Note: Some entries show [TCP Previous segment lost] - this may be due to the
Ethereal being used remotely since it wouldn't work locally with the wireless
NIC.
Unsuccessful Login
No. Time Source Destination Protocol Info
1 0.000000 192.168.1.xx xx.41.128.xx TCP 1058 > pop3 [SYN] Seq=0 Ack=0
Win=16384 Len=0 MSS=1460
2 0.092811 192.168.1.xx xx.41.128.xx TCP 1058 > pop3 [ACK] Seq=1 Ack=0
Win=17520 Len=0
----------------------------------- TB login to V21 from R51 XP SP2
-------------------------------------------------------
3 0.164354 xx.41.128.xx 192.168.1.xx POP Response: +OK X1 NT-POP3 Server
v21mail.co.uk (IMail 8.00 63653-4)
4 0.174904 192.168.1.xx xx.41.128.xx POP Request: AUTH
5 6.557369 192.168.1.xx xx.41.128.xx POP [TCP Previous segment lost]
Request: AUTH PLAIN
6 6.633878 xx.41.128.xx 192.168.1.xx POP [TCP Previous segment lost]
Continuation
7 6.638683 192.168.1.xx xx.41.128.xx POP Request:
YmxhdG1hbkB2MjFuZXQuY28udWs=
8 6.706655 xx.41.128.xx 192.168.1.xx POP Continuation
9 6.707098 192.168.1.xx xx.41.128.xx POP Request: USER
aperson@v21net.co.uk
10 6.838308 192.168.1.xx xx.41.128.xx POP Request: PASS password
11 6.909992 xx.41.128.xx 192.168.1.xx POP [TCP Previous segment lost]
Response: -ERR Not in authorization state
12 7.036318 192.168.1.xx xx.41.128.xx TCP 1058 > pop3 [ACK] Seq=95 Ack=353
Win=17167 Len=0
13 11.497004 192.168.1.xx 192.168.1.255 BROWSER Host Announcement XXXXX,
Workstation, Server, NT Workstation, Potential Browser, Backup Browser
14 17.625089 192.168.1.xx xx.41.128.xx TCP 1060 > pop3 [ACK] Seq=0 Ack=0
Win=17520 Len=0
15 18.055532 192.168.1.xx xx.41.128.xx TCP [TCP Previous segment lost] 1058
> pop3 [ACK] Seq=182 Ack=602 Win=16918 Len=0
16 18.316935 192.168.1.xx xx.41.128.xx TCP 1060 > pop3 [FIN, ACK] Seq=0
Ack=58 Win=17462 Len=0
17 18.386841 xx.41.128.xx 192.168.1.xx TCP [TCP Previous segment lost] pop3
> 1060 [ACK] Seq=58 Ack=1 Win=65535 Len=0
18 18.388430 192.168.1.xx xx.41.128.xx TCP [TCP ACKed lost segment] 1060 >
pop3 [ACK] Seq=1 Ack=59 Win=17462 Len=0
The following logs done after NAV uninstalled (needed to do this to
completely disable the app).
Note: TB was already open and did individual mailbox logins.
