linux-reset 2

1. Frame 1: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
2. Arrival Time: Jul 27, 2012 08:45:56.458430000 BST
3. Epoch Time: 1343375156.458430000 seconds
4. [Time delta from previous captured frame: 0.000000000 seconds]
5. [Time delta from previous displayed frame: 0.000000000 seconds]
6. [Time since reference or first frame: 0.000000000 seconds]
7. Frame Number: 1
8. Frame Length: 74 bytes (592 bits)
9. Capture Length: 74 bytes (592 bits)
10. [Frame is marked: False]
11. [Frame is ignored: False]
12. [Protocols in frame: eth:ip:tcp]
13. Ethernet II, Src: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR), Dst: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
14. Destination: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
15. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
16. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
17. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
18. Source: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
19. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
20. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
21. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
22. Type: IP (0x0800)
23. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
24. Version: 4
25. Header length: 20 bytes
26. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
27. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
28. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
29. Total Length: 60
30. Identification: 0x2fbb (12219)
31. Flags: 0x00
32. 0... .... = Reserved bit: Not set
33. .0.. .... = Don't fragment: Not set
34. ..0. .... = More fragments: Not set
35. Fragment offset: 0
36. Time to live: 64
37. Protocol: TCP (6)
38. Header checksum: 0x111b [correct]
39. [Good: True]
40. [Bad: False]
41. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
42. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
43. Transmission Control Protocol, Src Port: 40071 (40071), Dst Port: http (80), Seq: 0, Len: 0
44. Source port: 40071 (40071)
45. Destination port: http (80)
46. [Stream index: 0]
47. Sequence number: 0 (relative sequence number)
48. Header length: 40 bytes
49. Flags: 0x002 (SYN)
50. 000. .... .... = Reserved: Not set
51. ...0 .... .... = Nonce: Not set
52. .... 0... .... = Congestion Window Reduced (CWR): Not set
53. .... .0.. .... = ECN-Echo: Not set
54. .... ..0. .... = Urgent: Not set
55. .... ...0 .... = Acknowledgement: Not set
56. .... .... 0... = Push: Not set
57. .... .... .0.. = Reset: Not set
58. .... .... ..1. = Syn: Set
59. [Expert Info (Chat/Sequence): Connection establish request (SYN): server port http]
60. [Message: Connection establish request (SYN): server port http]
61. [Severity level: Chat]
62. [Group: Sequence]
63. .... .... ...0 = Fin: Not set
64. Window size value: 13600
65. [Calculated window size: 13600]
66. Checksum: 0x3a15 [validation disabled]
67. [Good Checksum: False]
68. [Bad Checksum: False]
69. Options: (20 bytes)
70. Maximum segment size: 1360 bytes
71. TCP SACK Permitted Option: True
72. Timestamps: TSval 41169925, TSecr 0
73. Kind: Timestamp (8)
74. Length: 10
75. Timestamp value: 41169925
76. Timestamp echo reply: 0
77. No-Operation (NOP)
78. Window scale: 4 (multiply by 16)
79. Kind: Window Scale (3)
80. Length: 3
81. Shift count: 4
82. [Multiplier: 16]
83.  
84. Frame 2: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
85. Arrival Time: Jul 27, 2012 08:45:56.698785000 BST
86. Epoch Time: 1343375156.698785000 seconds
87. [Time delta from previous captured frame: 0.240355000 seconds]
88. [Time delta from previous displayed frame: 0.240355000 seconds]
89. [Time since reference or first frame: 0.240355000 seconds]
90. Frame Number: 2
91. Frame Length: 78 bytes (624 bits)
92. Capture Length: 78 bytes (624 bits)
93. [Frame is marked: False]
94. [Frame is ignored: False]
95. [Protocols in frame: eth:ip:tcp]
96. Ethernet II, Src: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR), Dst: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
97. Destination: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
98. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
99. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
100. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
101. Source: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
102. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
103. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
104. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
105. Type: IP (0x0800)
106. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
107. Version: 4
108. Header length: 20 bytes
109. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
110. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
111. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
112. Total Length: 64
113. Identification: 0x3260 (12896)
114. Flags: 0x00
115. 0... .... = Reserved bit: Not set
116. .0.. .... = Don't fragment: Not set
117. ..0. .... = More fragments: Not set
118. Fragment offset: 0
119. Time to live: 116
120. Protocol: TCP (6)
121. Header checksum: 0xda71 [correct]
122. [Good: True]
123. [Bad: False]
124. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
125. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
126. Transmission Control Protocol, Src Port: http (80), Dst Port: 40071 (40071), Seq: 0, Ack: 1, Len: 0
127. Source port: http (80)
128. Destination port: 40071 (40071)
129. [Stream index: 0]
130. Sequence number: 0 (relative sequence number)
131. Acknowledgement number: 1 (relative ack number)
132. Header length: 44 bytes
133. Flags: 0x012 (SYN, ACK)
134. 000. .... .... = Reserved: Not set
135. ...0 .... .... = Nonce: Not set
136. .... 0... .... = Congestion Window Reduced (CWR): Not set
137. .... .0.. .... = ECN-Echo: Not set
138. .... ..0. .... = Urgent: Not set
139. .... ...1 .... = Acknowledgement: Set
140. .... .... 0... = Push: Not set
141. .... .... .0.. = Reset: Not set
142. .... .... ..1. = Syn: Set
143. [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port http]
144. [Message: Connection establish acknowledge (SYN+ACK): server port http]
145. [Severity level: Chat]
146. [Group: Sequence]
147. .... .... ...0 = Fin: Not set
148. Window size value: 16384
149. [Calculated window size: 16384]
150. Checksum: 0x645f [validation disabled]
151. [Good Checksum: False]
152. [Bad Checksum: False]
153. Options: (24 bytes)
154. Maximum segment size: 1460 bytes
155. No-Operation (NOP)
156. Window scale: 0 (multiply by 1)
157. Kind: Window Scale (3)
158. Length: 3
159. Shift count: 0
160. [Multiplier: 1]
161. No-Operation (NOP)
162. No-Operation (NOP)
163. Timestamps: TSval 0, TSecr 0
164. Kind: Timestamp (8)
165. Length: 10
166. Timestamp value: 0
167. Timestamp echo reply: 0
168. No-Operation (NOP)
169. No-Operation (NOP)
170. TCP SACK Permitted Option: True
171. [SEQ/ACK analysis]
172. [This is an ACK to the segment in frame: 1]
173. [The RTT to ACK the segment was: 0.240355000 seconds]
174.  
175. Frame 3: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
176. Arrival Time: Jul 27, 2012 08:45:56.698853000 BST
177. Epoch Time: 1343375156.698853000 seconds
178. [Time delta from previous captured frame: 0.000068000 seconds]
179. [Time delta from previous displayed frame: 0.000068000 seconds]
180. [Time since reference or first frame: 0.240423000 seconds]
181. Frame Number: 3
182. Frame Length: 66 bytes (528 bits)
183. Capture Length: 66 bytes (528 bits)
184. [Frame is marked: False]
185. [Frame is ignored: False]
186. [Protocols in frame: eth:ip:tcp]
187. Ethernet II, Src: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR), Dst: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
188. Destination: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
189. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
190. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
191. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
192. Source: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
193. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
194. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
195. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
196. Type: IP (0x0800)
197. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
198. Version: 4
199. Header length: 20 bytes
200. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
201. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
202. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
203. Total Length: 52
204. Identification: 0x2fbc (12220)
205. Flags: 0x00
206. 0... .... = Reserved bit: Not set
207. .0.. .... = Don't fragment: Not set
208. ..0. .... = More fragments: Not set
209. Fragment offset: 0
210. Time to live: 64
211. Protocol: TCP (6)
212. Header checksum: 0x1122 [correct]
213. [Good: True]
214. [Bad: False]
215. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
216. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
217. Transmission Control Protocol, Src Port: 40071 (40071), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
218. Source port: 40071 (40071)
219. Destination port: http (80)
220. [Stream index: 0]
221. Sequence number: 1 (relative sequence number)
222. Acknowledgement number: 1 (relative ack number)
223. Header length: 32 bytes
224. Flags: 0x010 (ACK)
225. 000. .... .... = Reserved: Not set
226. ...0 .... .... = Nonce: Not set
227. .... 0... .... = Congestion Window Reduced (CWR): Not set
228. .... .0.. .... = ECN-Echo: Not set
229. .... ..0. .... = Urgent: Not set
230. .... ...1 .... = Acknowledgement: Set
231. .... .... 0... = Push: Not set
232. .... .... .0.. = Reset: Not set
233. .... .... ..0. = Syn: Not set
234. .... .... ...0 = Fin: Not set
235. Window size value: 850
236. [Calculated window size: 13600]
237. [Window size scaling factor: 16]
238. Checksum: 0x3a0d [validation disabled]
239. [Good Checksum: False]
240. [Bad Checksum: False]
241. Options: (12 bytes)
242. No-Operation (NOP)
243. No-Operation (NOP)
244. Timestamps: TSval 41169986, TSecr 0
245. Kind: Timestamp (8)
246. Length: 10
247. Timestamp value: 41169986
248. Timestamp echo reply: 0
249. [SEQ/ACK analysis]
250. [This is an ACK to the segment in frame: 2]
251. [The RTT to ACK the segment was: 0.000068000 seconds]
252.  
