What can you get out of it !

[Mystery Man]

I have Sygate Firewall on my computer. A message is displayed by an application that came with the installation program of the dialer software for connecting to internet. I have broadband internet access through the local LAN operator who distributes bandwidth from an ISP using ethernet.

BB_CustomMessage MFC Application is trying to connect to [210.18.11.11] using remote port 81 (HOSTS2-NS - HOSTS2 Name Server). Do you want to allow this program to access the network?

The message details are :-

File Version : 1.0.0.1
File Description : BB_CustomMessage MFC Application (BB_CustomMessage.exe)
File Path : C:\Program Files\Sify Broadband\BB_CustomMessage.exe
Process ID : 0xD0C (Heximal) 3340 (Decimal)

Connection origin : local initiated
Protocol : TCP
Local Address : 10.13.161.244
Local Port : 1273
Remote Name :
Remote Address : 210.18.11.11
Remote Port : 81 (HOSTS2-NS - HOSTS2 Name Server)

Ethernet packet details:
Ethernet II (Packet Length: 92)
Destination: 00-c0-69-0b-f4-9d
Source: 00-08-a1-68-f2-f2
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 64
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0xcbc4 (Correct)
Source: 10.13.161.244
Destination: 210.18.11.11
Transmission Control Protocol (TCP)
Source port: 1273
Destination port: 81
Sequence number: 2130043640
Acknowledgment number: 0
Header length: 44
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0xdb45 (Correct)
Data (0 Bytes)

Binary dump of the packet:
0000: 00 C0 69 0B F4 9D 00 08 : A1 68 F2 F2 08 00 45 00 | ..i......h....E.
0010: 00 40 EC CD 40 00 40 06 : C4 CB 0A 0D A1 F4 D2 12 | .@..@.@.........
0020: 0B 0B 04 F9 00 51 7E F5 : E2 F8 00 00 00 00 B0 02 | .....Q~.........
0030: FF FF 45 DB 00 00 02 04 : 05 80 01 03 03 03 01 01 | ..E.............
0040: 08 0A 00 00 00 00 00 00 : 00 00 01 01 04 02 FF 8F | ................
0050: FF 8C FF 88 FF 8B FF 85 : FF 85 FF 8C | ............

This is the entire details. What are the various information that can be derived from it. I am trying to understand the purpose of this program and why does it want to access the network. I am currently declining the attempt to connect to network.

I want to know what info can be derivwed from the message and how did you reached the conclusion that is details about how can i learn to unterpret same results in future.

Thanx

[Tiger Shark]

It's a SYN packet trying to establishg a connection with the remote host.

It seems to have something to do with your ISP since the file is located in the Sify Broadband folder. I'd call them and ask what it is doing.