Post: Successfully tricked PS3 to downloading updatelist.txt.
02-09-2011, 03:27 AM #1
TheGuyWhoHakz
Pokemon Trainer
(adsbygoogle = window.adsbygoogle || []).push({}); Original Old Post:
Right, i'm on 3.55 and cant go online, i'm trying to come up with a 3.56 bypass, i've successfully tricked my ps3 into downloading my custom modded You must login or register to view this content. file, any ideas on what to edit inside the ps3-updatelist.txt ?

it currently says:

    # UK
Dest=87;CompatibleVersion=0000bc25-;
Dest=87;CompatibleSystemSoftwareVersion=3.5600-;
Dest=87;ImageVersion=0000bc76;SystemSoftwareVersion=3.5600;CDN=https://duk01.ps3.update.playstation.net/update/ps3/image/uk/2011_0127_6e070c96e0464e993aaf9deac3660863/PS3UPDAT.PUP;CDN_Timeout=30;


any ideas, I've already tried changing 3.5600 to 3.500 but it still wants to download something.

Thanks Happy



We (the people active in this thread) are going to compare Signing into PSN on 3.55 and signing in on 3.56. We will be using wireshark to record what gets sent from the PS3 to sony & vice versa.

We will sign in on each firmware, OFW 3.55 and OFW 3.56, and while signing in wireshark will be recording the data being sent back and forth.


Hopefully this will get us one step further to bypassing 3.56 again Smile.

EDIT 2:

Right I have successfully recorded data while signing in on OFW 3.56, the file is located here (some bits I had to take out as these were getting picked up by other things, my antivirus updating and other things)

but I have recorded the data while signing in on 3.56, its somewhere in there :P Just have a look at it and see if you find anything interesting

UPDATE: I added the .pcap which shows alot more information:

You must login or register to view this content.

You'll need to download Wireshark to open it: DOWNLOAD WIRESHARK You must login or register to view this content.

Now were waiting for the wireshark 3.55 "PSN sign in" data

EDIT 1:

If your using the DNS bypass, or proxy bypass, then when you try system update via internet, it will say it has the current version, yet if you sign in via PSN it says theres a system update available.

So Sony has found out the real firmware through PSN, somewhere on the ps3's HDD is a file that tells sony that the ps3 is on 3.55, but where is this file?

Ways I see of fixing this:

finding the file and changing 3.55 to 3.56

installing a custom firmware which blocks out updates, or which says its on 3.56.
(adsbygoogle = window.adsbygoogle || []).push({});

The following 22 users say thank you to TheGuyWhoHakz for this useful post:

AMNE, bethka23, bloodlust312, cluckin bell, DanTheFEED, DeAd_bLiTz, econg, eekndot, ibombo, Jorgos Nomikos, Jude_x_Y, louisgreen14, MEGANOOBTOOBER, Platinum G, shawry, Slay No More, Solid Snake, Tory Lanez, vipervimal, xpotato, ZachFean, ZeroK
02-10-2011, 06:37 PM #191
Originally posted by zibby6 View Post
how long till anyone actually finds a bypass roughly?


Cut these stupid questions...
If you can't wait for a solution, then install the ofw 3.56
02-10-2011, 09:16 PM #192
Niall-Griffiths
Vault dweller
Just wondering what is the things in the way of making cfw 3.56 or bypassing 3.55

does 3.56 have encription keys that only sony have?
02-11-2011, 03:44 PM #193
TheGuyWhoHakz
Pokemon Trainer
Can anyone record: "attempting to sign in onto PSN on 3.55" through wireshark and post the .pcap file here? As this is what were waiting on.. Then we'll be able to compare the differences.

Would be grateful if anyone could :P
02-11-2011, 04:10 PM #194
DubStepperDay
-W.H.U.F.C-
Originally posted by TheGuyWhoHakz View Post
Can anyone record: "attempting to sign in onto PSN on 3.55" through wireshark and post the .pcap file here? As this is what were waiting on.. Then we'll be able to compare the differences.

Would be grateful if anyone could :P


tut on how to use wireshack and ill do it now buddy
02-11-2011, 04:30 PM #195
There you go...

in txt, as I don't want my mac's spread all over Winky Winky

This is from power on to logon.
Note that by selecting the logon button the ps3 already goes to the net.
Also, this is while my system is using my dns to fake the ps3-update.txt etc.

Strange thing is, I can't see any other traffic from the ps3 to my server, although I'm sniffing on a basic hub, not a switch.

Edit - I Can't attach a file of 347kbs

    
No. Time Source Destination Protocol Info

Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 116
Identification: 0x7529 (29993)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xc938 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
User Datagram Protocol, Src Port: domain (53), Dst Port: 55835 (55835)
Source port: domain (53)
Destination port: 55835 (55835)
Length: 96
Checksum: 0x3c89 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 89]
[Time: 0.000267000 seconds]
Transaction ISad Awesome 0xb815
Flags: 0x8580 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 1
Authority RRs: 1
Additional RRs: 0
Queries
feu01.ps3.update.playstation.net: type A, class IN
Name: feu01.ps3.update.playstation.net
Type: A (Host address)
Class: IN (0x0001)
Answers
feu01.ps3.update.playstation.net: type A, class IN, addr prxy.dns.fake.http
Name: feu01.ps3.update.playstation.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 10 hours, 40 minutes
Data length: 4
Addr: prxy.dns.fake.http
Authoritative nameservers
ps3.update.playstation.net: type NS, class IN, ns ps3proxy
Name: ps3.update.playstation.net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 10 hours, 40 minutes
Data length: 10
Name server: ps3proxy

No. Time Source Destination Protocol Info
91 36.185879 ps3.ps3.ps3.ps3 prxy.dns.fake.http TCP 64780 > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=0 TSV=0 TSER=0

Frame 91 (78 bytes on wire, 78 bytes captured)
Arrival Time: Feb 11, 2011 17:03:41.347147000
[Time delta from previous captured frame: 0.000390000 seconds]
[Time delta from previous displayed frame: 0.000390000 seconds]
[Time since reference or first frame: 36.185879000 seconds]
Frame Number: 91
Frame Length: 78 bytes
Capture Length: 78 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 64
Identification: 0x8468 (33896)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x7a38 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
Transmission Control Protocol, Src Port: 64780 (64780), Dst Port: http (80), Seq: 0, Len: 0
Source port: 64780 (64780)
Destination port: http (80)
[Stream index: 10]
Sequence number: 0 (relative sequence number)
Header length: 44 bytes
Flags: 0x02 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgement: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port http]
[Message: Connection establish request (SYN): server port http]
[Severity level: Chat]
[Group: Sequence]
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x9a90 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (24 bytes)
Maximum segment size: 1460 bytes
NOP
Window scale: 0 (multiply by 1)
SACK permitted
NOP
NOP
NOP
NOP
Timestamps: TSval 0, TSecr 0

No. Time Source Destination Protocol Info
92 36.185924 prxy.dns.fake.http ps3.ps3.ps3.ps3 TCP http > 64780 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460

Frame 92 (58 bytes on wire, 58 bytes captured)
Arrival Time: Feb 11, 2011 17:03:41.347192000
[Time delta from previous captured frame: 0.000045000 seconds]
[Time delta from previous displayed frame: 0.000045000 seconds]
[Time since reference or first frame: 36.185924000 seconds]
Frame Number: 92
Frame Length: 58 bytes
Capture Length: 58 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 44
Identification: 0x0000 (0)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xfeb4 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Transmission Control Protocol, Src Port: http (80), Dst Port: 64780 (64780), Seq: 0, Ack: 1, Len: 0
Source port: http (80)
Destination port: 64780 (64780)
[Stream index: 10]
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 24 bytes
Flags: 0x12 (SYN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port http]
[Message: Connection establish acknowledge (SYN+ACK): server port http]
[Severity level: Chat]
[Group: Sequence]
.... ...0 = Fin: Not set
Window size: 5840
Checksum: 0x3c36 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (4 bytes)
Maximum segment size: 1460 bytes
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 91]
[The RTT to ACK the segment was: 0.000045000 seconds]

No. Time Source Destination Protocol Info
93 36.186158 ps3.ps3.ps3.ps3 prxy.dns.fake.http TCP 64780 > http [ACK] Seq=1 Ack=1 Win=65535 Len=0

Frame 93 (60 bytes on wire, 60 bytes captured)
Arrival Time: Feb 11, 2011 17:03:41.347426000
[Time delta from previous captured frame: 0.000234000 seconds]
[Time delta from previous displayed frame: 0.000234000 seconds]
[Time since reference or first frame: 36.186158000 seconds]
Frame Number: 93
Frame Length: 60 bytes
Capture Length: 60 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0xefe2 (61410)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x0ed6 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
Transmission Control Protocol, Src Port: 64780 (64780), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 64780 (64780)
Destination port: http (80)
[Stream index: 10]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0xb55c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 92]
[The RTT to ACK the segment was: 0.000234000 seconds]

No. Time Source Destination Protocol Info
94 36.186449 ps3.ps3.ps3.ps3 prxy.dns.fake.http HTTP GET /update/ps3/list/eu/ps3-updatelist.txt HTTP/1.1

Frame 94 (249 bytes on wire, 249 bytes captured)
Arrival Time: Feb 11, 2011 17:03:41.347717000
[Time delta from previous captured frame: 0.000291000 seconds]
[Time delta from previous displayed frame: 0.000291000 seconds]
[Time since reference or first frame: 36.186449000 seconds]
Frame Number: 94
Frame Length: 249 bytes
Capture Length: 249 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 235
Identification: 0xca45 (51781)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x33b0 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
Transmission Control Protocol, Src Port: 64780 (64780), Dst Port: http (80), Seq: 1, Ack: 1, Len: 195
Source port: 64780 (64780)
Destination port: http (80)
[Stream index: 10]
Sequence number: 1 (relative sequence number)
[Next sequence number: 196 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x1be0 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Number of bytes in flight: 195]
Hypertext Transfer Protocol
GET /update/ps3/list/eu/ps3-updatelist.txt HTTP/1.1

