No. Time Source Destination Protocol Length Info
3903 612.991752000 74.125.141.108 192.168.21.138 SMTP 105 S: 220 mx.google.com ESMTP a1sm20538390pav.2 - gsmtp
Frame 3903: 105 bytes on wire (840 bits), 105 bytes captured (840 bits) on interface 0
Interface id: 0
WTAP_ENCAP: 1
Arrival Time: Feb 4, 2013 16:38:38.385236000 India Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1359976118.385236000 seconds
[Time delta from previous captured frame: 0.222499000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 612.991752000 seconds]
Frame Number: 3903
Frame Length: 105 bytes (840 bits)
Capture Length: 105 bytes (840 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:smtp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: Vmware_e7:ff:51 (00:50:56:e7:ff:51), Dst: Vmware_b8:51:38 (00:0c:29:b8:51:38)
Internet Protocol Version 4, Src: 74.125.141.108 (74.125.141.108), Dst: 192.168.21.138 (192.168.21.138)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 91
Identification: 0x10e3 (4323)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x7b9e [correct]
Source: 74.125.141.108 (74.125.141.108)
Destination: 192.168.21.138 (192.168.21.138)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: submission (587), Dst Port: 49586 (49586), Seq: 1, Ack: 1, Len: 51
Source port: submission (587)
Destination port: 49586 (49586)
[Stream index: 54]
Sequence number: 1 (relative sequence number)
[Next sequence number: 52 (relative sequence number)]
Acknowledgment number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x018 (PSH, ACK)
Window size value: 64240
[Calculated window size: 64240]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x1bf7 [validation disabled]
[SEQ/ACK analysis]
Simple Mail Transfer Protocol
Response: 220 mx.google.com ESMTP a1sm20538390pav.2 - gsmtp\r\n
Response code: <domain> Service ready (220)
Response parameter: mx.google.com ESMTP a1sm20538390pav.2 - gsmtp
No. Time Source Destination Protocol Length Info
3904 612.992363000 192.168.21.138 74.125.141.108 SMTP 76 C: EHLO WIN-Q5001LKS8KV
Frame 3904: 76 bytes on wire (608 bits), 76 bytes captured (608 bits) on interface 0
Interface id: 0
WTAP_ENCAP: 1
Arrival Time: Feb 4, 2013 16:38:38.385847000 India Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1359976118.385847000 seconds
[Time delta from previous captured frame: 0.000611000 seconds]
[Time delta from previous displayed frame: 0.000611000 seconds]
[Time since reference or first frame: 612.992363000 seconds]
Frame Number: 3904
Frame Length: 76 bytes (608 bits)
Capture Length: 76 bytes (608 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:smtp]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1]
Ethernet II, Src: Vmware_b8:51:38 (00:0c:29:b8:51:38), Dst: Vmware_e7:ff:51 (00:50:56:e7:ff:51)
Internet Protocol Version 4, Src: 192.168.21.138 (192.168.21.138), Dst: 74.125.141.108 (74.125.141.108)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 62
Identification: 0x780b (30731)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x0000 [incorrect, should be 0xd492 (may be caused by "IP checksum offload"?)]