253. Frame 4: 227 bytes on wire (1816 bits), 227 bytes captured (1816 bits)
254. Arrival Time: Jul 27, 2012 08:45:56.698997000 BST
255. Epoch Time: 1343375156.698997000 seconds
256. [Time delta from previous captured frame: 0.000144000 seconds]
257. [Time delta from previous displayed frame: 0.000144000 seconds]
258. [Time since reference or first frame: 0.240567000 seconds]
259. Frame Number: 4
260. Frame Length: 227 bytes (1816 bits)
261. Capture Length: 227 bytes (1816 bits)
262. [Frame is marked: False]
263. [Frame is ignored: False]
264. [Protocols in frame: eth:ip:tcp:http]
265. Ethernet II, Src: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR), Dst: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
266. Destination: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
267. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
268. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
269. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
270. Source: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
271. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
272. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
273. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
274. Type: IP (0x0800)
275. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
276. Version: 4
277. Header length: 20 bytes
278. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
279. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
280. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
281. Total Length: 213
282. Identification: 0x2fbd (12221)
283. Flags: 0x00
284. 0... .... = Reserved bit: Not set
285. .0.. .... = Don't fragment: Not set
286. ..0. .... = More fragments: Not set
287. Fragment offset: 0
288. Time to live: 64
289. Protocol: TCP (6)
290. Header checksum: 0x1080 [correct]
291. [Good: True]
292. [Bad: False]
293. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
294. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
295. Transmission Control Protocol, Src Port: 40071 (40071), Dst Port: http (80), Seq: 1, Ack: 1, Len: 161
296. Source port: 40071 (40071)
297. Destination port: http (80)
298. [Stream index: 0]
299. Sequence number: 1 (relative sequence number)
300. [Next sequence number: 162 (relative sequence number)]
301. Acknowledgement number: 1 (relative ack number)
302. Header length: 32 bytes
303. Flags: 0x018 (PSH, ACK)
304. 000. .... .... = Reserved: Not set
305. ...0 .... .... = Nonce: Not set
306. .... 0... .... = Congestion Window Reduced (CWR): Not set
307. .... .0.. .... = ECN-Echo: Not set
308. .... ..0. .... = Urgent: Not set
309. .... ...1 .... = Acknowledgement: Set
310. .... .... 1... = Push: Set
311. .... .... .0.. = Reset: Not set
312. .... .... ..0. = Syn: Not set
313. .... .... ...0 = Fin: Not set
314. Window size value: 850
315. [Calculated window size: 13600]
316. [Window size scaling factor: 16]
317. Checksum: 0x3aae [validation disabled]
318. [Good Checksum: False]
319. [Bad Checksum: False]
320. Options: (12 bytes)
321. No-Operation (NOP)
322. No-Operation (NOP)
323. Timestamps: TSval 41169986, TSecr 0
324. Kind: Timestamp (8)
325. Length: 10
326. Timestamp value: 41169986
327. Timestamp echo reply: 0
328. [SEQ/ACK analysis]
329. [Bytes in flight: 161]
330. Hypertext Transfer Protocol
331. GET / HTTP/1.1\r\n
332. [Expert Info (Chat/Sequence): GET / HTTP/1.1\r\n]
333. [Message: GET / HTTP/1.1\r\n]
334. [Severity level: Chat]
335. [Group: Sequence]
336. Request Method: GET
337. Request URI: /
338. Request Version: HTTP/1.1
339. User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3\r\n
340. Host: dest.com\r\n
341. Accept: */*\r\n
342. \r\n
343. [Full request URI: http://dest.com/]
344.  
345. Frame 5: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
346. Arrival Time: Jul 27, 2012 08:45:56.946345000 BST
347. Epoch Time: 1343375156.946345000 seconds
348. [Time delta from previous captured frame: 0.247348000 seconds]
349. [Time delta from previous displayed frame: 0.247348000 seconds]
350. [Time since reference or first frame: 0.487915000 seconds]
351. Frame Number: 5
352. Frame Length: 66 bytes (528 bits)
353. Capture Length: 66 bytes (528 bits)
354. [Frame is marked: False]
355. [Frame is ignored: False]
356. [Protocols in frame: eth:ip:tcp]
357. Ethernet II, Src: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR), Dst: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
358. Destination: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
359. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
360. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
361. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
362. Source: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
363. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
364. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
365. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
366. Type: IP (0x0800)
367. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
368. Version: 4
369. Header length: 20 bytes
370. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
371. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
372. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
373. Total Length: 52
374. Identification: 0x36f2 (14066)
375. Flags: 0x00
376. 0... .... = Reserved bit: Not set
377. .0.. .... = Don't fragment: Not set
378. ..0. .... = More fragments: Not set
379. Fragment offset: 0
380. Time to live: 116
381. Protocol: TCP (6)
382. Header checksum: 0xd5eb [correct]
383. [Good: True]
384. [Bad: False]
385. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
386. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
387. Transmission Control Protocol, Src Port: http (80), Dst Port: 40071 (40071), Seq: 1, Ack: 1, Len: 0
388. Source port: http (80)
389. Destination port: 40071 (40071)
390. [Stream index: 0]
391. Sequence number: 1 (relative sequence number)
392. Acknowledgement number: 1 (relative ack number)
393. Header length: 32 bytes
394. Flags: 0x010 (ACK)
395. 000. .... .... = Reserved: Not set
396. ...0 .... .... = Nonce: Not set
397. .... 0... .... = Congestion Window Reduced (CWR): Not set
398. .... .0.. .... = ECN-Echo: Not set
399. .... ..0. .... = Urgent: Not set
400. .... ...1 .... = Acknowledgement: Set
401. .... .... 0... = Push: Not set
402. .... .... .0.. = Reset: Not set
403. .... .... ..0. = Syn: Not set
404. .... .... ...0 = Fin: Not set
405. Window size value: 16384
406. [Calculated window size: 16384]
407. [Window size scaling factor: 1]
408. Checksum: 0xf8b7 [validation disabled]
409. [Good Checksum: False]
410. [Bad Checksum: False]
411. Options: (12 bytes)
412. No-Operation (NOP)
413. No-Operation (NOP)
414. Timestamps: TSval 740886, TSecr 684668290
415. Kind: Timestamp (8)
416. Length: 10
417. Timestamp value: 740886
418. Timestamp echo reply: 684668290
419. [SEQ/ACK analysis]
420. [TCP Analysis Flags]
421. [This is a TCP duplicate ack]
422. [Duplicate ACK #: 1]
423. [Duplicate to the ACK in frame: 2]
424. [Expert Info (Note/Sequence): Duplicate ACK (#1)]
425. [Message: Duplicate ACK (#1)]
426. [Severity level: Note]
427. [Group: Sequence]
428.  
429. Frame 6: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
430. Arrival Time: Jul 27, 2012 08:45:56.946615000 BST
431. Epoch Time: 1343375156.946615000 seconds
432. [Time delta from previous captured frame: 0.000270000 seconds]
433. [Time delta from previous displayed frame: 0.000270000 seconds]
434. [Time since reference or first frame: 0.488185000 seconds]
435. Frame Number: 6
436. Frame Length: 66 bytes (528 bits)
437. Capture Length: 66 bytes (528 bits)
438. [Frame is marked: False]
439. [Frame is ignored: False]
440. [Protocols in frame: eth:ip:tcp]
441. Ethernet II, Src: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR), Dst: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
442. Destination: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
443. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
444. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
445. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
446. Source: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
447. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
448. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
449. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
450. Type: IP (0x0800)
451. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
452. Version: 4
453. Header length: 20 bytes
454. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
455. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
456. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
457. Total Length: 52
458. Identification: 0x36f7 (14071)
459. Flags: 0x00
460. 0... .... = Reserved bit: Not set
461. .0.. .... = Don't fragment: Not set
462. ..0. .... = More fragments: Not set
463. Fragment offset: 0
464. Time to live: 116
465. Protocol: TCP (6)
466. Header checksum: 0xd5e6 [correct]
467. [Good: True]
468. [Bad: False]
469. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
470. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
471. Transmission Control Protocol, Src Port: http (80), Dst Port: 40071 (40071), Seq: 1, Ack: 1, Len: 0
472. Source port: http (80)
473. Destination port: 40071 (40071)
474. [Stream index: 0]
475. Sequence number: 1 (relative sequence number)
476. Acknowledgement number: 1 (relative ack number)
477. Header length: 32 bytes
478. Flags: 0x010 (ACK)
479. 000. .... .... = Reserved: Not set
480. ...0 .... .... = Nonce: Not set
481. .... 0... .... = Congestion Window Reduced (CWR): Not set
482. .... .0.. .... = ECN-Echo: Not set
483. .... ..0. .... = Urgent: Not set
484. .... ...1 .... = Acknowledgement: Set
485. .... .... 0... = Push: Not set
486. .... .... .0.. = Reset: Not set
487. .... .... ..0. = Syn: Not set
488. .... .... ...0 = Fin: Not set
489. Window size value: 16384
490. [Calculated window size: 16384]
491. [Window size scaling factor: 1]
492. Checksum: 0xf8b7 [validation disabled]
493. [Good Checksum: False]
494. [Bad Checksum: False]
495. Options: (12 bytes)
496. No-Operation (NOP)
497. No-Operation (NOP)
498. Timestamps: TSval 740886, TSecr 684668290
499. Kind: Timestamp (8)
500. Length: 10
501. Timestamp value: 740886
502. Timestamp echo reply: 684668290
503. [SEQ/ACK analysis]
504. [TCP Analysis Flags]
505. [This is a TCP duplicate ack]
506. [Duplicate ACK #: 2]
507. [Duplicate to the ACK in frame: 2]
508. [Expert Info (Note/Sequence): Duplicate ACK (#2)]
509. [Message: Duplicate ACK (#2)]
510. [Severity level: Note]
511. [Group: Sequence]
512.  
