NAME
====
  CodeRed 3
        + CodeRed Worm (Symantec)


EXPERIMENTAL TYPE
=================
  Retrieval Behavior - includes retrieval packets only.


EXPERIMENTAL ENVIRONMENT
========================

                 131.113.1.2 (Triger Packet Sender)
                     |
   131.113.1.1       |          131.113.1.2
  +-----------+      |         +-----+-----+
  | Infected  |      |         | Targeted  |
  |    PC     | <----+         |    PC     |
  |  (*1)(*2) |                |           |
  +-----+-----+                +-----+-----+
        |                            |
  ------+----------------------------+------
  131.113.1.0/31

  (*1) Windows 2000 Server on VMware
  (*2) Default Route = 131.113.1.2


PCAP SUMMARY
============

Total: 50967  START: 1 0.000000
-----------------
80/TCP;: 16831
  1 0.000000 131.113.1.1 131.67.95.56 TCP 1029 > 80 [SYN] Seq=0 Ack=0 Win=16384 Len=0 MSS=1460