Source: 192.168.21.138 (192.168.21.138)
Destination: 74.125.141.108 (74.125.141.108)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 49586 (49586), Dst Port: submission (587), Seq: 1, Ack: 52, Len: 22
Source port: 49586 (49586)
Destination port: submission (587)
[Stream index: 54]
Sequence number: 1 (relative sequence number)
[Next sequence number: 23 (relative sequence number)]
Acknowledgment number: 52 (relative ack number)
Header length: 20 bytes
Flags: 0x018 (PSH, ACK)
Window size value: 64189
[Calculated window size: 64189]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0xae4c [validation disabled]
[SEQ/ACK analysis]
Simple Mail Transfer Protocol
Command Line: EHLO WIN-Q5001LKS8KV\r\n
Command: EHLO
Request parameter: WIN-Q5001LKS8KV
No. Time Source Destination Protocol Length Info
3907 613.790956000 74.125.141.108 192.168.21.138 SMTP 179 S: 250-mx.google.com at your service, [123.108.231.79] | 250-SIZE 35882577 | 250-8BITMIME | 250-STARTTLS | 250 ENHANCEDSTATUSCODES
Frame 3907: 179 bytes on wire (1432 bits), 179 bytes captured (1432 bits) on interface 0
Interface id: 0
WTAP_ENCAP: 1
Arrival Time: Feb 4, 2013 16:38:39.184440000 India Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1359976119.184440000 seconds
[Time delta from previous captured frame: 0.478173000 seconds]
[Time delta from previous displayed frame: 0.798593000 seconds]
[Time since reference or first frame: 613.790956000 seconds]
Frame Number: 3907
Frame Length: 179 bytes (1432 bits)
Capture Length: 179 bytes (1432 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:smtp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: Vmware_e7:ff:51 (00:50:56:e7:ff:51), Dst: Vmware_b8:51:38 (00:0c:29:b8:51:38)
Internet Protocol Version 4, Src: 74.125.141.108 (74.125.141.108), Dst: 192.168.21.138 (192.168.21.138)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 165
Identification: 0x10e5 (4325)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x7b52 [correct]
Source: 74.125.141.108 (74.125.141.108)
Destination: 192.168.21.138 (192.168.21.138)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: submission (587), Dst Port: 49586 (49586), Seq: 52, Ack: 23, Len: 125
Source port: submission (587)
Destination port: 49586 (49586)
[Stream index: 54]
Sequence number: 52 (relative sequence number)
[Next sequence number: 177 (relative sequence number)]
Acknowledgment number: 23 (relative ack number)
Header length: 20 bytes
Flags: 0x018 (PSH, ACK)
Window size value: 64240
[Calculated window size: 64240]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0xe32b [validation disabled]
[SEQ/ACK analysis]
Simple Mail Transfer Protocol
Response: 250-mx.google.com at your service, [123.108.231.79]\r\n
Response code: Requested mail action okay, completed (250)
Response parameter: mx.google.com at your service, [123.108.231.79]
Response: 250-SIZE 35882577\r\n
Response code: Requested mail action okay, completed (250)
Response parameter: SIZE 35882577
Response: 250-8BITMIME\r\n
Response code: Requested mail action okay, completed (250)
Response parameter: 8BITMIME
Response: 250-STARTTLS\r\n
Response code: Requested mail action okay, completed (250)
Response parameter: STARTTLS
Response: 250 ENHANCEDSTATUSCODES\r\n
Response code: Requested mail action okay, completed (250)
Response parameter: ENHANCEDSTATUSCODES
No. Time Source Destination Protocol Length Info
3908 613.791132000 192.168.21.138 74.125.141.108 SMTP 64 C: STARTTLS
Frame 3908: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) on interface 0
Interface id: 0
WTAP_ENCAP: 1
Arrival Time: Feb 4, 2013 16:38:39.184616000 India Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1359976119.184616000 seconds
[Time delta from previous captured frame: 0.000176000 seconds]
[Time delta from previous displayed frame: 0.000176000 seconds]
[Time since reference or first frame: 613.791132000 seconds]
Frame Number: 3908
Frame Length: 64 bytes (512 bits)
Capture Length: 64 bytes (512 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:smtp]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1]
Ethernet II, Src: Vmware_b8:51:38 (00:0c:29:b8:51:38), Dst: Vmware_e7:ff:51 (00:50:56:e7:ff:51)
Internet Protocol Version 4, Src: 192.168.21.138 (192.168.21.138), Dst: 74.125.141.108 (74.125.141.108)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 50
Identification: 0x780c (30732)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x0000 [incorrect, should be 0xd49d (may be caused by "IP checksum offload"?)]