513. Frame 7: 227 bytes on wire (1816 bits), 227 bytes captured (1816 bits)
514. Arrival Time: Jul 27, 2012 08:45:57.430860000 BST
515. Epoch Time: 1343375157.430860000 seconds
516. [Time delta from previous captured frame: 0.484245000 seconds]
517. [Time delta from previous displayed frame: 0.484245000 seconds]
518. [Time since reference or first frame: 0.972430000 seconds]
519. Frame Number: 7
520. Frame Length: 227 bytes (1816 bits)
521. Capture Length: 227 bytes (1816 bits)
522. [Frame is marked: False]
523. [Frame is ignored: False]
524. [Protocols in frame: eth:ip:tcp:http]
525. Ethernet II, Src: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR), Dst: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
526. Destination: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
527. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
528. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
529. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
530. Source: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
531. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
532. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
533. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
534. Type: IP (0x0800)
535. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
536. Version: 4
537. Header length: 20 bytes
538. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
539. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
540. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
541. Total Length: 213
542. Identification: 0x2fbe (12222)
543. Flags: 0x00
544. 0... .... = Reserved bit: Not set
545. .0.. .... = Don't fragment: Not set
546. ..0. .... = More fragments: Not set
547. Fragment offset: 0
548. Time to live: 64
549. Protocol: TCP (6)
550. Header checksum: 0x107f [correct]
551. [Good: True]
552. [Bad: False]
553. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
554. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
555. Transmission Control Protocol, Src Port: 40071 (40071), Dst Port: http (80), Seq: 1, Ack: 1, Len: 161
556. Source port: 40071 (40071)
557. Destination port: http (80)
558. [Stream index: 0]
559. Sequence number: 1 (relative sequence number)
560. [Next sequence number: 162 (relative sequence number)]
561. Acknowledgement number: 1 (relative ack number)
562. Header length: 32 bytes
563. Flags: 0x018 (PSH, ACK)
564. 000. .... .... = Reserved: Not set
565. ...0 .... .... = Nonce: Not set
566. .... 0... .... = Congestion Window Reduced (CWR): Not set
567. .... .0.. .... = ECN-Echo: Not set
568. .... ..0. .... = Urgent: Not set
569. .... ...1 .... = Acknowledgement: Set
570. .... .... 1... = Push: Set
571. .... .... .0.. = Reset: Not set
572. .... .... ..0. = Syn: Not set
573. .... .... ...0 = Fin: Not set
574. Window size value: 850
575. [Calculated window size: 13600]
576. [Window size scaling factor: 16]
577. Checksum: 0x3aae [validation disabled]
578. [Good Checksum: False]
579. [Bad Checksum: False]
580. Options: (12 bytes)
581. No-Operation (NOP)
582. No-Operation (NOP)
583. Timestamps: TSval 41170169, TSecr 740886
584. Kind: Timestamp (8)
585. Length: 10
586. Timestamp value: 41170169
587. Timestamp echo reply: 740886
588. [SEQ/ACK analysis]
589. [Bytes in flight: 161]
590. [TCP Analysis Flags]
591. [This frame is a (suspected) retransmission]
592. [Expert Info (Note/Sequence): Retransmission (suspected)]
593. [Message: Retransmission (suspected)]
594. [Severity level: Note]
595. [Group: Sequence]
596. [The RTO for this segment was: 0.731863000 seconds]
597. [RTO based on delta from frame: 4]
598. Hypertext Transfer Protocol
599. GET / HTTP/1.1\r\n
600. [Expert Info (Chat/Sequence): GET / HTTP/1.1\r\n]
601. [Message: GET / HTTP/1.1\r\n]
602. [Severity level: Chat]
603. [Group: Sequence]
604. Request Method: GET
605. Request URI: /
606. Request Version: HTTP/1.1
607. User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3\r\n
608. Host: dest.com\r\n
609. Accept: */*\r\n
610. \r\n
611. [Full request URI: http://dest.com/]
612.  
613. Frame 8: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
614. Arrival Time: Jul 27, 2012 08:45:57.669197000 BST
615. Epoch Time: 1343375157.669197000 seconds
616. [Time delta from previous captured frame: 0.238337000 seconds]
617. [Time delta from previous displayed frame: 0.238337000 seconds]
618. [Time since reference or first frame: 1.210767000 seconds]
619. Frame Number: 8
620. Frame Length: 66 bytes (528 bits)
621. Capture Length: 66 bytes (528 bits)
622. [Frame is marked: False]
623. [Frame is ignored: False]
624. [Protocols in frame: eth:ip:tcp]
625. Ethernet II, Src: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR), Dst: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
626. Destination: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
627. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
628. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
629. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
630. Source: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
631. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
632. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
633. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
634. Type: IP (0x0800)
635. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
636. Version: 4
637. Header length: 20 bytes
638. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
639. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
640. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
641. Total Length: 52
642. Identification: 0x4498 (17560)
643. Flags: 0x00
644. 0... .... = Reserved bit: Not set
645. .0.. .... = Don't fragment: Not set
646. ..0. .... = More fragments: Not set
647. Fragment offset: 0
648. Time to live: 116
649. Protocol: TCP (6)
650. Header checksum: 0xc845 [correct]
651. [Good: True]
652. [Bad: False]
653. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
654. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
655. Transmission Control Protocol, Src Port: http (80), Dst Port: 40071 (40071), Seq: 1, Ack: 1, Len: 0
656. Source port: http (80)
657. Destination port: 40071 (40071)
658. [Stream index: 0]
659. Sequence number: 1 (relative sequence number)
660. Acknowledgement number: 1 (relative ack number)
661. Header length: 32 bytes
662. Flags: 0x010 (ACK)
663. 000. .... .... = Reserved: Not set
664. ...0 .... .... = Nonce: Not set
665. .... 0... .... = Congestion Window Reduced (CWR): Not set
666. .... .0.. .... = ECN-Echo: Not set
667. .... ..0. .... = Urgent: Not set
668. .... ...1 .... = Acknowledgement: Set
669. .... .... 0... = Push: Not set
670. .... .... .0.. = Reset: Not set
671. .... .... ..0. = Syn: Not set
672. .... .... ...0 = Fin: Not set
673. Window size value: 16384
674. [Calculated window size: 16384]
675. [Window size scaling factor: 1]
676. Checksum: 0xf8b0 [validation disabled]
677. [Good Checksum: False]
678. [Bad Checksum: False]
679. Options: (12 bytes)
680. No-Operation (NOP)
681. No-Operation (NOP)
682. Timestamps: TSval 740893, TSecr 684668290
683. Kind: Timestamp (8)
684. Length: 10
685. Timestamp value: 740893
686. Timestamp echo reply: 684668290
687. [SEQ/ACK analysis]
688. [TCP Analysis Flags]
689. [This is a TCP duplicate ack]
690. [Duplicate ACK #: 3]
691. [Duplicate to the ACK in frame: 2]
692. [Expert Info (Note/Sequence): Duplicate ACK (#3)]
693. [Message: Duplicate ACK (#3)]
694. [Severity level: Note]
695. [Group: Sequence]
696.  
697. Frame 9: 227 bytes on wire (1816 bits), 227 bytes captured (1816 bits)
698. Arrival Time: Jul 27, 2012 08:45:58.898838000 BST
699. Epoch Time: 1343375158.898838000 seconds
700. [Time delta from previous captured frame: 1.229641000 seconds]
701. [Time delta from previous displayed frame: 1.229641000 seconds]
702. [Time since reference or first frame: 2.440408000 seconds]
703. Frame Number: 9
704. Frame Length: 227 bytes (1816 bits)
705. Capture Length: 227 bytes (1816 bits)
706. [Frame is marked: False]
707. [Frame is ignored: False]
708. [Protocols in frame: eth:ip:tcp:http]
709. Ethernet II, Src: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR), Dst: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
710. Destination: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
711. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
712. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
713. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
714. Source: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
715. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
716. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
717. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
718. Type: IP (0x0800)
719. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
720. Version: 4
721. Header length: 20 bytes
722. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
723. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
724. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
725. Total Length: 213
726. Identification: 0x2fbf (12223)
727. Flags: 0x00
728. 0... .... = Reserved bit: Not set
729. .0.. .... = Don't fragment: Not set
730. ..0. .... = More fragments: Not set
731. Fragment offset: 0
732. Time to live: 64
733. Protocol: TCP (6)
734. Header checksum: 0x107e [correct]
735. [Good: True]
736. [Bad: False]
737. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
738. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
739. Transmission Control Protocol, Src Port: 40071 (40071), Dst Port: http (80), Seq: 1, Ack: 1, Len: 161
740. Source port: 40071 (40071)
741. Destination port: http (80)
742. [Stream index: 0]
743. Sequence number: 1 (relative sequence number)
744. [Next sequence number: 162 (relative sequence number)]
745. Acknowledgement number: 1 (relative ack number)
746. Header length: 32 bytes
747. Flags: 0x018 (PSH, ACK)
748. 000. .... .... = Reserved: Not set
749. ...0 .... .... = Nonce: Not set
750. .... 0... .... = Congestion Window Reduced (CWR): Not set
751. .... .0.. .... = ECN-Echo: Not set
752. .... ..0. .... = Urgent: Not set
753. .... ...1 .... = Acknowledgement: Set
754. .... .... 1... = Push: Set
755. .... .... .0.. = Reset: Not set
756. .... .... ..0. = Syn: Not set
757. .... .... ...0 = Fin: Not set
758. Window size value: 850
759. [Calculated window size: 13600]
760. [Window size scaling factor: 16]
761. Checksum: 0x3aae [validation disabled]
762. [Good Checksum: False]
763. [Bad Checksum: False]
764. Options: (12 bytes)
765. No-Operation (NOP)
766. No-Operation (NOP)
767. Timestamps: TSval 41170536, TSecr 740893
768. Kind: Timestamp (8)
769. Length: 10
770. Timestamp value: 41170536
771. Timestamp echo reply: 740893
772. [SEQ/ACK analysis]
773. [Bytes in flight: 161]
774. [TCP Analysis Flags]
775. [This frame is a (suspected) retransmission]
776. [Expert Info (Note/Sequence): Retransmission (suspected)]
777. [Message: Retransmission (suspected)]
778. [Severity level: Note]
779. [Group: Sequence]
780. [The RTO for this segment was: 2.199841000 seconds]
781. [RTO based on delta from frame: 4]
782. Hypertext Transfer Protocol
783. GET / HTTP/1.1\r\n
784. [Expert Info (Chat/Sequence): GET / HTTP/1.1\r\n]
785. [Message: GET / HTTP/1.1\r\n]
786. [Severity level: Chat]
787. [Group: Sequence]
788. Request Method: GET
789. Request URI: /
790. Request Version: HTTP/1.1
791. User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3\r\n
792. Host: dest.com\r\n
793. Accept: */*\r\n
794. \r\n
795. [Full request URI: http://dest.com/]
796.  
