API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 27th, 2014
107
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 48.84 KB | None | 0 0
raw download clone embed print report
  1. No. Time Source Destination Protocol Length Info
  2. 4886 13.472261000 192.168.1.3 192.168.1.100 TCP 78 50479 > http-alt [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=16 TSval=332992576 TSecr=0 SACK_PERM=1
  3.  
  4. Frame 4886: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface 0
  5. Interface id: 0
  6. Encapsulation type: Ethernet (1)
  7. Arrival Time: Apr 27, 2014 19:36:22.972442000 Russian Standard Time
  8. [Time shift for this packet: 0.000000000 seconds]
  9. Epoch Time: 1398612982.972442000 seconds
  10. [Time delta from previous captured frame: 0.000169000 seconds]
  11. [Time delta from previous displayed frame: 0.000000000 seconds]
  12. [Time since reference or first frame: 13.472261000 seconds]
  13. Frame Number: 4886
  14. Frame Length: 78 bytes (624 bits)
  15. Capture Length: 78 bytes (624 bits)
  16. [Frame is marked: False]
  17. [Frame is ignored: False]
  18. [Protocols in frame: eth:ip:tcp]
  19. [Coloring Rule Name: TCP SYN/FIN]
  20. [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
  21. Internet Protocol Version 4, Src: 192.168.1.3 (192.168.1.3), Dst: 192.168.1.100 (192.168.1.100)
  22. Version: 4
  23. Header length: 20 bytes
  24. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  25. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
  26. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
  27. Total Length: 64
  28. Identification: 0x7cab (31915)
  29. Flags: 0x02 (Don't Fragment)
  30. 0... .... = Reserved bit: Not set
  31. .1.. .... = Don't fragment: Set
  32. ..0. .... = More fragments: Not set
  33. Fragment offset: 0
  34. Time to live: 64
  35. Protocol: TCP (6)
  36. Header checksum: 0x3a55 [validation disabled]
  37. [Good: False]
  38. [Bad: False]
  39. Source: 192.168.1.3 (192.168.1.3)
  40. Destination: 192.168.1.100 (192.168.1.100)
  41. [Source GeoIP: Unknown]
  42. [Destination GeoIP: Unknown]
  43. Transmission Control Protocol, Src Port: 50479 (50479), Dst Port: http-alt (8080), Seq: 0, Len: 0
  44. Source port: 50479 (50479)
  45. Destination port: http-alt (8080)
  46. [Stream index: 157]
  47. Sequence number: 0 (relative sequence number)
  48. Header length: 44 bytes
  49. Flags: 0x002 (SYN)
  50. 000. .... .... = Reserved: Not set
  51. ...0 .... .... = Nonce: Not set
  52. .... 0... .... = Congestion Window Reduced (CWR): Not set
  53. .... .0.. .... = ECN-Echo: Not set
  54. .... ..0. .... = Urgent: Not set
  55. .... ...0 .... = Acknowledgment: Not set
  56. .... .... 0... = Push: Not set
  57. .... .... .0.. = Reset: Not set
  58. .... .... ..1. = Syn: Set
  59. [Expert Info (Chat/Sequence): Connection establish request (SYN): server port http-alt]
  60. [Message: Connection establish request (SYN): server port http-alt]
  61. [Severity level: Chat]
  62. [Group: Sequence]
  63. .... .... ...0 = Fin: Not set
  64. Window size value: 65535
  65. [Calculated window size: 65535]
  66. Checksum: 0xc7ad [validation disabled]
  67. [Good Checksum: False]
  68. [Bad Checksum: False]
  69. Options: (24 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), Timestamps, SACK permitted, End of Option List (EOL)
  70. Maximum segment size: 1460 bytes
  71. Kind: MSS size (2)
  72. Length: 4
  73. MSS Value: 1460
  74. No-Operation (NOP)
  75. Type: 1
  76. 0... .... = Copy on fragmentation: No
  77. .00. .... = Class: Control (0)
  78. ...0 0001 = Number: No-Operation (NOP) (1)
  79. Window scale: 4 (multiply by 16)
  80. Kind: Window Scale (3)
  81. Length: 3
  82. Shift count: 4
  83. [Multiplier: 16]
  84. No-Operation (NOP)
  85. Type: 1
  86. 0... .... = Copy on fragmentation: No
  87. .00. .... = Class: Control (0)
  88. ...0 0001 = Number: No-Operation (NOP) (1)
  89. No-Operation (NOP)
  90. Type: 1
  91. 0... .... = Copy on fragmentation: No
  92. .00. .... = Class: Control (0)
  93. ...0 0001 = Number: No-Operation (NOP) (1)
  94. Timestamps: TSval 332992576, TSecr 0
  95. Kind: Timestamp (8)
  96. Length: 10
  97. Timestamp value: 332992576
  98. Timestamp echo reply: 0
  99. TCP SACK Permitted Option: True
  100. Kind: SACK Permission (4)
  101. Length: 2
  102. End of Option List (EOL)
  103. Type: 0
  104. 0... .... = Copy on fragmentation: No
  105. .00. .... = Class: Control (0)
  106. ...0 0000 = Number: End of Option List (EOL) (0)
  107.  
  108. No. Time Source Destination Protocol Length Info
  109. 4888 13.472560000 192.168.1.100 192.168.1.3 TCP 74 http-alt > 50479 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=1967677 TSecr=332992576 WS=128
  110.  
