Windows Vista and later : Network Connectivity Status Indicator (NCSI)

[ what’s NCSI ]

NCSI probes Internet connectivity automatically and determines whether Internet connectivity is available or not based on NSCI probing results.
This function has been implemented Windows Vista and later.

About NCSI
Vista : http://technet.microsoft.com/en-us/library/cc766023::(WS.10).aspx
7 and 2008 R2 : http://technet.microsoft.com/en-us/library/ee126135(WS.10).aspx

[ How does NCSI check Internet connectivity ? ]

NCSI checks Internet connectivity by using two methods.

1.  GET ncsi.txt file via HTTP and check the string in that file

access to http://www.msftncsi.com/ncsi.txt and check ncsi.txt containing “Microsoft NCSI”

perform DNS lookup for www.msftncsi.com
access to www.msftncsi.com and GET ncsi.txt and then check ncsi.txt containing “Microsoft NCSI”

performs DNS lookup

# dig @DNSServer www.msftncsi.com ; <<>> DiG 9.8.0-P1 <<>> @DNSServer www.msftncsi.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24246 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.msftncsi.com.              IN      A ;; ANSWER SECTION: www.msftncsi.com.       2103    IN      CNAME   newncsi.glbdns.microsoft.com. newncsi.glbdns.microsoft.com. 300 IN    CNAME   ncsi.glbdns.microsoft.com. ncsi.glbdns.microsoft.com. 300  IN      A       207.46.61.90

access to www.msftncsi.com

# wget http://www.msftncsi.com/ncsi.txt

check that file containing “Microsoft NCSI”

# cat ncsi.txt Microsoft NCSI#

There are no line terminators in this file.

# file ncsi.txt ncsi.txt: ASCII text, with no line terminators

2.  perfom DNS resolution and check the answer

performs DNS look up for dns.msftncsi.com and confirm whether the IP matches 131.107.255.255 or not.
If the IP matches 131.107.255.255 , NCSI determines that your PC has correct Internet connectivity.
If not , NSCI determines  your PC has wrong Internet connectivity.

DNS lookup for dns.msfncsi.com

# dig @DNSServer dns.msftncsi.com ; <<>> DiG 9.8.0-P1 <<>> @DNSServer dns.msftncsi.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16747 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;dns.msftncsi.com.              IN      A ;; ANSWER SECTION: dns.msftncsi.com.       30      IN      A       131.107.255.255

[ if NCSI probing fails ]

On “Windows button -> Control Panel -> Network and Internet -> Network and Sharing Center” ,
You will see red X mark between network and internet icon as below.

Note that this situation will happen even though your PC has actually internet connectivity.

For example:

- can’t resolve DNS lookup for www.msftncsi.com - can’t get right cnsi.txt ( www.msftncsi.com/ncsi.txt ) - can’t get the correct DNS reply ( dns.msftncsi.com =131.107.255.255 )

If you have internet connectivity for sure , but see the above red X mark , try the followings.

- turn off Anti Virus tool if you have installed it - perform DNS lookup for dns.msftncsi.com with nslookup command - check ncsi.txt containing “Miscosoft NCSI” into that file manually using CLI or something

[ How to turn off NCSI probing ]

regedit ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet

To disable this functions , set EnableActiveProbing to 0
Default value is 1 ( enabled probing )

[ How frequently does NCSI probe ? ]

I built fake www.msftncsi.com to check NCSI probing interval.

|------------ internet Client – SW ---- DNS                 |---- fake Web server ( Apache respond to ncsi.txt containing “M$” )

- Client performs DNS lookup for www.msftncsi.com
- DNS returns the fake web server’s address
 Except for www.msftncsi.com query , DNS returns correct answers.
- Client accesses to the fake Web server
- fake web server respond to ncsi.txt
- NCSI determines there’s no internet connectivity even though there’s internet connectivity.

the content of nsci.txt

# cat /var/www/ncsi.txt M$

M$ not MS :)

NCSI probing misunderstands my PC does not have Internet connectivity even though there’s Internet connectivity.