Source: 192.168.21.138 (192.168.21.138)
Destination: 74.125.141.108 (74.125.141.108)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 49586 (49586), Dst Port: submission (587), Seq: 23, Ack: 177, Len: 10
Source port: 49586 (49586)
Destination port: submission (587)
[Stream index: 54]
Sequence number: 23 (relative sequence number)
[Next sequence number: 33 (relative sequence number)]
Acknowledgment number: 177 (relative ack number)
Header length: 20 bytes
Flags: 0x018 (PSH, ACK)
Window size value: 64064
[Calculated window size: 64064]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0xae40 [validation disabled]
[SEQ/ACK analysis]
Simple Mail Transfer Protocol
Command Line: STARTTLS\r\n
Command: STAR
Request parameter: TLS
No. Time Source Destination Protocol Length Info
3910 614.012078000 74.125.141.108 192.168.21.138 SMTP 84 S: 220 2.0.0 Ready to start TLS
Frame 3910: 84 bytes on wire (672 bits), 84 bytes captured (672 bits) on interface 0
Interface id: 0
WTAP_ENCAP: 1
Arrival Time: Feb 4, 2013 16:38:39.405562000 India Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1359976119.405562000 seconds
[Time delta from previous captured frame: 0.220830000 seconds]
[Time delta from previous displayed frame: 0.220946000 seconds]
[Time since reference or first frame: 614.012078000 seconds]
Frame Number: 3910
Frame Length: 84 bytes (672 bits)
Capture Length: 84 bytes (672 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:smtp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: Vmware_e7:ff:51 (00:50:56:e7:ff:51), Dst: Vmware_b8:51:38 (00:0c:29:b8:51:38)
Internet Protocol Version 4, Src: 74.125.141.108 (74.125.141.108), Dst: 192.168.21.138 (192.168.21.138)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 70
Identification: 0x10e7 (4327)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x7baf [correct]
Source: 74.125.141.108 (74.125.141.108)
Destination: 192.168.21.138 (192.168.21.138)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: submission (587), Dst Port: 49586 (49586), Seq: 177, Ack: 33, Len: 30
Source port: submission (587)
Destination port: 49586 (49586)
[Stream index: 54]
Sequence number: 177 (relative sequence number)
[Next sequence number: 207 (relative sequence number)]
Acknowledgment number: 33 (relative ack number)
Header length: 20 bytes
Flags: 0x018 (PSH, ACK)
Window size value: 64240
[Calculated window size: 64240]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x33d8 [validation disabled]
[SEQ/ACK analysis]
Simple Mail Transfer Protocol
Response: 220 2.0.0 Ready to start TLS\r\n
Response code: <domain> Service ready (220)
Response parameter: 2.0.0 Ready to start TLS
No. Time Source Destination Protocol Length Info
8988 1236.636045000 74.125.141.108 192.168.21.138 SMTP 105 S: 220 mx.google.com ESMTP d1sm20598925pav.6 - gsmtp
Frame 8988: 105 bytes on wire (840 bits), 105 bytes captured (840 bits) on interface 0
Interface id: 0
WTAP_ENCAP: 1
Arrival Time: Feb 4, 2013 16:49:02.029529000 India Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1359976742.029529000 seconds
[Time delta from previous captured frame: 0.220962000 seconds]
[Time delta from previous displayed frame: 622.623967000 seconds]
[Time since reference or first frame: 1236.636045000 seconds]
Frame Number: 8988
Frame Length: 105 bytes (840 bits)
Capture Length: 105 bytes (840 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:smtp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: Vmware_e7:ff:51 (00:50:56:e7:ff:51), Dst: Vmware_b8:51:38 (00:0c:29:b8:51:38)
Internet Protocol Version 4, Src: 74.125.141.108 (74.125.141.108), Dst: 192.168.21.138 (192.168.21.138)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 91
Identification: 0x1bfb (7163)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x7086 [correct]
Source: 74.125.141.108 (74.125.141.108)
Destination: 192.168.21.138 (192.168.21.138)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: submission (587), Dst Port: 49711 (49711), Seq: 1, Ack: 1, Len: 51
Source port: submission (587)