  111. Frame 4888: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface 0
  112. Interface id: 0
  113. Encapsulation type: Ethernet (1)
  114. Arrival Time: Apr 27, 2014 19:36:22.972741000 Russian Standard Time
  115. [Time shift for this packet: 0.000000000 seconds]
  116. Epoch Time: 1398612982.972741000 seconds
  117. [Time delta from previous captured frame: 0.000299000 seconds]
  118. [Time delta from previous displayed frame: 0.000299000 seconds]
  119. [Time since reference or first frame: 13.472560000 seconds]
  120. Frame Number: 4888
  121. Frame Length: 74 bytes (592 bits)
  122. Capture Length: 74 bytes (592 bits)
  123. [Frame is marked: False]
  124. [Frame is ignored: False]
  125. [Protocols in frame: eth:ip:tcp]
  126. [Coloring Rule Name: TCP SYN/FIN]
  127. [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
  128. Internet Protocol Version 4, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.3 (192.168.1.3)
  129. Version: 4
  130. Header length: 20 bytes
  131. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  132. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
  133. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
  134. Total Length: 60
  135. Identification: 0x0000 (0)
  136. Flags: 0x02 (Don't Fragment)
  137. 0... .... = Reserved bit: Not set
  138. .1.. .... = Don't fragment: Set
  139. ..0. .... = More fragments: Not set
  140. Fragment offset: 0
  141. Time to live: 64
  142. Protocol: TCP (6)
  143. Header checksum: 0xb704 [validation disabled]
  144. [Good: False]
  145. [Bad: False]
  146. Source: 192.168.1.100 (192.168.1.100)
  147. Destination: 192.168.1.3 (192.168.1.3)
  148. [Source GeoIP: Unknown]
  149. [Destination GeoIP: Unknown]
  150. Transmission Control Protocol, Src Port: http-alt (8080), Dst Port: 50479 (50479), Seq: 0, Ack: 1, Len: 0
  151. Source port: http-alt (8080)
  152. Destination port: 50479 (50479)
  153. [Stream index: 157]
  154. Sequence number: 0 (relative sequence number)
  155. Acknowledgment number: 1 (relative ack number)
  156. Header length: 40 bytes
  157. Flags: 0x012 (SYN, ACK)
  158. 000. .... .... = Reserved: Not set
  159. ...0 .... .... = Nonce: Not set
  160. .... 0... .... = Congestion Window Reduced (CWR): Not set
  161. .... .0.. .... = ECN-Echo: Not set
  162. .... ..0. .... = Urgent: Not set
  163. .... ...1 .... = Acknowledgment: Set
  164. .... .... 0... = Push: Not set
  165. .... .... .0.. = Reset: Not set
  166. .... .... ..1. = Syn: Set
  167. [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port http-alt]
  168. [Message: Connection establish acknowledge (SYN+ACK): server port http-alt]
  169. [Severity level: Chat]
  170. [Group: Sequence]
  171. .... .... ...0 = Fin: Not set
  172. Window size value: 14480
  173. [Calculated window size: 14480]
  174. Checksum: 0x27a5 [validation disabled]
  175. [Good Checksum: False]
  176. [Bad Checksum: False]
  177. Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale
  178. Maximum segment size: 1460 bytes
  179. Kind: MSS size (2)
  180. Length: 4
  181. MSS Value: 1460
  182. TCP SACK Permitted Option: True
  183. Kind: SACK Permission (4)
  184. Length: 2
  185. Timestamps: TSval 1967677, TSecr 332992576
  186. Kind: Timestamp (8)
  187. Length: 10
  188. Timestamp value: 1967677
  189. Timestamp echo reply: 332992576
  190. No-Operation (NOP)
  191. Type: 1
  192. 0... .... = Copy on fragmentation: No
  193. .00. .... = Class: Control (0)
  194. ...0 0001 = Number: No-Operation (NOP) (1)
  195. Window scale: 7 (multiply by 128)
  196. Kind: Window Scale (3)
  197. Length: 3
  198. Shift count: 7
  199. [Multiplier: 128]
  200. [SEQ/ACK analysis]
  201. [This is an ACK to the segment in frame: 4886]
  202. [The RTT to ACK the segment was: 0.000299000 seconds]
  203.  
  204. No. Time Source Destination Protocol Length Info
  205. 4892 13.477401000 192.168.1.3 192.168.1.100 TCP 66 50479 > http-alt [ACK] Seq=1 Ack=1 Win=131760 Len=0 TSval=332992584 TSecr=1967677
  206.  
  207. Frame 4892: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
  208. Interface id: 0
  209. Encapsulation type: Ethernet (1)
  210. Arrival Time: Apr 27, 2014 19:36:22.977582000 Russian Standard Time
  211. [Time shift for this packet: 0.000000000 seconds]
  212. Epoch Time: 1398612982.977582000 seconds
  213. [Time delta from previous captured frame: 0.000356000 seconds]
  214. [Time delta from previous displayed frame: 0.004841000 seconds]
  215. [Time since reference or first frame: 13.477401000 seconds]
  216. Frame Number: 4892
  217. Frame Length: 66 bytes (528 bits)
  218. Capture Length: 66 bytes (528 bits)
  219. [Frame is marked: False]
  220. [Frame is ignored: False]
  221. [Protocols in frame: eth:ip:tcp]
  222. [Coloring Rule Name: TCP]
  223. [Coloring Rule String: tcp]
  224. Internet Protocol Version 4, Src: 192.168.1.3 (192.168.1.3), Dst: 192.168.1.100 (192.168.1.100)
  225. Version: 4
  226. Header length: 20 bytes
  227. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  228. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
  229. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
  230. Total Length: 52
  231. Identification: 0x3658 (13912)
  232. Flags: 0x02 (Don't Fragment)
  233. 0... .... = Reserved bit: Not set
  234. .1.. .... = Don't fragment: Set
  235. ..0. .... = More fragments: Not set
  236. Fragment offset: 0
  237. Time to live: 64
  238. Protocol: TCP (6)
  239. Header checksum: 0x80b4 [validation disabled]
  240. [Good: False]
  241. [Bad: False]
  242. Source: 192.168.1.3 (192.168.1.3)
  243. Destination: 192.168.1.100 (192.168.1.100)
  244. [Source GeoIP: Unknown]
  245. [Destination GeoIP: Unknown]
  246. Transmission Control Protocol, Src Port: 50479 (50479), Dst Port: http-alt (8080), Seq: 1, Ack: 1, Len: 0
  247. Source port: 50479 (50479)
  248. Destination port: http-alt (8080)
  249. [Stream index: 157]
  250. Sequence number: 1 (relative sequence number)
  251. Acknowledgment number: 1 (relative ack number)
  252. Header length: 32 bytes
  253. Flags: 0x010 (ACK)
  254. 000. .... .... = Reserved: Not set
  255. ...0 .... .... = Nonce: Not set
  256. .... 0... .... = Congestion Window Reduced (CWR): Not set
  257. .... .0.. .... = ECN-Echo: Not set
  258. .... ..0. .... = Urgent: Not set
  259. .... ...1 .... = Acknowledgment: Set
  260. .... .... 0... = Push: Not set
  261. .... .... .0.. = Reset: Not set
  262. .... .... ..0. = Syn: Not set
  263. .... .... ...0 = Fin: Not set
  264. Window size value: 8235
  265. [Calculated window size: 131760]
  266. [Window size scaling factor: 16]
  267. Checksum: 0x6ece [validation disabled]
  268. [Good Checksum: False]
  269. [Bad Checksum: False]
  270. Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
  271. No-Operation (NOP)
  272. Type: 1
  273. 0... .... = Copy on fragmentation: No
  274. .00. .... = Class: Control (0)
  275. ...0 0001 = Number: No-Operation (NOP) (1)
  276. No-Operation (NOP)
  277. Type: 1
  278. 0... .... = Copy on fragmentation: No
  279. .00. .... = Class: Control (0)
  280. ...0 0001 = Number: No-Operation (NOP) (1)
  281. Timestamps: TSval 332992584, TSecr 1967677
  282. Kind: Timestamp (8)
  283. Length: 10
  284. Timestamp value: 332992584
  285. Timestamp echo reply: 1967677
  286. [SEQ/ACK analysis]
  287. [This is an ACK to the segment in frame: 4888]
  288. [The RTT to ACK the segment was: 0.004841000 seconds]
  289.  