Here’s an access.log of fake web server.
Seen from access.log , polling interval does not seem to be fixed.

23:27:53 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI" 23:28:23 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI" 23:28:53 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI" 23:29:38 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI" 23:30:43 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI" 23:32:33 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI" 23:34:53 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI" 23:38:38 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI" 23:44:13 +0900] "GET /ncsi.txt HTTP/1.1" 200 299 "-" "Microsoft NCSI" 23:52:38 +0900] "GET /ncsi.txt HTTP/1.1" 200 279 "-" "Microsoft NCSI"

I don’t like this function :(

VMware player 3.1 : create a custom network and assign it to a VM

VMware player : 3.1.4 build-385536 Host OS : Windows7 64bit

VMware plyaer 3.1 doesn’t provide vmnetcfg command which enables you to create custom networks like vmnet1 , vmnet2 etc :(
You can assign bridged ( VMnet0 ) or host-only ( VMnet1 ) or natted network (VMnet8) to a VM by default installation.

You however can create custom networks by installing VMware player by following procedures.
Please see my previous post.
http://lost-and-found-narihiro.blogspot.com/2011/07/how-to-use-vmnetcfg-on-vmware-player-31.html

[ create custom networks and assign it to VMs ]

1. create custom networks with vmnetcfg

run "C:\Program Files (x86)\VMware\VMware Player\vmnetcfg.exe"

activate VMnet 1 ( to - 7 ) virtual host adapter.

2. prepare a VM and assign a custom VMnet to a VM

I prepared Scientific Linux 6.1 as a VM. and assigned three vNICs to that VM.
You can not assign custom networks ( VMnet2 to VMnet7 ) via GUI.


So you need to edit vmx file by text editor.

edit vmx file like below.

#ethernet1.connectionType = "hostonly" ethernet1.connectionType = "custom" ethernet1.vnet = "VMnet1" #ethernet2.connectionType = "hostonly" ethernet2.connectionType = "custom" ethernet2.vnet = "VMnet2"

3. run vmware player and check virtual machine settings.




4. fly VM

an output of ifconfig on VM.

- VMnet0 ( bridge ) [root@sl6-1 ~]# ifconfig eth0 | grep "inet addr"          inet addr:192.168.11.200  Bcast:192.168.11.255  Mask:255.255.255.0 - VMnet1 ( custom ) [root@sl6-1 ~]# ifconfig eth1 | grep "inet addr"          inet addr:192.168.19.128  Bcast:192.168.19.255  Mask:255.255.255.0 - VMnet2 ( custom ) [root@sl6-1 ~]# ifconfig eth2 | grep "inet addr"          inet addr:192.168.92.128  Bcast:192.168.92.255  Mask:255.255.255.0

I can assign VMnet0 (bridge) , VMnet1 and VMnet2 to the VM :)

VMware player : install Scientific Linux 6 64bit as Guest OS

VMware Player : 3.1.4 build-385536
Host OS : Windows 7 64bit
Guest OS : Scientific Linux 6 64bit ( SL6 )

[ wath’s Scientific Linux ? ]

Scientific Lilunx (SL) is one of Red Hat Enterprise Linux close OSes.
Other clones are Oracle Enterprise Linux , CentOS.

As of 2011/9/23 , the latest version of these OSes are :

Cent OS : 6 ( not 6.1 )
SL :6.1
Oracle Linux : 6.1

[ procedures ]

- create a new VM and install SL6

With regard to OS type , there is no RHEL 6 in the guest OS list , I specified guest OS type as CentOS 64bit.

- installing SL6

[ install VMware tools ]

after installing SL , install VMware tools.

VMware console -> Virtual Machine -> install VMware tools

VMware tools will be mounted automatically and you will see the following GUI.

If VMware tools are not mounted automatically , mount VMware tools manually.