Destination port: 49711 (49711)
[Stream index: 175]
Sequence number: 1 (relative sequence number)
[Next sequence number: 52 (relative sequence number)]
Acknowledgment number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x018 (PSH, ACK)
Window size value: 64240
[Calculated window size: 64240]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0xab53 [validation disabled]
[SEQ/ACK analysis]
Simple Mail Transfer Protocol
Response: 220 mx.google.com ESMTP d1sm20598925pav.6 - gsmtp\r\n
Response code: <domain> Service ready (220)
Response parameter: mx.google.com ESMTP d1sm20598925pav.6 - gsmtp
No. Time Source Destination Protocol Length Info
8989 1236.636632000 192.168.21.138 74.125.141.108 SMTP 76 C: EHLO WIN-Q5001LKS8KV
Frame 8989: 76 bytes on wire (608 bits), 76 bytes captured (608 bits) on interface 0
Interface id: 0
WTAP_ENCAP: 1
Arrival Time: Feb 4, 2013 16:49:02.030116000 India Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1359976742.030116000 seconds
[Time delta from previous captured frame: 0.000587000 seconds]
[Time delta from previous displayed frame: 0.000587000 seconds]
[Time since reference or first frame: 1236.636632000 seconds]
Frame Number: 8989
Frame Length: 76 bytes (608 bits)
Capture Length: 76 bytes (608 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:smtp]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1]
Ethernet II, Src: Vmware_b8:51:38 (00:0c:29:b8:51:38), Dst: Vmware_e7:ff:51 (00:50:56:e7:ff:51)
Internet Protocol Version 4, Src: 192.168.21.138 (192.168.21.138), Dst: 74.125.141.108 (74.125.141.108)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 62
Identification: 0x7fc1 (32705)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x0000 [incorrect, should be 0xccdc (may be caused by "IP checksum offload"?)]
Source: 192.168.21.138 (192.168.21.138)
Destination: 74.125.141.108 (74.125.141.108)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 49711 (49711), Dst Port: submission (587), Seq: 1, Ack: 52, Len: 22
Source port: 49711 (49711)
Destination port: submission (587)
[Stream index: 175]
Sequence number: 1 (relative sequence number)
[Next sequence number: 23 (relative sequence number)]
Acknowledgment number: 52 (relative ack number)
Header length: 20 bytes
Flags: 0x018 (PSH, ACK)
Window size value: 64189
[Calculated window size: 64189]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0xae4c [validation disabled]
[SEQ/ACK analysis]
Simple Mail Transfer Protocol
Command Line: EHLO WIN-Q5001LKS8KV\r\n
Command: EHLO
Request parameter: WIN-Q5001LKS8KV
No. Time Source Destination Protocol Length Info
8991 1236.851137000 74.125.141.108 192.168.21.138 SMTP 179 S: 250-mx.google.com at your service, [123.108.231.79] | 250-SIZE 35882577 | 250-8BITMIME | 250-STARTTLS | 250 ENHANCEDSTATUSCODES
Frame 8991: 179 bytes on wire (1432 bits), 179 bytes captured (1432 bits) on interface 0
Interface id: 0
WTAP_ENCAP: 1
Arrival Time: Feb 4, 2013 16:49:02.244621000 India Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1359976742.244621000 seconds
[Time delta from previous captured frame: 0.214386000 seconds]
[Time delta from previous displayed frame: 0.214505000 seconds]
[Time since reference or first frame: 1236.851137000 seconds]
Frame Number: 8991
Frame Length: 179 bytes (1432 bits)
Capture Length: 179 bytes (1432 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:smtp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: Vmware_e7:ff:51 (00:50:56:e7:ff:51), Dst: Vmware_b8:51:38 (00:0c:29:b8:51:38)
Internet Protocol Version 4, Src: 74.125.141.108 (74.125.141.108), Dst: 192.168.21.138 (192.168.21.138)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 165
Identification: 0x1bfd (7165)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x703a [correct]
Source: 74.125.141.108 (74.125.141.108)
Destination: 192.168.21.138 (192.168.21.138)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: submission (587), Dst Port: 49711 (49711), Seq: 52, Ack: 23, Len: 125
Source port: submission (587)
Destination port: 49711 (49711)