  290. No. Time Source Destination Protocol Length Info
  291. 4893 13.477401000 192.168.1.3 192.168.1.100 TCP 66 50479 > http-alt [FIN, ACK] Seq=1 Ack=1 Win=131760 Len=0 TSval=332992584 TSecr=1967677
  292.  
  293. Frame 4893: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
  294. Interface id: 0
  295. Encapsulation type: Ethernet (1)
  296. Arrival Time: Apr 27, 2014 19:36:22.977582000 Russian Standard Time
  297. [Time shift for this packet: 0.000000000 seconds]
  298. Epoch Time: 1398612982.977582000 seconds
  299. [Time delta from previous captured frame: 0.000000000 seconds]
  300. [Time delta from previous displayed frame: 0.000000000 seconds]
  301. [Time since reference or first frame: 13.477401000 seconds]
  302. Frame Number: 4893
  303. Frame Length: 66 bytes (528 bits)
  304. Capture Length: 66 bytes (528 bits)
  305. [Frame is marked: False]
  306. [Frame is ignored: False]
  307. [Protocols in frame: eth:ip:tcp]
  308. [Coloring Rule Name: TCP SYN/FIN]
  309. [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
  310. Internet Protocol Version 4, Src: 192.168.1.3 (192.168.1.3), Dst: 192.168.1.100 (192.168.1.100)
  311. Version: 4
  312. Header length: 20 bytes
  313. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  314. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
  315. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
  316. Total Length: 52
  317. Identification: 0x3ed3 (16083)
  318. Flags: 0x02 (Don't Fragment)
  319. 0... .... = Reserved bit: Not set
  320. .1.. .... = Don't fragment: Set
  321. ..0. .... = More fragments: Not set
  322. Fragment offset: 0
  323. Time to live: 64
  324. Protocol: TCP (6)
  325. Header checksum: 0x7839 [validation disabled]
  326. [Good: False]
  327. [Bad: False]
  328. Source: 192.168.1.3 (192.168.1.3)
  329. Destination: 192.168.1.100 (192.168.1.100)
  330. [Source GeoIP: Unknown]
  331. [Destination GeoIP: Unknown]
  332. Transmission Control Protocol, Src Port: 50479 (50479), Dst Port: http-alt (8080), Seq: 1, Ack: 1, Len: 0
  333. Source port: 50479 (50479)
  334. Destination port: http-alt (8080)
  335. [Stream index: 157]
  336. Sequence number: 1 (relative sequence number)
  337. Acknowledgment number: 1 (relative ack number)
  338. Header length: 32 bytes
  339. Flags: 0x011 (FIN, ACK)
  340. 000. .... .... = Reserved: Not set
  341. ...0 .... .... = Nonce: Not set
  342. .... 0... .... = Congestion Window Reduced (CWR): Not set
  343. .... .0.. .... = ECN-Echo: Not set
  344. .... ..0. .... = Urgent: Not set
  345. .... ...1 .... = Acknowledgment: Set
  346. .... .... 0... = Push: Not set
  347. .... .... .0.. = Reset: Not set
  348. .... .... ..0. = Syn: Not set
  349. .... .... ...1 = Fin: Set
  350. [Expert Info (Chat/Sequence): Connection finish (FIN)]
  351. [Message: Connection finish (FIN)]
  352. [Severity level: Chat]
  353. [Group: Sequence]
  354. Window size value: 8235
  355. [Calculated window size: 131760]
  356. [Window size scaling factor: 16]
  357. Checksum: 0x6ecd [validation disabled]
  358. [Good Checksum: False]
  359. [Bad Checksum: False]
  360. Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
  361. No-Operation (NOP)
  362. Type: 1
  363. 0... .... = Copy on fragmentation: No
  364. .00. .... = Class: Control (0)
  365. ...0 0001 = Number: No-Operation (NOP) (1)
  366. No-Operation (NOP)
  367. Type: 1
  368. 0... .... = Copy on fragmentation: No
  369. .00. .... = Class: Control (0)
  370. ...0 0001 = Number: No-Operation (NOP) (1)
  371. Timestamps: TSval 332992584, TSecr 1967677
  372. Kind: Timestamp (8)
  373. Length: 10
  374. Timestamp value: 332992584
  375. Timestamp echo reply: 1967677
  376.  
  377. No. Time Source Destination Protocol Length Info
  378. 4894 13.477887000 192.168.1.100 192.168.1.3 TCP 66 http-alt > 50479 [FIN, ACK] Seq=1 Ack=2 Win=14592 Len=0 TSval=1967677 TSecr=332992584
  379.  
