK, 1509712237.925031 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10027 1509712237.925060 [DEBUG] TCP flags: SYN,ACK, 1509712237.925147 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10023 1509712237.925162 [DEBUG] TCP flags: SYN,ACK, 1509712238.016144 [DEBUG] DNS Query: start.ubuntu.com 1 1 1509712238.016196 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712238.016437 [DEBUG] DNS Query: start.ubuntu.com 28 1 1509712238.016468 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712238.022238 [DEBUG] DNS Query: start.ubuntu.com 1 1 1509712238.022285 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712238.022367 [DEBUG] DNS Query: start.ubuntu.com 28 1 1509712238.022383 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712238.022796 [DEBUG] [TCP] This packet goes from 10.0.0.8:54870 to 91.189.89.88:80 1509712238.022811 [DEBUG] TCP flags: SYN, 1509712238.022819 [DEBUG] Using strategy reverse_tcb 1509712238.319408 [DEBUG] [TCP] This packet goes from 91.189.89.88:80 to 10.0.0.8:54870 1509712238.319446 [DEBUG] TCP flags: SYN,ACK, 1509712238.319498 [DEBUG] [TCP] This packet goes from 10.0.0.8:54870 to 91.189.89.88:80 1509712238.319506 [DEBUG] TCP flags: ACK, 1509712238.319826 [DEBUG] [TCP] This packet goes from 10.0.0.8:54870 to 91.189.89.88:80 1509712238.319839 [DEBUG] TCP flags: PSH,ACK, 1509712238.319843 [DEBUG] [TCP] Sent a HTTP request from 10.0.0.8:54870 to 91.189.89.88:80. 1509712238.319849 [DEBUG] [TCP] GET start.ubuntu.com/16.04/Google/?sourceid=hp HTTP/1.1 1509712238.618305 [DEBUG] [TCP] This packet goes from 91.189.89.88:80 to 10.0.0.8:54870 1509712238.618354 [DEBUG] TCP flags: ACK, 1509712238.618366 [DEBUG] [TCP] Got a HTTP response from 91.189.89.88:80 to 10.0.0.8:54870. 1509712238.618490 [DEBUG] [TCP] This packet goes from 91.189.89.88:80 to 10.0.0.8:54870 1509712238.618506 [DEBUG] TCP flags: PSH,ACK, 1509712238.618536 [DEBUG] [TCP] This packet goes from 10.0.0.8:54870 to 91.189.89.88:80 1509712238.618548 [DEBUG] TCP flags: ACK, 1509712238.618671 [DEBUG] [TCP] This packet goes from 10.0.0.8:54870 to 91.189.89.88:80 1509712238.618687 [DEBUG] TCP flags: ACK, 1509712239.183295 [DEBUG] [TCP] This packet goes from 10.0.0.8:54870 to 91.189.89.88:80 1509712239.183330 [DEBUG] TCP flags: PSH,ACK, 1509712239.183336 [DEBUG] [TCP] Sent a HTTP request from 10.0.0.8:54870 to 91.189.89.88:80. 1509712239.183341 [DEBUG] [TCP] GET start.ubuntu.com/12.04/sprite.png HTTP/1.1 1509712239.484744 [DEBUG] [TCP] This packet goes from 91.189.89.88:80 to 10.0.0.8:54870 1509712239.484794 [DEBUG] TCP flags: ACK, 1509712239.484800 [DEBUG] [TCP] Got a HTTP response from 91.189.89.88:80 to 10.0.0.8:54870. 