[Stream index: 175]
Sequence number: 52 (relative sequence number)
[Next sequence number: 177 (relative sequence number)]
Acknowledgment number: 23 (relative ack number)
Header length: 20 bytes
Flags: 0x018 (PSH, ACK)
Window size value: 64240
[Calculated window size: 64240]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x7299 [validation disabled]
[SEQ/ACK analysis]
Simple Mail Transfer Protocol
Response: 250-mx.google.com at your service, [123.108.231.79]\r\n
Response code: Requested mail action okay, completed (250)
Response parameter: mx.google.com at your service, [123.108.231.79]
Response: 250-SIZE 35882577\r\n
Response code: Requested mail action okay, completed (250)
Response parameter: SIZE 35882577
Response: 250-8BITMIME\r\n
Response code: Requested mail action okay, completed (250)
Response parameter: 8BITMIME
Response: 250-STARTTLS\r\n
Response code: Requested mail action okay, completed (250)
Response parameter: STARTTLS
Response: 250 ENHANCEDSTATUSCODES\r\n
Response code: Requested mail action okay, completed (250)
Response parameter: ENHANCEDSTATUSCODES
No. Time Source Destination Protocol Length Info
8992 1236.851284000 192.168.21.138 74.125.141.108 SMTP 64 C: STARTTLS
Frame 8992: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) on interface 0
Interface id: 0
WTAP_ENCAP: 1
Arrival Time: Feb 4, 2013 16:49:02.244768000 India Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1359976742.244768000 seconds
[Time delta from previous captured frame: 0.000147000 seconds]
[Time delta from previous displayed frame: 0.000147000 seconds]
[Time since reference or first frame: 1236.851284000 seconds]
Frame Number: 8992
Frame Length: 64 bytes (512 bits)
Capture Length: 64 bytes (512 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:smtp]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1]
Ethernet II, Src: Vmware_b8:51:38 (00:0c:29:b8:51:38), Dst: Vmware_e7:ff:51 (00:50:56:e7:ff:51)
Internet Protocol Version 4, Src: 192.168.21.138 (192.168.21.138), Dst: 74.125.141.108 (74.125.141.108)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 50
Identification: 0x7fc2 (32706)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x0000 [incorrect, should be 0xcce7 (may be caused by "IP checksum offload"?)]
Source: 192.168.21.138 (192.168.21.138)
Destination: 74.125.141.108 (74.125.141.108)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 49711 (49711), Dst Port: submission (587), Seq: 23, Ack: 177, Len: 10
Source port: 49711 (49711)
Destination port: submission (587)
[Stream index: 175]
Sequence number: 23 (relative sequence number)
[Next sequence number: 33 (relative sequence number)]
Acknowledgment number: 177 (relative ack number)
Header length: 20 bytes
Flags: 0x018 (PSH, ACK)
Window size value: 64064
[Calculated window size: 64064]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0xae40 [validation disabled]
[SEQ/ACK analysis]
Simple Mail Transfer Protocol
Command Line: STARTTLS\r\n
Command: STAR
Request parameter: TLS
No. Time Source Destination Protocol Length Info
8994 1237.061467000 74.125.141.108 192.168.21.138 SMTP 84 S: 220 2.0.0 Ready to start TLS
Frame 8994: 84 bytes on wire (672 bits), 84 bytes captured (672 bits) on interface 0
Interface id: 0
WTAP_ENCAP: 1
Arrival Time: Feb 4, 2013 16:49:02.454951000 India Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1359976742.454951000 seconds
[Time delta from previous captured frame: 0.210056000 seconds]
[Time delta from previous displayed frame: 0.210183000 seconds]
[Time since reference or first frame: 1237.061467000 seconds]
Frame Number: 8994
Frame Length: 84 bytes (672 bits)
Capture Length: 84 bytes (672 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:smtp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: Vmware_e7:ff:51 (00:50:56:e7:ff:51), Dst: Vmware_b8:51:38 (00:0c:29:b8:51:38)
Internet Protocol Version 4, Src: 74.125.141.108 (74.125.141.108), Dst: 192.168.21.138 (192.168.21.138)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 70