[Expert Info (Chat/Sequence): GET /update/ps3/list/eu/ps3-updatelist.txt HTTP/1.1
]
[Message: GET /update/ps3/list/eu/ps3-updatelist.txt HTTP/1.1
]
[Severity level: Chat]
[Group: Sequence]
Request Method: GET
Request URI: /update/ps3/list/eu/ps3-updatelist.txt
Request Version: HTTP/1.1
Host: feu01.ps3.update.playstation.net

Connection: Keep-Alive

Accept-Encoding: identity

User-Agent: PS3Update-agent/1.0.0 libhttp/1.0.0




No. Time Source Destination Protocol Info
95 36.186486 prxy.dns.fake.http ps3.ps3.ps3.ps3 TCP http > 64780 [ACK] Seq=1 Ack=196 Win=6432 Len=0

Frame 95 (54 bytes on wire, 54 bytes captured)
Arrival Time: Feb 11, 2011 17:03:41.347754000
[Time delta from previous captured frame: 0.000037000 seconds]
[Time delta from previous displayed frame: 0.000037000 seconds]
[Time since reference or first frame: 36.186486000 seconds]
Frame Number: 95
Frame Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x7fb4 (32692)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x7f04 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Transmission Control Protocol, Src Port: http (80), Dst Port: 64780 (64780), Seq: 1, Ack: 196, Len: 0
Source port: http (80)
Destination port: 64780 (64780)
[Stream index: 10]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 196 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 6432
Checksum: 0x3c32 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 94]
[The RTT to ACK the segment was: 0.000037000 seconds]

No. Time Source Destination Protocol Info
96 36.186831 prxy.dns.fake.http ps3.ps3.ps3.ps3 HTTP HTTP/1.1 200 OK (text/plain)

Frame 96 (535 bytes on wire, 535 bytes captured)
Arrival Time: Feb 11, 2011 17:03:41.348099000
[Time delta from previous captured frame: 0.000345000 seconds]
[Time delta from previous displayed frame: 0.000345000 seconds]
[Time since reference or first frame: 36.186831000 seconds]
Frame Number: 96
Frame Length: 535 bytes
Capture Length: 535 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp:http:data-text-lines]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 521
Identification: 0x7fb5 (32693)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x7d22 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Transmission Control Protocol, Src Port: http (80), Dst Port: 64780 (64780), Seq: 1, Ack: 196, Len: 481
Source port: http (80)
Destination port: 64780 (64780)
[Stream index: 10]
Sequence number: 1 (relative sequence number)
[Next sequence number: 482 (relative sequence number)]
Acknowledgement number: 196 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 6432
Checksum: 0x3e13 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Number of bytes in flight: 481]
Hypertext Transfer Protocol
HTTP/1.1 200 OK

[Expert Info (Chat/Sequence): HTTP/1.1 200 OK
]
[Message: HTTP/1.1 200 OK
]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Response Code: 200
Date: Fri, 11 Feb 2011 16:03:41 GMT

Server: Apache/2.2.16 (Ubuntu)

Last-Modified: Wed, 09 Feb 2011 12:56:33 GMT

ETag: "cf7bf-a6-49bd8fe926051"

Accept-Ranges: bytes

Content-Length: 166

[Content length: 166]
Vary: Accept-Encoding

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive

Content-Type: text/plain



Line-based text data: text/plain
# EU\n
Dest=85;CompatibleSystemSoftwareVersion=3.5500-;\n
Dest=85;ImageVersion=0000b99c;SystemSoftwareVersion=3.5500;CDN=https://prxy.dns.fake.http/PS3UPDAT.PUP;CDN_Timeout=30;\n
\n

No. Time Source Destination Protocol Info
97 36.234754 ps3.ps3.ps3.ps3 prxy.dns.fake.http DNS Standard query A auth.np.ac.playstation.net

Frame 97 (86 bytes on wire, 86 bytes captured)
Arrival Time: Feb 11, 2011 17:03:41.396022000
[Time delta from previous captured frame: 0.047923000 seconds]
[Time delta from previous displayed frame: 0.047923000 seconds]
[Time since reference or first frame: 36.234754000 seconds]
Frame Number: 97
Frame Length: 86 bytes
Capture Length: 86 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 72
Identification: 0xd6fe (5503Cool Man (aka Tustin)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x678f [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
User Datagram Protocol, Src Port: 55834 (55834), Dst Port: domain (53)
Source port: 55834 (55834)
Destination port: domain (53)
Length: 52
Checksum: 0xaf4f [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 98]
Transaction ISad Awesome 0x2270
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
auth.np.ac.playstation.net: type A, class IN
Name: auth.np.ac.playstation.net
Type: A (Host address)
Class: IN (0x0001)

No. Time Source Destination Protocol Info
98 36.235009 prxy.dns.fake.http ps3.ps3.ps3.ps3 DNS Standard query response A 199.108.4.73

Frame 98 (102 bytes on wire, 102 bytes captured)
Arrival Time: Feb 11, 2011 17:03:41.396277000
[Time delta from previous captured frame: 0.000255000 seconds]
[Time delta from previous displayed frame: 0.000255000 seconds]
[Time since reference or first frame: 36.235009000 seconds]
Frame Number: 98
Frame Length: 102 bytes
Capture Length: 102 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 88
Identification: 0x752a (29994)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xc953 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
User Datagram Protocol, Src Port: domain (53), Dst Port: 55834 (55834)
Source port: domain (53)
Destination port: 55834 (55834)
Length: 68
Checksum: 0x3c6d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 97]
[Time: 0.000255000 seconds]
Transaction ISad Awesome 0x2270
Flags: 0x8180 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 1
Authority RRs: 0
Additional RRs: 0
Queries
auth.np.ac.playstation.net: type A, class IN
Name: auth.np.ac.playstation.net
Type: A (Host address)
Class: IN (0x0001)
Answers
auth.np.ac.playstation.net: type A, class IN, addr 199.108.4.73
Name: auth.np.ac.playstation.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 31 minutes, 23 seconds
Data length: 4
Addr: 199.108.4.73

No. Time Source Destination Protocol Info
101 36.377165 ps3.ps3.ps3.ps3 prxy.dns.fake.http TCP 64780 > http [ACK] Seq=196 Ack=482 Win=65535 Len=0

Frame 101 (60 bytes on wire, 60 bytes captured)
Arrival Time: Feb 11, 2011 17:03:41.538433000
[Time delta from previous captured frame: 0.037401000 seconds]
[Time delta from previous displayed frame: 0.142156000 seconds]
[Time since reference or first frame: 36.377165000 seconds]
Frame Number: 101
Frame Length: 60 bytes
Capture Length: 60 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x86a7 (34471)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x7811 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
Transmission Control Protocol, Src Port: 64780 (64780), Dst Port: http (80), Seq: 196, Ack: 482, Len: 0
Source port: 64780 (64780)
Destination port: http (80)
[Stream index: 10]
Sequence number: 196 (relative sequence number)
Acknowledgement number: 482 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0xb2b8 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 96]
[The RTT to ACK the segment was: 0.190334000 seconds]

No. Time Source Destination Protocol Info
103 38.820981 ps3.ps3.ps3.ps3 prxy.dns.fake.http STUN Message: Binding Request

Frame 103 (98 bytes on wire, 98 bytes captured)
Arrival Time: Feb 11, 2011 17:03:43.982249000
[Time delta from previous captured frame: 1.960515000 seconds]
[Time delta from previous displayed frame: 2.443816000 seconds]
[Time since reference or first frame: 38.820981000 seconds]
Frame Number: 103
Frame Length: 98 bytes
Capture Length: 98 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:udp:stun]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 84
Identification: 0xf538 (62776)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x4949 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
User Datagram Protocol, Src Port: 55836 (55836), Dst Port: stun (347Cool Man (aka Tustin)
Source port: 55836 (55836)
Destination port: stun (347Cool Man (aka Tustin)
Length: 64
Checksum: 0x8de5 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Simple Traversal of UDP Through NAT
Message Type: Binding Request (0x0001)
Message Length: 0x0024
Message Transaction ISad Awesome A2E8CB3F8CC4DB1332AED2CCCF3333F3
Attributes
Attribute: XOR_ONLY
Attribute Type: XOR_ONLY (0x0021)
Attribute Length: 0
Attribute: USERNAME
Attribute Type: USERNAME (0x0006)
Attribute Length: 4
Value: 00000001
Attribute: MESSAGE-INTEGRITY
Attribute Type: MESSAGE-INTEGRITY (0x000Cool Man (aka Tustin)
Attribute Length: 20
Value: BA779C331E3E0EE60478BDF30125A534A6D8DB40

No. Time Source Destination Protocol Info
104 38.821036 prxy.dns.fake.http ps3.ps3.ps3.ps3 ICMP Destination unreachable (Port unreachable)