1509712239.484898 [DEBUG] [TCP] This packet goes from 91.189.89.88:80 to 10.0.0.8:54870 1509712239.484911 [DEBUG] TCP flags: ACK, 1509712239.484936 [DEBUG] [TCP] This packet goes from 91.189.89.88:80 to 10.0.0.8:54870 1509712239.484946 [DEBUG] TCP flags: ACK, 1509712239.484967 [DEBUG] [TCP] This packet goes from 91.189.89.88:80 to 10.0.0.8:54870 1509712239.484976 [DEBUG] TCP flags: PSH,ACK, 1509712239.484998 [DEBUG] [TCP] This packet goes from 10.0.0.8:54870 to 91.189.89.88:80 1509712239.485007 [DEBUG] TCP flags: ACK, 1509712239.485117 [DEBUG] [TCP] This packet goes from 10.0.0.8:54870 to 91.189.89.88:80 1509712239.485134 [DEBUG] TCP flags: ACK, 1509712239.485211 [DEBUG] [TCP] This packet goes from 10.0.0.8:54870 to 91.189.89.88:80 1509712239.485346 [DEBUG] TCP flags: ACK, 1509712239.485441 [DEBUG] [TCP] This packet goes from 10.0.0.8:54870 to 91.189.89.88:80 1509712239.485458 [DEBUG] TCP flags: ACK, 1509712239.485542 [DEBUG] [TCP] This packet goes from 10.0.0.8:54870 to 91.189.89.88:80 1509712239.485554 [DEBUG] TCP flags: ACK, 1509712239.485641 [DEBUG] [TCP] This packet goes from 10.0.0.8:54870 to 91.189.89.88:80 1509712239.485658 [DEBUG] TCP flags: ACK, 1509712239.710482 [DEBUG] [TCP] This packet goes from 91.189.89.88:80 to 10.0.0.8:54870 1509712239.710526 [DEBUG] TCP flags: ACK, 1509712239.710535 [DEBUG] [TCP] Got a HTTP response from 91.189.89.88:80 to 10.0.0.8:54870. 1509712239.710646 [DEBUG] [TCP] This packet goes from 91.189.89.88:80 to 10.0.0.8:54870 1509712239.710658 [DEBUG] TCP flags: ACK, 1509712239.710680 [DEBUG] [TCP] This packet goes from 91.189.89.88:80 to 10.0.0.8:54870 1509712239.710686 [DEBUG] TCP flags: ACK, 1509712239.710701 [DEBUG] [TCP] This packet goes from 91.189.89.88:80 to 10.0.0.8:54870 1509712239.710709 [DEBUG] TCP flags: PSH,ACK, 1509712239.710720 [DEBUG] [TCP] This packet goes from 10.0.0.8:54870 to 91.189.89.88:80 1509712239.710728 [DEBUG] TCP flags: ACK, 1509712239.710828 [DEBUG] [TCP] This packet goes from 10.0.0.8:54870 to 91.189.89.88:80 1509712239.710841 [DEBUG] TCP flags: ACK, 1509712239.710914 [DEBUG] [TCP] This packet goes from 10.0.0.8:54870 to 91.189.89.88:80 1509712239.710924 [DEBUG] TCP flags: ACK, 1509712239.710990 [DEBUG] [TCP] This packet goes from 10.0.0.8:54870 to 91.189.89.88:80 1509712239.711002 [DEBUG] TCP flags: ACK, 1509712239.711063 [DEBUG] [TCP] This packet goes from 10.0.0.8:54870 to 91.189.89.88:80 1509712239.711074 [DEBUG] TCP flags: ACK, 1509712239.711491 [DEBUG] [TCP] This packet goes from 10.0.0.8:54870 to 91.189.89.88:80 1509712239.711517 [DEBUG] TCP flags: ACK, 1509712239.783763 [DEBUG] DNS Query: www.google.com 1 1 1509712239.783817 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712239.784041 [DEBUG] DNS Query: www.google.com 28 1 1509712239.784074 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712239.788712 [DEBUG] DNS Query: help.ubuntu.com 1 1 1509712239.788764 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712239.791205 [DEBUG] DNS Query: help.ubuntu.com 28 1 1509712239.791374 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712239.791497 [DEBUG] DNS Query: www.google.com 1 1 1509712239.791528 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712239.791629 [DEBUG] DNS Query: www.google.com 28 1 1509712239.791654 