# mkdir zzz # mount -t iso9660 /dev/sr0 /zzz

- install VMware tools

[root@sl6-1 ~]# cp /media/VMware\ Tools/VMwareTools-8.4.6-385536.tar.gz . [root@sl6-1 ~]# tar xzvf VMwareTools-8.4.6-385536.tar.gz [root@sl6-1 ~]# cd vmware-tools-distrib/ [root@sl6-1 vmware-tools-distrib]# ./vmware-install.pl

- after finishing installing VMware tools , reboot guest OS

# sync # reboot

that’s it :)

decrypt SSL traffic with ssldump

decrypt SSL traffic with ssldump

[ installation ]

Ubuntu 11.04

root@hat1:~# apt-get install ssldump -y root@hat1:~# ssldump -v ssldump 0.9b3 Copyright (C) 1998-2001 RTFM, Inc. All rights reserved. Compiled with OpenSSL: decryption enabled

Fedora 15

[root@f15 ~]# yum list | grep ssldump [root@f15 ~]# ssldump -v ssldump 0.9b3 Copyright (C) 1998-2001 RTFM, Inc. All rights reserved. Compiled with OpenSSL: decryption enabled

[ decrypt SSL traffic ]

- At first , prepare Apache with SSL on Fedora 15

install httpd

[root@f15 ~]# yum install -y httpd mod_ssl

Sample SSL certification and configuration file for Apache are included in mod_ssl.

- SSL configuration file for Apache (/etc/httpd/conf.d/ssl.conf)

Private Key

SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

Certification file

SSLCertificateFile /etc/pki/tls/certs/localhost.crt

private key

[root@f15 conf.d]# openssl rsa -text -in /etc/pki/tls/private/localhost.key Private-Key: (1024 bit) modulus:    00:ea:cf:7c:fa:18:31:97:40:17:b8:85:5c:86:ec:    75:be:93:9c:cb:ce:7c:26:c7:29:30:41:f7:93:21:    8c:6c:4b:12:34:f5:78:40:94:ab:d9:70:75:a1:ec:    14:70:6e:8b:ce:fe:c0:35:85:66:24:bb:2c:b1:f2:

certification file

[root@f15 conf.d]# openssl x509 -text -in /etc/pki/tls/certs/localhost.crt Certificate:    Data:        Version: 3 (0x2)        Serial Number: 30063 (0x756f)        Signature Algorithm: sha1WithRSAEncryption        Issuer: C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=f15.localdomain/emailAddress=root@f15.localdomain        Validity            Not Before: Sep 21 14:30:35 2011 GMT            Not After : Sep 20 14:30:35 2012 GMT        Subject: C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=f15.localdomain/emailAddress=root@f15.localdomain        Subject Public Key Info:            Public Key Algorithm: rsaEncryption                Public-Key: (1024 bit)

- start Apache

[root@f15 conf.d]# apachectl start

confirm SSL is enabled

[root@f15 conf.d]# wget https://127.0.0.1 --no-check-certificate --2011-09-21 23:52:34--  https://127.0.0.1/ Connecting to 127.0.0.1:443... connected. WARNING: cannot verify 127.0.0.1’s certificate, issued by “/C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=f15.localdomain/emailAddress=root@f15.localdomain”:  Unable to locally verify the issuer’s authority.    WARNING: certificate common name “f15.localdomain” doesn't match requested host name “127.0.0.1”. HTTP request sent, awaiting response... 200 OK Length: 526 [text/html] Saving to: “index.html” 100%[======================================>] 526         --.-K/s   in 0s       2011-09-21 23:52:34 (4.45 MB/s) - “index.html” saved [526/526]

[ decrypt SSL traffic with ssldump ]

Client ( Utuntu , Firefox ) --------- Apache ( Fedora )

ssldump can decrypt SSL traffic under the following conditions

# man ssldump       ssldump can decrypt traffic between two hosts if the following two con‐       ditions are met:              1. ssldump has the keys.              2. Static RSA was used.

- configure Firefox to use static RSA.