Frame 104 (126 bytes on wire, 126 bytes captured)
Arrival Time: Feb 11, 2011 17:03:43.982304000
[Time delta from previous captured frame: 0.000055000 seconds]
[Time delta from previous displayed frame: 0.000055000 seconds]
[Time since reference or first frame: 38.821036000 seconds]
Frame Number: 104
Frame Length: 126 bytes
Capture Length: 126 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:icmp:ip:udp:stun]
[Coloring Rule Name: ICMP errors]
[Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00)
1100 00.. = Differentiated Services Codepoint: Class Selector 6 (0x30)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 112
Identification: 0x752b (29995)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: ICMP (0x01)
Header checksum: 0xc88a [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Internet Control Message Protocol
Type: 3 (Destination unreachable)
Code: 3 (Port unreachable)
Checksum: 0x3966 [correct]
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 84
Identification: 0xf538 (62776)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x4949 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
User Datagram Protocol, Src Port: 55836 (55836), Dst Port: stun (347Cool Man (aka Tustin)
Source port: 55836 (55836)
Destination port: stun (347Cool Man (aka Tustin)
Length: 64
Checksum: 0x8de5 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Simple Traversal of UDP Through NAT
Message Type: Binding Request (0x0001)
Message Length: 0x0024
Message Transaction ISad Awesome A2E8CB3F8CC4DB1332AED2CCCF3333F3
Attributes
Attribute: XOR_ONLY
Attribute Type: XOR_ONLY (0x0021)
Attribute Length: 0
Attribute: USERNAME
Attribute Type: USERNAME (0x0006)
Attribute Length: 4
Value: 00000001
Attribute: MESSAGE-INTEGRITY
Attribute Type: MESSAGE-INTEGRITY (0x000Cool Man (aka Tustin)
Attribute Length: 20
Value: BA779C331E3E0EE60478BDF30125A534A6D8DB40

No. Time Source Destination Protocol Info
119 45.222458 ps3.ps3.ps3.ps3 prxy.dns.fake.http STUN Message: Binding Request

Frame 119 (98 bytes on wire, 98 bytes captured)
Arrival Time: Feb 11, 2011 17:03:50.383726000
[Time delta from previous captured frame: 2.166652000 seconds]
[Time delta from previous displayed frame: 6.401422000 seconds]
[Time since reference or first frame: 45.222458000 seconds]
Frame Number: 119
Frame Length: 98 bytes
Capture Length: 98 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:udp:stun]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 84
Identification: 0xadd2 (4449Cool Man (aka Tustin)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x90af [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
User Datagram Protocol, Src Port: 55836 (55836), Dst Port: stun (347Cool Man (aka Tustin)
Source port: 55836 (55836)
Destination port: stun (347Cool Man (aka Tustin)
Length: 64
Checksum: 0x8de5 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Simple Traversal of UDP Through NAT
Message Type: Binding Request (0x0001)
Message Length: 0x0024
Message Transaction ISad Awesome A2E8CB3F8CC4DB1332AED2CCCF3333F3
Attributes
Attribute: XOR_ONLY
Attribute Type: XOR_ONLY (0x0021)
Attribute Length: 0
Attribute: USERNAME
Attribute Type: USERNAME (0x0006)
Attribute Length: 4
Value: 00000001
Attribute: MESSAGE-INTEGRITY
Attribute Type: MESSAGE-INTEGRITY (0x000Cool Man (aka Tustin)
Attribute Length: 20
Value: BA779C331E3E0EE60478BDF30125A534A6D8DB40

No. Time Source Destination Protocol Info
120 45.222523 prxy.dns.fake.http ps3.ps3.ps3.ps3 ICMP Destination unreachable (Port unreachable)

Frame 120 (126 bytes on wire, 126 bytes captured)
Arrival Time: Feb 11, 2011 17:03:50.383791000
[Time delta from previous captured frame: 0.000065000 seconds]
[Time delta from previous displayed frame: 0.000065000 seconds]
[Time since reference or first frame: 45.222523000 seconds]
Frame Number: 120
Frame Length: 126 bytes
Capture Length: 126 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:icmp:ip:udp:stun]
[Coloring Rule Name: ICMP errors]
[Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00)
1100 00.. = Differentiated Services Codepoint: Class Selector 6 (0x30)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 112
Identification: 0x752c (29996)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: ICMP (0x01)
Header checksum: 0xc889 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Internet Control Message Protocol
Type: 3 (Destination unreachable)
Code: 3 (Port unreachable)
Checksum: 0x3966 [correct]
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 84
Identification: 0xadd2 (4449Cool Man (aka Tustin)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x90af [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
User Datagram Protocol, Src Port: 55836 (55836), Dst Port: stun (347Cool Man (aka Tustin)
Source port: 55836 (55836)
Destination port: stun (347Cool Man (aka Tustin)
Length: 64
Checksum: 0x8de5 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Simple Traversal of UDP Through NAT
Message Type: Binding Request (0x0001)
Message Length: 0x0024
Message Transaction ISad Awesome A2E8CB3F8CC4DB1332AED2CCCF3333F3
Attributes
Attribute: XOR_ONLY
Attribute Type: XOR_ONLY (0x0021)
Attribute Length: 0
Attribute: USERNAME
Attribute Type: USERNAME (0x0006)
Attribute Length: 4
Value: 00000001
Attribute: MESSAGE-INTEGRITY
Attribute Type: MESSAGE-INTEGRITY (0x000Cool Man (aka Tustin)
Attribute Length: 20
Value: BA779C331E3E0EE60478BDF30125A534A6D8DB40

No. Time Source Destination Protocol Info
125 51.200308 prxy.dns.fake.http ps3.ps3.ps3.ps3 TCP http > 64780 [FIN, ACK] Seq=482 Ack=196 Win=6432 Len=0

Frame 125 (54 bytes on wire, 54 bytes captured)
Arrival Time: Feb 11, 2011 17:03:56.361576000
[Time delta from previous captured frame: 3.128568000 seconds]
[Time delta from previous displayed frame: 5.977785000 seconds]
[Time since reference or first frame: 51.200308000 seconds]
Frame Number: 125
Frame Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x7fb6 (32694)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x7f02 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Transmission Control Protocol, Src Port: http (80), Dst Port: 64780 (64780), Seq: 482, Ack: 196, Len: 0
Source port: http (80)
Destination port: 64780 (64780)
[Stream index: 10]
Sequence number: 482 (relative sequence number)
Acknowledgement number: 196 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...1 = Fin: Set
[Expert Info (Chat/Sequence): Connection finish (FIN)]
[Message: Connection finish (FIN)]
[Severity level: Chat]
[Group: Sequence]
Window size: 6432
Checksum: 0x3c32 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 101]
[The RTT to ACK the segment was: 14.823143000 seconds]

No. Time Source Destination Protocol Info
126 51.200532 ps3.ps3.ps3.ps3 prxy.dns.fake.http TCP 64780 > http [ACK] Seq=196 Ack=483 Win=65535 Len=0

Frame 126 (60 bytes on wire, 60 bytes captured)
Arrival Time: Feb 11, 2011 17:03:56.361800000
[Time delta from previous captured frame: 0.000224000 seconds]
[Time delta from previous displayed frame: 0.000224000 seconds]
[Time since reference or first frame: 51.200532000 seconds]
Frame Number: 126
Frame Length: 60 bytes
Capture Length: 60 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0xf1e8 (6192Cool Man (aka Tustin)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x0cd0 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
Transmission Control Protocol, Src Port: 64780 (64780), Dst Port: http (80), Seq: 196, Ack: 483, Len: 0
Source port: 64780 (64780)
Destination port: http (80)
[Stream index: 10]
Sequence number: 196 (relative sequence number)
Acknowledgement number: 483 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0xb2b7 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 125]
[The RTT to ACK the segment was: 0.000224000 seconds]

No. Time Source Destination Protocol Info
163 51.710222 ps3.ps3.ps3.ps3 prxy.dns.fake.http DNS Standard query A ena.net.playstation.net

Frame 163 (83 bytes on wire, 83 bytes captured)
Arrival Time: Feb 11, 2011 17:03:56.871490000
[Time delta from previous captured frame: 0.120066000 seconds]
[Time delta from previous displayed frame: 0.509690000 seconds]
[Time since reference or first frame: 51.710222000 seconds]
Frame Number: 163
Frame Length: 83 bytes
Capture Length: 83 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 69
Identification: 0xfc76 (64630)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x421a [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
User Datagram Protocol, Src Port: 55833 (55833), Dst Port: domain (53)
Source port: 55833 (55833)
Destination port: domain (53)
Length: 49
Checksum: 0xab43 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 164]
Transaction ISad Awesome 0xadd7
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
ena.net.playstation.net: type A, class IN
Name: ena.net.playstation.net
Type: A (Host address)
Class: IN (0x0001)

No. Time Source Destination Protocol Info
164 51.710502 prxy.dns.fake.http ps3.ps3.ps3.ps3 DNS Standard query response CNAME gp02.fp.playstation.net A prxy.dns.fake.http

Frame 164 (143 bytes on wire, 143 bytes captured)
Arrival Time: Feb 11, 2011 17:03:56.871770000
[Time delta from previous captured frame: 0.000280000 seconds]
[Time delta from previous displayed frame: 0.000280000 seconds]
[Time since reference or first frame: 51.710502000 seconds]
Frame Number: 164
Frame Length: 143 bytes
Capture Length: 143 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 129
Identification: 0x752d (29997)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xc927 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
User Datagram Protocol, Src Port: domain (53), Dst Port: 55833 (55833)
Source port: domain (53)
Destination port: 55833 (55833)
Length: 109
Checksum: 0x3c96 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 163]
[Time: 0.000280000 seconds]
Transaction ISad Awesome 0xadd7
Flags: 0x8180 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 2
Authority RRs: 1
Additional RRs: 0
Queries
ena.net.playstation.net: type A, class IN
Name: ena.net.playstation.net
Type: A (Host address)
Class: IN (0x0001)
Answers
ena.net.playstation.net: type CNAME, class IN, cname gp02.fp.playstation.net
Name: ena.net.playstation.net
Type: CNAME (Canonical name for an alias)
Class: IN (0x0001)
Time to live: 33 minutes, 21 seconds
Data length: 10
Primary name: gp02.fp.playstation.net
gp02.fp.playstation.net: type A, class IN, addr prxy.dns.fake.http
Name: gp02.fp.playstation.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 10 hours, 40 minutes
Data length: 4
Addr: prxy.dns.fake.http
Authoritative nameservers
fp.playstation.net: type NS, class IN, ns ps3proxy
Name: fp.playstation.net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 10 hours, 40 minutes
Data length: 10
Name server: ps3proxy