  380. Frame 4894: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
  381. Interface id: 0
  382. Encapsulation type: Ethernet (1)
  383. Arrival Time: Apr 27, 2014 19:36:22.978068000 Russian Standard Time
  384. [Time shift for this packet: 0.000000000 seconds]
  385. Epoch Time: 1398612982.978068000 seconds
  386. [Time delta from previous captured frame: 0.000486000 seconds]
  387. [Time delta from previous displayed frame: 0.000486000 seconds]
  388. [Time since reference or first frame: 13.477887000 seconds]
  389. Frame Number: 4894
  390. Frame Length: 66 bytes (528 bits)
  391. Capture Length: 66 bytes (528 bits)
  392. [Frame is marked: False]
  393. [Frame is ignored: False]
  394. [Protocols in frame: eth:ip:tcp]
  395. [Coloring Rule Name: TCP SYN/FIN]
  396. [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
  397. Internet Protocol Version 4, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.3 (192.168.1.3)
  398. Version: 4
  399. Header length: 20 bytes
  400. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  401. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
  402. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
  403. Total Length: 52
  404. Identification: 0x9f33 (40755)
  405. Flags: 0x02 (Don't Fragment)
  406. 0... .... = Reserved bit: Not set
  407. .1.. .... = Don't fragment: Set
  408. ..0. .... = More fragments: Not set
  409. Fragment offset: 0
  410. Time to live: 64
  411. Protocol: TCP (6)
  412. Header checksum: 0x17d9 [validation disabled]
  413. [Good: False]
  414. [Bad: False]
  415. Source: 192.168.1.100 (192.168.1.100)
  416. Destination: 192.168.1.3 (192.168.1.3)
  417. [Source GeoIP: Unknown]
  418. [Destination GeoIP: Unknown]
  419. Transmission Control Protocol, Src Port: http-alt (8080), Dst Port: 50479 (50479), Seq: 1, Ack: 2, Len: 0
  420. Source port: http-alt (8080)
  421. Destination port: 50479 (50479)
  422. [Stream index: 157]
  423. Sequence number: 1 (relative sequence number)
  424. Acknowledgment number: 2 (relative ack number)
  425. Header length: 32 bytes
  426. Flags: 0x011 (FIN, ACK)
  427. 000. .... .... = Reserved: Not set
  428. ...0 .... .... = Nonce: Not set
  429. .... 0... .... = Congestion Window Reduced (CWR): Not set
  430. .... .0.. .... = ECN-Echo: Not set
  431. .... ..0. .... = Urgent: Not set
  432. .... ...1 .... = Acknowledgment: Set
  433. .... .... 0... = Push: Not set
  434. .... .... .0.. = Reset: Not set
  435. .... .... ..0. = Syn: Not set
  436. .... .... ...1 = Fin: Set
  437. [Expert Info (Chat/Sequence): Connection finish (FIN)]
  438. [Message: Connection finish (FIN)]
  439. [Severity level: Chat]
  440. [Group: Sequence]
  441. Window size value: 114
  442. [Calculated window size: 14592]
  443. [Window size scaling factor: 128]
  444. Checksum: 0x8e85 [validation disabled]
  445. [Good Checksum: False]
  446. [Bad Checksum: False]
  447. Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
  448. No-Operation (NOP)
  449. Type: 1
  450. 0... .... = Copy on fragmentation: No
  451. .00. .... = Class: Control (0)
  452. ...0 0001 = Number: No-Operation (NOP) (1)
  453. No-Operation (NOP)
  454. Type: 1
  455. 0... .... = Copy on fragmentation: No
  456. .00. .... = Class: Control (0)
  457. ...0 0001 = Number: No-Operation (NOP) (1)
  458. Timestamps: TSval 1967677, TSecr 332992584
  459. Kind: Timestamp (8)
  460. Length: 10
  461. Timestamp value: 1967677
  462. Timestamp echo reply: 332992584
  463. [SEQ/ACK analysis]
  464. [This is an ACK to the segment in frame: 4893]
  465. [The RTT to ACK the segment was: 0.000486000 seconds]
  466.  
  467. No. Time Source Destination Protocol Length Info
  468. 4896 13.480698000 192.168.1.3 192.168.1.100 TCP 66 50479 > http-alt [ACK] Seq=2 Ack=2 Win=131760 Len=0 TSval=332992590 TSecr=1967677
  469.  
  470. Frame 4896: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
  471. Interface id: 0
  472. Encapsulation type: Ethernet (1)
  473. Arrival Time: Apr 27, 2014 19:36:22.980879000 Russian Standard Time
  474. [Time shift for this packet: 0.000000000 seconds]
  475. Epoch Time: 1398612982.980879000 seconds
  476. [Time delta from previous captured frame: 0.001223000 seconds]
  477. [Time delta from previous displayed frame: 0.002811000 seconds]
  478. [Time since reference or first frame: 13.480698000 seconds]
  479. Frame Number: 4896
  480. Frame Length: 66 bytes (528 bits)
  481. Capture Length: 66 bytes (528 bits)
  482. [Frame is marked: False]
  483. [Frame is ignored: False]
  484. [Protocols in frame: eth:ip:tcp]
  485. [Coloring Rule Name: TCP]
  486. [Coloring Rule String: tcp]
  487. Internet Protocol Version 4, Src: 192.168.1.3 (192.168.1.3), Dst: 192.168.1.100 (192.168.1.100)
  488. Version: 4
  489. Header length: 20 bytes
  490. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  491. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
  492. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
  493. Total Length: 52
  494. Identification: 0xa5f6 (42486)
  495. Flags: 0x02 (Don't Fragment)
  496. 0... .... = Reserved bit: Not set
  497. .1.. .... = Don't fragment: Set
  498. ..0. .... = More fragments: Not set
  499. Fragment offset: 0
  500. Time to live: 64
  501. Protocol: TCP (6)
  502. Header checksum: 0x1116 [validation disabled]
  503. [Good: False]
  504. [Bad: False]
  505. Source: 192.168.1.3 (192.168.1.3)
  506. Destination: 192.168.1.100 (192.168.1.100)
  507. [Source GeoIP: Unknown]
  508. [Destination GeoIP: Unknown]
  509. Transmission Control Protocol, Src Port: 50479 (50479), Dst Port: http-alt (8080), Seq: 2, Ack: 2, Len: 0
  510. Source port: 50479 (50479)
  511. Destination port: http-alt (8080)
  512. [Stream index: 157]
  513. Sequence number: 2 (relative sequence number)
  514. Acknowledgment number: 2 (relative ack number)
  515. Header length: 32 bytes
  516. Flags: 0x010 (ACK)
  517. 000. .... .... = Reserved: Not set
  518. ...0 .... .... = Nonce: Not set
  519. .... 0... .... = Congestion Window Reduced (CWR): Not set
  520. .... .0.. .... = ECN-Echo: Not set
  521. .... ..0. .... = Urgent: Not set
  522. .... ...1 .... = Acknowledgment: Set
  523. .... .... 0... = Push: Not set
  524. .... .... .0.. = Reset: Not set
  525. .... .... ..0. = Syn: Not set
  526. .... .... ...0 = Fin: Not set
  527. Window size value: 8235
  528. [Calculated window size: 131760]
  529. [Window size scaling factor: 16]
  530. Checksum: 0x6ec6 [validation disabled]
  531. [Good Checksum: False]
  532. [Bad Checksum: False]
  533. Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
  534. No-Operation (NOP)
  535. Type: 1
  536. 0... .... = Copy on fragmentation: No
  537. .00. .... = Class: Control (0)
  538. ...0 0001 = Number: No-Operation (NOP) (1)
  539. No-Operation (NOP)
  540. Type: 1
  541. 0... .... = Copy on fragmentation: No
  542. .00. .... = Class: Control (0)
  543. ...0 0001 = Number: No-Operation (NOP) (1)
  544. Timestamps: TSval 332992590, TSecr 1967677
  545. Kind: Timestamp (8)
  546. Length: 10
  547. Timestamp value: 332992590
  548. Timestamp echo reply: 1967677
  549. [SEQ/ACK analysis]
  550. [This is an ACK to the segment in frame: 4894]
  551. [The RTT to ACK the segment was: 0.002811000 seconds]
  552.  