Firefox -> about:config -> search “ssl” -> enable only “security.ssl3.rsa_rc4_128_sha”


capture SSL traffic on both client (Ubuntu11.04) and server ( Fedora 15 )

I could decrypt SSL traffic on Ubuntu machine , however I can’t decrypt on Fedora 15...

on Ubuntu , I could decrypt SSL :)

root@hat1:~# ssldump -i br0 -Ad -k localhost.key port 443 New TCP connection #2: hat1.local(48362) <-> f15.local(443) 2 1  0.0010 (0.0010)  C>SV3.1(53)  Handshake      ClientHello        Version 3.1        random[32]=          4e 7a 05 16 5a b5 10 30 3f 64 70 1c 4c 7a e1 6d          20 6e 12 31 a3 92 33 93 b3 1d 05 74 7a 61 b8 2f        cipher suites        Unknown value 0xff        TLS_RSA_WITH_RC4_128_SHA        compression methods                  NULL 2 2  0.0019 (0.0009)  S>CV3.1(53)  Handshake      ServerHello        Version 3.1        random[32]=          4e 7a 05 16 0e e1 6a d8 44 71 4f 56 b2 ef 67 67          27 06 76 93 2e 88 47 83 dc 9c 65 8b 78 9b 5d 65        session_id[0]=        cipherSuite         TLS_RSA_WITH_RC4_128_SHA        compressionMethod                   NULL 2 3  0.0019 (0.0000)  S>CV3.1(767)  Handshake      Certificate 2 4  0.0019 (0.0000)  S>CV3.1(4)  Handshake      ServerHelloDone 2 5  0.0584 (0.0564)  C>SV3.1(134)  Handshake      ClientKeyExchange        EncryptedPreMasterSecret[128]=          86 30 17 79 da 85 92 7c 28 98 b9 c8 9a 46 f2 23          6d 38 96 3a c8 f6 d7 a7 19 a8 81 d2 a0 7e 45 46          15 80 16 f3 d8 36 75 41 40 73 91 1c e9 33 1d 4f          da 2b a9 fb 50 1e 00 2d 30 14 99 b6 8d 36 5b d1          f7 ae 41 14 97 d3 36 a3 c2 9d 30 3a b3 f3 4b fe          79 0c a3 79 6a b6 38 fd 7d ab 66 29 33 c8 3d 1b          d8 35 19 00 de 16 89 78 7e 0e 17 bb 7c 67 b2 c7          06 c6 0d f8 df 8e b5 f8 47 9f 5b ab 02 70 08 42 2 6  0.0584 (0.0000)  C>SV3.1(1)  ChangeCipherSpec 2 7  0.0584 (0.0000)  C>SV3.1(36)  Handshake      Finished        verify_data[12]=          df 11 b4 22 6f 4b c7 c0 a9 da e6 3c 2 8  0.0621 (0.0037)  S>CV3.1(202)  Handshake      TLS_RSA_WITH_RC4_128_MD52 9  0.0621 (0.0000)  S>CV3.1(1)  ChangeCipherSpec 2 10 0.0621 (0.0000)  S>CV3.1(36)  Handshake      Finished        verify_data[12]=          89 e4 88 3c 04 27 3a 09 7a 9f 94 dd 2 11 0.0661 (0.0039)  C>SV3.1(372)  application_data    ---------------------------------------------------------------    GET /index.html HTTP/1.1    Host: 192.168.11.150    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:6.0.2) Gecko/20100101 Firefox/6.0.2    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8    Accept-Language: ja,en-us;q=0.7,en;q=0.3    Accept-Encoding: gzip, deflate    Accept-Charset: Shift_JIS,utf-8;q=0.7,*;q=0.7    Connection: keep-alive        --------------------------------------------------------------- 2 12 0.0670 (0.0009)  S>CV3.1(285)  application_data    ---------------------------------------------------------------    HTTP/1.1 200 OK    Date: Wed, 21 Sep 2011 15:39:02 GMT    Server: Apache/2.2.21 (Fedora)    Last-Modified: Wed, 21 Sep 2011 14:56:04 GMT    ETag: "80318-6-4ad74c67a39a9"    Accept-Ranges: bytes    Content-Length: 6    Connection: close    Content-Type: text/html; charset=UTF-8        --------------------------------------------------------------- 2 13 0.0670 (0.0000)  S>CV3.1(26)  application_data    ---------------------------------------------------------------    