Packet capture - reconnaissance and intrusion - c;arifications needed

Hey guys,

I have attached a "packet capture" from some network activity.
This seems to be a live attack. Need to identify the probe and intrusion details.

Packets 3 - 258 are part of a reconnaissance attack. They simply want to identify the systems alive on the network.
Packet 229 - A vulnerable system on the network responds.

Attacker 192.168.1.1. culnerable system is 192.168.1.100

Correct me if im wrong here.

Paclets 275 - 286, further reconnaissance. 192.168.1.1 attepts to find vulnearbilities on 192.168.1.100. Tries SSH, FTP, http, pop3, dns, Telnet.

Dont know what 287 - 289 mean.

296 - 313 --- 192.168.1.1. and 192.168 1.100 are negotiating a Telnet connectivity. However why does all the telnet data from 1.00 to 1.1 has a wrong checksum ?

444 - 451 --- Not sure what exactly this is

452 - till end --- indicates some HTTP activity between 1.1. and 1.100. However in most cases 1.100 does not return anythign to 1.1. Let me know if this can be considered an intrusion. If so do we consider it a success or failure.

athideerapandian