No. Time Source Destination Protocol Info
165 51.710804 ps3.ps3.ps3.ps3 prxy.dns.fake.http TCP 64777 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=0 TSV=0 TSER=0

Frame 165 (78 bytes on wire, 78 bytes captured)
Arrival Time: Feb 11, 2011 17:03:56.872072000
[Time delta from previous captured frame: 0.000302000 seconds]
[Time delta from previous displayed frame: 0.000302000 seconds]
[Time since reference or first frame: 51.710804000 seconds]
Frame Number: 165
Frame Length: 78 bytes
Capture Length: 78 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 64
Identification: 0x8a80 (35456)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x7420 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
Transmission Control Protocol, Src Port: 64777 (64777), Dst Port: https (443), Seq: 0, Len: 0
Source port: 64777 (64777)
Destination port: https (443)
[Stream index: 20]
Sequence number: 0 (relative sequence number)
Header length: 44 bytes
Flags: 0x02 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgement: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port https]
[Message: Connection establish request (SYN): server port https]
[Severity level: Chat]
[Group: Sequence]
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0xde8f [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (24 bytes)
Maximum segment size: 1460 bytes
NOP
Window scale: 0 (multiply by 1)
SACK permitted
NOP
NOP
NOP
NOP
Timestamps: TSval 0, TSecr 0

No. Time Source Destination Protocol Info
166 51.710833 prxy.dns.fake.http ps3.ps3.ps3.ps3 TCP https > 64777 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

Frame 166 (54 bytes on wire, 54 bytes captured)
Arrival Time: Feb 11, 2011 17:03:56.872101000
[Time delta from previous captured frame: 0.000029000 seconds]
[Time delta from previous displayed frame: 0.000029000 seconds]
[Time since reference or first frame: 51.710833000 seconds]
Frame Number: 166
Frame Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP RST]
[Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x0000 (0)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xfeb8 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Transmission Control Protocol, Src Port: https (443), Dst Port: 64777 (64777), Seq: 1, Ack: 1, Len: 0
Source port: https (443)
Destination port: 64777 (64777)
[Stream index: 20]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x14 (RST, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .1.. = Reset: Set
[Expert Info (Chat/Sequence): Connection reset (RST)]
[Message: Connection reset (RST)]
[Severity level: Chat]
[Group: Sequence]
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 0
Checksum: 0x585e [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 165]
[The RTT to ACK the segment was: 0.000029000 seconds]

No. Time Source Destination Protocol Info
208 73.816052 ps3.ps3.ps3.ps3 prxy.dns.fake.http DNS Standard query A xmb.dl.playstation.net

Frame 208 (82 bytes on wire, 82 bytes captured)
Arrival Time: Feb 11, 2011 17:04:18.977320000
[Time delta from previous captured frame: 3.042345000 seconds]
[Time delta from previous displayed frame: 22.105219000 seconds]
[Time since reference or first frame: 73.816052000 seconds]
Frame Number: 208
Frame Length: 82 bytes
Capture Length: 82 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 68
Identification: 0xbc1c (48156)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x8275 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
User Datagram Protocol, Src Port: 55832 (55832), Dst Port: domain (53)
Source port: 55832 (55832)
Destination port: domain (53)
Length: 48
Checksum: 0xab9a [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 211]
Transaction ISad Awesome 0xfc99
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
xmb.dl.playstation.net: type A, class IN
Name: xmb.dl.playstation.net
Type: A (Host address)
Class: IN (0x0001)

No. Time Source Destination Protocol Info
211 73.827337 prxy.dns.fake.http ps3.ps3.ps3.ps3 DNS Standard query response CNAME l02.cdn.update.playstation.net A prxy.dns.fake.http

Frame 211 (149 bytes on wire, 149 bytes captured)
Arrival Time: Feb 11, 2011 17:04:18.988605000
[Time delta from previous captured frame: 0.000420000 seconds]
[Time delta from previous displayed frame: 0.011285000 seconds]
[Time since reference or first frame: 73.827337000 seconds]
Frame Number: 211
Frame Length: 149 bytes
Capture Length: 149 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 135
Identification: 0x752e (2999Cool Man (aka Tustin)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xc920 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
User Datagram Protocol, Src Port: domain (53), Dst Port: 55832 (55832)
Source port: domain (53)
Destination port: 55832 (55832)
Length: 115
Checksum: 0x3c9c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 208]
[Time: 0.011285000 seconds]
Transaction ISad Awesome 0xfc99
Flags: 0x8180 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 2
Authority RRs: 1
Additional RRs: 0
Queries
xmb.dl.playstation.net: type A, class IN
Name: xmb.dl.playstation.net
Type: A (Host address)
Class: IN (0x0001)
Answers
xmb.dl.playstation.net: type CNAME, class IN, cname l02.cdn.update.playstation.net
Name: xmb.dl.playstation.net
Type: CNAME (Canonical name for an alias)
Class: IN (0x0001)
Time to live: 58 minutes, 41 seconds
Data length: 17
Primary name: l02.cdn.update.playstation.net
l02.cdn.update.playstation.net: type A, class IN, addr prxy.dns.fake.http
Name: l02.cdn.update.playstation.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 10 hours, 40 minutes
Data length: 4
Addr: prxy.dns.fake.http
Authoritative nameservers
cdn.update.playstation.net: type NS, class IN, ns ps3proxy
Name: cdn.update.playstation.net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 10 hours, 40 minutes
Data length: 10
Name server: ps3proxy

No. Time Source Destination Protocol Info
212 73.827707 ps3.ps3.ps3.ps3 prxy.dns.fake.http TCP 64776 > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=0 TSV=0 TSER=0

Frame 212 (78 bytes on wire, 78 bytes captured)
Arrival Time: Feb 11, 2011 17:04:18.988975000
[Time delta from previous captured frame: 0.000370000 seconds]
[Time delta from previous displayed frame: 0.000370000 seconds]
[Time since reference or first frame: 73.827707000 seconds]
Frame Number: 212
Frame Length: 78 bytes
Capture Length: 78 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 64
Identification: 0xbf7b (49019)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x3f25 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
Transmission Control Protocol, Src Port: 64776 (64776), Dst Port: http (80), Seq: 0, Len: 0
Source port: 64776 (64776)
Destination port: http (80)
[Stream index: 26]
Sequence number: 0 (relative sequence number)
Header length: 44 bytes
Flags: 0x02 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgement: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port http]
[Message: Connection establish request (SYN): server port http]
[Severity level: Chat]
[Group: Sequence]
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x53b5 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (24 bytes)
Maximum segment size: 1460 bytes
NOP
Window scale: 0 (multiply by 1)
SACK permitted
NOP
NOP
NOP
NOP
Timestamps: TSval 0, TSecr 0

No. Time Source Destination Protocol Info
213 73.827757 prxy.dns.fake.http ps3.ps3.ps3.ps3 TCP http > 64776 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460




I'll see if I can upload it somewhere
02-11-2011, 04:30 PM #196
i--DanieL_
Edgier than an octagon
Originally posted by DJandLIMON111 View Post
Kinda stupid idea but try deleting last line

Don't confuse idealism and opinion with stupidity ...

___________________
KaKaRoTo we love you

Originally posted by KaKaRoTo

Hi [private],

I get a lot of hate mail recently from people who have no idea about who I am and what I do. Thank you for being polite and respectful. For this reason, you are the first one to whom I will reply.
I do not hack MW2, I don’t have MW2, I never bought it and never tried it. I hate FPS shooters, the only ones I ever played were Resistance 2 and Killzone 2, and I never played those in multiplayer, only single player campaigns.
I am not responsible for whoever is hacking your MW2 servers, the real people to yell at are those 10 years olds in their basement thinking they’re all great for doing stuff like that.
They should be reported and their account banned, but that is beyond my control.

What I do however is completely different, I defend you, I defend you from Sony’s unacceptable behavior. Imagine if for some reason, Microsoft or Apple (Windows or Mac OSX) were acting like Sony, and that you couldn’t access anything on your computer without their authorization? You want to install Skype, you can’t because Microsoft didn’t “approve” it.. because they want you to use MSN Messenger instead… Then where is your freedom on your own machine ?

Also, what about the fact that they removed Linux support. Sony removed an advertised feature! I bought my PS3 *because* it had linux support, then they removed it. Maybe you didn’t use it, maybe very few people used that feature, but that is beyond the point. Just recently, Norway came to the conclusion that what Sony did was unlawful and there are countless lawsuits against what they did. And this sets a precedent.
Imagine if tomorrow Sony says “in the next firmware update, we will remove from the PS3 support of playing Bluray movies and DVDs”.. you bought the PS3 for that, you use that feature (or maybe you don’t, the issue is that someone else does), and they can just remove an advertised feature? It’s illegal, but why can they do it even if it’s illegal? For one simple reason, they have total control over the machine. They could very well do it, then say “pay a 100$ subscription per year to enable that feature”. The machine *can* do it, it did before, but they block it on purpose because they don’t care about their customers.

Recently George Hotz got sued by Sony because he accessed *HIS* PS3 system that he bought. He owns it, if he wants to put it in a blender or throw it out the window, it’s his right, but Sony sues him for “hacking into a protected computer owned by Sony”.. so for them, that PS3 that you own and that you bought with your hard-earned money is NOT YOURS, it’s still theirs, it’s like you rented it (but you didn’t). If you try to access your own computer, they could sue you, just as if you tried to hack into your bank’s server somewhere.. and that isn’t right.
Sony tries to make it seem like they own your PS3 and they own the PS3 that is in everyone’s houses across the world, and that simply isn’t right and it should be made illegal for them to act that way.