hello    --------------------------------------------------------------- 2 14 0.0670 (0.0000)  S>CV3.1(22)  Alert    level           warning    value           close_notify 2    0.0670 (0.0000)  S>C  TCP FIN 2 15 0.0678 (0.0007)  C>SV3.1(22)  Alert    level           warning    value           close_notify 2    0.0679 (0.0000)  C>S  TCP RST New TCP connection #3: hat1.local(48363) <-> f15.local(443) 3 1  0.0008 (0.0008)  C>SV3.1(277)  Handshake      ClientHello        Version 3.1        random[32]=          4e 7a 05 16 9c 6f 97 27 81 55 7b 33 46 e6 94 7a          4f 26 ab 93 a0 18 0b 24 f6 f3 20 fa 15 8a 2f 1f        resume [32]=          94 a7 49 4a 2e 80 cf 05 6e 7d af 2a e4 ec 77 17          6a 4a f4 24 ea 84 cc 98 e9 e3 0e cd 60 94 59 a7        cipher suites        Unknown value 0xff        TLS_RSA_WITH_RC4_128_SHA        compression methods                  NULL 3 2  0.0018 (0.0009)  S>CV3.1(81)  Handshake      ServerHello        Version 3.1        random[32]=          4e 7a 05 16 5b d0 98 fb 4c 8e a4 bc 70 b9 99 b7          f1 1c cb 87 b2 33 c4 ca c7 64 58 bf 62 49 97 78        session_id[32]=          94 a7 49 4a 2e 80 cf 05 6e 7d af 2a e4 ec 77 17          6a 4a f4 24 ea 84 cc 98 e9 e3 0e cd 60 94 59 a7        cipherSuite         TLS_RSA_WITH_RC4_128_SHA        compressionMethod                   NULL 3 3  0.0018 (0.0000)  S>CV3.1(1)  ChangeCipherSpec 3 4  0.0018 (0.0000)  S>CV3.1(36)  Handshake 3 5  0.0040 (0.0022)  C>SV3.1(1)  ChangeCipherSpec 3 6  0.0040 (0.0000)  C>SV3.1(36)  Handshake 3 7  0.0040 (0.0000)  C>SV3.1(343)  application_data 3 8  0.3194 (0.3153)  S>CV3.1(200)  application_data 3 9  0.3194 (0.0000)  S>CV3.1(310)  application_data 3 10 0.3194 (0.0000)  S>CV3.1(22)  Alert 3    0.3195 (0.0000)  S>C  TCP FIN 3 11 0.3201 (0.0006)  C>SV3.1(22)  Alert 3    0.3202 (0.0000)  C>S  TCP RST New TCP connection #4: hat1.local(48364) <-> f15.local(443) 4 1  0.0006 (0.0006)  C>SV3.1(277)  Handshake      ClientHello        Version 3.1        random[32]=          4e 7a 05 16 df 10 11 0e 6e 77 f8 3a 8d fa 84 05          03 4e f1 d7 73 4e ad e2 dd 58 ef 60 bb 59 8a e8        resume [32]=          94 a7 49 4a 2e 80 cf 05 6e 7d af 2a e4 ec 77 17          6a 4a f4 24 ea 84 cc 98 e9 e3 0e cd 60 94 59 a7        cipher suites        Unknown value 0xff        TLS_RSA_WITH_RC4_128_SHA        compression methods                  NULL 4 2  0.0015 (0.0009)  S>CV3.1(81)  Handshake      ServerHello        Version 3.1        random[32]=          4e 7a 05 16 7b bf 58 8f fc 3a 4b 10 cb 2d 48 7b          ef 1d fd 39 68 26 6f 4b 74 aa 26 5b ee 95 e8 87        session_id[32]=          94 a7 49 4a 2e 80 cf 05 6e 7d af 2a e4 ec 77 17          6a 4a f4 24 ea 84 cc 98 e9 e3 0e cd 60 94 59 a7        cipherSuite         TLS_RSA_WITH_RC4_128_SHA        compressionMethod                   NULL 4 3  0.0015 (0.0000)  S>CV3.1(1)  ChangeCipherSpec 4 4  0.0015 (0.0000)  S>CV3.1(36)  Handshake 4 5  0.0044 (0.0028)  C>SV3.1(1)  ChangeCipherSpec 4 6  0.0044 (0.0000)  C>SV3.1(36)  Handshake 4 7  0.0044 (0.0000)  C>SV3.1(373)  application_data 4 8  0.0054 (0.0009)  S>CV3.1(200)  application_data 4 9  0.0054 (0.0000)  S>CV3.1(310)  application_data 4 10 0.0054 (0.0000)  S>CV3.1(22)  Alert 4    0.0055 (0.0000)  S>C  TCP FIN 4 11 0.0060 (0.0005)  C>SV3.1(22)  Alert 4    0.0061 (0.0000)  C>S  TCP RST ^Croot@hat1:~#