797. Frame 10: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
798. Arrival Time: Jul 27, 2012 08:45:59.138563000 BST
799. Epoch Time: 1343375159.138563000 seconds
800. [Time delta from previous captured frame: 0.239725000 seconds]
801. [Time delta from previous displayed frame: 0.239725000 seconds]
802. [Time since reference or first frame: 2.680133000 seconds]
803. Frame Number: 10
804. Frame Length: 66 bytes (528 bits)
805. Capture Length: 66 bytes (528 bits)
806. [Frame is marked: False]
807. [Frame is ignored: False]
808. [Protocols in frame: eth:ip:tcp]
809. Ethernet II, Src: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR), Dst: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
810. Destination: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
811. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
812. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
813. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
814. Source: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
815. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
816. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
817. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
818. Type: IP (0x0800)
819. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
820. Version: 4
821. Header length: 20 bytes
822. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
823. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
824. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
825. Total Length: 52
826. Identification: 0x628d (25229)
827. Flags: 0x00
828. 0... .... = Reserved bit: Not set
829. .0.. .... = Don't fragment: Not set
830. ..0. .... = More fragments: Not set
831. Fragment offset: 0
832. Time to live: 116
833. Protocol: TCP (6)
834. Header checksum: 0xaa50 [correct]
835. [Good: True]
836. [Bad: False]
837. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
838. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
839. Transmission Control Protocol, Src Port: http (80), Dst Port: 40071 (40071), Seq: 1, Ack: 1, Len: 0
840. Source port: http (80)
841. Destination port: 40071 (40071)
842. [Stream index: 0]
843. Sequence number: 1 (relative sequence number)
844. Acknowledgement number: 1 (relative ack number)
845. Header length: 32 bytes
846. Flags: 0x010 (ACK)
847. 000. .... .... = Reserved: Not set
848. ...0 .... .... = Nonce: Not set
849. .... 0... .... = Congestion Window Reduced (CWR): Not set
850. .... .0.. .... = ECN-Echo: Not set
851. .... ..0. .... = Urgent: Not set
852. .... ...1 .... = Acknowledgement: Set
853. .... .... 0... = Push: Not set
854. .... .... .0.. = Reset: Not set
855. .... .... ..0. = Syn: Not set
856. .... .... ...0 = Fin: Not set
857. Window size value: 16384
858. [Calculated window size: 16384]
859. [Window size scaling factor: 1]
860. Checksum: 0xf8a1 [validation disabled]
861. [Good Checksum: False]
862. [Bad Checksum: False]
863. Options: (12 bytes)
864. No-Operation (NOP)
865. No-Operation (NOP)
866. Timestamps: TSval 740908, TSecr 684668290
867. Kind: Timestamp (8)
868. Length: 10
869. Timestamp value: 740908
870. Timestamp echo reply: 684668290
871. [SEQ/ACK analysis]
872. [TCP Analysis Flags]
873. [This is a TCP duplicate ack]
874. [Duplicate ACK #: 4]
875. [Duplicate to the ACK in frame: 2]
876. [Expert Info (Note/Sequence): Duplicate ACK (#4)]
877. [Message: Duplicate ACK (#4)]
878. [Severity level: Note]
879. [Group: Sequence]
880.  
881. Frame 11: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
882. Arrival Time: Jul 27, 2012 08:45:59.886073000 BST
883. Epoch Time: 1343375159.886073000 seconds
884. [Time delta from previous captured frame: 0.747510000 seconds]
885. [Time delta from previous displayed frame: 0.747510000 seconds]
886. [Time since reference or first frame: 3.427643000 seconds]
887. Frame Number: 11
888. Frame Length: 78 bytes (624 bits)
889. Capture Length: 78 bytes (624 bits)
890. [Frame is marked: False]
891. [Frame is ignored: False]
892. [Protocols in frame: eth:ip:tcp]
893. Ethernet II, Src: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR), Dst: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
894. Destination: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
895. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
896. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
897. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
898. Source: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
899. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
900. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
901. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
902. Type: IP (0x0800)
903. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
904. Version: 4
905. Header length: 20 bytes
906. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
907. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
908. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
909. Total Length: 64
910. Identification: 0x7239 (29241)
911. Flags: 0x00
912. 0... .... = Reserved bit: Not set
913. .0.. .... = Don't fragment: Not set
914. ..0. .... = More fragments: Not set
915. Fragment offset: 0
916. Time to live: 116
917. Protocol: TCP (6)
918. Header checksum: 0x9a98 [correct]
919. [Good: True]
920. [Bad: False]
921. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
922. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
923. Transmission Control Protocol, Src Port: http (80), Dst Port: 40071 (40071), Seq: 0, Ack: 1, Len: 0
924. Source port: http (80)
925. Destination port: 40071 (40071)
926. [Stream index: 0]
927. Sequence number: 0 (relative sequence number)
928. Acknowledgement number: 1 (relative ack number)
929. Header length: 44 bytes
930. Flags: 0x012 (SYN, ACK)
931. 000. .... .... = Reserved: Not set
932. ...0 .... .... = Nonce: Not set
933. .... 0... .... = Congestion Window Reduced (CWR): Not set
934. .... .0.. .... = ECN-Echo: Not set
935. .... ..0. .... = Urgent: Not set
936. .... ...1 .... = Acknowledgement: Set
937. .... .... 0... = Push: Not set
938. .... .... .0.. = Reset: Not set
939. .... .... ..1. = Syn: Set
940. [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port http]
941. [Message: Connection establish acknowledge (SYN+ACK): server port http]
942. [Severity level: Chat]
943. [Group: Sequence]
944. .... .... ...0 = Fin: Not set
945. Window size value: 16384
946. [Calculated window size: 16384]
947. Checksum: 0x645f [validation disabled]
948. [Good Checksum: False]
949. [Bad Checksum: False]
950. Options: (24 bytes)
951. Maximum segment size: 1460 bytes
952. No-Operation (NOP)
953. Window scale: 0 (multiply by 1)
954. Kind: Window Scale (3)
955. Length: 3
956. Shift count: 0
957. [Multiplier: 1]
958. No-Operation (NOP)
959. No-Operation (NOP)
960. Timestamps: TSval 0, TSecr 0
961. Kind: Timestamp (8)
962. Length: 10
963. Timestamp value: 0
964. Timestamp echo reply: 0
965. No-Operation (NOP)
966. No-Operation (NOP)
967. TCP SACK Permitted Option: True
968.  