Long story short, this is what I do, I let people gain access to the hardware they own, what I do is 100% legal in my country (Canada), and it is equivalent to the recent DMCA Exemption for jailbreaking phones. Now, if someone uses that to do nasty things, you have two people to blame :
1 – the stupid kid who did it
2 – the developers of MW2 that didn’t write their program correctly.
There are many FPS shooters on the PC, and people can install what they want on their PC, that doesn’t make it impossible to play an FPS game on a PC, simply because the developers write their code correctly to prevents the cheaters from cheating.

Anyways, I hope that my explanation makes everything clearer to you, and that you will not judge me for what I do, because I am not a cheater, I am a freedom fighter.

Thank you,
KaKaRoTo
02-11-2011, 04:47 PM #197
TheGuyWhoHakz
Pokemon Trainer
Originally posted by be View Post
There you go...

in txt, as I don't want my mac's spread all over Winky Winky

This is from power on to logon.
Note that by selecting the logon button the ps3 already goes to the net.
Also, this is while my system is using my dns to fake the ps3-update.txt etc.

Strange thing is, I can't see any other traffic from the ps3 to my server, although I'm sniffing on a basic hub, not a switch.

Edit - I Can't attach a file of 347kbs

    
No. Time Source Destination Protocol Info

Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 116
Identification: 0x7529 (29993)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xc938 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
User Datagram Protocol, Src Port: domain (53), Dst Port: 55835 (55835)
Source port: domain (53)
Destination port: 55835 (55835)
Length: 96
Checksum: 0x3c89 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 89]
[Time: 0.000267000 seconds]
Transaction ISad Awesome 0xb815
Flags: 0x8580 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 1
Authority RRs: 1
Additional RRs: 0
Queries
feu01.ps3.update.playstation.net: type A, class IN
Name: feu01.ps3.update.playstation.net
Type: A (Host address)
Class: IN (0x0001)
Answers
feu01.ps3.update.playstation.net: type A, class IN, addr prxy.dns.fake.http
Name: feu01.ps3.update.playstation.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 10 hours, 40 minutes
Data length: 4
Addr: prxy.dns.fake.http
Authoritative nameservers
ps3.update.playstation.net: type NS, class IN, ns ps3proxy
Name: ps3.update.playstation.net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 10 hours, 40 minutes
Data length: 10
Name server: ps3proxy

No. Time Source Destination Protocol Info
91 36.185879 ps3.ps3.ps3.ps3 prxy.dns.fake.http TCP 64780 > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=0 TSV=0 TSER=0

Frame 91 (78 bytes on wire, 78 bytes captured)
Arrival Time: Feb 11, 2011 17:03:41.347147000
[Time delta from previous captured frame: 0.000390000 seconds]
[Time delta from previous displayed frame: 0.000390000 seconds]
[Time since reference or first frame: 36.185879000 seconds]
Frame Number: 91
Frame Length: 78 bytes
Capture Length: 78 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 64
Identification: 0x8468 (33896)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x7a38 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
Transmission Control Protocol, Src Port: 64780 (64780), Dst Port: http (80), Seq: 0, Len: 0
Source port: 64780 (64780)
Destination port: http (80)
[Stream index: 10]
Sequence number: 0 (relative sequence number)
Header length: 44 bytes
Flags: 0x02 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgement: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port http]
[Message: Connection establish request (SYN): server port http]
[Severity level: Chat]
[Group: Sequence]
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x9a90 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (24 bytes)
Maximum segment size: 1460 bytes
NOP
Window scale: 0 (multiply by 1)
SACK permitted
NOP
NOP
NOP
NOP
Timestamps: TSval 0, TSecr 0

No. Time Source Destination Protocol Info
92 36.185924 prxy.dns.fake.http ps3.ps3.ps3.ps3 TCP http > 64780 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460

Frame 92 (58 bytes on wire, 58 bytes captured)
Arrival Time: Feb 11, 2011 17:03:41.347192000
[Time delta from previous captured frame: 0.000045000 seconds]
[Time delta from previous displayed frame: 0.000045000 seconds]
[Time since reference or first frame: 36.185924000 seconds]
Frame Number: 92
Frame Length: 58 bytes
Capture Length: 58 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 44
Identification: 0x0000 (0)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xfeb4 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Transmission Control Protocol, Src Port: http (80), Dst Port: 64780 (64780), Seq: 0, Ack: 1, Len: 0
Source port: http (80)
Destination port: 64780 (64780)
[Stream index: 10]
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 24 bytes
Flags: 0x12 (SYN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port http]
[Message: Connection establish acknowledge (SYN+ACK): server port http]
[Severity level: Chat]
[Group: Sequence]
.... ...0 = Fin: Not set
Window size: 5840
Checksum: 0x3c36 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (4 bytes)
Maximum segment size: 1460 bytes
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 91]
[The RTT to ACK the segment was: 0.000045000 seconds]

No. Time Source Destination Protocol Info
93 36.186158 ps3.ps3.ps3.ps3 prxy.dns.fake.http TCP 64780 > http [ACK] Seq=1 Ack=1 Win=65535 Len=0

Frame 93 (60 bytes on wire, 60 bytes captured)
Arrival Time: Feb 11, 2011 17:03:41.347426000
[Time delta from previous captured frame: 0.000234000 seconds]
[Time delta from previous displayed frame: 0.000234000 seconds]
[Time since reference or first frame: 36.186158000 seconds]
Frame Number: 93
Frame Length: 60 bytes
Capture Length: 60 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0xefe2 (61410)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x0ed6 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
Transmission Control Protocol, Src Port: 64780 (64780), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 64780 (64780)
Destination port: http (80)
[Stream index: 10]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0xb55c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 92]
[The RTT to ACK the segment was: 0.000234000 seconds]

No. Time Source Destination Protocol Info
94 36.186449 ps3.ps3.ps3.ps3 prxy.dns.fake.http HTTP GET /update/ps3/list/eu/ps3-updatelist.txt HTTP/1.1

Frame 94 (249 bytes on wire, 249 bytes captured)
Arrival Time: Feb 11, 2011 17:03:41.347717000
[Time delta from previous captured frame: 0.000291000 seconds]
[Time delta from previous displayed frame: 0.000291000 seconds]
[Time since reference or first frame: 36.186449000 seconds]
Frame Number: 94
Frame Length: 249 bytes
Capture Length: 249 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 235
Identification: 0xca45 (51781)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x33b0 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
Transmission Control Protocol, Src Port: 64780 (64780), Dst Port: http (80), Seq: 1, Ack: 1, Len: 195
Source port: 64780 (64780)
Destination port: http (80)
[Stream index: 10]
Sequence number: 1 (relative sequence number)
[Next sequence number: 196 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x1be0 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Number of bytes in flight: 195]
Hypertext Transfer Protocol
GET /update/ps3/list/eu/ps3-updatelist.txt HTTP/1.1

[Expert Info (Chat/Sequence): GET /update/ps3/list/eu/ps3-updatelist.txt HTTP/1.1
]
[Message: GET /update/ps3/list/eu/ps3-updatelist.txt HTTP/1.1
]
[Severity level: Chat]
[Group: Sequence]
Request Method: GET
Request URI: /update/ps3/list/eu/ps3-updatelist.txt
Request Version: HTTP/1.1
Host: feu01.ps3.update.playstation.net

Connection: Keep-Alive

Accept-Encoding: identity

User-Agent: PS3Update-agent/1.0.0 libhttp/1.0.0




No. Time Source Destination Protocol Info
95 36.186486 prxy.dns.fake.http ps3.ps3.ps3.ps3 TCP http > 64780 [ACK] Seq=1 Ack=196 Win=6432 Len=0

Frame 95 (54 bytes on wire, 54 bytes captured)
Arrival Time: Feb 11, 2011 17:03:41.347754000
[Time delta from previous captured frame: 0.000037000 seconds]
[Time delta from previous displayed frame: 0.000037000 seconds]
[Time since reference or first frame: 36.186486000 seconds]
Frame Number: 95
Frame Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x7fb4 (32692)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x7f04 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Transmission Control Protocol, Src Port: http (80), Dst Port: 64780 (64780), Seq: 1, Ack: 196, Len: 0
Source port: http (80)
Destination port: 64780 (64780)
[Stream index: 10]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 196 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 6432
Checksum: 0x3c32 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 94]
[The RTT to ACK the segment was: 0.000037000 seconds]

No. Time Source Destination Protocol Info
96 36.186831 prxy.dns.fake.http ps3.ps3.ps3.ps3 HTTP HTTP/1.1 200 OK (text/plain)

Frame 96 (535 bytes on wire, 535 bytes captured)
Arrival Time: Feb 11, 2011 17:03:41.348099000
[Time delta from previous captured frame: 0.000345000 seconds]
[Time delta from previous displayed frame: 0.000345000 seconds]
[Time since reference or first frame: 36.186831000 seconds]
Frame Number: 96
Frame Length: 535 bytes
Capture Length: 535 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp:http:data-text-lines]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 521
Identification: 0x7fb5 (32693)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x7d22 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Transmission Control Protocol, Src Port: http (80), Dst Port: 64780 (64780), Seq: 1, Ack: 196, Len: 481
Source port: http (80)
Destination port: 64780 (64780)
[Stream index: 10]
Sequence number: 1 (relative sequence number)
[Next sequence number: 482 (relative sequence number)]
Acknowledgement number: 196 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 6432
Checksum: 0x3e13 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Number of bytes in flight: 481]
Hypertext Transfer Protocol
HTTP/1.1 200 OK

[Expert Info (Chat/Sequence): HTTP/1.1 200 OK
]
[Message: HTTP/1.1 200 OK
]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Response Code: 200
Date: Fri, 11 Feb 2011 16:03:41 GMT

Server: Apache/2.2.16 (Ubuntu)