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712239.792816 [DEBUG] DNS Query: shop.ubuntu.com 1 1 1509712239.792857 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712239.793037 [DEBUG] DNS Query: shop.ubuntu.com 28 1 1509712239.793065 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712239.793335 [DEBUG] DNS Query: help.ubuntu.com 1 1 1509712239.793359 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712239.796436 [DEBUG] DNS Query: help.ubuntu.com 28 1 1509712239.796519 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712239.797428 [DEBUG] DNS Query: shop.ubuntu.com 1 1 1509712239.797480 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712239.797582 [DEBUG] DNS Query: www.ubuntu.com 1 1 1509712239.797608 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712239.798478 [DEBUG] DNS Query: www.ubuntu.com 28 1 1509712239.798534 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712239.802478 [DEBUG] DNS Query: www.ubuntu.com 1 1 1509712239.802535 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712239.807565 [DEBUG] DNS Query: www.ubuntu.com 28 1 1509712239.807624 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712239.898439 [DEBUG] DNS Query: shop.ubuntu.com 28 1 1509712239.898493 [DEBUG] [UDP] Got a DNS response from 10.0.0.1:53 to 10.0.0.8:50322. 1509712239.985129 [DEBUG] Pending request expired. 134217738_60130_420923457_20480 1509712239.985220 1509712239.985438 [INFO] [EVAL] STRATEGY SUCCEEDED. 134217738_60130_420923457_20480_5 1509712240.324448 [DEBUG] Keep alive packet sent. 1509712240.324537 [DEBUG] [TCP] This packet goes from 10.0.0.8:34254 to 208.67.220.220:53 1509712240.324547 [DEBUG] TCP flags: PSH,ACK, 1509712240.324552 [DEBUG] [TCP] Sent a DNS request from 10.0.0.8:34254 to 208.67.220.220:53. 1509712240.392485 [DEBUG] [TCP] This packet goes from 208.67.220.220:53 to 10.0.0.8:34254 1509712240.392520 [DEBUG] TCP flags: PSH,ACK, 1509712240.392527 [DEBUG] [TCP] Got a DNS response from 208.67.220.220:53 to 10.0.0.8:34254. 1509712240.392532 [DEBUG] DNS Query: www.aiojewewrrewqddsag.com 1 1 1509712240.392631 [DEBUG] [TCP] This packet goes from 10.0.0.8:34254 to 208.67.220.220:53 1509712240.392639 [DEBUG] TCP flags: ACK, 1509712240.392825 [DEBUG] No DNS request info or DNS response has been received. 6751 www.aiojewewrrewqddsag.com 1509712241.737212 [DEBUG] DNS Query: dropbox.com 1 1 1509712241.737355 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712241.737385 [DEBUG] Redirecting to TCP. 1509712241.737611 [DEBUG] DNS over TCP sent. 31 1509712241.737665 [DEBUG] [TCP] This packet goes from 10.0.0.8:34254 to 208.67.220.220:53 1509712241.737679 [DEBUG] TCP flags: PSH,ACK, 1509712241.737687 [DEBUG] [TCP] Sent a DNS request from 10.0.0.8:34254 to 208.67.220.220:53. 1509712241.738821 [DEBUG] DNS Query: dropbox.com 28 1 1509712241.738860 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712241.738880 [DEBUG] Redirecting to TCP. 1509712241.739096 [DEBUG] DNS over TCP sent. 31 1509712241.746201 [DEBUG] [TCP] This packet goes from 208.67.220.220:53 to 10.0.0.8:34254 1509712241.746247 [DEBUG] TCP flags: RST,ACK, 1509712241.746254 [DEBUG] [TCP] Got an incoming RST from 208.67.220.220:53 to 10.0.0.8:34254. 