  553. No. Time Source Destination Protocol Length Info
  554. 5092 13.985087000 192.168.1.3 192.168.1.100 TCP 78 50480 > http-alt [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=16 TSval=332993090 TSecr=0 SACK_PERM=1
  555.  
  556. Frame 5092: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface 0
  557. Interface id: 0
  558. Encapsulation type: Ethernet (1)
  559. Arrival Time: Apr 27, 2014 19:36:23.485268000 Russian Standard Time
  560. [Time shift for this packet: 0.000000000 seconds]
  561. Epoch Time: 1398612983.485268000 seconds
  562. [Time delta from previous captured frame: 0.000167000 seconds]
  563. [Time delta from previous displayed frame: 0.504389000 seconds]
  564. [Time since reference or first frame: 13.985087000 seconds]
  565. Frame Number: 5092
  566. Frame Length: 78 bytes (624 bits)
  567. Capture Length: 78 bytes (624 bits)
  568. [Frame is marked: False]
  569. [Frame is ignored: False]
  570. [Protocols in frame: eth:ip:tcp]
  571. [Coloring Rule Name: TCP SYN/FIN]
  572. [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
  573. Internet Protocol Version 4, Src: 192.168.1.3 (192.168.1.3), Dst: 192.168.1.100 (192.168.1.100)
  574. Version: 4
  575. Header length: 20 bytes
  576. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  577. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
  578. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
  579. Total Length: 64
  580. Identification: 0xfd46 (64838)
  581. Flags: 0x02 (Don't Fragment)
  582. 0... .... = Reserved bit: Not set
  583. .1.. .... = Don't fragment: Set
  584. ..0. .... = More fragments: Not set
  585. Fragment offset: 0
  586. Time to live: 64
  587. Protocol: TCP (6)
  588. Header checksum: 0xb9b9 [validation disabled]
  589. [Good: False]
  590. [Bad: False]
  591. Source: 192.168.1.3 (192.168.1.3)
  592. Destination: 192.168.1.100 (192.168.1.100)
  593. [Source GeoIP: Unknown]
  594. [Destination GeoIP: Unknown]
  595. Transmission Control Protocol, Src Port: 50480 (50480), Dst Port: http-alt (8080), Seq: 0, Len: 0
  596. Source port: 50480 (50480)
  597. Destination port: http-alt (8080)
  598. [Stream index: 161]
  599. Sequence number: 0 (relative sequence number)
  600. Header length: 44 bytes
  601. Flags: 0x002 (SYN)
  602. 000. .... .... = Reserved: Not set
  603. ...0 .... .... = Nonce: Not set
  604. .... 0... .... = Congestion Window Reduced (CWR): Not set
  605. .... .0.. .... = ECN-Echo: Not set
  606. .... ..0. .... = Urgent: Not set
  607. .... ...0 .... = Acknowledgment: Not set
  608. .... .... 0... = Push: Not set
  609. .... .... .0.. = Reset: Not set
  610. .... .... ..1. = Syn: Set
  611. [Expert Info (Chat/Sequence): Connection establish request (SYN): server port http-alt]
  612. [Message: Connection establish request (SYN): server port http-alt]
  613. [Severity level: Chat]
  614. [Group: Sequence]
  615. .... .... ...0 = Fin: Not set
  616. Window size value: 65535
  617. [Calculated window size: 65535]
  618. Checksum: 0x6d75 [validation disabled]
  619. [Good Checksum: False]
  620. [Bad Checksum: False]
  621. Options: (24 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), Timestamps, SACK permitted, End of Option List (EOL)
  622. Maximum segment size: 1460 bytes
  623. Kind: MSS size (2)
  624. Length: 4
  625. MSS Value: 1460
  626. No-Operation (NOP)
  627. Type: 1
  628. 0... .... = Copy on fragmentation: No
  629. .00. .... = Class: Control (0)
  630. ...0 0001 = Number: No-Operation (NOP) (1)
  631. Window scale: 4 (multiply by 16)
  632. Kind: Window Scale (3)
  633. Length: 3
  634. Shift count: 4
  635. [Multiplier: 16]
  636. No-Operation (NOP)
  637. Type: 1
  638. 0... .... = Copy on fragmentation: No
  639. .00. .... = Class: Control (0)
  640. ...0 0001 = Number: No-Operation (NOP) (1)
  641. No-Operation (NOP)
  642. Type: 1
  643. 0... .... = Copy on fragmentation: No
  644. .00. .... = Class: Control (0)
  645. ...0 0001 = Number: No-Operation (NOP) (1)
  646. Timestamps: TSval 332993090, TSecr 0
  647. Kind: Timestamp (8)
  648. Length: 10
  649. Timestamp value: 332993090
  650. Timestamp echo reply: 0
  651. TCP SACK Permitted Option: True
  652. Kind: SACK Permission (4)
  653. Length: 2
  654. End of Option List (EOL)
  655. Type: 0
  656. 0... .... = Copy on fragmentation: No
  657. .00. .... = Class: Control (0)
  658. ...0 0000 = Number: End of Option List (EOL) (0)
  659.  
  660. No. Time Source Destination Protocol Length Info
  661. 5093 13.985419000 192.168.1.100 192.168.1.3 TCP 74 http-alt > 50480 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=1967728 TSecr=332993090 WS=128
  662.  