Last-Modified: Wed, 09 Feb 2011 12:56:33 GMT

ETag: "cf7bf-a6-49bd8fe926051"

Accept-Ranges: bytes

Content-Length: 166

[Content length: 166]
Vary: Accept-Encoding

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive

Content-Type: text/plain



Line-based text data: text/plain
# EU\n
Dest=85;CompatibleSystemSoftwareVersion=3.5500-;\n
Dest=85;ImageVersion=0000b99c;SystemSoftwareVersion=3.5500;CDN=https://prxy.dns.fake.http/PS3UPDAT.PUP;CDN_Timeout=30;\n
\n

No. Time Source Destination Protocol Info
97 36.234754 ps3.ps3.ps3.ps3 prxy.dns.fake.http DNS Standard query A auth.np.ac.playstation.net

Frame 97 (86 bytes on wire, 86 bytes captured)
Arrival Time: Feb 11, 2011 17:03:41.396022000
[Time delta from previous captured frame: 0.047923000 seconds]
[Time delta from previous displayed frame: 0.047923000 seconds]
[Time since reference or first frame: 36.234754000 seconds]
Frame Number: 97
Frame Length: 86 bytes
Capture Length: 86 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 72
Identification: 0xd6fe (5503Cool Man (aka Tustin)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x678f [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
User Datagram Protocol, Src Port: 55834 (55834), Dst Port: domain (53)
Source port: 55834 (55834)
Destination port: domain (53)
Length: 52
Checksum: 0xaf4f [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 98]
Transaction ISad Awesome 0x2270
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
auth.np.ac.playstation.net: type A, class IN
Name: auth.np.ac.playstation.net
Type: A (Host address)
Class: IN (0x0001)

No. Time Source Destination Protocol Info
98 36.235009 prxy.dns.fake.http ps3.ps3.ps3.ps3 DNS Standard query response A 199.108.4.73

Frame 98 (102 bytes on wire, 102 bytes captured)
Arrival Time: Feb 11, 2011 17:03:41.396277000
[Time delta from previous captured frame: 0.000255000 seconds]
[Time delta from previous displayed frame: 0.000255000 seconds]
[Time since reference or first frame: 36.235009000 seconds]
Frame Number: 98
Frame Length: 102 bytes
Capture Length: 102 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 88
Identification: 0x752a (29994)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xc953 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
User Datagram Protocol, Src Port: domain (53), Dst Port: 55834 (55834)
Source port: domain (53)
Destination port: 55834 (55834)
Length: 68
Checksum: 0x3c6d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 97]
[Time: 0.000255000 seconds]
Transaction ISad Awesome 0x2270
Flags: 0x8180 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 1
Authority RRs: 0
Additional RRs: 0
Queries
auth.np.ac.playstation.net: type A, class IN
Name: auth.np.ac.playstation.net
Type: A (Host address)
Class: IN (0x0001)
Answers
auth.np.ac.playstation.net: type A, class IN, addr 199.108.4.73
Name: auth.np.ac.playstation.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 31 minutes, 23 seconds
Data length: 4
Addr: 199.108.4.73

No. Time Source Destination Protocol Info
101 36.377165 ps3.ps3.ps3.ps3 prxy.dns.fake.http TCP 64780 > http [ACK] Seq=196 Ack=482 Win=65535 Len=0

Frame 101 (60 bytes on wire, 60 bytes captured)
Arrival Time: Feb 11, 2011 17:03:41.538433000
[Time delta from previous captured frame: 0.037401000 seconds]
[Time delta from previous displayed frame: 0.142156000 seconds]
[Time since reference or first frame: 36.377165000 seconds]
Frame Number: 101
Frame Length: 60 bytes
Capture Length: 60 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x86a7 (34471)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x7811 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
Transmission Control Protocol, Src Port: 64780 (64780), Dst Port: http (80), Seq: 196, Ack: 482, Len: 0
Source port: 64780 (64780)
Destination port: http (80)
[Stream index: 10]
Sequence number: 196 (relative sequence number)
Acknowledgement number: 482 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0xb2b8 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 96]
[The RTT to ACK the segment was: 0.190334000 seconds]

No. Time Source Destination Protocol Info
103 38.820981 ps3.ps3.ps3.ps3 prxy.dns.fake.http STUN Message: Binding Request

Frame 103 (98 bytes on wire, 98 bytes captured)
Arrival Time: Feb 11, 2011 17:03:43.982249000
[Time delta from previous captured frame: 1.960515000 seconds]
[Time delta from previous displayed frame: 2.443816000 seconds]
[Time since reference or first frame: 38.820981000 seconds]
Frame Number: 103
Frame Length: 98 bytes
Capture Length: 98 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:udp:stun]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 84
Identification: 0xf538 (62776)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x4949 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
User Datagram Protocol, Src Port: 55836 (55836), Dst Port: stun (347Cool Man (aka Tustin)
Source port: 55836 (55836)
Destination port: stun (347Cool Man (aka Tustin)
Length: 64
Checksum: 0x8de5 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Simple Traversal of UDP Through NAT
Message Type: Binding Request (0x0001)
Message Length: 0x0024
Message Transaction ISad Awesome A2E8CB3F8CC4DB1332AED2CCCF3333F3
Attributes
Attribute: XOR_ONLY
Attribute Type: XOR_ONLY (0x0021)
Attribute Length: 0
Attribute: USERNAME
Attribute Type: USERNAME (0x0006)
Attribute Length: 4
Value: 00000001
Attribute: MESSAGE-INTEGRITY
Attribute Type: MESSAGE-INTEGRITY (0x000Cool Man (aka Tustin)
Attribute Length: 20
Value: BA779C331E3E0EE60478BDF30125A534A6D8DB40

No. Time Source Destination Protocol Info
104 38.821036 prxy.dns.fake.http ps3.ps3.ps3.ps3 ICMP Destination unreachable (Port unreachable)

Frame 104 (126 bytes on wire, 126 bytes captured)
Arrival Time: Feb 11, 2011 17:03:43.982304000
[Time delta from previous captured frame: 0.000055000 seconds]
[Time delta from previous displayed frame: 0.000055000 seconds]
[Time since reference or first frame: 38.821036000 seconds]
Frame Number: 104
Frame Length: 126 bytes
Capture Length: 126 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:icmp:ip:udp:stun]
[Coloring Rule Name: ICMP errors]
[Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00)
1100 00.. = Differentiated Services Codepoint: Class Selector 6 (0x30)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 112
Identification: 0x752b (29995)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: ICMP (0x01)
Header checksum: 0xc88a [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Internet Control Message Protocol
Type: 3 (Destination unreachable)
Code: 3 (Port unreachable)
Checksum: 0x3966 [correct]
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 84
Identification: 0xf538 (62776)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x4949 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
User Datagram Protocol, Src Port: 55836 (55836), Dst Port: stun (347Cool Man (aka Tustin)
Source port: 55836 (55836)
Destination port: stun (347Cool Man (aka Tustin)
Length: 64
Checksum: 0x8de5 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Simple Traversal of UDP Through NAT
Message Type: Binding Request (0x0001)
Message Length: 0x0024
Message Transaction ISad Awesome A2E8CB3F8CC4DB1332AED2CCCF3333F3
Attributes
Attribute: XOR_ONLY
Attribute Type: XOR_ONLY (0x0021)
Attribute Length: 0
Attribute: USERNAME
Attribute Type: USERNAME (0x0006)
Attribute Length: 4
Value: 00000001
Attribute: MESSAGE-INTEGRITY
Attribute Type: MESSAGE-INTEGRITY (0x000Cool Man (aka Tustin)
Attribute Length: 20
Value: BA779C331E3E0EE60478BDF30125A534A6D8DB40

No. Time Source Destination Protocol Info
119 45.222458 ps3.ps3.ps3.ps3 prxy.dns.fake.http STUN Message: Binding Request

Frame 119 (98 bytes on wire, 98 bytes captured)
Arrival Time: Feb 11, 2011 17:03:50.383726000
[Time delta from previous captured frame: 2.166652000 seconds]
[Time delta from previous displayed frame: 6.401422000 seconds]
[Time since reference or first frame: 45.222458000 seconds]
Frame Number: 119
Frame Length: 98 bytes
Capture Length: 98 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:udp:stun]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 84
Identification: 0xadd2 (4449Cool Man (aka Tustin)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x90af [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
User Datagram Protocol, Src Port: 55836 (55836), Dst Port: stun (347Cool Man (aka Tustin)
Source port: 55836 (55836)
Destination port: stun (347Cool Man (aka Tustin)
Length: 64
Checksum: 0x8de5 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Simple Traversal of UDP Through NAT
Message Type: Binding Request (0x0001)
Message Length: 0x0024
Message Transaction ISad Awesome A2E8CB3F8CC4DB1332AED2CCCF3333F3
Attributes
Attribute: XOR_ONLY
Attribute Type: XOR_ONLY (0x0021)
Attribute Length: 0
Attribute: USERNAME
Attribute Type: USERNAME (0x0006)
Attribute Length: 4
Value: 00000001
Attribute: MESSAGE-INTEGRITY
Attribute Type: MESSAGE-INTEGRITY (0x000Cool Man (aka Tustin)
Attribute Length: 20
Value: BA779C331E3E0EE60478BDF30125A534A6D8DB40

No. Time Source Destination Protocol Info
120 45.222523 prxy.dns.fake.http ps3.ps3.ps3.ps3 ICMP Destination unreachable (Port unreachable)