Successful login to V21
No. Time Source Destination Protocol Info
1 0.000000 192.168.1.xx xx.41.128.xx TCP 1196 > pop3 [SYN] Seq=0 Ack=0
Win=16384 Len=0 MSS=1460
2 0.069476 192.168.1.xx xx.41.128.xx TCP 1196 > pop3 [ACK] Seq=1 Ack=0
Win=17520 Len=0
----------------------------------- TB login to V21 from R51 XP SP2
-------------------------------------------------------
3 0.151230 192.168.1.xx xx.41.128.xx POP Request: CAPA
4 0.220517 xx.41.128.xx 192.168.1.xx POP [TCP Previous segment lost]
Response: +OK Capability list follows
5 0.230737 192.168.1.xx xx.41.128.xx POP Request: AUTH PLAIN
6 0.299977 xx.41.128.xx 192.168.1.xx POP Continuation
7 0.310747 192.168.1.xx xx.41.128.xx POP Request:
YmxhdG1hbkB2MjFuZXQuY28udWs=
8 0.380366 192.168.1.xx xx.41.128.xx POP Request: p3SsWORd
9 0.534983 192.168.1.xx xx.41.128.xx POP Request: STAT
10 0.819721 xx.41.128.xx 192.168.1.xx TCP [TCP Previous segment lost] pop3
> 1196 [ACK] Seq=285 Ack=65 Win=65471 Len=0
11 0.994879 xx.41.128.xx 192.168.1.xx POP Response: +OK 4 6643
12 1.002285 192.168.1.xx xx.41.128.xx POP Request: LIST
13 1.341827 192.168.1.xx xx.41.128.xx TCP 1196 > pop3 [ACK] Seq=71 Ack=327
Win=17193 Len=0
14 1.408991 xx.41.128.xx 192.168.1.xx POP [TCP Previous segment lost]
Continuation
15 1.542166 192.168.1.xx xx.41.128.xx TCP 1196 > pop3 [ACK] Seq=71 Ack=342
Win=17178 Len=0
16 1.614704 192.168.1.xx xx.41.128.xx POP Request: UIDL
17 2.805082 192.168.1.xx xx.41.128.xx TCP 1196 > pop3 [ACK] Seq=77 Ack=360
Win=17160 Len=0
18 2.944605 192.168.1.xx xx.41.128.xx POP [TCP Retransmission] Request:
UIDL
19 3.345324 192.168.1.xx xx.41.128.xx TCP 1196 > pop3 [ACK] Seq=77 Ack=390
Win=17130 Len=0
20 3.412610 xx.41.128.xx 192.168.1.xx POP [TCP Previous segment lost]
Continuation
21 3.545678 192.168.1.xx xx.41.128.xx TCP 1196 > pop3 [ACK] Seq=77 Ack=416
Win=17104 Len=0
22 3.614185 xx.41.128.xx 192.168.1.xx POP Continuation
23 3.657725 192.168.1.xx xx.41.128.xx POP Request: QUIT
----------------------------------- End
--------------------------------------------------------------------------
24 3.734212 192.168.1.xx xx.41.128.xx TCP 1196 > pop3 [FIN, ACK] Seq=83
Ack=478 Win=17042 Len=0
25 4.341928 xx.41.128.xx 192.168.1.xx TCP [TCP Previous segment lost] pop3
> 1196 [FIN, ACK] Seq=478 Ack=84 Win=65453 Len=0
26 4.342058 192.168.1.xx xx.41.128.xx TCP 1196 > pop3 [ACK] Seq=84 Ack=479
Win=17042 Len=0
Successful login to BT Yahoo
44 41.109685 192.168.1.xx 217.12.12.124 TCP 1198 > pop3 [SYN] Seq=0 Ack=0
Win=16384 Len=0 MSS=1460
45 41.165437 192.168.1.xx 217.12.12.124 TCP 1198 > pop3 [ACK] Seq=1 Ack=0
Win=17520 Len=0
----------------------------------- TB login to BT Yahoo from R51 XP SP2
-------------------------------------------------------
46 41.222470 192.168.1.xx 217.12.12.124 POP Request: CAPA
47 41.278369 217.12.12.124 192.168.1.xx POP [TCP Previous segment lost]
Response: -ERR popgate unknown command
48 41.282898 192.168.1.xx 217.12.12.124 POP Request: USER
aperson@btinternet.com
49 41.342947 192.168.1.xx 217.12.12.124 POP Request: PASS password
50 41.422832 192.168.1.xx 217.12.12.124 POP Request: STAT
51 41.483555 192.168.1.xx 217.12.12.124 POP Request: LIST
52 41.543124 192.168.1.xx 217.12.12.124 POP Request: UIDL
53 41.658134 192.168.1.xx 217.12.12.124 POP Request: QUIT
----------------------------------- End
--------------------------------------------------------------------------
54 41.711093 217.12.12.124 192.168.1.xx TCP [TCP Previous segment lost]
pop3 > 1198 [FIN, ACK] Seq=386 Ack=80 Win=65535 Len=0
55 41.711570 192.168.1.xx 217.12.12.124 TCP 1198 > pop3 [ACK] Seq=80
Ack=361 Win=17159 Len=0
56 41.713342 192.168.1.xx 217.12.12.124 TCP 1198 > pop3 [ACK] Seq=80
Ack=387 Win=17134 Len=0
57 41.733081 192.168.1.xx 217.12.12.124 TCP 1198 > pop3 [FIN, ACK] Seq=80
Ack=387 Win=17134 Len=0
58 41.785291 217.12.12.124 192.168.1.xx TCP pop3 > 1198 [ACK] Seq=387
Ack=81 Win=65535 Len=0