  663. Frame 5093: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface 0
  664. Interface id: 0
  665. Encapsulation type: Ethernet (1)
  666. Arrival Time: Apr 27, 2014 19:36:23.485600000 Russian Standard Time
  667. [Time shift for this packet: 0.000000000 seconds]
  668. Epoch Time: 1398612983.485600000 seconds
  669. [Time delta from previous captured frame: 0.000332000 seconds]
  670. [Time delta from previous displayed frame: 0.000332000 seconds]
  671. [Time since reference or first frame: 13.985419000 seconds]
  672. Frame Number: 5093
  673. Frame Length: 74 bytes (592 bits)
  674. Capture Length: 74 bytes (592 bits)
  675. [Frame is marked: False]
  676. [Frame is ignored: False]
  677. [Protocols in frame: eth:ip:tcp]
  678. [Coloring Rule Name: TCP SYN/FIN]
  679. [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
  680. Internet Protocol Version 4, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.3 (192.168.1.3)
  681. Version: 4
  682. Header length: 20 bytes
  683. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  684. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
  685. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
  686. Total Length: 60
  687. Identification: 0x0000 (0)
  688. Flags: 0x02 (Don't Fragment)
  689. 0... .... = Reserved bit: Not set
  690. .1.. .... = Don't fragment: Set
  691. ..0. .... = More fragments: Not set
  692. Fragment offset: 0
  693. Time to live: 64
  694. Protocol: TCP (6)
  695. Header checksum: 0xb704 [validation disabled]
  696. [Good: False]
  697. [Bad: False]
  698. Source: 192.168.1.100 (192.168.1.100)
  699. Destination: 192.168.1.3 (192.168.1.3)
  700. [Source GeoIP: Unknown]
  701. [Destination GeoIP: Unknown]
  702. Transmission Control Protocol, Src Port: http-alt (8080), Dst Port: 50480 (50480), Seq: 0, Ack: 1, Len: 0
  703. Source port: http-alt (8080)
  704. Destination port: 50480 (50480)
  705. [Stream index: 161]
  706. Sequence number: 0 (relative sequence number)
  707. Acknowledgment number: 1 (relative ack number)
  708. Header length: 40 bytes
  709. Flags: 0x012 (SYN, ACK)
  710. 000. .... .... = Reserved: Not set
  711. ...0 .... .... = Nonce: Not set
  712. .... 0... .... = Congestion Window Reduced (CWR): Not set
  713. .... .0.. .... = ECN-Echo: Not set
  714. .... ..0. .... = Urgent: Not set
  715. .... ...1 .... = Acknowledgment: Set
  716. .... .... 0... = Push: Not set
  717. .... .... .0.. = Reset: Not set
  718. .... .... ..1. = Syn: Set
  719. [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port http-alt]
  720. [Message: Connection establish acknowledge (SYN+ACK): server port http-alt]
  721. [Severity level: Chat]
  722. [Group: Sequence]
  723. .... .... ...0 = Fin: Not set
  724. Window size value: 14480
  725. [Calculated window size: 14480]
  726. Checksum: 0x383a [validation disabled]
  727. [Good Checksum: False]
  728. [Bad Checksum: False]
  729. Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale
  730. Maximum segment size: 1460 bytes
  731. Kind: MSS size (2)
  732. Length: 4
  733. MSS Value: 1460
  734. TCP SACK Permitted Option: True
  735. Kind: SACK Permission (4)
  736. Length: 2
  737. Timestamps: TSval 1967728, TSecr 332993090
  738. Kind: Timestamp (8)
  739. Length: 10
  740. Timestamp value: 1967728
  741. Timestamp echo reply: 332993090
  742. No-Operation (NOP)
  743. Type: 1
  744. 0... .... = Copy on fragmentation: No
  745. .00. .... = Class: Control (0)
  746. ...0 0001 = Number: No-Operation (NOP) (1)
  747. Window scale: 7 (multiply by 128)
  748. Kind: Window Scale (3)
  749. Length: 3
  750. Shift count: 7
  751. [Multiplier: 128]
  752. [SEQ/ACK analysis]
  753. [This is an ACK to the segment in frame: 5092]
  754. [The RTT to ACK the segment was: 0.000332000 seconds]
  755.  
  756. No. Time Source Destination Protocol Length Info
  757. 5094 13.986400000 192.168.1.3 192.168.1.100 TCP 66 50480 > http-alt [ACK] Seq=1 Ack=1 Win=131760 Len=0 TSval=332993092 TSecr=1967728
  758.  
  759. Frame 5094: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
  760. Interface id: 0
  761. Encapsulation type: Ethernet (1)
  762. Arrival Time: Apr 27, 2014 19:36:23.486581000 Russian Standard Time
  763. [Time shift for this packet: 0.000000000 seconds]
  764. Epoch Time: 1398612983.486581000 seconds
  765. [Time delta from previous captured frame: 0.000981000 seconds]
  766. [Time delta from previous displayed frame: 0.000981000 seconds]
  767. [Time since reference or first frame: 13.986400000 seconds]
  768. Frame Number: 5094
  769. Frame Length: 66 bytes (528 bits)
  770. Capture Length: 66 bytes (528 bits)
  771. [Frame is marked: False]
  772. [Frame is ignored: False]
  773. [Protocols in frame: eth:ip:tcp]
  774. [Coloring Rule Name: TCP]
  775. [Coloring Rule String: tcp]
  776. Internet Protocol Version 4, Src: 192.168.1.3 (192.168.1.3), Dst: 192.168.1.100 (192.168.1.100)
  777. Version: 4
  778. Header length: 20 bytes
  779. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  780. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
  781. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
  782. Total Length: 52
  783. Identification: 0x0ac1 (2753)
  784. Flags: 0x02 (Don't Fragment)
  785. 0... .... = Reserved bit: Not set
  786. .1.. .... = Don't fragment: Set
  787. ..0. .... = More fragments: Not set
  788. Fragment offset: 0
  789. Time to live: 64
  790. Protocol: TCP (6)
  791. Header checksum: 0xac4b [validation disabled]
  792. [Good: False]
  793. [Bad: False]
  794. Source: 192.168.1.3 (192.168.1.3)
  795. Destination: 192.168.1.100 (192.168.1.100)
  796. [Source GeoIP: Unknown]
  797. [Destination GeoIP: Unknown]
  798. Transmission Control Protocol, Src Port: 50480 (50480), Dst Port: http-alt (8080), Seq: 1, Ack: 1, Len: 0
  799. Source port: 50480 (50480)
  800. Destination port: http-alt (8080)
  801. [Stream index: 161]
  802. Sequence number: 1 (relative sequence number)
  803. Acknowledgment number: 1 (relative ack number)
  804. Header length: 32 bytes
  805. Flags: 0x010 (ACK)
  806. 000. .... .... = Reserved: Not set
  807. ...0 .... .... = Nonce: Not set
  808. .... 0... .... = Congestion Window Reduced (CWR): Not set
  809. .... .0.. .... = ECN-Echo: Not set
  810. .... ..0. .... = Urgent: Not set
  811. .... ...1 .... = Acknowledgment: Set
  812. .... .... 0... = Push: Not set
  813. .... .... .0.. = Reset: Not set
  814. .... .... ..0. = Syn: Not set
  815. .... .... ...0 = Fin: Not set
  816. Window size value: 8235
  817. [Calculated window size: 131760]
  818. [Window size scaling factor: 16]
  819. Checksum: 0x7f69 [validation disabled]
  820. [Good Checksum: False]
  821. [Bad Checksum: False]
  822. Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
  823. No-Operation (NOP)
  824. Type: 1
  825. 0... .... = Copy on fragmentation: No
  826. .00. .... = Class: Control (0)
  827. ...0 0001 = Number: No-Operation (NOP) (1)
  828. No-Operation (NOP)
  829. Type: 1
  830. 0... .... = Copy on fragmentation: No
  831. .00. .... = Class: Control (0)
  832. ...0 0001 = Number: No-Operation (NOP) (1)
  833. Timestamps: TSval 332993092, TSecr 1967728
  834. Kind: Timestamp (8)
  835. Length: 10
  836. Timestamp value: 332993092
  837. Timestamp echo reply: 1967728
  838. [SEQ/ACK analysis]
  839. [This is an ACK to the segment in frame: 5093]
  840. [The RTT to ACK the segment was: 0.000981000 seconds]
  841.  