969. Frame 12: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
970. Arrival Time: Jul 27, 2012 08:45:59.886104000 BST
971. Epoch Time: 1343375159.886104000 seconds
972. [Time delta from previous captured frame: 0.000031000 seconds]
973. [Time delta from previous displayed frame: 0.000031000 seconds]
974. [Time since reference or first frame: 3.427674000 seconds]
975. Frame Number: 12
976. Frame Length: 78 bytes (624 bits)
977. Capture Length: 78 bytes (624 bits)
978. [Frame is marked: False]
979. [Frame is ignored: False]
980. [Protocols in frame: eth:ip:tcp]
981. Ethernet II, Src: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR), Dst: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
982. Destination: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
983. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
984. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
985. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
986. Source: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
987. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
988. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
989. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
990. Type: IP (0x0800)
991. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
992. Version: 4
993. Header length: 20 bytes
994. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
995. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
996. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
997. Total Length: 64
998. Identification: 0x2fc0 (12224)
999. Flags: 0x00
1000. 0... .... = Reserved bit: Not set
1001. .0.. .... = Don't fragment: Not set
1002. ..0. .... = More fragments: Not set
1003. Fragment offset: 0
1004. Time to live: 64
1005. Protocol: TCP (6)
1006. Header checksum: 0x1112 [correct]
1007. [Good: True]
1008. [Bad: False]
1009. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1010. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1011. Transmission Control Protocol, Src Port: 40071 (40071), Dst Port: http (80), Seq: 162, Ack: 1, Len: 0
1012. Source port: 40071 (40071)
1013. Destination port: http (80)
1014. [Stream index: 0]
1015. Sequence number: 162 (relative sequence number)
1016. Acknowledgement number: 1 (relative ack number)
1017. Header length: 44 bytes
1018. Flags: 0x010 (ACK)
1019. 000. .... .... = Reserved: Not set
1020. ...0 .... .... = Nonce: Not set
1021. .... 0... .... = Congestion Window Reduced (CWR): Not set
1022. .... .0.. .... = ECN-Echo: Not set
1023. .... ..0. .... = Urgent: Not set
1024. .... ...1 .... = Acknowledgement: Set
1025. .... .... 0... = Push: Not set
1026. .... .... .0.. = Reset: Not set
1027. .... .... ..0. = Syn: Not set
1028. .... .... ...0 = Fin: Not set
1029. Window size value: 850
1030. [Calculated window size: 13600]
1031. [Window size scaling factor: 16]
1032. Checksum: 0x3a19 [validation disabled]
1033. [Good Checksum: False]
1034. [Bad Checksum: False]
1035. Options: (24 bytes)
1036. No-Operation (NOP)
1037. No-Operation (NOP)
1038. Timestamps: TSval 41170782, TSecr 740908
1039. Kind: Timestamp (8)
1040. Length: 10
1041. Timestamp value: 41170782
1042. Timestamp echo reply: 740908
1043. No-Operation (NOP)
1044. No-Operation (NOP)
1045. SACK: 0-1
1046. left edge = 0 (relative)
1047. right edge = 1 (relative)
1048. [SEQ/ACK analysis]
1049. [This is an ACK to the segment in frame: 11]
1050. [The RTT to ACK the segment was: 0.000031000 seconds]
1051. [TCP Analysis Flags]
1052. [This is a TCP duplicate ack]
1053. [Duplicate ACK #: 1]
1054. [Duplicate to the ACK in frame: 9]
1055. [Expert Info (Note/Sequence): Duplicate ACK (#1)]
1056. [Message: Duplicate ACK (#1)]
1057. [Severity level: Note]
1058. [Group: Sequence]
1059.  
1060. Frame 13: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
1061. Arrival Time: Jul 27, 2012 08:46:00.126636000 BST
1062. Epoch Time: 1343375160.126636000 seconds
1063. [Time delta from previous captured frame: 0.240532000 seconds]
1064. [Time delta from previous displayed frame: 0.240532000 seconds]
1065. [Time since reference or first frame: 3.668206000 seconds]
1066. Frame Number: 13
1067. Frame Length: 66 bytes (528 bits)
1068. Capture Length: 66 bytes (528 bits)
1069. [Frame is marked: False]
1070. [Frame is ignored: False]
1071. [Protocols in frame: eth:ip:tcp]
1072. Ethernet II, Src: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR), Dst: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1073. Destination: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1074. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1075. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1076. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1077. Source: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1078. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1079. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1080. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1081. Type: IP (0x0800)
1082. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1083. Version: 4
1084. Header length: 20 bytes
1085. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1086. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1087. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1088. Total Length: 52
1089. Identification: 0x7757 (30551)
1090. Flags: 0x00
1091. 0... .... = Reserved bit: Not set
1092. .0.. .... = Don't fragment: Not set
1093. ..0. .... = More fragments: Not set
1094. Fragment offset: 0
1095. Time to live: 116
1096. Protocol: TCP (6)
1097. Header checksum: 0x9586 [correct]
1098. [Good: True]
1099. [Bad: False]
1100. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1101. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1102. Transmission Control Protocol, Src Port: http (80), Dst Port: 40071 (40071), Seq: 1, Ack: 1, Len: 0
1103. Source port: http (80)
1104. Destination port: 40071 (40071)
1105. [Stream index: 0]
1106. Sequence number: 1 (relative sequence number)
1107. Acknowledgement number: 1 (relative ack number)
1108. Header length: 32 bytes
1109. Flags: 0x010 (ACK)
1110. 000. .... .... = Reserved: Not set
1111. ...0 .... .... = Nonce: Not set
1112. .... 0... .... = Congestion Window Reduced (CWR): Not set
1113. .... .0.. .... = ECN-Echo: Not set
1114. .... ..0. .... = Urgent: Not set
1115. .... ...1 .... = Acknowledgement: Set
1116. .... .... 0... = Push: Not set
1117. .... .... .0.. = Reset: Not set
1118. .... .... ..0. = Syn: Not set
1119. .... .... ...0 = Fin: Not set
1120. Window size value: 16384
1121. [Calculated window size: 16384]
1122. [Window size scaling factor: 1]
1123. Checksum: 0xf897 [validation disabled]
1124. [Good Checksum: False]
1125. [Bad Checksum: False]
1126. Options: (12 bytes)
1127. No-Operation (NOP)
1128. No-Operation (NOP)
1129. Timestamps: TSval 740918, TSecr 684668290
1130. Kind: Timestamp (8)
1131. Length: 10
1132. Timestamp value: 740918
1133. Timestamp echo reply: 684668290
1134. [SEQ/ACK analysis]
1135. [TCP Analysis Flags]
1136. [This is a TCP duplicate ack]
1137. [Duplicate ACK #: 1]
1138. [Duplicate to the ACK in frame: 11]
1139. [Expert Info (Note/Sequence): Duplicate ACK (#1)]
1140. [Message: Duplicate ACK (#1)]
1141. [Severity level: Note]
1142. [Group: Sequence]
1143.  
1144. Frame 14: 227 bytes on wire (1816 bits), 227 bytes captured (1816 bits)
1145. Arrival Time: Jul 27, 2012 08:46:01.834890000 BST
1146. Epoch Time: 1343375161.834890000 seconds
1147. [Time delta from previous captured frame: 1.708254000 seconds]
1148. [Time delta from previous displayed frame: 1.708254000 seconds]
1149. [Time since reference or first frame: 5.376460000 seconds]
1150. Frame Number: 14
1151. Frame Length: 227 bytes (1816 bits)
1152. Capture Length: 227 bytes (1816 bits)
1153. [Frame is marked: False]
1154. [Frame is ignored: False]
1155. [Protocols in frame: eth:ip:tcp:http]
1156. Ethernet II, Src: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR), Dst: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1157. Destination: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1158. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1159. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1160. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1161. Source: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1162. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1163. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1164. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1165. Type: IP (0x0800)
1166. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1167. Version: 4
1168. Header length: 20 bytes
1169. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1170. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1171. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1172. Total Length: 213
1173. Identification: 0x2fc1 (12225)
1174. Flags: 0x00
1175. 0... .... = Reserved bit: Not set
1176. .0.. .... = Don't fragment: Not set
1177. ..0. .... = More fragments: Not set
1178. Fragment offset: 0
1179. Time to live: 64
1180. Protocol: TCP (6)
1181. Header checksum: 0x107c [correct]
1182. [Good: True]
1183. [Bad: False]
1184. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1185. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1186. Transmission Control Protocol, Src Port: 40071 (40071), Dst Port: http (80), Seq: 1, Ack: 1, Len: 161
1187. Source port: 40071 (40071)
1188. Destination port: http (80)
1189. [Stream index: 0]
1190. Sequence number: 1 (relative sequence number)
1191. [Next sequence number: 162 (relative sequence number)]
1192. Acknowledgement number: 1 (relative ack number)
1193. Header length: 32 bytes
1194. Flags: 0x018 (PSH, ACK)
1195. 000. .... .... = Reserved: Not set
1196. ...0 .... .... = Nonce: Not set
1197. .... 0... .... = Congestion Window Reduced (CWR): Not set
1198. .... .0.. .... = ECN-Echo: Not set
1199. .... ..0. .... = Urgent: Not set
1200. .... ...1 .... = Acknowledgement: Set
1201. .... .... 1... = Push: Set
1202. .... .... .0.. = Reset: Not set
1203. .... .... ..0. = Syn: Not set
1204. .... .... ...0 = Fin: Not set
1205. Window size value: 850
1206. [Calculated window size: 13600]
1207. [Window size scaling factor: 16]
1208. Checksum: 0x3aae [validation disabled]
1209. [Good Checksum: False]
1210. [Bad Checksum: False]
1211. Options: (12 bytes)
1212. No-Operation (NOP)
1213. No-Operation (NOP)
1214. Timestamps: TSval 41171270, TSecr 740918
1215. Kind: Timestamp (8)
1216. Length: 10
1217. Timestamp value: 41171270
1218. Timestamp echo reply: 740918
1219. [SEQ/ACK analysis]
1220. [Bytes in flight: 161]
1221. [TCP Analysis Flags]
1222. [This frame is a (suspected) retransmission]
1223. [Expert Info (Note/Sequence): Retransmission (suspected)]
1224. [Message: Retransmission (suspected)]
1225. [Severity level: Note]
1226. [Group: Sequence]
1227. [The RTO for this segment was: 5.135893000 seconds]
1228. [RTO based on delta from frame: 4]
1229. Hypertext Transfer Protocol
1230. GET / HTTP/1.1\r\n
1231. [Expert Info (Chat/Sequence): GET / HTTP/1.1\r\n]
1232. [Message: GET / HTTP/1.1\r\n]
1233. [Severity level: Chat]
1234. [Group: Sequence]
1235. Request Method: GET
1236. Request URI: /
1237. Request Version: HTTP/1.1
1238. User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3\r\n
1239. Host: dest.com\r\n
1240. Accept: */*\r\n
1241. \r\n
1242. [Full request URI: http://dest.com/]
1243.  