1509712241.746397 [DEBUG] [TCP] This packet goes from 208.67.220.220:53 to 10.0.0.8:34254 1509712241.746406 [DEBUG] TCP flags: RST,ACK, 1509712241.746411 [DEBUG] [TCP] Got an incoming RST from 208.67.220.220:53 to 10.0.0.8:34254. 1509712241.746422 [DEBUG] [TCP] This packet goes from 208.67.220.220:53 to 10.0.0.8:34254 1509712241.746427 [DEBUG] TCP flags: RST,ACK, 1509712241.746431 [DEBUG] [TCP] Got an incoming RST from 208.67.220.220:53 to 10.0.0.8:34254. 1509712241.805592 [DEBUG] [TCP] This packet goes from 208.67.220.220:53 to 10.0.0.8:34254 1509712241.805627 [DEBUG] TCP flags: PSH,ACK, 1509712241.805633 [DEBUG] [TCP] Got a DNS response from 208.67.220.220:53 to 10.0.0.8:34254. 1509712241.805639 [DEBUG] DNS Query: dropbox.com 1 1 1509712241.805830 [DEBUG] [TCP] This packet goes from 208.67.220.220:53 to 10.0.0.8:34254 1509712241.805842 [DEBUG] TCP flags: RST,ACK, 1509712241.805847 [DEBUG] [TCP] Got an incoming RST from 208.67.220.220:53 to 10.0.0.8:34254. 1509712241.806028 [DEBUG] Sent an fabricated UDP DNS response from 10.0.0.1:53 to 10.0.0.8:50322 1509712241.806184 [INFO] [EVAL] STRATEGY FAILED 2. DNS TRIGGERED RESET ATTACK. 134217738_52869_3705422800_13568_0. 1509712241.925426 [DEBUG] [TCP] This packet goes from 65.200.22.25:80 to 10.0.0.8:10023 1509712241.925514 [DEBUG] TCP flags: SYN,ACK, 1509712243.361716 [DEBUG] Pending request expired. 134217738_22230_1482276187_20480 1509712243.361428 1509712243.362308 [INFO] [EVAL] STRATEGY SUCCEEDED. 134217738_22230_1482276187_20480_17 1509712244.226743 [DEBUG] Pending request expired. 134217738_22230_1482276187_20480 1509712244.226066 1509712245.148890 [DEBUG] [TCP] This packet goes from 10.0.0.8:58090 to 65.200.22.25:80 1509712245.148925 [DEBUG] TCP flags: ACK, 1509712245.324897 [DEBUG] Pending request expired. 134217738_52869_3705422800_13568 1509712245.324570 1509712246.739198 [DEBUG] Pending request expired. 134217738_52869_3705422800_13568 1509712246.738423 1509712246.745874 [DEBUG] DNS Query: dropbox.com 1 1 1509712246.746370 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712246.746382 [DEBUG] Redirecting to TCP. 1509712246.746462 [ERROR] Send DNS request over TCP failed. 1509712246.746475 [ERROR] error no: 104 1509712246.746479 [ERROR] Now will rebuild the TCP connection. 1509712246.746512 [DEBUG] Using public DNS resolver #1: 203.112.2.4 1509712246.746518 [INFO] Connecting to TCP DNS server. 1509712246.746553 [DEBUG] [TCP] This packet goes from 10.0.0.8:60550 to 203.112.2.4:53 1509712246.746560 [DEBUG] TCP flags: SYN, 1509712246.746569 [DEBUG] Using strategy data_overlapping_combined 1509712246.747150 [DEBUG] DNS Query: dropbox.com 28 1 1509712246.747177 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712246.747185 [DEBUG] Redirecting to TCP. 1509712246.804531 [DEBUG] [TCP] This packet goes from 203.112.2.4:53 to 10.0.0.8:60550 1509712246.804571 [DEBUG] TCP flags: SYN,ACK, 1509712246.804637 [INFO] Connected to TCP DNS server. 