  842. No. Time Source Destination Protocol Length Info
  843. 5096 13.986875000 192.168.1.3 192.168.1.100 TCP 66 50480 > http-alt [FIN, ACK] Seq=1 Ack=1 Win=131760 Len=0 TSval=332993092 TSecr=1967728
  844.  
  845. Frame 5096: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
  846. Interface id: 0
  847. Encapsulation type: Ethernet (1)
  848. Arrival Time: Apr 27, 2014 19:36:23.487056000 Russian Standard Time
  849. [Time shift for this packet: 0.000000000 seconds]
  850. Epoch Time: 1398612983.487056000 seconds
  851. [Time delta from previous captured frame: 0.000221000 seconds]
  852. [Time delta from previous displayed frame: 0.000475000 seconds]
  853. [Time since reference or first frame: 13.986875000 seconds]
  854. Frame Number: 5096
  855. Frame Length: 66 bytes (528 bits)
  856. Capture Length: 66 bytes (528 bits)
  857. [Frame is marked: False]
  858. [Frame is ignored: False]
  859. [Protocols in frame: eth:ip:tcp]
  860. [Coloring Rule Name: TCP SYN/FIN]
  861. [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
  862. Internet Protocol Version 4, Src: 192.168.1.3 (192.168.1.3), Dst: 192.168.1.100 (192.168.1.100)
  863. Version: 4
  864. Header length: 20 bytes
  865. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  866. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
  867. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
  868. Total Length: 52
  869. Identification: 0x3e78 (15992)
  870. Flags: 0x02 (Don't Fragment)
  871. 0... .... = Reserved bit: Not set
  872. .1.. .... = Don't fragment: Set
  873. ..0. .... = More fragments: Not set
  874. Fragment offset: 0
  875. Time to live: 64
  876. Protocol: TCP (6)
  877. Header checksum: 0x7894 [validation disabled]
  878. [Good: False]
  879. [Bad: False]
  880. Source: 192.168.1.3 (192.168.1.3)
  881. Destination: 192.168.1.100 (192.168.1.100)
  882. [Source GeoIP: Unknown]
  883. [Destination GeoIP: Unknown]
  884. Transmission Control Protocol, Src Port: 50480 (50480), Dst Port: http-alt (8080), Seq: 1, Ack: 1, Len: 0
  885. Source port: 50480 (50480)
  886. Destination port: http-alt (8080)
  887. [Stream index: 161]
  888. Sequence number: 1 (relative sequence number)
  889. Acknowledgment number: 1 (relative ack number)
  890. Header length: 32 bytes
  891. Flags: 0x011 (FIN, ACK)
  892. 000. .... .... = Reserved: Not set
  893. ...0 .... .... = Nonce: Not set
  894. .... 0... .... = Congestion Window Reduced (CWR): Not set
  895. .... .0.. .... = ECN-Echo: Not set
  896. .... ..0. .... = Urgent: Not set
  897. .... ...1 .... = Acknowledgment: Set
  898. .... .... 0... = Push: Not set
  899. .... .... .0.. = Reset: Not set
  900. .... .... ..0. = Syn: Not set
  901. .... .... ...1 = Fin: Set
  902. [Expert Info (Chat/Sequence): Connection finish (FIN)]
  903. [Message: Connection finish (FIN)]
  904. [Severity level: Chat]
  905. [Group: Sequence]
  906. Window size value: 8235
  907. [Calculated window size: 131760]
  908. [Window size scaling factor: 16]
  909. Checksum: 0x7f68 [validation disabled]
  910. [Good Checksum: False]
  911. [Bad Checksum: False]
  912. Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
  913. No-Operation (NOP)
  914. Type: 1
  915. 0... .... = Copy on fragmentation: No
  916. .00. .... = Class: Control (0)
  917. ...0 0001 = Number: No-Operation (NOP) (1)
  918. No-Operation (NOP)
  919. Type: 1
  920. 0... .... = Copy on fragmentation: No
  921. .00. .... = Class: Control (0)
  922. ...0 0001 = Number: No-Operation (NOP) (1)
  923. Timestamps: TSval 332993092, TSecr 1967728
  924. Kind: Timestamp (8)
  925. Length: 10
  926. Timestamp value: 332993092
  927. Timestamp echo reply: 1967728
  928.  
  929. No. Time Source Destination Protocol Length Info
  930. 5097 13.987378000 192.168.1.100 192.168.1.3 TCP 66 http-alt > 50480 [FIN, ACK] Seq=1 Ack=2 Win=14592 Len=0 TSval=1967728 TSecr=332993092
  931.  