Frame 120 (126 bytes on wire, 126 bytes captured)
Arrival Time: Feb 11, 2011 17:03:50.383791000
[Time delta from previous captured frame: 0.000065000 seconds]
[Time delta from previous displayed frame: 0.000065000 seconds]
[Time since reference or first frame: 45.222523000 seconds]
Frame Number: 120
Frame Length: 126 bytes
Capture Length: 126 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:icmp:ip:udp:stun]
[Coloring Rule Name: ICMP errors]
[Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00)
1100 00.. = Differentiated Services Codepoint: Class Selector 6 (0x30)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 112
Identification: 0x752c (29996)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: ICMP (0x01)
Header checksum: 0xc889 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Internet Control Message Protocol
Type: 3 (Destination unreachable)
Code: 3 (Port unreachable)
Checksum: 0x3966 [correct]
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 84
Identification: 0xadd2 (4449Cool Man (aka Tustin)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x90af [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
User Datagram Protocol, Src Port: 55836 (55836), Dst Port: stun (347Cool Man (aka Tustin)
Source port: 55836 (55836)
Destination port: stun (347Cool Man (aka Tustin)
Length: 64
Checksum: 0x8de5 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Simple Traversal of UDP Through NAT
Message Type: Binding Request (0x0001)
Message Length: 0x0024
Message Transaction ISad Awesome A2E8CB3F8CC4DB1332AED2CCCF3333F3
Attributes
Attribute: XOR_ONLY
Attribute Type: XOR_ONLY (0x0021)
Attribute Length: 0
Attribute: USERNAME
Attribute Type: USERNAME (0x0006)
Attribute Length: 4
Value: 00000001
Attribute: MESSAGE-INTEGRITY
Attribute Type: MESSAGE-INTEGRITY (0x000Cool Man (aka Tustin)
Attribute Length: 20
Value: BA779C331E3E0EE60478BDF30125A534A6D8DB40

No. Time Source Destination Protocol Info
125 51.200308 prxy.dns.fake.http ps3.ps3.ps3.ps3 TCP http > 64780 [FIN, ACK] Seq=482 Ack=196 Win=6432 Len=0

Frame 125 (54 bytes on wire, 54 bytes captured)
Arrival Time: Feb 11, 2011 17:03:56.361576000
[Time delta from previous captured frame: 3.128568000 seconds]
[Time delta from previous displayed frame: 5.977785000 seconds]
[Time since reference or first frame: 51.200308000 seconds]
Frame Number: 125
Frame Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x7fb6 (32694)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x7f02 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Transmission Control Protocol, Src Port: http (80), Dst Port: 64780 (64780), Seq: 482, Ack: 196, Len: 0
Source port: http (80)
Destination port: 64780 (64780)
[Stream index: 10]
Sequence number: 482 (relative sequence number)
Acknowledgement number: 196 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...1 = Fin: Set
[Expert Info (Chat/Sequence): Connection finish (FIN)]
[Message: Connection finish (FIN)]
[Severity level: Chat]
[Group: Sequence]
Window size: 6432
Checksum: 0x3c32 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 101]
[The RTT to ACK the segment was: 14.823143000 seconds]

No. Time Source Destination Protocol Info
126 51.200532 ps3.ps3.ps3.ps3 prxy.dns.fake.http TCP 64780 > http [ACK] Seq=196 Ack=483 Win=65535 Len=0

Frame 126 (60 bytes on wire, 60 bytes captured)
Arrival Time: Feb 11, 2011 17:03:56.361800000
[Time delta from previous captured frame: 0.000224000 seconds]
[Time delta from previous displayed frame: 0.000224000 seconds]
[Time since reference or first frame: 51.200532000 seconds]
Frame Number: 126
Frame Length: 60 bytes
Capture Length: 60 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Trailer: 000000000000
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0xf1e8 (6192Cool Man (aka Tustin)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x0cd0 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
Transmission Control Protocol, Src Port: 64780 (64780), Dst Port: http (80), Seq: 196, Ack: 483, Len: 0
Source port: 64780 (64780)
Destination port: http (80)
[Stream index: 10]
Sequence number: 196 (relative sequence number)
Acknowledgement number: 483 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0xb2b7 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 125]
[The RTT to ACK the segment was: 0.000224000 seconds]

No. Time Source Destination Protocol Info
163 51.710222 ps3.ps3.ps3.ps3 prxy.dns.fake.http DNS Standard query A ena.net.playstation.net

Frame 163 (83 bytes on wire, 83 bytes captured)
Arrival Time: Feb 11, 2011 17:03:56.871490000
[Time delta from previous captured frame: 0.120066000 seconds]
[Time delta from previous displayed frame: 0.509690000 seconds]
[Time since reference or first frame: 51.710222000 seconds]
Frame Number: 163
Frame Length: 83 bytes
Capture Length: 83 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 69
Identification: 0xfc76 (64630)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x421a [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
User Datagram Protocol, Src Port: 55833 (55833), Dst Port: domain (53)
Source port: 55833 (55833)
Destination port: domain (53)
Length: 49
Checksum: 0xab43 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 164]
Transaction ISad Awesome 0xadd7
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
ena.net.playstation.net: type A, class IN
Name: ena.net.playstation.net
Type: A (Host address)
Class: IN (0x0001)

No. Time Source Destination Protocol Info
164 51.710502 prxy.dns.fake.http ps3.ps3.ps3.ps3 DNS Standard query response CNAME gp02.fp.playstation.net A prxy.dns.fake.http

Frame 164 (143 bytes on wire, 143 bytes captured)
Arrival Time: Feb 11, 2011 17:03:56.871770000
[Time delta from previous captured frame: 0.000280000 seconds]
[Time delta from previous displayed frame: 0.000280000 seconds]
[Time since reference or first frame: 51.710502000 seconds]
Frame Number: 164
Frame Length: 143 bytes
Capture Length: 143 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 129
Identification: 0x752d (29997)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xc927 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
User Datagram Protocol, Src Port: domain (53), Dst Port: 55833 (55833)
Source port: domain (53)
Destination port: 55833 (55833)
Length: 109
Checksum: 0x3c96 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 163]
[Time: 0.000280000 seconds]
Transaction ISad Awesome 0xadd7
Flags: 0x8180 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 2
Authority RRs: 1
Additional RRs: 0
Queries
ena.net.playstation.net: type A, class IN
Name: ena.net.playstation.net
Type: A (Host address)
Class: IN (0x0001)
Answers
ena.net.playstation.net: type CNAME, class IN, cname gp02.fp.playstation.net
Name: ena.net.playstation.net
Type: CNAME (Canonical name for an alias)
Class: IN (0x0001)
Time to live: 33 minutes, 21 seconds
Data length: 10
Primary name: gp02.fp.playstation.net
gp02.fp.playstation.net: type A, class IN, addr prxy.dns.fake.http
Name: gp02.fp.playstation.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 10 hours, 40 minutes
Data length: 4
Addr: prxy.dns.fake.http
Authoritative nameservers
fp.playstation.net: type NS, class IN, ns ps3proxy
Name: fp.playstation.net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 10 hours, 40 minutes
Data length: 10
Name server: ps3proxy

No. Time Source Destination Protocol Info
165 51.710804 ps3.ps3.ps3.ps3 prxy.dns.fake.http TCP 64777 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=0 TSV=0 TSER=0

Frame 165 (78 bytes on wire, 78 bytes captured)
Arrival Time: Feb 11, 2011 17:03:56.872072000
[Time delta from previous captured frame: 0.000302000 seconds]
[Time delta from previous displayed frame: 0.000302000 seconds]
[Time since reference or first frame: 51.710804000 seconds]
Frame Number: 165
Frame Length: 78 bytes
Capture Length: 78 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 64
Identification: 0x8a80 (35456)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x7420 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
Transmission Control Protocol, Src Port: 64777 (64777), Dst Port: https (443), Seq: 0, Len: 0
Source port: 64777 (64777)
Destination port: https (443)
[Stream index: 20]
Sequence number: 0 (relative sequence number)
Header length: 44 bytes
Flags: 0x02 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgement: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port https]
[Message: Connection establish request (SYN): server port https]
[Severity level: Chat]
[Group: Sequence]
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0xde8f [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (24 bytes)
Maximum segment size: 1460 bytes
NOP
Window scale: 0 (multiply by 1)
SACK permitted
NOP
NOP
NOP
NOP
Timestamps: TSval 0, TSecr 0

No. Time Source Destination Protocol Info
166 51.710833 prxy.dns.fake.http ps3.ps3.ps3.ps3 TCP https > 64777 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

Frame 166 (54 bytes on wire, 54 bytes captured)
Arrival Time: Feb 11, 2011 17:03:56.872101000
[Time delta from previous captured frame: 0.000029000 seconds]
[Time delta from previous displayed frame: 0.000029000 seconds]
[Time since reference or first frame: 51.710833000 seconds]
Frame Number: 166
Frame Length: 54 bytes
Capture Length: 54 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: TCP RST]
[Coloring Rule String: tcp.flags.reset eq 1]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 40
Identification: 0x0000 (0)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0xfeb8 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Transmission Control Protocol, Src Port: https (443), Dst Port: 64777 (64777), Seq: 1, Ack: 1, Len: 0
Source port: https (443)
Destination port: 64777 (64777)
[Stream index: 20]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x14 (RST, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 0... = Push: Not set
.... .1.. = Reset: Set
[Expert Info (Chat/Sequence): Connection reset (RST)]
[Message: Connection reset (RST)]
[Severity level: Chat]
[Group: Sequence]
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 0
Checksum: 0x585e [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 165]
[The RTT to ACK the segment was: 0.000029000 seconds]

No. Time Source Destination Protocol Info
208 73.816052 ps3.ps3.ps3.ps3 prxy.dns.fake.http DNS Standard query A xmb.dl.playstation.net

