Hi all,

A system Administrator looking after a network in a remote office of mine detected traffic being sent into his network that was targeted a router on his network. He is naturally suspicious of this and has asked me for help. He captured the suspect traffic using IRIS traffic Analyser. his statement (I havent been onsite to view the traffic myself - I'm in the UK and he's in Central america) is that all packets look the same. Hmmm. anyway, the packet he forwarded to me is as follows

212.x.x.x->200.x.x.x
Time 9:10:35:689
0000: 00 07 50 F6 0F 60 00 30 65 2E B5 C0 08 00 45 00 ..P..`.0e.....E.
0010: 00 4E EC 68 00 00 65 11 25 BE 44 A2 0B 22 C8 3E .N.h..e.%.D.."..
0020: 2B 76 04 04 00 89 00 3A 78 2B 01 00 00 10 00 01 +v.....:x+......
0030: 00 00 00 00 00 00 20 43 4B 41 41 41 41 41 41 41 ...... CKAAAAAAA
0040: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
0050: 41 41 41 41 41 41 41 00 00 21 00 01 AAAAAAA..!..

200.x.x.x.is our router. 212.x.x.x is the external address.

Apparently, IRIS reports this as UDP.

Can anyone help me decode this packet to get a handle on whats going on?

What can I feed this information into to get the hex decoded into a more reasonable format, or is there an online reference somewhere that will tell me how to interpret this data?

Many thanks for your help on this people.

Alan Mott