  932. Frame 5097: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
  933. Interface id: 0
  934. Encapsulation type: Ethernet (1)
  935. Arrival Time: Apr 27, 2014 19:36:23.487559000 Russian Standard Time
  936. [Time shift for this packet: 0.000000000 seconds]
  937. Epoch Time: 1398612983.487559000 seconds
  938. [Time delta from previous captured frame: 0.000503000 seconds]
  939. [Time delta from previous displayed frame: 0.000503000 seconds]
  940. [Time since reference or first frame: 13.987378000 seconds]
  941. Frame Number: 5097
  942. Frame Length: 66 bytes (528 bits)
  943. Capture Length: 66 bytes (528 bits)
  944. [Frame is marked: False]
  945. [Frame is ignored: False]
  946. [Protocols in frame: eth:ip:tcp]
  947. [Coloring Rule Name: TCP SYN/FIN]
  948. [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
  949. Internet Protocol Version 4, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.3 (192.168.1.3)
  950. Version: 4
  951. Header length: 20 bytes
  952. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  953. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
  954. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
  955. Total Length: 52
  956. Identification: 0xc6ee (50926)
  957. Flags: 0x02 (Don't Fragment)
  958. 0... .... = Reserved bit: Not set
  959. .1.. .... = Don't fragment: Set
  960. ..0. .... = More fragments: Not set
  961. Fragment offset: 0
  962. Time to live: 64
  963. Protocol: TCP (6)
  964. Header checksum: 0xf01d [validation disabled]
  965. [Good: False]
  966. [Bad: False]
  967. Source: 192.168.1.100 (192.168.1.100)
  968. Destination: 192.168.1.3 (192.168.1.3)
  969. [Source GeoIP: Unknown]
  970. [Destination GeoIP: Unknown]
  971. Transmission Control Protocol, Src Port: http-alt (8080), Dst Port: 50480 (50480), Seq: 1, Ack: 2, Len: 0
  972. Source port: http-alt (8080)
  973. Destination port: 50480 (50480)
  974. [Stream index: 161]
  975. Sequence number: 1 (relative sequence number)
  976. Acknowledgment number: 2 (relative ack number)
  977. Header length: 32 bytes
  978. Flags: 0x011 (FIN, ACK)
  979. 000. .... .... = Reserved: Not set
  980. ...0 .... .... = Nonce: Not set
  981. .... 0... .... = Congestion Window Reduced (CWR): Not set
  982. .... .0.. .... = ECN-Echo: Not set
  983. .... ..0. .... = Urgent: Not set
  984. .... ...1 .... = Acknowledgment: Set
  985. .... .... 0... = Push: Not set
  986. .... .... .0.. = Reset: Not set
  987. .... .... ..0. = Syn: Not set
  988. .... .... ...1 = Fin: Set
  989. [Expert Info (Chat/Sequence): Connection finish (FIN)]
  990. [Message: Connection finish (FIN)]
  991. [Severity level: Chat]
  992. [Group: Sequence]
  993. Window size value: 114
  994. [Calculated window size: 14592]
  995. [Window size scaling factor: 128]
  996. Checksum: 0x9f20 [validation disabled]
  997. [Good Checksum: False]
  998. [Bad Checksum: False]
  999. Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
  1000. No-Operation (NOP)
  1001. Type: 1
  1002. 0... .... = Copy on fragmentation: No
  1003. .00. .... = Class: Control (0)
  1004. ...0 0001 = Number: No-Operation (NOP) (1)
  1005. No-Operation (NOP)
  1006. Type: 1
  1007. 0... .... = Copy on fragmentation: No
  1008. .00. .... = Class: Control (0)
  1009. ...0 0001 = Number: No-Operation (NOP) (1)
  1010. Timestamps: TSval 1967728, TSecr 332993092
  1011. Kind: Timestamp (8)
  1012. Length: 10
  1013. Timestamp value: 1967728
  1014. Timestamp echo reply: 332993092
  1015. [SEQ/ACK analysis]
  1016. [This is an ACK to the segment in frame: 5096]
  1017. [The RTT to ACK the segment was: 0.000503000 seconds]
  1018.  
  1019. No. Time Source Destination Protocol Length Info
  1020. 5099 13.988344000 192.168.1.3 192.168.1.100 TCP 66 50480 > http-alt [ACK] Seq=2 Ack=2 Win=131760 Len=0 TSval=332993093 TSecr=1967728
  1021.  
  1022. Frame 5099: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
  1023. Interface id: 0
  1024. Encapsulation type: Ethernet (1)
  1025. Arrival Time: Apr 27, 2014 19:36:23.488525000 Russian Standard Time
  1026. [Time shift for this packet: 0.000000000 seconds]
  1027. Epoch Time: 1398612983.488525000 seconds
  1028. [Time delta from previous captured frame: 0.000300000 seconds]
  1029. [Time delta from previous displayed frame: 0.000966000 seconds]
  1030. [Time since reference or first frame: 13.988344000 seconds]
  1031. Frame Number: 5099
  1032. Frame Length: 66 bytes (528 bits)
  1033. Capture Length: 66 bytes (528 bits)
  1034. [Frame is marked: False]
  1035. [Frame is ignored: False]
  1036. [Protocols in frame: eth:ip:tcp]
  1037. [Coloring Rule Name: TCP]
  1038. [Coloring Rule String: tcp]
  1039. Internet Protocol Version 4, Src: 192.168.1.3 (192.168.1.3), Dst: 192.168.1.100 (192.168.1.100)
  1040. Version: 4
  1041. Header length: 20 bytes
  1042. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  1043. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
  1044. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
  1045. Total Length: 52
  1046. Identification: 0x5598 (21912)
  1047. Flags: 0x02 (Don't Fragment)
  1048. 0... .... = Reserved bit: Not set
  1049. .1.. .... = Don't fragment: Set
  1050. ..0. .... = More fragments: Not set
  1051. Fragment offset: 0
  1052. Time to live: 64
  1053. Protocol: TCP (6)
  1054. Header checksum: 0x6174 [validation disabled]
  1055. [Good: False]
  1056. [Bad: False]
  1057. Source: 192.168.1.3 (192.168.1.3)
  1058. Destination: 192.168.1.100 (192.168.1.100)
  1059. [Source GeoIP: Unknown]
  1060. [Destination GeoIP: Unknown]
  1061. Transmission Control Protocol, Src Port: 50480 (50480), Dst Port: http-alt (8080), Seq: 2, Ack: 2, Len: 0
  1062. Source port: 50480 (50480)
  1063. Destination port: http-alt (8080)
  1064. [Stream index: 161]
  1065. Sequence number: 2 (relative sequence number)
  1066. Acknowledgment number: 2 (relative ack number)
  1067. Header length: 32 bytes
  1068. Flags: 0x010 (ACK)
  1069. 000. .... .... = Reserved: Not set
  1070. ...0 .... .... = Nonce: Not set
  1071. .... 0... .... = Congestion Window Reduced (CWR): Not set
  1072. .... .0.. .... = ECN-Echo: Not set
  1073. .... ..0. .... = Urgent: Not set
  1074. .... ...1 .... = Acknowledgment: Set
  1075. .... .... 0... = Push: Not set
  1076. .... .... .0.. = Reset: Not set
  1077. .... .... ..0. = Syn: Not set
  1078. .... .... ...0 = Fin: Not set
  1079. Window size value: 8235
  1080. [Calculated window size: 131760]
  1081. [Window size scaling factor: 16]
  1082. Checksum: 0x7f66 [validation disabled]
  1083. [Good Checksum: False]
  1084. [Bad Checksum: False]
  1085. Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
  1086. No-Operation (NOP)
  1087. Type: 1
  1088. 0... .... = Copy on fragmentation: No
  1089. .00. .... = Class: Control (0)
  1090. ...0 0001 = Number: No-Operation (NOP) (1)
  1091. No-Operation (NOP)
  1092. Type: 1
  1093. 0... .... = Copy on fragmentation: No
  1094. .00. .... = Class: Control (0)
  1095. ...0 0001 = Number: No-Operation (NOP) (1)
  1096. Timestamps: TSval 332993093, TSecr 1967728
  1097. Kind: Timestamp (8)
  1098. Length: 10
  1099. Timestamp value: 332993093
  1100. Timestamp echo reply: 1967728
  1101. [SEQ/ACK analysis]
  1102. [This is an ACK to the segment in frame: 5097]
  1103. [The RTT to ACK the segment was: 0.000966000 seconds]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!