1244. Frame 15: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
1245. Arrival Time: Jul 27, 2012 08:46:02.073330000 BST
1246. Epoch Time: 1343375162.073330000 seconds
1247. [Time delta from previous captured frame: 0.238440000 seconds]
1248. [Time delta from previous displayed frame: 0.238440000 seconds]
1249. [Time since reference or first frame: 5.614900000 seconds]
1250. Frame Number: 15
1251. Frame Length: 66 bytes (528 bits)
1252. Capture Length: 66 bytes (528 bits)
1253. [Frame is marked: False]
1254. [Frame is ignored: False]
1255. [Protocols in frame: eth:ip:tcp]
1256. Ethernet II, Src: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR), Dst: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1257. Destination: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1258. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1259. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1260. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1261. Source: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1262. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1263. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1264. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1265. Type: IP (0x0800)
1266. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1267. Version: 4
1268. Header length: 20 bytes
1269. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1270. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1271. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1272. Total Length: 52
1273. Identification: 0x1f9a (8090)
1274. Flags: 0x00
1275. 0... .... = Reserved bit: Not set
1276. .0.. .... = Don't fragment: Not set
1277. ..0. .... = More fragments: Not set
1278. Fragment offset: 0
1279. Time to live: 116
1280. Protocol: TCP (6)
1281. Header checksum: 0xed43 [correct]
1282. [Good: True]
1283. [Bad: False]
1284. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1285. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1286. Transmission Control Protocol, Src Port: http (80), Dst Port: 40071 (40071), Seq: 1, Ack: 1, Len: 0
1287. Source port: http (80)
1288. Destination port: 40071 (40071)
1289. [Stream index: 0]
1290. Sequence number: 1 (relative sequence number)
1291. Acknowledgement number: 1 (relative ack number)
1292. Header length: 32 bytes
1293. Flags: 0x010 (ACK)
1294. 000. .... .... = Reserved: Not set
1295. ...0 .... .... = Nonce: Not set
1296. .... 0... .... = Congestion Window Reduced (CWR): Not set
1297. .... .0.. .... = ECN-Echo: Not set
1298. .... ..0. .... = Urgent: Not set
1299. .... ...1 .... = Acknowledgement: Set
1300. .... .... 0... = Push: Not set
1301. .... .... .0.. = Reset: Not set
1302. .... .... ..0. = Syn: Not set
1303. .... .... ...0 = Fin: Not set
1304. Window size value: 16384
1305. [Calculated window size: 16384]
1306. [Window size scaling factor: 1]
1307. Checksum: 0xf884 [validation disabled]
1308. [Good Checksum: False]
1309. [Bad Checksum: False]
1310. Options: (12 bytes)
1311. No-Operation (NOP)
1312. No-Operation (NOP)
1313. Timestamps: TSval 740937, TSecr 684668290
1314. Kind: Timestamp (8)
1315. Length: 10
1316. Timestamp value: 740937
1317. Timestamp echo reply: 684668290
1318. [SEQ/ACK analysis]
1319. [TCP Analysis Flags]
1320. [This is a TCP duplicate ack]
1321. [Duplicate ACK #: 2]
1322. [Duplicate to the ACK in frame: 11]
1323. [Expert Info (Note/Sequence): Duplicate ACK (#2)]
1324. [Message: Duplicate ACK (#2)]
1325. [Severity level: Note]
1326. [Group: Sequence]
1327.  
1328. Frame 16: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
1329. Arrival Time: Jul 27, 2012 08:46:05.818571000 BST
1330. Epoch Time: 1343375165.818571000 seconds
1331. [Time delta from previous captured frame: 3.745241000 seconds]
1332. [Time delta from previous displayed frame: 3.745241000 seconds]
1333. [Time since reference or first frame: 9.360141000 seconds]
1334. Frame Number: 16
1335. Frame Length: 78 bytes (624 bits)
1336. Capture Length: 78 bytes (624 bits)
1337. [Frame is marked: False]
1338. [Frame is ignored: False]
1339. [Protocols in frame: eth:ip:tcp]
1340. Ethernet II, Src: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR), Dst: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1341. Destination: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1342. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1343. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1344. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1345. Source: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1346. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1347. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1348. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1349. Type: IP (0x0800)
1350. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1351. Version: 4
1352. Header length: 20 bytes
1353. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1354. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1355. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1356. Total Length: 64
1357. Identification: 0x6d42 (27970)
1358. Flags: 0x00
1359. 0... .... = Reserved bit: Not set
1360. .0.. .... = Don't fragment: Not set
1361. ..0. .... = More fragments: Not set
1362. Fragment offset: 0
1363. Time to live: 116
1364. Protocol: TCP (6)
1365. Header checksum: 0x9f8f [correct]
1366. [Good: True]
1367. [Bad: False]
1368. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1369. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1370. Transmission Control Protocol, Src Port: http (80), Dst Port: 40071 (40071), Seq: 0, Ack: 1, Len: 0
1371. Source port: http (80)
1372. Destination port: 40071 (40071)
1373. [Stream index: 0]
1374. Sequence number: 0 (relative sequence number)
1375. Acknowledgement number: 1 (relative ack number)
1376. Header length: 44 bytes
1377. Flags: 0x012 (SYN, ACK)
1378. 000. .... .... = Reserved: Not set
1379. ...0 .... .... = Nonce: Not set
1380. .... 0... .... = Congestion Window Reduced (CWR): Not set
1381. .... .0.. .... = ECN-Echo: Not set
1382. .... ..0. .... = Urgent: Not set
1383. .... ...1 .... = Acknowledgement: Set
1384. .... .... 0... = Push: Not set
1385. .... .... .0.. = Reset: Not set
1386. .... .... ..1. = Syn: Set
1387. [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port http]
1388. [Message: Connection establish acknowledge (SYN+ACK): server port http]
1389. [Severity level: Chat]
1390. [Group: Sequence]
1391. .... .... ...0 = Fin: Not set
1392. Window size value: 16384
1393. [Calculated window size: 16384]
1394. Checksum: 0x645f [validation disabled]
1395. [Good Checksum: False]
1396. [Bad Checksum: False]
1397. Options: (24 bytes)
1398. Maximum segment size: 1460 bytes
1399. No-Operation (NOP)
1400. Window scale: 0 (multiply by 1)
1401. Kind: Window Scale (3)
1402. Length: 3
1403. Shift count: 0
1404. [Multiplier: 1]
1405. No-Operation (NOP)
1406. No-Operation (NOP)
1407. Timestamps: TSval 0, TSecr 0
1408. Kind: Timestamp (8)
1409. Length: 10
1410. Timestamp value: 0
1411. Timestamp echo reply: 0
1412. No-Operation (NOP)
1413. No-Operation (NOP)
1414. TCP SACK Permitted Option: True
1415.  
1416. Frame 17: 78 bytes on wire (624 bits), 78 bytes captured (624 bits)
1417. Arrival Time: Jul 27, 2012 08:46:05.818602000 BST
1418. Epoch Time: 1343375165.818602000 seconds
1419. [Time delta from previous captured frame: 0.000031000 seconds]
1420. [Time delta from previous displayed frame: 0.000031000 seconds]
1421. [Time since reference or first frame: 9.360172000 seconds]
1422. Frame Number: 17
1423. Frame Length: 78 bytes (624 bits)
1424. Capture Length: 78 bytes (624 bits)
1425. [Frame is marked: False]
1426. [Frame is ignored: False]
1427. [Protocols in frame: eth:ip:tcp]
1428. Ethernet II, Src: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR), Dst: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1429. Destination: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1430. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1431. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1432. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1433. Source: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1434. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1435. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1436. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1437. Type: IP (0x0800)
1438. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1439. Version: 4
1440. Header length: 20 bytes
1441. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1442. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1443. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1444. Total Length: 64
1445. Identification: 0x2fc2 (12226)
1446. Flags: 0x00
1447. 0... .... = Reserved bit: Not set
1448. .0.. .... = Don't fragment: Not set
1449. ..0. .... = More fragments: Not set
1450. Fragment offset: 0
1451. Time to live: 64
1452. Protocol: TCP (6)
1453. Header checksum: 0x1110 [correct]
1454. [Good: True]
1455. [Bad: False]
1456. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1457. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1458. Transmission Control Protocol, Src Port: 40071 (40071), Dst Port: http (80), Seq: 162, Ack: 1, Len: 0
1459. Source port: 40071 (40071)
1460. Destination port: http (80)
1461. [Stream index: 0]
1462. Sequence number: 162 (relative sequence number)
1463. Acknowledgement number: 1 (relative ack number)
1464. Header length: 44 bytes
1465. Flags: 0x010 (ACK)
1466. 000. .... .... = Reserved: Not set
1467. ...0 .... .... = Nonce: Not set
1468. .... 0... .... = Congestion Window Reduced (CWR): Not set
1469. .... .0.. .... = ECN-Echo: Not set
1470. .... ..0. .... = Urgent: Not set
1471. .... ...1 .... = Acknowledgement: Set
1472. .... .... 0... = Push: Not set
1473. .... .... .0.. = Reset: Not set
1474. .... .... ..0. = Syn: Not set
1475. .... .... ...0 = Fin: Not set
1476. Window size value: 850
1477. [Calculated window size: 13600]
1478. [Window size scaling factor: 16]
1479. Checksum: 0x3a19 [validation disabled]
1480. [Good Checksum: False]
1481. [Bad Checksum: False]
1482. Options: (24 bytes)
1483. No-Operation (NOP)
1484. No-Operation (NOP)
1485. Timestamps: TSval 41172265, TSecr 740937
1486. Kind: Timestamp (8)
1487. Length: 10
1488. Timestamp value: 41172265
1489. Timestamp echo reply: 740937
1490. No-Operation (NOP)
1491. No-Operation (NOP)
1492. SACK: 0-1
1493. left edge = 0 (relative)
1494. right edge = 1 (relative)
1495. [SEQ/ACK analysis]
1496. [This is an ACK to the segment in frame: 16]
1497. [The RTT to ACK the segment was: 0.000031000 seconds]
1498. [TCP Analysis Flags]
1499. [This is a TCP duplicate ack]
1500. [Duplicate ACK #: 1]
1501. [Duplicate to the ACK in frame: 14]
1502. [Expert Info (Note/Sequence): Duplicate ACK (#1)]
1503. [Message: Duplicate ACK (#1)]
1504. [Severity level: Note]
1505. [Group: Sequence]
1506.  