1509712246.804663 [DEBUG] DNS over TCP sent. 31 1509712246.804679 [DEBUG] DNS over TCP sent. 31 1509712246.804693 [DEBUG] [TCP] This packet goes from 10.0.0.8:60550 to 203.112.2.4:53 1509712246.804698 [DEBUG] TCP flags: ACK, 1509712246.804789 [DEBUG] [TCP] This packet goes from 10.0.0.8:60550 to 203.112.2.4:53 1509712246.804800 [DEBUG] TCP flags: PSH,ACK, 1509712246.804804 [DEBUG] [TCP] Sent a DNS request from 10.0.0.8:60550 to 203.112.2.4:53. 1509712246.935905 [DEBUG] [TCP] This packet goes from 10.0.0.8:60550 to 203.112.2.4:53 1509712246.936050 [DEBUG] TCP flags: PSH,ACK, 1509712246.936064 [DEBUG] [TCP] Sent a DNS request from 10.0.0.8:60550 to 203.112.2.4:53. 1509712247.008817 [DEBUG] [TCP] This packet goes from 203.112.2.4:53 to 10.0.0.8:60550 1509712247.008853 [DEBUG] TCP flags: PSH,ACK, 1509712247.008859 [DEBUG] [TCP] Got a DNS response from 203.112.2.4:53 to 10.0.0.8:60550. 1509712247.008864 [DEBUG] DNS Query: dropbox.com 1 1 1509712247.008971 [DEBUG] [TCP] This packet goes from 10.0.0.8:60550 to 203.112.2.4:53 1509712247.008981 [DEBUG] TCP flags: ACK, 1509712247.009228 [DEBUG] Sent an fabricated UDP DNS response from 10.0.0.1:53 to 10.0.0.8:50322 1509712247.076088 [DEBUG] [TCP] This packet goes from 203.112.2.4:53 to 10.0.0.8:60550 1509712247.076125 [DEBUG] TCP flags: PSH,ACK, 1509712247.076131 [DEBUG] [TCP] Got a DNS response from 203.112.2.4:53 to 10.0.0.8:60550. 1509712247.076136 [DEBUG] DNS Query: dropbox.com 28 1 1509712247.076226 [DEBUG] [TCP] This packet goes from 10.0.0.8:60550 to 203.112.2.4:53 1509712247.076234 [DEBUG] TCP flags: ACK, 1509712247.076608 [DEBUG] Sent an fabricated UDP DNS response from 10.0.0.1:53 to 10.0.0.8:50322 1509712248.806221 [DEBUG] Keep alive packet sent. 1509712248.806272 [DEBUG] [TCP] This packet goes from 10.0.0.8:60550 to 203.112.2.4:53 1509712248.806281 [DEBUG] TCP flags: PSH,ACK, 1509712248.806285 [DEBUG] [TCP] Sent a DNS request from 10.0.0.8:60550 to 203.112.2.4:53. 1509712248.937316 [DEBUG] [TCP] This packet goes from 203.112.2.4:53 to 10.0.0.8:60550 1509712248.937353 [DEBUG] TCP flags: PSH,ACK, 1509712248.937359 [DEBUG] [TCP] Got a DNS response from 203.112.2.4:53 to 10.0.0.8:60550. 1509712248.937364 [DEBUG] DNS Query: www.aiojewewrrewqddsag.com 1 1 1509712248.937451 [DEBUG] [TCP] This packet goes from 10.0.0.8:60550 to 203.112.2.4:53 1509712248.937472 [DEBUG] TCP flags: ACK, 1509712248.937687 [DEBUG] No DNS request info or DNS response has been received. 6751 www.aiojewewrrewqddsag.com 1509712249.732397 [DEBUG] [TCP] This packet goes from 10.0.0.8:54870 to 91.189.89.88:80 1509712249.732434 [DEBUG] TCP flags: ACK, 1509712251.750662 [DEBUG] DNS Query: dropbox.com 1 1 1509712251.750710 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712251.750723 [DEBUG] Redirecting to TCP. 1509712251.750842 [DEBUG] DNS over TCP sent. 31 1509712251.750881 [DEBUG] [TCP] This packet goes from 10.0.0.8:60550 to 203.112.2.4:53 1509712251.750894 [DEBUG] TCP flags: PSH,ACK, 1509712251.750902 [DEBUG] [TCP] Sent a DNS request from 10.0.0.8:60550 to 203.112.2.4:53. 