on Fedora 15 , segmentation fault :(

[root@f15 ~]# ssldump -i eth0 -Ad -k /etc/pki/tls/private/localhost.key port 443 New TCP connection #1: 192.168.11.100(48362) <-> 192.168.11.150(443) 1 1  0.0010 (0.0010)  C>S V3.1(53)  Handshake      ClientHello        Version 3.1        random[32]=          4e 7a 05 16 5a b5 10 30 3f 64 70 1c 4c 7a e1 6d          20 6e 12 31 a3 92 33 93 b3 1d 05 74 7a 61 b8 2f        cipher suites        Unknown value 0xff        TLS_RSA_WITH_RC4_128_SHA        compression methods                  NULL 1 2  0.0014 (0.0004)  S>C V3.1(53)  Handshake      ServerHello        Version 3.1        random[32]=          4e 7a 05 16 0e e1 6a d8 44 71 4f 56 b2 ef 67 67          27 06 76 93 2e 88 47 83 dc 9c 65 8b 78 9b 5d 65        session_id[0]=        cipherSuite         TLS_RSA_WITH_RC4_128_SHA        compressionMethod                   NULL 1 3  0.0014 (0.0000)  S>C V3.1(767)  Handshake      Certificate 1 4  0.0014 (0.0000)  S>C V3.1(4)  Handshake      ServerHelloDone 1 5  0.0585 (0.0571)  C>S V3.1(134)  Handshake      ClientKeyExchange        EncryptedPreMasterSecret[128]=          86 30 17 79 da 85 92 7c 28 98 b9 c8 9a 46 f2 23          6d 38 96 3a c8 f6 d7 a7 19 a8 81 d2 a0 7e 45 46          15 80 16 f3 d8 36 75 41 40 73 91 1c e9 33 1d 4f          da 2b a9 fb 50 1e 00 2d 30 14 99 b6 8d 36 5b d1          f7 ae 41 14 97 d3 36 a3 c2 9d 30 3a b3 f3 4b fe          79 0c a3 79 6a b6 38 fd 7d ab 66 29 33 c8 3d 1b          d8 35 19 00 de 16 89 78 7e 0e 17 bb 7c 67 b2 c7          06 c6 0d f8 df 8e b5 f8 47 9f 5b ab 02 70 08 42 1 6  0.0585 (0.0000)  C>S V3.1(1)  ChangeCipherSpec 1 7  0.0585 (0.0000)  C>S V3.1(36)  Handshake      Finished        verify_data[12]=          df 11 b4 22 6f 4b c7 c0 a9 da e6 3c 1 8  0.0617 (0.0031)  S>C V3.1(202)  Handshake Segmentation fault (core dumped)