1507. Frame 18: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
1508. Arrival Time: Jul 27, 2012 08:46:06.057246000 BST
1509. Epoch Time: 1343375166.057246000 seconds
1510. [Time delta from previous captured frame: 0.238644000 seconds]
1511. [Time delta from previous displayed frame: 0.238644000 seconds]
1512. [Time since reference or first frame: 9.598816000 seconds]
1513. Frame Number: 18
1514. Frame Length: 66 bytes (528 bits)
1515. Capture Length: 66 bytes (528 bits)
1516. [Frame is marked: False]
1517. [Frame is ignored: False]
1518. [Protocols in frame: eth:ip:tcp]
1519. Ethernet II, Src: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR), Dst: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1520. Destination: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1521. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1522. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1523. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1524. Source: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1525. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1526. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1527. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1528. Type: IP (0x0800)
1529. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1530. Version: 4
1531. Header length: 20 bytes
1532. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1533. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1534. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1535. Total Length: 52
1536. Identification: 0x72b5 (29365)
1537. Flags: 0x00
1538. 0... .... = Reserved bit: Not set
1539. .0.. .... = Don't fragment: Not set
1540. ..0. .... = More fragments: Not set
1541. Fragment offset: 0
1542. Time to live: 116
1543. Protocol: TCP (6)
1544. Header checksum: 0x9a28 [correct]
1545. [Good: True]
1546. [Bad: False]
1547. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1548. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1549. Transmission Control Protocol, Src Port: http (80), Dst Port: 40071 (40071), Seq: 1, Ack: 1, Len: 0
1550. Source port: http (80)
1551. Destination port: 40071 (40071)
1552. [Stream index: 0]
1553. Sequence number: 1 (relative sequence number)
1554. Acknowledgement number: 1 (relative ack number)
1555. Header length: 32 bytes
1556. Flags: 0x010 (ACK)
1557. 000. .... .... = Reserved: Not set
1558. ...0 .... .... = Nonce: Not set
1559. .... 0... .... = Congestion Window Reduced (CWR): Not set
1560. .... .0.. .... = ECN-Echo: Not set
1561. .... ..0. .... = Urgent: Not set
1562. .... ...1 .... = Acknowledgement: Set
1563. .... .... 0... = Push: Not set
1564. .... .... .0.. = Reset: Not set
1565. .... .... ..0. = Syn: Not set
1566. .... .... ...0 = Fin: Not set
1567. Window size value: 16384
1568. [Calculated window size: 16384]
1569. [Window size scaling factor: 1]
1570. Checksum: 0xf85b [validation disabled]
1571. [Good Checksum: False]
1572. [Bad Checksum: False]
1573. Options: (12 bytes)
1574. No-Operation (NOP)
1575. No-Operation (NOP)
1576. Timestamps: TSval 740978, TSecr 684668290
1577. Kind: Timestamp (8)
1578. Length: 10
1579. Timestamp value: 740978
1580. Timestamp echo reply: 684668290
1581. [SEQ/ACK analysis]
1582. [TCP Analysis Flags]
1583. [This is a TCP duplicate ack]
1584. [Duplicate ACK #: 1]
1585. [Duplicate to the ACK in frame: 16]
1586. [Expert Info (Note/Sequence): Duplicate ACK (#1)]
1587. [Message: Duplicate ACK (#1)]
1588. [Severity level: Note]
1589. [Group: Sequence]
1590.  
1591. Frame 19: 227 bytes on wire (1816 bits), 227 bytes captured (1816 bits)
1592. Arrival Time: Jul 27, 2012 08:46:07.698828000 BST
1593. Epoch Time: 1343375167.698828000 seconds
1594. [Time delta from previous captured frame: 1.641582000 seconds]
1595. [Time delta from previous displayed frame: 1.641582000 seconds]
1596. [Time since reference or first frame: 11.240398000 seconds]
1597. Frame Number: 19
1598. Frame Length: 227 bytes (1816 bits)
1599. Capture Length: 227 bytes (1816 bits)
1600. [Frame is marked: False]
1601. [Frame is ignored: False]
1602. [Protocols in frame: eth:ip:tcp:http]
1603. Ethernet II, Src: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR), Dst: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1604. Destination: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1605. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1606. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1607. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1608. Source: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1609. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1610. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1611. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1612. Type: IP (0x0800)
1613. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1614. Version: 4
1615. Header length: 20 bytes
1616. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1617. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1618. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1619. Total Length: 213
1620. Identification: 0x2fc3 (12227)
1621. Flags: 0x00
1622. 0... .... = Reserved bit: Not set
1623. .0.. .... = Don't fragment: Not set
1624. ..0. .... = More fragments: Not set
1625. Fragment offset: 0
1626. Time to live: 64
1627. Protocol: TCP (6)
1628. Header checksum: 0x107a [correct]
1629. [Good: True]
1630. [Bad: False]
1631. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1632. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1633. Transmission Control Protocol, Src Port: 40071 (40071), Dst Port: http (80), Seq: 1, Ack: 1, Len: 161
1634. Source port: 40071 (40071)
1635. Destination port: http (80)
1636. [Stream index: 0]
1637. Sequence number: 1 (relative sequence number)
1638. [Next sequence number: 162 (relative sequence number)]
1639. Acknowledgement number: 1 (relative ack number)
1640. Header length: 32 bytes
1641. Flags: 0x018 (PSH, ACK)
1642. 000. .... .... = Reserved: Not set
1643. ...0 .... .... = Nonce: Not set
1644. .... 0... .... = Congestion Window Reduced (CWR): Not set
1645. .... .0.. .... = ECN-Echo: Not set
1646. .... ..0. .... = Urgent: Not set
1647. .... ...1 .... = Acknowledgement: Set
1648. .... .... 1... = Push: Set
1649. .... .... .0.. = Reset: Not set
1650. .... .... ..0. = Syn: Not set
1651. .... .... ...0 = Fin: Not set
1652. Window size value: 850
1653. [Calculated window size: 13600]
1654. [Window size scaling factor: 16]
1655. Checksum: 0x3aae [validation disabled]
1656. [Good Checksum: False]
1657. [Bad Checksum: False]
1658. Options: (12 bytes)
1659. No-Operation (NOP)
1660. No-Operation (NOP)
1661. Timestamps: TSval 41172736, TSecr 740978
1662. Kind: Timestamp (8)
1663. Length: 10
1664. Timestamp value: 41172736
1665. Timestamp echo reply: 740978
1666. [SEQ/ACK analysis]
1667. [Bytes in flight: 161]
1668. [TCP Analysis Flags]
1669. [This frame is a (suspected) retransmission]
1670. [Expert Info (Note/Sequence): Retransmission (suspected)]
1671. [Message: Retransmission (suspected)]
1672. [Severity level: Note]
1673. [Group: Sequence]
1674. [The RTO for this segment was: 10.999831000 seconds]
1675. [RTO based on delta from frame: 4]
1676. Hypertext Transfer Protocol
1677. GET / HTTP/1.1\r\n
1678. [Expert Info (Chat/Sequence): GET / HTTP/1.1\r\n]
1679. [Message: GET / HTTP/1.1\r\n]
1680. [Severity level: Chat]
1681. [Group: Sequence]
1682. Request Method: GET
1683. Request URI: /
1684. Request Version: HTTP/1.1
1685. User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3\r\n
1686. Host: dest.com\r\n
1687. Accept: */*\r\n
1688. \r\n
1689. [Full request URI: http://dest.com/]
1690.  