Identification: 0x1bff (7167)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x7097 [correct]
Source: 74.125.141.108 (74.125.141.108)
Destination: 192.168.21.138 (192.168.21.138)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: submission (587), Dst Port: 49711 (49711), Seq: 177, Ack: 33, Len: 30
Source port: submission (587)
Destination port: 49711 (49711)
[Stream index: 175]
Sequence number: 177 (relative sequence number)
[Next sequence number: 207 (relative sequence number)]
Acknowledgment number: 33 (relative ack number)
Header length: 20 bytes
Flags: 0x018 (PSH, ACK)
Window size value: 64240
[Calculated window size: 64240]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0xc345 [validation disabled]
[SEQ/ACK analysis]
Simple Mail Transfer Protocol
Response: 220 2.0.0 Ready to start TLS\r\n
Response code: <domain> Service ready (220)
Response parameter: 2.0.0 Ready to start TLS
No. Time Source Destination Protocol Length Info
11977 4252.138221000 74.125.141.109 192.168.21.138 SMTP 105 S: 220 mx.google.com ESMTP o5sm20914577pay.5 - gsmtp
Frame 11977: 105 bytes on wire (840 bits), 105 bytes captured (840 bits) on interface 0
Interface id: 0
WTAP_ENCAP: 1
Arrival Time: Feb 4, 2013 17:39:17.531705000 India Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1359979757.531705000 seconds
[Time delta from previous captured frame: 0.207839000 seconds]
[Time delta from previous displayed frame: 3015.076754000 seconds]
[Time since reference or first frame: 4252.138221000 seconds]
Frame Number: 11977
Frame Length: 105 bytes (840 bits)
Capture Length: 105 bytes (840 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:smtp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: Vmware_e7:ff:51 (00:50:56:e7:ff:51), Dst: Vmware_b8:51:38 (00:0c:29:b8:51:38)
Internet Protocol Version 4, Src: 74.125.141.109 (74.125.141.109), Dst: 192.168.21.138 (192.168.21.138)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 91
Identification: 0x1f32 (7986)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x6d4e [correct]
Source: 74.125.141.109 (74.125.141.109)
Destination: 192.168.21.138 (192.168.21.138)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: submission (587), Dst Port: 49741 (49741), Seq: 1, Ack: 1, Len: 51
Source port: submission (587)
Destination port: 49741 (49741)
[Stream index: 201]
Sequence number: 1 (relative sequence number)
[Next sequence number: 52 (relative sequence number)]
Acknowledgment number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x018 (PSH, ACK)
Window size value: 64240
[Calculated window size: 64240]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0xfc9b [validation disabled]
[SEQ/ACK analysis]
Simple Mail Transfer Protocol
Response: 220 mx.google.com ESMTP o5sm20914577pay.5 - gsmtp\r\n
Response code: <domain> Service ready (220)
Response parameter: mx.google.com ESMTP o5sm20914577pay.5 - gsmtp
No. Time Source Destination Protocol Length Info
11978 4252.138922000 192.168.21.138 74.125.141.109 SMTP 76 C: EHLO WIN-Q5001LKS8KV
Frame 11978: 76 bytes on wire (608 bits), 76 bytes captured (608 bits) on interface 0
Interface id: 0
WTAP_ENCAP: 1
Arrival Time: Feb 4, 2013 17:39:17.532406000 India Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1359979757.532406000 seconds
[Time delta from previous captured frame: 0.000701000 seconds]
[Time delta from previous displayed frame: 0.000701000 seconds]
[Time since reference or first frame: 4252.138922000 seconds]
Frame Number: 11978
Frame Length: 76 bytes (608 bits)
Capture Length: 76 bytes (608 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:smtp]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1]
Ethernet II, Src: Vmware_b8:51:38 (00:0c:29:b8:51:38), Dst: Vmware_e7:ff:51 (00:50:56:e7:ff:51)
Internet Protocol Version 4, Src: 192.168.21.138 (192.168.21.138), Dst: 74.125.141.109 (74.125.141.109)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 62
Identification: 0x0256 (598)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x0000 [incorrect, should be 0x4a47 (may be caused by "IP checksum offload"?)]
Source: 192.168.21.138 (192.168.21.138)
Destination: 74.125.141.109 (74.125.141.109)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 49741 (49741), Dst Port: submission (587), Seq: 1, Ack: 52, Len: 22
Source port: 49741 (49741)
Destination port: submission (587)
[Stream index: 201]
Sequence number: 1 (relative sequence number)
[Next sequence number: 23 (relative sequence number)]
Acknowledgment number: 52 (relative ack number)
Header length: 20 bytes
Flags: 0x018 (PSH, ACK)
Window size value: 64189
[Calculated window size: 64189]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0xae4d [validation disabled]
[SEQ/ACK analysis]
Simple Mail Transfer Protocol
Command Line: EHLO WIN-Q5001LKS8KV\r\n
Command: EHLO
Request parameter: WIN-Q5001LKS8KV
No. Time Source Destination Protocol Length Info
11980 4252.640631000 74.125.141.109 192.168.21.138 SMTP 179 S: 250-mx.google.com at your service, [123.108.231.79] | 250-SIZE 35882577 | 250-8BITMIME | 250-STARTTLS | 250 ENHANCEDSTATUSCODES
Frame 11980: 179 bytes on wire (1432 bits), 179 bytes captured (1432 bits) on interface 0
Interface id: 0
WTAP_ENCAP: 1
Arrival Time: Feb 4, 2013 17:39:18.034115000 India Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1359979758.034115000 seconds
[Time delta from previous captured frame: 0.501596000 seconds]
[Time delta from previous displayed frame: 0.501709000 seconds]
[Time since reference or first frame: 4252.640631000 seconds]
Frame Number: 11980
Frame Length: 179 bytes (1432 bits)
Capture Length: 179 bytes (1432 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:smtp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: Vmware_e7:ff:51 (00:50:56:e7:ff:51), Dst: Vmware_b8:51:38 (00:0c:29:b8:51:38)
Internet Protocol Version 4, Src: 74.125.141.109 (74.125.141.109), Dst: 192.168.21.138 (192.168.21.138)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 165
Identification: 0x1f34 (7988)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x6d02 [correct]
Source: 74.125.141.109 (74.125.141.109)
Destination: 192.168.21.138 (192.168.21.138)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: submission (587), Dst Port: 49741 (49741), Seq: 52, Ack: 23, Len: 125
Source port: submission (587)
Destination port: 49741 (49741)
[Stream index: 201]
Sequence number: 52 (relative sequence number)
[Next sequence number: 177 (relative sequence number)]
Acknowledgment number: 23 (relative ack number)
Header length: 20 bytes
Flags: 0x018 (PSH, ACK)
Window size value: 64240
[Calculated window size: 64240]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0xd5db [validation disabled]
[SEQ/ACK analysis]
Simple Mail Transfer Protocol
Response: 250-mx.google.com at your service, [123.108.231.79]\r\n
Response code: Requested mail action okay, completed (250)
Response parameter: mx.google.com at your service, [123.108.231.79]
Response: 250-SIZE 35882577\r\n
Response code: Requested mail action okay, completed (250)
Response parameter: SIZE 35882577
Response: 250-8BITMIME\r\n
Response code: Requested mail action okay, completed (250)
Response parameter: 8BITMIME
Response: 250-STARTTLS\r\n
Response code: Requested mail action okay, completed (250)
Response parameter: STARTTLS
Response: 250 ENHANCEDSTATUSCODES\r\n
Response code: Requested mail action okay, completed (250)
Response parameter: ENHANCEDSTATUSCODES
No. Time Source Destination Protocol Length Info
11981 4252.640768000 192.168.21.138 74.125.141.109 SMTP 64 C: STARTTLS
Frame 11981: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) on interface 0
Interface id: 0
WTAP_ENCAP: 1
Arrival Time: Feb 4, 2013 17:39:18.034252000 India Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1359979758.034252000 seconds
[Time delta from previous captured frame: 0.000137000 seconds]
[Time delta from previous displayed frame: 0.000137000 seconds]
[Time since reference or first frame: 4252.640768000 seconds]
Frame Number: 11981
Frame Length: 64 bytes (512 bits)
Capture Length: 64 bytes (512 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:smtp]
[Coloring Rule Name: Checksum Errors]
[Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1]
Ethernet II, Src: Vmware_b8:51:38 (00:0c:29:b8:51:38), Dst: Vmware_e7:ff:51 (00:50:56:e7:ff:51)
Internet Protocol Version 4, Src: 192.168.21.138 (192.168.21.138), Dst: 74.125.141.109 (74.125.141.109)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 50
Identification: 0x0257 (599)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x0000 [incorrect, should be 0x4a52 (may be caused by "IP checksum offload"?)]
Source: 192.168.21.138 (192.168.21.138)
Destination: 74.125.141.109 (74.125.141.109)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 49741 (49741), Dst Port: submission (587), Seq: 23, Ack: 177, Len: 10
Source port: 49741 (49741)
Destination port: submission (587)
[Stream index: 201]
Sequence number: 23 (relative sequence number)
[Next sequence number: 33 (relative sequence number)]
Acknowledgment number: 177 (relative ack number)
Header length: 20 bytes
Flags: 0x018 (PSH, ACK)
Window size value: 64064
[Calculated window size: 64064]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0xae41 [validation disabled]
[SEQ/ACK analysis]
Simple Mail Transfer Protocol
Command Line: STARTTLS\r\n
Command: STAR
Request parameter: TLS
No. Time Source Destination Protocol Length Info
11983 4252.881162000 74.125.141.109 192.168.21.138 SMTP 84 S: 220 2.0.0 Ready to start TLS
Frame 11983: 84 bytes on wire (672 bits), 84 bytes captured (672 bits) on interface 0
Interface id: 0
WTAP_ENCAP: 1
Arrival Time: Feb 4, 2013 17:39:18.274646000 India Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1359979758.274646000 seconds
[Time delta from previous captured frame: 0.240256000 seconds]
[Time delta from previous displayed frame: 0.240394000 seconds]
[Time since reference or first frame: 4252.881162000 seconds]
Frame Number: 11983
Frame Length: 84 bytes (672 bits)
Capture Length: 84 bytes (672 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:tcp:smtp]
[Coloring Rule Name: TCP]
[Coloring Rule String: tcp]
Ethernet II, Src: Vmware_e7:ff:51 (00:50:56:e7:ff:51), Dst: Vmware_b8:51:38 (00:0c:29:b8:51:38)
Internet Protocol Version 4, Src: 74.125.141.109 (74.125.141.109), Dst: 192.168.21.138 (192.168.21.138)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 70
Identification: 0x1f36 (7990)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x6d5f [correct]
Source: 74.125.141.109 (74.125.141.109)
Destination: 192.168.21.138 (192.168.21.138)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: submission (587), Dst Port: 49741 (49741), Seq: 177, Ack: 33, Len: 30
Source port: submission (587)
Destination port: 49741 (49741)
[Stream index: 201]
Sequence number: 177 (relative sequence number)
[Next sequence number: 207 (relative sequence number)]
Acknowledgment number: 33 (relative ack number)
Header length: 20 bytes
Flags: 0x018 (PSH, ACK)
Window size value: 64240
[Calculated window size: 64240]
[Window size scaling factor: -2 (no window scaling used)]
Checksum: 0x2688 [validation disabled]
[SEQ/ACK analysis]
Simple Mail Transfer Protocol
Response: 220 2.0.0 Ready to start TLS\r\n
Response code: <domain> Service ready (220)
Response parameter: 2.0.0 Ready to start TLS