CQ-Contest
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CQ-Contest] spot analysis running behind... and help needed.

from [K1TTT] [Permanent Link][Original]
To: "reflector cq-contest" <CQ-Contest@Contesting.COM>
Subject: [CQ-Contest] spot analysis running behind... and help needed.
From: "K1TTT" <K1TTT@ARRL.NET>
Date: Wed, 01 Dec 2010 01:55:53 +0000
List-post: <cq-contest@contesting.com">mailto:cq-contest@contesting.com> 
I hate to admit it, but I have been running IIS for years here and still
don't know what all the stuff in it's log file means... anyone that can help
please read on.

My fake self spotter was back again near the end of cqww cw.  Again the
spots appear to come from a mobile device if I am correct.  This time the
ip's come back to T-Mobile, last time they were at&t mobility, and service
provider corp... and the ip's change quickly, often just getting one or two
postings from an address.  This time he knew he couldn't spot from dxsummit
because my call is locked out there, so he continued using other web
spotting gateways, including mine... so I not only got the ip addresses, but
the iis logs.

And this is where it stumps me... below are the iis log entries for 2 spots
put in on my webcluster at the exact same time, using the exact same
aspsessionid, which I think means it HAS to be the same computer, but they
came in with 2 different ip addresses!  Would a mobile device changing
access points do something like this?  Anyone got any better ideas?  Or know
how to read the user agent string to tell what type of machine it is??

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2010-11-27 13:07:24
#Fields: date time s-sitename s-computername s-ip cs-method cs-uri-stem
cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) cs(Cookie)
cs(Referer) cs-host sc-status sc-substatus sc-win32-status sc-bytes cs-bytes
time-taken 

gets the dx posting form

2010-11-28 23:13:13 W3SVC6957 K1TTT-NODE 192.168.0.3 GET
/DXSend/dxframe.html - 80 - 208.54.85.55 HTTP/1.1
Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.0
.3705;+.NET+CLR+1.1.4322;+Media+Center+PC+4.0;+WinNT-PAI+24.07.2009)
ASPSESSIONIDQSBBCBSS=GCLLLNABKKBJNLJPCCGHLIMC - dx.k1ttt.net 200 0 0 464 385
125
2010-11-28 23:13:13 W3SVC6957 K1TTT-NODE 192.168.0.3 GET /DXSend/dxform.html
- 80 - 208.54.85.55 HTTP/1.1
Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.0
.3705;+.NET+CLR+1.1.4322;+Media+Center+PC+4.0;+WinNT-PAI+24.07.2009)
ASPSESSIONIDQSBBCBSS=GCLLLNABKKBJNLJPCCGHLIMC
http://dx.k1ttt.net/DXSend/dxframe.html dx.k1ttt.net 200 0 0 1442 434 171
2010-11-28 23:13:13 W3SVC6957 K1TTT-NODE 192.168.0.3 GET /favicon.ico - 80 -
208.54.85.55 HTTP/1.1
Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.0
.3705;+.NET+CLR+1.1.4322;+Media+Center+PC+4.0;+WinNT-PAI+24.07.2009)
ASPSESSIONIDQSBBCBSS=GCLLLNABKKBJNLJPCCGHLIMC - dx.k1ttt.net 404 0 2 1795
353 109

post the same spot from 2 ip addresses at the same time???

2010-11-28 23:13:54 W3SVC6957 K1TTT-NODE 192.168.0.3 POST
/DXSend/DXSend.asmx/SendDx - 80 - 208.54.85.55 HTTP/1.1
Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.0
.3705;+.NET+CLR+1.1.4322;+Media+Center+PC+4.0;+WinNT-PAI+24.07.2009)
ASPSESSIONIDQSBBCBSS=GCLLLNABKKBJNLJPCCGHLIMC
http://dx.k1ttt.net/DXSend/dxform.html dx.k1ttt.net 200 0 0 443 583 7218

2010-11-28 23:13:54 W3SVC6957 K1TTT-NODE 192.168.0.3 POST
/DXSend/DXSend.asmx/SendDx - 80 - 208.54.85.71 HTTP/1.1
Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.0
.3705;+.NET+CLR+1.1.4322;+Media+Center+PC+4.0;+WinNT-PAI+24.07.2009)
ASPSESSIONIDQSBBCBSS=GCLLLNABKKBJNLJPCCGHLIMC
http://dx.k1ttt.net/DXSend/dxform.html dx.k1ttt.net 200 0 0 443 583 5078

He knows about the logging of the ip's, guess he just wanted to check by
getting the ip address log!

2010-11-28 23:14:13 W3SVC6957 K1TTT-NODE 192.168.0.3 GET
/DXSend/log/dxlog.txt - 80 - 208.54.85.55 HTTP/1.1
Mozilla/4.0+(compatible;+MSIE+8.0;+Windows+NT+5.1;+Trident/4.0;+.NET+CLR+1.0
.3705;+.NET+CLR+1.1.4322;+Media+Center+PC+4.0;+WinNT-PAI+24.07.2009)
ASPSESSIONIDQSBBCBSS=GCLLLNABKKBJNLJPCCGHLIMC - dx.k1ttt.net 200 0 64 327680
386 15625

what the dxlog.txt shows for those spots:

2010/11/28 2313Z:  DX de K1TTT:      7079.0  K1TTT
2313Z   208.54.85.55
2010/11/28 2313Z:  DX de K1TTT:      7079.0  K1TTT
2313Z   208.54.85.71




David Robbins K1TTT
e-mail: mailto:k1ttt@arrl.net
web: http://www.k1ttt.net
AR-Cluster node: 145.69MHz or telnet://dxc.k1ttt.net
 



_______________________________________________
CQ-Contest mailing list
CQ-Contest@contesting.com
http://lists.contesting.com/mailman/listinfo/cq-contest
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [CQ-Contest] spot analysis running behind... and help needed., K1TTT <=
Previous by Date:  Re: [CQ-Contest] Frustration this weekend....., Radio K0HB
Next by Date:  Re: [CQ-Contest] From VO1DD re Interference with emergency traffic, Steve Lott
Previous by Thread:  [CQ-Contest] September Cruise Pedition, Rick Dougherty NQ4I
Indexes:  [Date] [Thread] [Top] [All Lists]