1509712251.823584 [DEBUG] DNS Query: dropbox.com 28 1 1509712251.823623 [DEBUG] [UDP] Sent a DNS request from 10.0.0.8:50322 to 10.0.0.1:53. 1509712251.823629 [DEBUG] Redirecting to TCP. 1509712251.823725 [DEBUG] DNS over TCP sent. 31 1509712251.847737 [DEBUG] Pending request expired. 134217738_34540_67268811_13568 1509712251.846228 1509712251.848209 [INFO] [EVAL] STRATEGY SUCCEEDED. 134217738_34540_67268811_13568_10 1509712251.848505 [DEBUG] Pending request expired. 134217738_34540_67268811_13568 1509712251.978339 1509712251.882533 [DEBUG] [TCP] This packet goes from 203.112.2.4:53 to 10.0.0.8:60550 1509712251.882616 [DEBUG] TCP flags: PSH,ACK, 1509712251.882664 [DEBUG] [TCP] Got a DNS response from 203.112.2.4:53 to 10.0.0.8:60550. 1509712251.882675 [DEBUG] DNS Query: dropbox.com 1 1 1509712251.882823 [DEBUG] [TCP] This packet goes from 10.0.0.8:60550 to 203.112.2.4:53 1509712251.882838 [DEBUG] TCP flags: PSH,ACK, 1509712251.882845 [DEBUG] [TCP] Sent a DNS request from 10.0.0.8:60550 to 203.112.2.4:53. 1509712251.883730 [DEBUG] Sent an fabricated UDP DNS response from 10.0.0.1:53 to 10.0.0.8:50322 1509712252.013296 [DEBUG] [TCP] This packet goes from 203.112.2.4:53 to 10.0.0.8:60550 1509712252.013328 [DEBUG] TCP flags: PSH,ACK, 1509712252.013334 [DEBUG] [TCP] Got a DNS response from 203.112.2.4:53 to 10.0.0.8:60550. 1509712252.013339 [DEBUG] DNS Query: dropbox.com 28 1 1509712252.014926 [DEBUG] Sent an fabricated UDP DNS response from 10.0.0.1:53 to 10.0.0.8:50322 1509712252.056547 [DEBUG] [TCP] This packet goes from 10.0.0.8:60550 to 203.112.2.4:53 1509712252.056581 [DEBUG] TCP flags: ACK, 1509712253.848267 [DEBUG] Pending request expired. 134217738_34540_67268811_13568 1509712253.847697

gkso commented 6 years ago

Because now the INTANG has a cold start problem, it will randomly try different strategies and see how they work. Seems it also tried dummy strategy, which does nothing to evade censorship. So in your case, the first time the connection to TCP DNS resolver was using dummy strategy so it was reset by the GFW; but the second time it was using data_overlapping_combined strategy and succeeded in getting DNS response for dropbox.com. But I don't see why dropbox can't be accessed. You can try later it should work. Also, you can tune the strategies weights in strategy.c

liword commented 6 years ago

I found out why it's not working. When INTANG is runing with DNS forwarding, dns will always time out once you try resolve any gfw dns poisoning domain. I tired that hundreds of times now. I'd like to know the detail of the test environment of developer.

gkso commented 6 years ago

If possible, please paste the log including DNS resolving, and the tcpdump file. Thanks.