# DO NOT EDIT THIS FILE!  It was created by Ethereal
@expoloit@(ip.addr eq 61.219.90.180 and ip.addr eq 192.168.100.28) and (tcp.port eq 56711 and tcp.port eq 6112)@[65534,18269,20166][0,0,0]
@rootshell@(ip.addr eq 61.219.90.180 and ip.addr eq 192.168.100.28) and (tcp.port eq 56712 and tcp.port eq 1524)@[60589,65534,48219][0,0,0]
@ftp control connection, get tools@(ip.addr eq 192.168.100.28 and ip.addr eq 62.211.66.16) and (tcp.port eq 32783 and tcp.port eq 21)@[48575,65534,29775][0,0,0]
@FTP data: wget@(ip.addr eq 62.211.66.16 and ip.addr eq 192.168.100.28) and (tcp.port eq 20 and tcp.port eq 32784)@[57160,65534,41393][0,0,0]
@FTP data: dlp@(ip.addr eq 62.211.66.16 and ip.addr eq 192.168.100.28) and (tcp.port eq 20 and tcp.port eq 32785)@[57520,65534,40247][0,0,0]
@FTP data: solbnc@(ip.addr eq 62.211.66.16 and ip.addr eq 192.168.100.28) and (tcp.port eq 20 and tcp.port eq 32786)@[56049,65534,37317][0,0,0]
@FTP data: ipv6sun@(ip.addr eq 62.211.66.16 and ip.addr eq 192.168.100.28) and (tcp.port eq 20 and tcp.port eq 32788)@[55311,65534,39556][0,0,0]
@wget: bobzz/solg.tar.gz@(ip.addr eq 192.168.100.28 and ip.addr eq 62.211.66.53) and (tcp.port eq 32789 and tcp.port eq 80)@[65534,61928,39015][0,0,0]
@FTP control, sunsolve@(ip.addr eq 192.168.100.28 and ip.addr eq 192.18.99.122) and (tcp.port eq 32791 and tcp.port eq 21)@[37427,65534,40076][0,0,0]
@FTP data: 111085-02.zip@(ip.addr eq 192.18.99.122 and ip.addr eq 192.168.100.28) and (tcp.port eq 20 and tcp.port eq 32792)@[60642,65534,42671][0,0,0]
@FTP control to sunsolve 2@(ip.addr eq 192.168.100.28 and ip.addr eq 192.18.99.122) and (tcp.port eq 32793 and tcp.port eq 21)@[39628,65534,38610][0,0,0]
@ftp data: 108949-07.zip@(ip.addr eq 192.18.99.122 and ip.addr eq 192.168.100.28) and (tcp.port eq 20 and tcp.port eq 32794)@[55311,65534,39556][0,0,0]
@irc@(ip.addr eq 192.168.100.28 and ip.addr eq 80.117.14.44) and (tcp.port eq 7000 and tcp.port eq 3934)@[59254,47428,65534][0,0,0]
@IRC busy@(ip.addr eq 192.168.100.28 and ip.addr eq 206.252.192.195) and (tcp.port eq 32795 and tcp.port eq 6667)@[47996,55454,65534][0,0,0]
@IRC busy 2@(ip.addr eq 192.168.100.28 and ip.addr eq 206.252.192.195) and (tcp.port eq 32796 and tcp.port eq 6667)@[42990,55715,65534][0,0,0]
@IRC irc-1.stealth.net@(ip.addr eq 206.252.192.195 and ip.addr eq 192.168.100.28) and (tcp.port eq 5555 and tcp.port eq 32803)@[52390,65534,61681][0,0,0]
@SSH con1@(ip.addr eq 62.101.108.86 and ip.addr eq 192.168.100.28) and (tcp.port eq 52124 and tcp.port eq 5001)@[65534,37208,52185][0,0,0]
@psyBNC reconnected@(ip.addr eq 80.117.14.44 and ip.addr eq 192.168.100.28) and (tcp.port eq 3935 and tcp.port eq 7000)@[63869,41252,65534][0,0,0]
@http get spy.tar@(ip.addr eq 62.211.66.55 and ip.addr eq 192.168.100.28) and (tcp.port eq 80 and tcp.port eq 32806)@[63673,65534,50478][0,0,0]
@SSH con2@(ip.addr eq 62.101.108.86 and ip.addr eq 192.168.100.28) and (tcp.port eq 52128 and tcp.port eq 5001)@[65534,56584,44488][0,0,0]
@ficken@(ip.proto == 0x01) && (frame[38:2] == 1a:0b)@[65534,28039,48025][0,0,0]
@ipv6 IRC@(ipv6.addr eq 2001:750:2:0:202:a5ff:fef0:aac7 and ipv6.addr eq 2001:750:2:0:202:a5ff:fef0:aac7) and (tcp.port eq 6667 and tcp.port eq 32780)@[64172,65534,45667][0,0,0]
@IRC v6v4@(ip.addr eq 192.168.100.28 and ip.addr eq 80.117.14.222) and (tcp.port eq 7000 and tcp.port eq 2602)@[65534,51696,62271][0,0,0]
@IRC v4v6 2@(ip.addr eq 80.117.14.222 and ip.addr eq 192.168.100.28) and (tcp.port eq 2640 and tcp.port eq 7000)@[48792,37581,65534][0,0,0]
@IRC v4v6m 3@(ip.addr eq 80.117.14.222 and ip.addr eq 192.168.100.28) and (tcp.port eq 2644 and tcp.port eq 7000)@[55311,39556,65534][0,0,0]
@IRC@(ip.addr eq 192.168.100.28 and ip.addr eq 80.117.14.222) and (tcp.port eq 7000 and tcp.port eq 2082)@[64516,38610,65534][0,0,0]
@IRC@(ip.addr eq 206.252.192.195 and ip.addr eq 192.168.100.28) and (tcp.port eq 5555 and tcp.port eq 32805)@[57826,25776,65534][0,0,0]