Question on IP# and RNAAPP.EXE
When I disconnect from the internet (on dailup) I get the following. Sygate firewall pro pick up the following packet. Everytime it is differant packet....
File Version : 4.90.3000
File Description : Dial-Up Networking Application
File Path : C:\WINDOWS\SYSTEM\RNAAPP.EXE
Process ID : FFFC07D5 (Heximal) 4294707157 (Decimal)
Connection origin : local initiated
Ethernet packet details:
Ethernet II (Packet Length: 48)
Destination: 01-00-5e-00-00-02
Source: 44-45-53-54-00-00
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 24 bytes
Flags:
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 1
Protocol: 0x2 (IGMP - Internet Group Management Message Protocol)
Header checksum: 0x2abf (Correct)
Source: 144.247.105.193
Destination: 224.0.0.2
Binary dump of the packet:
0000: 01 00 5E 00 00 02 44 45 : 53 54 00 00 08 00 46 00 | ..^...DEST....F.
0010: 00 20 8A F2 00 00 01 02 : BF 2A 90 F7 69 C1 E0 00 | . .......*..i...
0020: 00 02 94 04 00 00 17 00 : F9 04 EF FF FF FA 65 64 | ..............ed
OrgName: SUPSHIP, Groton, U.S.N.
OrgID: SGU-2
Address: 3101 WASHINGTON AVE
Address: BUILDING 635
City: NEWPORT NEWS
StateProv: VA
PostalCode: 23607
Country: US
NetRange: 144.247.0.0 - 144.247.255.255
CIDR: 144.247.0.0/16
NetName: SOSGNET
NetHandle: NET-144-247-0-0-1
Parent: NET-144-0-0-0-0
NetType: Direct Assignment
NameServer: AISCDNS1.SUPSHIP.NAVY.MIL
NameServer: AISCFW2.SUPSHIP.NAVY.MIL
NameServer: MONITOR.SSSD.NAVY.MIL
Comment:
RegDate: 1990-01-11
Updated: 2003-03-25
TechHandle: LC686-ARIN
TechName: Crowder, Lee
TechPhone: +1-757-688-0284
TechEmail: [email protected]
# ARIN WHOIS database, last updated 2003-03-28 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
=============
ile Version : 4.90.3000
File Description : Dial-Up Networking Application
File Path : C:\WINDOWS\SYSTEM\RNAAPP.EXE
Process ID : FFFE1497 (Heximal) 4294841495 (Decimal)
Connection origin : local initiated
Ethernet packet details:
Ethernet II (Packet Length: 48)
Destination: 01-00-5e-00-00-02
Source: 44-45-53-54-00-00
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 24 bytes
Flags:
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 1
Protocol: 0x2 (IGMP - Internet Group Management Message Protocol)
Header checksum: 0xce4e (Correct)
Source: 128.246.105.193
Destination: 224.0.0.2
Binary dump of the packet:
0000: 01 00 5E 00 00 02 44 45 : 53 54 00 00 08 00 46 00 | ..^...DEST....F.
0010: 00 20 0B 50 00 00 01 02 : 4E CE 80 F6 69 C1 E0 00 | . .P....N...i...
0020: 00 02 94 04 00 00 17 00 : F9 04 EF FF FF FA 68 74 | ..............ht
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-serv...copyright.html
inetnum: 128.246.0.0 - 128.246.255.255
netname: CIBA-NET
descr: Ciba Speciialty Chemicals
descr: 4002 Basel
descr: Switzerland
country: CH
admin-c: KP1727-RIPE
tech-c: KP1727-RIPE
status: ASSIGNED PI
mnt-by: CIBA-MNT
changed: [email protected] 20020802
source: RIPE
route: 128.246.0.0/16
descr: CH-CIBA
origin: AS15799
mnt-by: CIBA-MNT
changed: [email protected] 20010329
source: RIPE
person: Peter Krause
address: Ciba Specialty Chemicals
address: Klybeckstrasse 141
address: CH-4002 Basel
phone: +41 61 636 47 71
fax-no: +41 61 636 88 77
e-mail: [email protected]
nic-hdl: KP1727-RIPE
changed: [email protected] 19971020
source: RIPE