1691. Frame 20: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
1692. Arrival Time: Jul 27, 2012 08:46:07.936899000 BST
1693. Epoch Time: 1343375167.936899000 seconds
1694. [Time delta from previous captured frame: 0.238071000 seconds]
1695. [Time delta from previous displayed frame: 0.238071000 seconds]
1696. [Time since reference or first frame: 11.478469000 seconds]
1697. Frame Number: 20
1698. Frame Length: 66 bytes (528 bits)
1699. Capture Length: 66 bytes (528 bits)
1700. [Frame is marked: False]
1701. [Frame is ignored: False]
1702. [Protocols in frame: eth:ip:tcp]
1703. Ethernet II, Src: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR), Dst: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1704. Destination: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1705. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1706. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1707. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1708. Source: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1709. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1710. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1711. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1712. Type: IP (0x0800)
1713. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1714. Version: 4
1715. Header length: 20 bytes
1716. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1717. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1718. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1719. Total Length: 52
1720. Identification: 0x1795 (6037)
1721. Flags: 0x00
1722. 0... .... = Reserved bit: Not set
1723. .0.. .... = Don't fragment: Not set
1724. ..0. .... = More fragments: Not set
1725. Fragment offset: 0
1726. Time to live: 116
1727. Protocol: TCP (6)
1728. Header checksum: 0xf548 [correct]
1729. [Good: True]
1730. [Bad: False]
1731. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1732. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1733. Transmission Control Protocol, Src Port: http (80), Dst Port: 40071 (40071), Seq: 1, Ack: 1, Len: 0
1734. Source port: http (80)
1735. Destination port: 40071 (40071)
1736. [Stream index: 0]
1737. Sequence number: 1 (relative sequence number)
1738. Acknowledgement number: 1 (relative ack number)
1739. Header length: 32 bytes
1740. Flags: 0x010 (ACK)
1741. 000. .... .... = Reserved: Not set
1742. ...0 .... .... = Nonce: Not set
1743. .... 0... .... = Congestion Window Reduced (CWR): Not set
1744. .... .0.. .... = ECN-Echo: Not set
1745. .... ..0. .... = Urgent: Not set
1746. .... ...1 .... = Acknowledgement: Set
1747. .... .... 0... = Push: Not set
1748. .... .... .0.. = Reset: Not set
1749. .... .... ..0. = Syn: Not set
1750. .... .... ...0 = Fin: Not set
1751. Window size value: 16384
1752. [Calculated window size: 16384]
1753. [Window size scaling factor: 1]
1754. Checksum: 0xf848 [validation disabled]
1755. [Good Checksum: False]
1756. [Bad Checksum: False]
1757. Options: (12 bytes)
1758. No-Operation (NOP)
1759. No-Operation (NOP)
1760. Timestamps: TSval 740997, TSecr 684668290
1761. Kind: Timestamp (8)
1762. Length: 10
1763. Timestamp value: 740997
1764. Timestamp echo reply: 684668290
1765. [SEQ/ACK analysis]
1766. [TCP Analysis Flags]
1767. [This is a TCP duplicate ack]
1768. [Duplicate ACK #: 2]
1769. [Duplicate to the ACK in frame: 16]
1770. [Expert Info (Note/Sequence): Duplicate ACK (#2)]
1771. [Message: Duplicate ACK (#2)]
1772. [Severity level: Note]
1773. [Group: Sequence]
1774.  
1775. Frame 21: 227 bytes on wire (1816 bits), 227 bytes captured (1816 bits)
1776. Arrival Time: Jul 27, 2012 08:46:19.442815000 BST
1777. Epoch Time: 1343375179.442815000 seconds
1778. [Time delta from previous captured frame: 11.505916000 seconds]
1779. [Time delta from previous displayed frame: 11.505916000 seconds]
1780. [Time since reference or first frame: 22.984385000 seconds]
1781. Frame Number: 21
1782. Frame Length: 227 bytes (1816 bits)
1783. Capture Length: 227 bytes (1816 bits)
1784. [Frame is marked: False]
1785. [Frame is ignored: False]
1786. [Protocols in frame: eth:ip:tcp:http]
1787. Ethernet II, Src: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR), Dst: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1788. Destination: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1789. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1790. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1791. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1792. Source: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1793. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1794. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1795. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1796. Type: IP (0x0800)
1797. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1798. Version: 4
1799. Header length: 20 bytes
1800. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1801. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1802. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1803. Total Length: 213
1804. Identification: 0x2fc4 (12228)
1805. Flags: 0x00
1806. 0... .... = Reserved bit: Not set
1807. .0.. .... = Don't fragment: Not set
1808. ..0. .... = More fragments: Not set
1809. Fragment offset: 0
1810. Time to live: 64
1811. Protocol: TCP (6)
1812. Header checksum: 0x1079 [correct]
1813. [Good: True]
1814. [Bad: False]
1815. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1816. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1817. Transmission Control Protocol, Src Port: 40071 (40071), Dst Port: http (80), Seq: 1, Ack: 1, Len: 161
1818. Source port: 40071 (40071)
1819. Destination port: http (80)
1820. [Stream index: 0]
1821. Sequence number: 1 (relative sequence number)
1822. [Next sequence number: 162 (relative sequence number)]
1823. Acknowledgement number: 1 (relative ack number)
1824. Header length: 32 bytes
1825. Flags: 0x018 (PSH, ACK)
1826. 000. .... .... = Reserved: Not set
1827. ...0 .... .... = Nonce: Not set
1828. .... 0... .... = Congestion Window Reduced (CWR): Not set
1829. .... .0.. .... = ECN-Echo: Not set
1830. .... ..0. .... = Urgent: Not set
1831. .... ...1 .... = Acknowledgement: Set
1832. .... .... 1... = Push: Set
1833. .... .... .0.. = Reset: Not set
1834. .... .... ..0. = Syn: Not set
1835. .... .... ...0 = Fin: Not set
1836. Window size value: 850
1837. [Calculated window size: 13600]
1838. [Window size scaling factor: 16]
1839. Checksum: 0x3aae [validation disabled]
1840. [Good Checksum: False]
1841. [Bad Checksum: False]
1842. Options: (12 bytes)
1843. No-Operation (NOP)
1844. No-Operation (NOP)
1845. Timestamps: TSval 41175672, TSecr 740997
1846. Kind: Timestamp (8)
1847. Length: 10
1848. Timestamp value: 41175672
1849. Timestamp echo reply: 740997
1850. [SEQ/ACK analysis]
1851. [Bytes in flight: 161]
1852. [TCP Analysis Flags]
1853. [This frame is a (suspected) retransmission]
1854. [Expert Info (Note/Sequence): Retransmission (suspected)]
1855. [Message: Retransmission (suspected)]
1856. [Severity level: Note]
1857. [Group: Sequence]
1858. [The RTO for this segment was: 22.743818000 seconds]
1859. [RTO based on delta from frame: 4]
1860. Hypertext Transfer Protocol
1861. GET / HTTP/1.1\r\n
1862. [Expert Info (Chat/Sequence): GET / HTTP/1.1\r\n]
1863. [Message: GET / HTTP/1.1\r\n]
1864. [Severity level: Chat]
1865. [Group: Sequence]
1866. Request Method: GET
1867. Request URI: /
1868. Request Version: HTTP/1.1
1869. User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3\r\n
1870. Host: dest.com\r\n
1871. Accept: */*\r\n
1872. \r\n
1873. [Full request URI: http://dest.com/]
1874.  
1875. Frame 22: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
1876. Arrival Time: Jul 27, 2012 08:46:19.680960000 BST
1877. Epoch Time: 1343375179.680960000 seconds
1878. [Time delta from previous captured frame: 0.238145000 seconds]
1879. [Time delta from previous displayed frame: 0.238145000 seconds]
1880. [Time since reference or first frame: 23.222530000 seconds]
1881. Frame Number: 22
1882. Frame Length: 60 bytes (480 bits)
1883. Capture Length: 60 bytes (480 bits)
1884. [Frame is marked: False]
1885. [Frame is ignored: False]
1886. [Protocols in frame: eth:ip:tcp]
1887. Ethernet II, Src: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR), Dst: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1888. Destination: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1889. Address: SR:C_:MA:C_:AD:DR (SR:C_:MA:C_:AD:DR)
1890. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1891. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1892. Source: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1893. Address: DE:ST:MA:C_:AD:DR (DE:ST:MA:C_:AD:DR)
1894. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1895. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1896. Type: IP (0x0800)
1897. Trailer: aaaa0000c4c3
1898. Internet Protocol Version 4, Src: DE.ST.IP.ADDR (DE.ST.IP.ADDR), Dst: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1899. Version: 4
1900. Header length: 20 bytes
1901. Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1902. 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1903. .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1904. Total Length: 40
1905. Identification: 0x23a9 (9129)
1906. Flags: 0x00
1907. 0... .... = Reserved bit: Not set
1908. .0.. .... = Don't fragment: Not set
1909. ..0. .... = More fragments: Not set
1910. Fragment offset: 0
1911. Time to live: 116
1912. Protocol: TCP (6)
1913. Header checksum: 0xe940 [correct]
1914. [Good: True]
1915. [Bad: False]
1916. Source: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1917. Destination: DE.ST.IP.ADDR (DE.ST.IP.ADDR)
1918. Transmission Control Protocol, Src Port: http (80), Dst Port: 40071 (40071), Seq: 1, Len: 0
1919. Source port: http (80)
1920. Destination port: 40071 (40071)
1921. [Stream index: 0]
1922. Sequence number: 1 (relative sequence number)
1923. Acknowledgement number: Broken TCP. The acknowledge field is nonzero while the ACK flag is not set
1924. Header length: 20 bytes
1925. Flags: 0x004 (RST)
1926. 000. .... .... = Reserved: Not set
1927. ...0 .... .... = Nonce: Not set
1928. .... 0... .... = Congestion Window Reduced (CWR): Not set
1929. .... .0.. .... = ECN-Echo: Not set
1930. .... ..0. .... = Urgent: Not set
1931. .... ...0 .... = Acknowledgement: Not set
1932. .... .... 0... = Push: Not set
1933. .... .... .1.. = Reset: Set
1934. [Expert Info (Chat/Sequence): Connection reset (RST)]
1935. [Message: Connection reset (RST)]
1936. [Severity level: Chat]
1937. [Group: Sequence]
1938. .... .... ..0. = Syn: Not set
1939. .... .... ...0 = Fin: Not set
1940. Window size value: 0
1941. [Calculated window size: 0]
1942. [Window size scaling factor: 1]
1943. Checksum: 0xc4c3 [validation disabled]
1944. [Good Checksum: False]
1945. [Bad Checksum: False]