Frame 208 (82 bytes on wire, 82 bytes captured)
Arrival Time: Feb 11, 2011 17:04:18.977320000
[Time delta from previous captured frame: 3.042345000 seconds]
[Time delta from previous displayed frame: 22.105219000 seconds]
[Time since reference or first frame: 73.816052000 seconds]
Frame Number: 208
Frame Length: 82 bytes
Capture Length: 82 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 68
Identification: 0xbc1c (48156)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x8275 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
User Datagram Protocol, Src Port: 55832 (55832), Dst Port: domain (53)
Source port: 55832 (55832)
Destination port: domain (53)
Length: 48
Checksum: 0xab9a [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (query)
[Response In: 211]
Transaction ISad Awesome 0xfc99
Flags: 0x0100 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
xmb.dl.playstation.net: type A, class IN
Name: xmb.dl.playstation.net
Type: A (Host address)
Class: IN (0x0001)

No. Time Source Destination Protocol Info
211 73.827337 prxy.dns.fake.http ps3.ps3.ps3.ps3 DNS Standard query response CNAME l02.cdn.update.playstation.net A prxy.dns.fake.http

Frame 211 (149 bytes on wire, 149 bytes captured)
Arrival Time: Feb 11, 2011 17:04:18.988605000
[Time delta from previous captured frame: 0.000420000 seconds]
[Time delta from previous displayed frame: 0.011285000 seconds]
[Time since reference or first frame: 73.827337000 seconds]
Frame Number: 211
Frame Length: 149 bytes
Capture Length: 149 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 135
Identification: 0x752e (2999Cool Man (aka Tustin)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xc920 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
User Datagram Protocol, Src Port: domain (53), Dst Port: 55832 (55832)
Source port: domain (53)
Destination port: 55832 (55832)
Length: 115
Checksum: 0x3c9c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Domain Name System (response)
[Request In: 208]
[Time: 0.011285000 seconds]
Transaction ISad Awesome 0xfc99
Flags: 0x8180 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 2
Authority RRs: 1
Additional RRs: 0
Queries
xmb.dl.playstation.net: type A, class IN
Name: xmb.dl.playstation.net
Type: A (Host address)
Class: IN (0x0001)
Answers
xmb.dl.playstation.net: type CNAME, class IN, cname l02.cdn.update.playstation.net
Name: xmb.dl.playstation.net
Type: CNAME (Canonical name for an alias)
Class: IN (0x0001)
Time to live: 58 minutes, 41 seconds
Data length: 17
Primary name: l02.cdn.update.playstation.net
l02.cdn.update.playstation.net: type A, class IN, addr prxy.dns.fake.http
Name: l02.cdn.update.playstation.net
Type: A (Host address)
Class: IN (0x0001)
Time to live: 10 hours, 40 minutes
Data length: 4
Addr: prxy.dns.fake.http
Authoritative nameservers
cdn.update.playstation.net: type NS, class IN, ns ps3proxy
Name: cdn.update.playstation.net
Type: NS (Authoritative name server)
Class: IN (0x0001)
Time to live: 10 hours, 40 minutes
Data length: 10
Name server: ps3proxy

No. Time Source Destination Protocol Info
212 73.827707 ps3.ps3.ps3.ps3 prxy.dns.fake.http TCP 64776 > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=0 TSV=0 TSER=0

Frame 212 (78 bytes on wire, 78 bytes captured)
Arrival Time: Feb 11, 2011 17:04:18.988975000
[Time delta from previous captured frame: 0.000370000 seconds]
[Time delta from previous displayed frame: 0.000370000 seconds]
[Time since reference or first frame: 73.827707000 seconds]
Frame Number: 212
Frame Length: 78 bytes
Capture Length: 78 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 64
Identification: 0xbf7b (49019)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x3f25 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
Transmission Control Protocol, Src Port: 64776 (64776), Dst Port: http (80), Seq: 0, Len: 0
Source port: 64776 (64776)
Destination port: http (80)
[Stream index: 26]
Sequence number: 0 (relative sequence number)
Header length: 44 bytes
Flags: 0x02 (SYN)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgement: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port http]
[Message: Connection establish request (SYN): server port http]
[Severity level: Chat]
[Group: Sequence]
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x53b5 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Options: (24 bytes)
Maximum segment size: 1460 bytes
NOP
Window scale: 0 (multiply by 1)
SACK permitted
NOP
NOP
NOP
NOP
Timestamps: TSval 0, TSecr 0

No. Time Source Destination Protocol Info
213 73.827757 prxy.dns.fake.http ps3.ps3.ps3.ps3 TCP http > 64776 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460




I'll see if I can upload it somewhere


I need the .pcap as exporting it as a text file is useless for us it shows hardly anything, and your afraid of your mac addresses being published because?

I uploaded my wireshark...
02-11-2011, 04:58 PM #198
I don't want fony to block my mac, nor do I want anyone to spoof my mac's.

I'll never give my pcap, as you know you can replay pcap :whistle:
02-11-2011, 04:59 PM #199
DubStepperDay
-W.H.U.F.C-
if you look at the last lines of this there is a PS3 update agent could this be it?
Originally posted by another user
No. Time Source Destination Protocol Info
94 36.186449 ps3.ps3.ps3.ps3 prxy.dns.fake.http HTTP GET /update/ps3/list/eu/ps3-updatelist.txt HTTP/1.1

Frame 94 (249 bytes on wire, 249 bytes captured)
Arrival Time: Feb 11, 2011 17:03:41.347717000
[Time delta from previous captured frame: 0.000291000 seconds]
[Time delta from previous displayed frame: 0.000291000 seconds]
[Time since reference or first frame: 36.186449000 seconds]
Frame Number: 94
Frame Length: 249 bytes
Capture Length: 249 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: a:mac:add:re:ss (a:mac:add:re:ss), Dst: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Destination: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3), Dst: prxy.dns.fake.http (prxy.dns.fake.http)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 235
Identification: 0xca45 (51781)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x33b0 [correct]
[Good: True]
[Bad : False]
Source: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Destination: prxy.dns.fake.http (prxy.dns.fake.http)
Transmission Control Protocol, Src Port: 64780 (64780), Dst Port: http (80), Seq: 1, Ack: 1, Len: 195
Source port: 64780 (64780)
Destination port: http (80)
[Stream index: 10]
Sequence number: 1 (relative sequence number)
[Next sequence number: 196 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0x1be0 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Number of bytes in flight: 195]
Hypertext Transfer Protocol
GET /update/ps3/list/eu/ps3-updatelist.txt HTTP/1.1

[Expert Info (Chat/Sequence): GET /update/ps3/list/eu/ps3-updatelist.txt HTTP/1.1
]
[Message: GET /update/ps3/list/eu/ps3-updatelist.txt HTTP/1.1
]
[Severity level: Chat]
[Group: Sequence]
Request Method: GET
Request URI: /update/ps3/list/eu/ps3-updatelist.txt
Request Version: HTTP/1.1
Host: feu01.ps3.update.playstation.net

Connection: Keep-Alive

Accept-Encoding: identity

User-Agent: PS3Update-agent/1.0.0 libhttp/1.0.0




then after that there is this again look at the last lines it talks about the FW version and something about timing out.

Originally posted by another user
No. Time Source Destination Protocol Info
96 36.186831 prxy.dns.fake.http ps3.ps3.ps3.ps3 HTTP HTTP/1.1 200 OK (text/plain)

Frame 96 (535 bytes on wire, 535 bytes captured)
Arrival Time: Feb 11, 2011 17:03:41.348099000
[Time delta from previous captured frame: 0.000345000 seconds]
[Time delta from previous displayed frame: 0.000345000 seconds]
[Time since reference or first frame: 36.186831000 seconds]
Frame Number: 96
Frame Length: 535 bytes
Capture Length: 535 bytes
[Frame is marked: True]
[Protocols in frame: eth:ip:tcp:http:data-text-lines]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80]
Ethernet II, Src: Wistron_11:6d:b2 (mac:ps3:mac:ps3), Dst: a:mac:add:re:ss (a:mac:add:re:ss)
Destination: a:mac:add:re:ss (a:mac:add:re:ss)
Address: a:mac:add:re:ss (a:mac:add:re:ss)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
Address: Wistron_11:6d:b2 (mac:ps3:mac:ps3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: prxy.dns.fake.http (prxy.dns.fake.http), Dst: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 521
Identification: 0x7fb5 (32693)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 64
Protocol: TCP (0x06)
Header checksum: 0x7d22 [correct]
[Good: True]
[Bad : False]
Source: prxy.dns.fake.http (prxy.dns.fake.http)
Destination: ps3.ps3.ps3.ps3 (ps3.ps3.ps3.ps3)
Transmission Control Protocol, Src Port: http (80), Dst Port: 64780 (64780), Seq: 1, Ack: 196, Len: 481
Source port: http (80)
Destination port: 64780 (64780)
[Stream index: 10]
Sequence number: 1 (relative sequence number)
[Next sequence number: 482 (relative sequence number)]
Acknowledgement number: 196 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgement: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 6432
Checksum: 0x3e13 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[SEQ/ACK analysis]
[Number of bytes in flight: 481]
Hypertext Transfer Protocol
HTTP/1.1 200 OK

[Expert Info (Chat/Sequence): HTTP/1.1 200 OK
]
[Message: HTTP/1.1 200 OK
]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Response Code: 200
Date: Fri, 11 Feb 2011 16:03:41 GMT

Server: Apache/2.2.16 (Ubuntu)

Last-Modified: Wed, 09 Feb 2011 12:56:33 GMT

ETag: "cf7bf-a6-49bd8fe926051"

Accept-Ranges: bytes

Content-Length: 166

[Content length: 166]
Vary: Accept-Encoding

Keep-Alive: timeout=15, max=100

Connection: Keep-Alive

Content-Type: text/plain



Line-based text data: text/plain
# EU\n
Dest=85;CompatibleSystemSoftwareVersion=3.5500-;\n
Dest=85;ImageVersion=0000b99c;SystemSoftwareVersion=3.5500;CDN=https://prxy.dns.fake.http/PS3UPDAT.PUP;CDN_Timeout=30;\n
\n

Copyright © 2026, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo