Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

packet dump

By: a guest on Feb 4th, 2013  |  syntax: None  |  size: 40.12 KB  |  views: 191  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. No.     Time           Source                Destination           Protocol Length Info
  2.    3903 612.991752000  74.125.141.108        192.168.21.138        SMTP     105    S: 220 mx.google.com ESMTP a1sm20538390pav.2 - gsmtp
  3.  
  4. Frame 3903: 105 bytes on wire (840 bits), 105 bytes captured (840 bits) on interface 0
  5.     Interface id: 0
  6.     WTAP_ENCAP: 1
  7.     Arrival Time: Feb  4, 2013 16:38:38.385236000 India Standard Time
  8.     [Time shift for this packet: 0.000000000 seconds]
  9.     Epoch Time: 1359976118.385236000 seconds
  10.     [Time delta from previous captured frame: 0.222499000 seconds]
  11.     [Time delta from previous displayed frame: 0.000000000 seconds]
  12.     [Time since reference or first frame: 612.991752000 seconds]
  13.     Frame Number: 3903
  14.     Frame Length: 105 bytes (840 bits)
  15.     Capture Length: 105 bytes (840 bits)
  16.     [Frame is marked: False]
  17.     [Frame is ignored: False]
  18.     [Protocols in frame: eth:ip:tcp:smtp]
  19.     [Coloring Rule Name: TCP]
  20.     [Coloring Rule String: tcp]
  21. Ethernet II, Src: Vmware_e7:ff:51 (00:50:56:e7:ff:51), Dst: Vmware_b8:51:38 (00:0c:29:b8:51:38)
  22. Internet Protocol Version 4, Src: 74.125.141.108 (74.125.141.108), Dst: 192.168.21.138 (192.168.21.138)
  23.     Version: 4
  24.     Header length: 20 bytes
  25.     Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  26.     Total Length: 91
  27.     Identification: 0x10e3 (4323)
  28.     Flags: 0x00
  29.     Fragment offset: 0
  30.     Time to live: 128
  31.     Protocol: TCP (6)
  32.     Header checksum: 0x7b9e [correct]
  33.     Source: 74.125.141.108 (74.125.141.108)
  34.     Destination: 192.168.21.138 (192.168.21.138)
  35.     [Source GeoIP: Unknown]
  36.     [Destination GeoIP: Unknown]
  37. Transmission Control Protocol, Src Port: submission (587), Dst Port: 49586 (49586), Seq: 1, Ack: 1, Len: 51
  38.     Source port: submission (587)
  39.     Destination port: 49586 (49586)
  40.     [Stream index: 54]
  41.     Sequence number: 1    (relative sequence number)
  42.     [Next sequence number: 52    (relative sequence number)]
  43.     Acknowledgment number: 1    (relative ack number)
  44.     Header length: 20 bytes
  45.     Flags: 0x018 (PSH, ACK)
  46.     Window size value: 64240
  47.     [Calculated window size: 64240]
  48.     [Window size scaling factor: -2 (no window scaling used)]
  49.     Checksum: 0x1bf7 [validation disabled]
  50.     [SEQ/ACK analysis]
  51. Simple Mail Transfer Protocol
  52.     Response: 220 mx.google.com ESMTP a1sm20538390pav.2 - gsmtp\r\n
  53.         Response code: <domain> Service ready (220)
  54.         Response parameter: mx.google.com ESMTP a1sm20538390pav.2 - gsmtp
  55.  
  56. No.     Time           Source                Destination           Protocol Length Info
  57.    3904 612.992363000  192.168.21.138        74.125.141.108        SMTP     76     C: EHLO WIN-Q5001LKS8KV
  58.  
  59. Frame 3904: 76 bytes on wire (608 bits), 76 bytes captured (608 bits) on interface 0
  60.     Interface id: 0
  61.     WTAP_ENCAP: 1
  62.     Arrival Time: Feb  4, 2013 16:38:38.385847000 India Standard Time
  63.     [Time shift for this packet: 0.000000000 seconds]
  64.     Epoch Time: 1359976118.385847000 seconds
  65.     [Time delta from previous captured frame: 0.000611000 seconds]
  66.     [Time delta from previous displayed frame: 0.000611000 seconds]
  67.     [Time since reference or first frame: 612.992363000 seconds]
  68.     Frame Number: 3904
  69.     Frame Length: 76 bytes (608 bits)
  70.     Capture Length: 76 bytes (608 bits)
  71.     [Frame is marked: False]
  72.     [Frame is ignored: False]
  73.     [Protocols in frame: eth:ip:tcp:smtp]
  74.     [Coloring Rule Name: Checksum Errors]
  75.     [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1]
  76. Ethernet II, Src: Vmware_b8:51:38 (00:0c:29:b8:51:38), Dst: Vmware_e7:ff:51 (00:50:56:e7:ff:51)
  77. Internet Protocol Version 4, Src: 192.168.21.138 (192.168.21.138), Dst: 74.125.141.108 (74.125.141.108)
  78.     Version: 4
  79.     Header length: 20 bytes
  80.     Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  81.     Total Length: 62
  82.     Identification: 0x780b (30731)
  83.     Flags: 0x02 (Don't Fragment)
  84.     Fragment offset: 0
  85.     Time to live: 128
  86.     Protocol: TCP (6)
  87.     Header checksum: 0x0000 [incorrect, should be 0xd492 (may be caused by "IP checksum offload"?)]
  88.     Source: 192.168.21.138 (192.168.21.138)
  89.     Destination: 74.125.141.108 (74.125.141.108)
  90.     [Source GeoIP: Unknown]
  91.     [Destination GeoIP: Unknown]
  92. Transmission Control Protocol, Src Port: 49586 (49586), Dst Port: submission (587), Seq: 1, Ack: 52, Len: 22
  93.     Source port: 49586 (49586)
  94.     Destination port: submission (587)
  95.     [Stream index: 54]
  96.     Sequence number: 1    (relative sequence number)
  97.     [Next sequence number: 23    (relative sequence number)]
  98.     Acknowledgment number: 52    (relative ack number)
  99.     Header length: 20 bytes
  100.     Flags: 0x018 (PSH, ACK)
  101.     Window size value: 64189
  102.     [Calculated window size: 64189]
  103.     [Window size scaling factor: -2 (no window scaling used)]
  104.     Checksum: 0xae4c [validation disabled]
  105.     [SEQ/ACK analysis]
  106. Simple Mail Transfer Protocol
  107.     Command Line: EHLO WIN-Q5001LKS8KV\r\n
  108.         Command: EHLO
  109.         Request parameter: WIN-Q5001LKS8KV
  110.  
  111. No.     Time           Source                Destination           Protocol Length Info
  112.    3907 613.790956000  74.125.141.108        192.168.21.138        SMTP     179    S: 250-mx.google.com at your service, [123.108.231.79] | 250-SIZE 35882577 | 250-8BITMIME | 250-STARTTLS | 250 ENHANCEDSTATUSCODES
  113.  
  114. Frame 3907: 179 bytes on wire (1432 bits), 179 bytes captured (1432 bits) on interface 0
  115.     Interface id: 0
  116.     WTAP_ENCAP: 1
  117.     Arrival Time: Feb  4, 2013 16:38:39.184440000 India Standard Time
  118.     [Time shift for this packet: 0.000000000 seconds]
  119.     Epoch Time: 1359976119.184440000 seconds
  120.     [Time delta from previous captured frame: 0.478173000 seconds]
  121.     [Time delta from previous displayed frame: 0.798593000 seconds]
  122.     [Time since reference or first frame: 613.790956000 seconds]
  123.     Frame Number: 3907
  124.     Frame Length: 179 bytes (1432 bits)
  125.     Capture Length: 179 bytes (1432 bits)
  126.     [Frame is marked: False]
  127.     [Frame is ignored: False]
  128.     [Protocols in frame: eth:ip:tcp:smtp]
  129.     [Coloring Rule Name: TCP]
  130.     [Coloring Rule String: tcp]
  131. Ethernet II, Src: Vmware_e7:ff:51 (00:50:56:e7:ff:51), Dst: Vmware_b8:51:38 (00:0c:29:b8:51:38)
  132. Internet Protocol Version 4, Src: 74.125.141.108 (74.125.141.108), Dst: 192.168.21.138 (192.168.21.138)
  133.     Version: 4
  134.     Header length: 20 bytes
  135.     Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  136.     Total Length: 165
  137.     Identification: 0x10e5 (4325)
  138.     Flags: 0x00
  139.     Fragment offset: 0
  140.     Time to live: 128
  141.     Protocol: TCP (6)
  142.     Header checksum: 0x7b52 [correct]
  143.     Source: 74.125.141.108 (74.125.141.108)
  144.     Destination: 192.168.21.138 (192.168.21.138)
  145.     [Source GeoIP: Unknown]
  146.     [Destination GeoIP: Unknown]
  147. Transmission Control Protocol, Src Port: submission (587), Dst Port: 49586 (49586), Seq: 52, Ack: 23, Len: 125
  148.     Source port: submission (587)
  149.     Destination port: 49586 (49586)
  150.     [Stream index: 54]
  151.     Sequence number: 52    (relative sequence number)
  152.     [Next sequence number: 177    (relative sequence number)]
  153.     Acknowledgment number: 23    (relative ack number)
  154.     Header length: 20 bytes
  155.     Flags: 0x018 (PSH, ACK)
  156.     Window size value: 64240
  157.     [Calculated window size: 64240]
  158.     [Window size scaling factor: -2 (no window scaling used)]
  159.     Checksum: 0xe32b [validation disabled]
  160.     [SEQ/ACK analysis]
  161. Simple Mail Transfer Protocol
  162.     Response: 250-mx.google.com at your service, [123.108.231.79]\r\n
  163.         Response code: Requested mail action okay, completed (250)
  164.         Response parameter: mx.google.com at your service, [123.108.231.79]
  165.     Response: 250-SIZE 35882577\r\n
  166.         Response code: Requested mail action okay, completed (250)
  167.         Response parameter: SIZE 35882577
  168.     Response: 250-8BITMIME\r\n
  169.         Response code: Requested mail action okay, completed (250)
  170.         Response parameter: 8BITMIME
  171.     Response: 250-STARTTLS\r\n
  172.         Response code: Requested mail action okay, completed (250)
  173.         Response parameter: STARTTLS
  174.     Response: 250 ENHANCEDSTATUSCODES\r\n
  175.         Response code: Requested mail action okay, completed (250)
  176.         Response parameter: ENHANCEDSTATUSCODES
  177.  
  178. No.     Time           Source                Destination           Protocol Length Info
  179.    3908 613.791132000  192.168.21.138        74.125.141.108        SMTP     64     C: STARTTLS
  180.  
  181. Frame 3908: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) on interface 0
  182.     Interface id: 0
  183.     WTAP_ENCAP: 1
  184.     Arrival Time: Feb  4, 2013 16:38:39.184616000 India Standard Time
  185.     [Time shift for this packet: 0.000000000 seconds]
  186.     Epoch Time: 1359976119.184616000 seconds
  187.     [Time delta from previous captured frame: 0.000176000 seconds]
  188.     [Time delta from previous displayed frame: 0.000176000 seconds]
  189.     [Time since reference or first frame: 613.791132000 seconds]
  190.     Frame Number: 3908
  191.     Frame Length: 64 bytes (512 bits)
  192.     Capture Length: 64 bytes (512 bits)
  193.     [Frame is marked: False]
  194.     [Frame is ignored: False]
  195.     [Protocols in frame: eth:ip:tcp:smtp]
  196.     [Coloring Rule Name: Checksum Errors]
  197.     [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1]
  198. Ethernet II, Src: Vmware_b8:51:38 (00:0c:29:b8:51:38), Dst: Vmware_e7:ff:51 (00:50:56:e7:ff:51)
  199. Internet Protocol Version 4, Src: 192.168.21.138 (192.168.21.138), Dst: 74.125.141.108 (74.125.141.108)
  200.     Version: 4
  201.     Header length: 20 bytes
  202.     Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  203.     Total Length: 50
  204.     Identification: 0x780c (30732)
  205.     Flags: 0x02 (Don't Fragment)
  206.     Fragment offset: 0
  207.     Time to live: 128
  208.     Protocol: TCP (6)
  209.     Header checksum: 0x0000 [incorrect, should be 0xd49d (may be caused by "IP checksum offload"?)]
  210.     Source: 192.168.21.138 (192.168.21.138)
  211.     Destination: 74.125.141.108 (74.125.141.108)
  212.     [Source GeoIP: Unknown]
  213.     [Destination GeoIP: Unknown]
  214. Transmission Control Protocol, Src Port: 49586 (49586), Dst Port: submission (587), Seq: 23, Ack: 177, Len: 10
  215.     Source port: 49586 (49586)
  216.     Destination port: submission (587)
  217.     [Stream index: 54]
  218.     Sequence number: 23    (relative sequence number)
  219.     [Next sequence number: 33    (relative sequence number)]
  220.     Acknowledgment number: 177    (relative ack number)
  221.     Header length: 20 bytes
  222.     Flags: 0x018 (PSH, ACK)
  223.     Window size value: 64064
  224.     [Calculated window size: 64064]
  225.     [Window size scaling factor: -2 (no window scaling used)]
  226.     Checksum: 0xae40 [validation disabled]
  227.     [SEQ/ACK analysis]
  228. Simple Mail Transfer Protocol
  229.     Command Line: STARTTLS\r\n
  230.         Command: STAR
  231.         Request parameter: TLS
  232.  
  233. No.     Time           Source                Destination           Protocol Length Info
  234.    3910 614.012078000  74.125.141.108        192.168.21.138        SMTP     84     S: 220 2.0.0 Ready to start TLS
  235.  
  236. Frame 3910: 84 bytes on wire (672 bits), 84 bytes captured (672 bits) on interface 0
  237.     Interface id: 0
  238.     WTAP_ENCAP: 1
  239.     Arrival Time: Feb  4, 2013 16:38:39.405562000 India Standard Time
  240.     [Time shift for this packet: 0.000000000 seconds]
  241.     Epoch Time: 1359976119.405562000 seconds
  242.     [Time delta from previous captured frame: 0.220830000 seconds]
  243.     [Time delta from previous displayed frame: 0.220946000 seconds]
  244.     [Time since reference or first frame: 614.012078000 seconds]
  245.     Frame Number: 3910
  246.     Frame Length: 84 bytes (672 bits)
  247.     Capture Length: 84 bytes (672 bits)
  248.     [Frame is marked: False]
  249.     [Frame is ignored: False]
  250.     [Protocols in frame: eth:ip:tcp:smtp]
  251.     [Coloring Rule Name: TCP]
  252.     [Coloring Rule String: tcp]
  253. Ethernet II, Src: Vmware_e7:ff:51 (00:50:56:e7:ff:51), Dst: Vmware_b8:51:38 (00:0c:29:b8:51:38)
  254. Internet Protocol Version 4, Src: 74.125.141.108 (74.125.141.108), Dst: 192.168.21.138 (192.168.21.138)
  255.     Version: 4
  256.     Header length: 20 bytes
  257.     Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  258.     Total Length: 70
  259.     Identification: 0x10e7 (4327)
  260.     Flags: 0x00
  261.     Fragment offset: 0
  262.     Time to live: 128
  263.     Protocol: TCP (6)
  264.     Header checksum: 0x7baf [correct]
  265.     Source: 74.125.141.108 (74.125.141.108)
  266.     Destination: 192.168.21.138 (192.168.21.138)
  267.     [Source GeoIP: Unknown]
  268.     [Destination GeoIP: Unknown]
  269. Transmission Control Protocol, Src Port: submission (587), Dst Port: 49586 (49586), Seq: 177, Ack: 33, Len: 30
  270.     Source port: submission (587)
  271.     Destination port: 49586 (49586)
  272.     [Stream index: 54]
  273.     Sequence number: 177    (relative sequence number)
  274.     [Next sequence number: 207    (relative sequence number)]
  275.     Acknowledgment number: 33    (relative ack number)
  276.     Header length: 20 bytes
  277.     Flags: 0x018 (PSH, ACK)
  278.     Window size value: 64240
  279.     [Calculated window size: 64240]
  280.     [Window size scaling factor: -2 (no window scaling used)]
  281.     Checksum: 0x33d8 [validation disabled]
  282.     [SEQ/ACK analysis]
  283. Simple Mail Transfer Protocol
  284.     Response: 220 2.0.0 Ready to start TLS\r\n
  285.         Response code: <domain> Service ready (220)
  286.         Response parameter: 2.0.0 Ready to start TLS
  287.  
  288. No.     Time           Source                Destination           Protocol Length Info
  289.    8988 1236.636045000 74.125.141.108        192.168.21.138        SMTP     105    S: 220 mx.google.com ESMTP d1sm20598925pav.6 - gsmtp
  290.  
  291. Frame 8988: 105 bytes on wire (840 bits), 105 bytes captured (840 bits) on interface 0
  292.     Interface id: 0
  293.     WTAP_ENCAP: 1
  294.     Arrival Time: Feb  4, 2013 16:49:02.029529000 India Standard Time
  295.     [Time shift for this packet: 0.000000000 seconds]
  296.     Epoch Time: 1359976742.029529000 seconds
  297.     [Time delta from previous captured frame: 0.220962000 seconds]
  298.     [Time delta from previous displayed frame: 622.623967000 seconds]
  299.     [Time since reference or first frame: 1236.636045000 seconds]
  300.     Frame Number: 8988
  301.     Frame Length: 105 bytes (840 bits)
  302.     Capture Length: 105 bytes (840 bits)
  303.     [Frame is marked: False]
  304.     [Frame is ignored: False]
  305.     [Protocols in frame: eth:ip:tcp:smtp]
  306.     [Coloring Rule Name: TCP]
  307.     [Coloring Rule String: tcp]
  308. Ethernet II, Src: Vmware_e7:ff:51 (00:50:56:e7:ff:51), Dst: Vmware_b8:51:38 (00:0c:29:b8:51:38)
  309. Internet Protocol Version 4, Src: 74.125.141.108 (74.125.141.108), Dst: 192.168.21.138 (192.168.21.138)
  310.     Version: 4
  311.     Header length: 20 bytes
  312.     Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  313.     Total Length: 91
  314.     Identification: 0x1bfb (7163)
  315.     Flags: 0x00
  316.     Fragment offset: 0
  317.     Time to live: 128
  318.     Protocol: TCP (6)
  319.     Header checksum: 0x7086 [correct]
  320.     Source: 74.125.141.108 (74.125.141.108)
  321.     Destination: 192.168.21.138 (192.168.21.138)
  322.     [Source GeoIP: Unknown]
  323.     [Destination GeoIP: Unknown]
  324. Transmission Control Protocol, Src Port: submission (587), Dst Port: 49711 (49711), Seq: 1, Ack: 1, Len: 51
  325.     Source port: submission (587)
  326.     Destination port: 49711 (49711)
  327.     [Stream index: 175]
  328.     Sequence number: 1    (relative sequence number)
  329.     [Next sequence number: 52    (relative sequence number)]
  330.     Acknowledgment number: 1    (relative ack number)
  331.     Header length: 20 bytes
  332.     Flags: 0x018 (PSH, ACK)
  333.     Window size value: 64240
  334.     [Calculated window size: 64240]
  335.     [Window size scaling factor: -2 (no window scaling used)]
  336.     Checksum: 0xab53 [validation disabled]
  337.     [SEQ/ACK analysis]
  338. Simple Mail Transfer Protocol
  339.     Response: 220 mx.google.com ESMTP d1sm20598925pav.6 - gsmtp\r\n
  340.         Response code: <domain> Service ready (220)
  341.         Response parameter: mx.google.com ESMTP d1sm20598925pav.6 - gsmtp
  342.  
  343. No.     Time           Source                Destination           Protocol Length Info
  344.    8989 1236.636632000 192.168.21.138        74.125.141.108        SMTP     76     C: EHLO WIN-Q5001LKS8KV
  345.  
  346. Frame 8989: 76 bytes on wire (608 bits), 76 bytes captured (608 bits) on interface 0
  347.     Interface id: 0
  348.     WTAP_ENCAP: 1
  349.     Arrival Time: Feb  4, 2013 16:49:02.030116000 India Standard Time
  350.     [Time shift for this packet: 0.000000000 seconds]
  351.     Epoch Time: 1359976742.030116000 seconds
  352.     [Time delta from previous captured frame: 0.000587000 seconds]
  353.     [Time delta from previous displayed frame: 0.000587000 seconds]
  354.     [Time since reference or first frame: 1236.636632000 seconds]
  355.     Frame Number: 8989
  356.     Frame Length: 76 bytes (608 bits)
  357.     Capture Length: 76 bytes (608 bits)
  358.     [Frame is marked: False]
  359.     [Frame is ignored: False]
  360.     [Protocols in frame: eth:ip:tcp:smtp]
  361.     [Coloring Rule Name: Checksum Errors]
  362.     [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1]
  363. Ethernet II, Src: Vmware_b8:51:38 (00:0c:29:b8:51:38), Dst: Vmware_e7:ff:51 (00:50:56:e7:ff:51)
  364. Internet Protocol Version 4, Src: 192.168.21.138 (192.168.21.138), Dst: 74.125.141.108 (74.125.141.108)
  365.     Version: 4
  366.     Header length: 20 bytes
  367.     Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  368.     Total Length: 62
  369.     Identification: 0x7fc1 (32705)
  370.     Flags: 0x02 (Don't Fragment)
  371.     Fragment offset: 0
  372.     Time to live: 128
  373.     Protocol: TCP (6)
  374.     Header checksum: 0x0000 [incorrect, should be 0xccdc (may be caused by "IP checksum offload"?)]
  375.     Source: 192.168.21.138 (192.168.21.138)
  376.     Destination: 74.125.141.108 (74.125.141.108)
  377.     [Source GeoIP: Unknown]
  378.     [Destination GeoIP: Unknown]
  379. Transmission Control Protocol, Src Port: 49711 (49711), Dst Port: submission (587), Seq: 1, Ack: 52, Len: 22
  380.     Source port: 49711 (49711)
  381.     Destination port: submission (587)
  382.     [Stream index: 175]
  383.     Sequence number: 1    (relative sequence number)
  384.     [Next sequence number: 23    (relative sequence number)]
  385.     Acknowledgment number: 52    (relative ack number)
  386.     Header length: 20 bytes
  387.     Flags: 0x018 (PSH, ACK)
  388.     Window size value: 64189
  389.     [Calculated window size: 64189]
  390.     [Window size scaling factor: -2 (no window scaling used)]
  391.     Checksum: 0xae4c [validation disabled]
  392.     [SEQ/ACK analysis]
  393. Simple Mail Transfer Protocol
  394.     Command Line: EHLO WIN-Q5001LKS8KV\r\n
  395.         Command: EHLO
  396.         Request parameter: WIN-Q5001LKS8KV
  397.  
  398. No.     Time           Source                Destination           Protocol Length Info
  399.    8991 1236.851137000 74.125.141.108        192.168.21.138        SMTP     179    S: 250-mx.google.com at your service, [123.108.231.79] | 250-SIZE 35882577 | 250-8BITMIME | 250-STARTTLS | 250 ENHANCEDSTATUSCODES
  400.  
  401. Frame 8991: 179 bytes on wire (1432 bits), 179 bytes captured (1432 bits) on interface 0
  402.     Interface id: 0
  403.     WTAP_ENCAP: 1
  404.     Arrival Time: Feb  4, 2013 16:49:02.244621000 India Standard Time
  405.     [Time shift for this packet: 0.000000000 seconds]
  406.     Epoch Time: 1359976742.244621000 seconds
  407.     [Time delta from previous captured frame: 0.214386000 seconds]
  408.     [Time delta from previous displayed frame: 0.214505000 seconds]
  409.     [Time since reference or first frame: 1236.851137000 seconds]
  410.     Frame Number: 8991
  411.     Frame Length: 179 bytes (1432 bits)
  412.     Capture Length: 179 bytes (1432 bits)
  413.     [Frame is marked: False]
  414.     [Frame is ignored: False]
  415.     [Protocols in frame: eth:ip:tcp:smtp]
  416.     [Coloring Rule Name: TCP]
  417.     [Coloring Rule String: tcp]
  418. Ethernet II, Src: Vmware_e7:ff:51 (00:50:56:e7:ff:51), Dst: Vmware_b8:51:38 (00:0c:29:b8:51:38)
  419. Internet Protocol Version 4, Src: 74.125.141.108 (74.125.141.108), Dst: 192.168.21.138 (192.168.21.138)
  420.     Version: 4
  421.     Header length: 20 bytes
  422.     Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  423.     Total Length: 165
  424.     Identification: 0x1bfd (7165)
  425.     Flags: 0x00
  426.     Fragment offset: 0
  427.     Time to live: 128
  428.     Protocol: TCP (6)
  429.     Header checksum: 0x703a [correct]
  430.     Source: 74.125.141.108 (74.125.141.108)
  431.     Destination: 192.168.21.138 (192.168.21.138)
  432.     [Source GeoIP: Unknown]
  433.     [Destination GeoIP: Unknown]
  434. Transmission Control Protocol, Src Port: submission (587), Dst Port: 49711 (49711), Seq: 52, Ack: 23, Len: 125
  435.     Source port: submission (587)
  436.     Destination port: 49711 (49711)
  437.     [Stream index: 175]
  438.     Sequence number: 52    (relative sequence number)
  439.     [Next sequence number: 177    (relative sequence number)]
  440.     Acknowledgment number: 23    (relative ack number)
  441.     Header length: 20 bytes
  442.     Flags: 0x018 (PSH, ACK)
  443.     Window size value: 64240
  444.     [Calculated window size: 64240]
  445.     [Window size scaling factor: -2 (no window scaling used)]
  446.     Checksum: 0x7299 [validation disabled]
  447.     [SEQ/ACK analysis]
  448. Simple Mail Transfer Protocol
  449.     Response: 250-mx.google.com at your service, [123.108.231.79]\r\n
  450.         Response code: Requested mail action okay, completed (250)
  451.         Response parameter: mx.google.com at your service, [123.108.231.79]
  452.     Response: 250-SIZE 35882577\r\n
  453.         Response code: Requested mail action okay, completed (250)
  454.         Response parameter: SIZE 35882577
  455.     Response: 250-8BITMIME\r\n
  456.         Response code: Requested mail action okay, completed (250)
  457.         Response parameter: 8BITMIME
  458.     Response: 250-STARTTLS\r\n
  459.         Response code: Requested mail action okay, completed (250)
  460.         Response parameter: STARTTLS
  461.     Response: 250 ENHANCEDSTATUSCODES\r\n
  462.         Response code: Requested mail action okay, completed (250)
  463.         Response parameter: ENHANCEDSTATUSCODES
  464.  
  465. No.     Time           Source                Destination           Protocol Length Info
  466.    8992 1236.851284000 192.168.21.138        74.125.141.108        SMTP     64     C: STARTTLS
  467.  
  468. Frame 8992: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) on interface 0
  469.     Interface id: 0
  470.     WTAP_ENCAP: 1
  471.     Arrival Time: Feb  4, 2013 16:49:02.244768000 India Standard Time
  472.     [Time shift for this packet: 0.000000000 seconds]
  473.     Epoch Time: 1359976742.244768000 seconds
  474.     [Time delta from previous captured frame: 0.000147000 seconds]
  475.     [Time delta from previous displayed frame: 0.000147000 seconds]
  476.     [Time since reference or first frame: 1236.851284000 seconds]
  477.     Frame Number: 8992
  478.     Frame Length: 64 bytes (512 bits)
  479.     Capture Length: 64 bytes (512 bits)
  480.     [Frame is marked: False]
  481.     [Frame is ignored: False]
  482.     [Protocols in frame: eth:ip:tcp:smtp]
  483.     [Coloring Rule Name: Checksum Errors]
  484.     [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1]
  485. Ethernet II, Src: Vmware_b8:51:38 (00:0c:29:b8:51:38), Dst: Vmware_e7:ff:51 (00:50:56:e7:ff:51)
  486. Internet Protocol Version 4, Src: 192.168.21.138 (192.168.21.138), Dst: 74.125.141.108 (74.125.141.108)
  487.     Version: 4
  488.     Header length: 20 bytes
  489.     Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  490.     Total Length: 50
  491.     Identification: 0x7fc2 (32706)
  492.     Flags: 0x02 (Don't Fragment)
  493.     Fragment offset: 0
  494.     Time to live: 128
  495.     Protocol: TCP (6)
  496.     Header checksum: 0x0000 [incorrect, should be 0xcce7 (may be caused by "IP checksum offload"?)]
  497.     Source: 192.168.21.138 (192.168.21.138)
  498.     Destination: 74.125.141.108 (74.125.141.108)
  499.     [Source GeoIP: Unknown]
  500.     [Destination GeoIP: Unknown]
  501. Transmission Control Protocol, Src Port: 49711 (49711), Dst Port: submission (587), Seq: 23, Ack: 177, Len: 10
  502.     Source port: 49711 (49711)
  503.     Destination port: submission (587)
  504.     [Stream index: 175]
  505.     Sequence number: 23    (relative sequence number)
  506.     [Next sequence number: 33    (relative sequence number)]
  507.     Acknowledgment number: 177    (relative ack number)
  508.     Header length: 20 bytes
  509.     Flags: 0x018 (PSH, ACK)
  510.     Window size value: 64064
  511.     [Calculated window size: 64064]
  512.     [Window size scaling factor: -2 (no window scaling used)]
  513.     Checksum: 0xae40 [validation disabled]
  514.     [SEQ/ACK analysis]
  515. Simple Mail Transfer Protocol
  516.     Command Line: STARTTLS\r\n
  517.         Command: STAR
  518.         Request parameter: TLS
  519.  
  520. No.     Time           Source                Destination           Protocol Length Info
  521.    8994 1237.061467000 74.125.141.108        192.168.21.138        SMTP     84     S: 220 2.0.0 Ready to start TLS
  522.  
  523. Frame 8994: 84 bytes on wire (672 bits), 84 bytes captured (672 bits) on interface 0
  524.     Interface id: 0
  525.     WTAP_ENCAP: 1
  526.     Arrival Time: Feb  4, 2013 16:49:02.454951000 India Standard Time
  527.     [Time shift for this packet: 0.000000000 seconds]
  528.     Epoch Time: 1359976742.454951000 seconds
  529.     [Time delta from previous captured frame: 0.210056000 seconds]
  530.     [Time delta from previous displayed frame: 0.210183000 seconds]
  531.     [Time since reference or first frame: 1237.061467000 seconds]
  532.     Frame Number: 8994
  533.     Frame Length: 84 bytes (672 bits)
  534.     Capture Length: 84 bytes (672 bits)
  535.     [Frame is marked: False]
  536.     [Frame is ignored: False]
  537.     [Protocols in frame: eth:ip:tcp:smtp]
  538.     [Coloring Rule Name: TCP]
  539.     [Coloring Rule String: tcp]
  540. Ethernet II, Src: Vmware_e7:ff:51 (00:50:56:e7:ff:51), Dst: Vmware_b8:51:38 (00:0c:29:b8:51:38)
  541. Internet Protocol Version 4, Src: 74.125.141.108 (74.125.141.108), Dst: 192.168.21.138 (192.168.21.138)
  542.     Version: 4
  543.     Header length: 20 bytes
  544.     Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  545.     Total Length: 70
  546.     Identification: 0x1bff (7167)
  547.     Flags: 0x00
  548.     Fragment offset: 0
  549.     Time to live: 128
  550.     Protocol: TCP (6)
  551.     Header checksum: 0x7097 [correct]
  552.     Source: 74.125.141.108 (74.125.141.108)
  553.     Destination: 192.168.21.138 (192.168.21.138)
  554.     [Source GeoIP: Unknown]
  555.     [Destination GeoIP: Unknown]
  556. Transmission Control Protocol, Src Port: submission (587), Dst Port: 49711 (49711), Seq: 177, Ack: 33, Len: 30
  557.     Source port: submission (587)
  558.     Destination port: 49711 (49711)
  559.     [Stream index: 175]
  560.     Sequence number: 177    (relative sequence number)
  561.     [Next sequence number: 207    (relative sequence number)]
  562.     Acknowledgment number: 33    (relative ack number)
  563.     Header length: 20 bytes
  564.     Flags: 0x018 (PSH, ACK)
  565.     Window size value: 64240
  566.     [Calculated window size: 64240]
  567.     [Window size scaling factor: -2 (no window scaling used)]
  568.     Checksum: 0xc345 [validation disabled]
  569.     [SEQ/ACK analysis]
  570. Simple Mail Transfer Protocol
  571.     Response: 220 2.0.0 Ready to start TLS\r\n
  572.         Response code: <domain> Service ready (220)
  573.         Response parameter: 2.0.0 Ready to start TLS
  574.  
  575. No.     Time           Source                Destination           Protocol Length Info
  576.   11977 4252.138221000 74.125.141.109        192.168.21.138        SMTP     105    S: 220 mx.google.com ESMTP o5sm20914577pay.5 - gsmtp
  577.  
  578. Frame 11977: 105 bytes on wire (840 bits), 105 bytes captured (840 bits) on interface 0
  579.     Interface id: 0
  580.     WTAP_ENCAP: 1
  581.     Arrival Time: Feb  4, 2013 17:39:17.531705000 India Standard Time
  582.     [Time shift for this packet: 0.000000000 seconds]
  583.     Epoch Time: 1359979757.531705000 seconds
  584.     [Time delta from previous captured frame: 0.207839000 seconds]
  585.     [Time delta from previous displayed frame: 3015.076754000 seconds]
  586.     [Time since reference or first frame: 4252.138221000 seconds]
  587.     Frame Number: 11977
  588.     Frame Length: 105 bytes (840 bits)
  589.     Capture Length: 105 bytes (840 bits)
  590.     [Frame is marked: False]
  591.     [Frame is ignored: False]
  592.     [Protocols in frame: eth:ip:tcp:smtp]
  593.     [Coloring Rule Name: TCP]
  594.     [Coloring Rule String: tcp]
  595. Ethernet II, Src: Vmware_e7:ff:51 (00:50:56:e7:ff:51), Dst: Vmware_b8:51:38 (00:0c:29:b8:51:38)
  596. Internet Protocol Version 4, Src: 74.125.141.109 (74.125.141.109), Dst: 192.168.21.138 (192.168.21.138)
  597.     Version: 4
  598.     Header length: 20 bytes
  599.     Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  600.     Total Length: 91
  601.     Identification: 0x1f32 (7986)
  602.     Flags: 0x00
  603.     Fragment offset: 0
  604.     Time to live: 128
  605.     Protocol: TCP (6)
  606.     Header checksum: 0x6d4e [correct]
  607.     Source: 74.125.141.109 (74.125.141.109)
  608.     Destination: 192.168.21.138 (192.168.21.138)
  609.     [Source GeoIP: Unknown]
  610.     [Destination GeoIP: Unknown]
  611. Transmission Control Protocol, Src Port: submission (587), Dst Port: 49741 (49741), Seq: 1, Ack: 1, Len: 51
  612.     Source port: submission (587)
  613.     Destination port: 49741 (49741)
  614.     [Stream index: 201]
  615.     Sequence number: 1    (relative sequence number)
  616.     [Next sequence number: 52    (relative sequence number)]
  617.     Acknowledgment number: 1    (relative ack number)
  618.     Header length: 20 bytes
  619.     Flags: 0x018 (PSH, ACK)
  620.     Window size value: 64240
  621.     [Calculated window size: 64240]
  622.     [Window size scaling factor: -2 (no window scaling used)]
  623.     Checksum: 0xfc9b [validation disabled]
  624.     [SEQ/ACK analysis]
  625. Simple Mail Transfer Protocol
  626.     Response: 220 mx.google.com ESMTP o5sm20914577pay.5 - gsmtp\r\n
  627.         Response code: <domain> Service ready (220)
  628.         Response parameter: mx.google.com ESMTP o5sm20914577pay.5 - gsmtp
  629.  
  630. No.     Time           Source                Destination           Protocol Length Info
  631.   11978 4252.138922000 192.168.21.138        74.125.141.109        SMTP     76     C: EHLO WIN-Q5001LKS8KV
  632.  
  633. Frame 11978: 76 bytes on wire (608 bits), 76 bytes captured (608 bits) on interface 0
  634.     Interface id: 0
  635.     WTAP_ENCAP: 1
  636.     Arrival Time: Feb  4, 2013 17:39:17.532406000 India Standard Time
  637.     [Time shift for this packet: 0.000000000 seconds]
  638.     Epoch Time: 1359979757.532406000 seconds
  639.     [Time delta from previous captured frame: 0.000701000 seconds]
  640.     [Time delta from previous displayed frame: 0.000701000 seconds]
  641.     [Time since reference or first frame: 4252.138922000 seconds]
  642.     Frame Number: 11978
  643.     Frame Length: 76 bytes (608 bits)
  644.     Capture Length: 76 bytes (608 bits)
  645.     [Frame is marked: False]
  646.     [Frame is ignored: False]
  647.     [Protocols in frame: eth:ip:tcp:smtp]
  648.     [Coloring Rule Name: Checksum Errors]
  649.     [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1]
  650. Ethernet II, Src: Vmware_b8:51:38 (00:0c:29:b8:51:38), Dst: Vmware_e7:ff:51 (00:50:56:e7:ff:51)
  651. Internet Protocol Version 4, Src: 192.168.21.138 (192.168.21.138), Dst: 74.125.141.109 (74.125.141.109)
  652.     Version: 4
  653.     Header length: 20 bytes
  654.     Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  655.     Total Length: 62
  656.     Identification: 0x0256 (598)
  657.     Flags: 0x02 (Don't Fragment)
  658.     Fragment offset: 0
  659.     Time to live: 128
  660.     Protocol: TCP (6)
  661.     Header checksum: 0x0000 [incorrect, should be 0x4a47 (may be caused by "IP checksum offload"?)]
  662.     Source: 192.168.21.138 (192.168.21.138)
  663.     Destination: 74.125.141.109 (74.125.141.109)
  664.     [Source GeoIP: Unknown]
  665.     [Destination GeoIP: Unknown]
  666. Transmission Control Protocol, Src Port: 49741 (49741), Dst Port: submission (587), Seq: 1, Ack: 52, Len: 22
  667.     Source port: 49741 (49741)
  668.     Destination port: submission (587)
  669.     [Stream index: 201]
  670.     Sequence number: 1    (relative sequence number)
  671.     [Next sequence number: 23    (relative sequence number)]
  672.     Acknowledgment number: 52    (relative ack number)
  673.     Header length: 20 bytes
  674.     Flags: 0x018 (PSH, ACK)
  675.     Window size value: 64189
  676.     [Calculated window size: 64189]
  677.     [Window size scaling factor: -2 (no window scaling used)]
  678.     Checksum: 0xae4d [validation disabled]
  679.     [SEQ/ACK analysis]
  680. Simple Mail Transfer Protocol
  681.     Command Line: EHLO WIN-Q5001LKS8KV\r\n
  682.         Command: EHLO
  683.         Request parameter: WIN-Q5001LKS8KV
  684.  
  685. No.     Time           Source                Destination           Protocol Length Info
  686.   11980 4252.640631000 74.125.141.109        192.168.21.138        SMTP     179    S: 250-mx.google.com at your service, [123.108.231.79] | 250-SIZE 35882577 | 250-8BITMIME | 250-STARTTLS | 250 ENHANCEDSTATUSCODES
  687.  
  688. Frame 11980: 179 bytes on wire (1432 bits), 179 bytes captured (1432 bits) on interface 0
  689.     Interface id: 0
  690.     WTAP_ENCAP: 1
  691.     Arrival Time: Feb  4, 2013 17:39:18.034115000 India Standard Time
  692.     [Time shift for this packet: 0.000000000 seconds]
  693.     Epoch Time: 1359979758.034115000 seconds
  694.     [Time delta from previous captured frame: 0.501596000 seconds]
  695.     [Time delta from previous displayed frame: 0.501709000 seconds]
  696.     [Time since reference or first frame: 4252.640631000 seconds]
  697.     Frame Number: 11980
  698.     Frame Length: 179 bytes (1432 bits)
  699.     Capture Length: 179 bytes (1432 bits)
  700.     [Frame is marked: False]
  701.     [Frame is ignored: False]
  702.     [Protocols in frame: eth:ip:tcp:smtp]
  703.     [Coloring Rule Name: TCP]
  704.     [Coloring Rule String: tcp]
  705. Ethernet II, Src: Vmware_e7:ff:51 (00:50:56:e7:ff:51), Dst: Vmware_b8:51:38 (00:0c:29:b8:51:38)
  706. Internet Protocol Version 4, Src: 74.125.141.109 (74.125.141.109), Dst: 192.168.21.138 (192.168.21.138)
  707.     Version: 4
  708.     Header length: 20 bytes
  709.     Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  710.     Total Length: 165
  711.     Identification: 0x1f34 (7988)
  712.     Flags: 0x00
  713.     Fragment offset: 0
  714.     Time to live: 128
  715.     Protocol: TCP (6)
  716.     Header checksum: 0x6d02 [correct]
  717.     Source: 74.125.141.109 (74.125.141.109)
  718.     Destination: 192.168.21.138 (192.168.21.138)
  719.     [Source GeoIP: Unknown]
  720.     [Destination GeoIP: Unknown]
  721. Transmission Control Protocol, Src Port: submission (587), Dst Port: 49741 (49741), Seq: 52, Ack: 23, Len: 125
  722.     Source port: submission (587)
  723.     Destination port: 49741 (49741)
  724.     [Stream index: 201]
  725.     Sequence number: 52    (relative sequence number)
  726.     [Next sequence number: 177    (relative sequence number)]
  727.     Acknowledgment number: 23    (relative ack number)
  728.     Header length: 20 bytes
  729.     Flags: 0x018 (PSH, ACK)
  730.     Window size value: 64240
  731.     [Calculated window size: 64240]
  732.     [Window size scaling factor: -2 (no window scaling used)]
  733.     Checksum: 0xd5db [validation disabled]
  734.     [SEQ/ACK analysis]
  735. Simple Mail Transfer Protocol
  736.     Response: 250-mx.google.com at your service, [123.108.231.79]\r\n
  737.         Response code: Requested mail action okay, completed (250)
  738.         Response parameter: mx.google.com at your service, [123.108.231.79]
  739.     Response: 250-SIZE 35882577\r\n
  740.         Response code: Requested mail action okay, completed (250)
  741.         Response parameter: SIZE 35882577
  742.     Response: 250-8BITMIME\r\n
  743.         Response code: Requested mail action okay, completed (250)
  744.         Response parameter: 8BITMIME
  745.     Response: 250-STARTTLS\r\n
  746.         Response code: Requested mail action okay, completed (250)
  747.         Response parameter: STARTTLS
  748.     Response: 250 ENHANCEDSTATUSCODES\r\n
  749.         Response code: Requested mail action okay, completed (250)
  750.         Response parameter: ENHANCEDSTATUSCODES
  751.  
  752. No.     Time           Source                Destination           Protocol Length Info
  753.   11981 4252.640768000 192.168.21.138        74.125.141.109        SMTP     64     C: STARTTLS
  754.  
  755. Frame 11981: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) on interface 0
  756.     Interface id: 0
  757.     WTAP_ENCAP: 1
  758.     Arrival Time: Feb  4, 2013 17:39:18.034252000 India Standard Time
  759.     [Time shift for this packet: 0.000000000 seconds]
  760.     Epoch Time: 1359979758.034252000 seconds
  761.     [Time delta from previous captured frame: 0.000137000 seconds]
  762.     [Time delta from previous displayed frame: 0.000137000 seconds]
  763.     [Time since reference or first frame: 4252.640768000 seconds]
  764.     Frame Number: 11981
  765.     Frame Length: 64 bytes (512 bits)
  766.     Capture Length: 64 bytes (512 bits)
  767.     [Frame is marked: False]
  768.     [Frame is ignored: False]
  769.     [Protocols in frame: eth:ip:tcp:smtp]
  770.     [Coloring Rule Name: Checksum Errors]
  771.     [Coloring Rule String: cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1]
  772. Ethernet II, Src: Vmware_b8:51:38 (00:0c:29:b8:51:38), Dst: Vmware_e7:ff:51 (00:50:56:e7:ff:51)
  773. Internet Protocol Version 4, Src: 192.168.21.138 (192.168.21.138), Dst: 74.125.141.109 (74.125.141.109)
  774.     Version: 4
  775.     Header length: 20 bytes
  776.     Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  777.     Total Length: 50
  778.     Identification: 0x0257 (599)
  779.     Flags: 0x02 (Don't Fragment)
  780.     Fragment offset: 0
  781.     Time to live: 128
  782.     Protocol: TCP (6)
  783.     Header checksum: 0x0000 [incorrect, should be 0x4a52 (may be caused by "IP checksum offload"?)]
  784.     Source: 192.168.21.138 (192.168.21.138)
  785.     Destination: 74.125.141.109 (74.125.141.109)
  786.     [Source GeoIP: Unknown]
  787.     [Destination GeoIP: Unknown]
  788. Transmission Control Protocol, Src Port: 49741 (49741), Dst Port: submission (587), Seq: 23, Ack: 177, Len: 10
  789.     Source port: 49741 (49741)
  790.     Destination port: submission (587)
  791.     [Stream index: 201]
  792.     Sequence number: 23    (relative sequence number)
  793.     [Next sequence number: 33    (relative sequence number)]
  794.     Acknowledgment number: 177    (relative ack number)
  795.     Header length: 20 bytes
  796.     Flags: 0x018 (PSH, ACK)
  797.     Window size value: 64064
  798.     [Calculated window size: 64064]
  799.     [Window size scaling factor: -2 (no window scaling used)]
  800.     Checksum: 0xae41 [validation disabled]
  801.     [SEQ/ACK analysis]
  802. Simple Mail Transfer Protocol
  803.     Command Line: STARTTLS\r\n
  804.         Command: STAR
  805.         Request parameter: TLS
  806.  
  807. No.     Time           Source                Destination           Protocol Length Info
  808.   11983 4252.881162000 74.125.141.109        192.168.21.138        SMTP     84     S: 220 2.0.0 Ready to start TLS
  809.  
  810. Frame 11983: 84 bytes on wire (672 bits), 84 bytes captured (672 bits) on interface 0
  811.     Interface id: 0
  812.     WTAP_ENCAP: 1
  813.     Arrival Time: Feb  4, 2013 17:39:18.274646000 India Standard Time
  814.     [Time shift for this packet: 0.000000000 seconds]
  815.     Epoch Time: 1359979758.274646000 seconds
  816.     [Time delta from previous captured frame: 0.240256000 seconds]
  817.     [Time delta from previous displayed frame: 0.240394000 seconds]
  818.     [Time since reference or first frame: 4252.881162000 seconds]
  819.     Frame Number: 11983
  820.     Frame Length: 84 bytes (672 bits)
  821.     Capture Length: 84 bytes (672 bits)
  822.     [Frame is marked: False]
  823.     [Frame is ignored: False]
  824.     [Protocols in frame: eth:ip:tcp:smtp]
  825.     [Coloring Rule Name: TCP]
  826.     [Coloring Rule String: tcp]
  827. Ethernet II, Src: Vmware_e7:ff:51 (00:50:56:e7:ff:51), Dst: Vmware_b8:51:38 (00:0c:29:b8:51:38)
  828. Internet Protocol Version 4, Src: 74.125.141.109 (74.125.141.109), Dst: 192.168.21.138 (192.168.21.138)
  829.     Version: 4
  830.     Header length: 20 bytes
  831.     Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
  832.     Total Length: 70
  833.     Identification: 0x1f36 (7990)
  834.     Flags: 0x00
  835.     Fragment offset: 0
  836.     Time to live: 128
  837.     Protocol: TCP (6)
  838.     Header checksum: 0x6d5f [correct]
  839.     Source: 74.125.141.109 (74.125.141.109)
  840.     Destination: 192.168.21.138 (192.168.21.138)
  841.     [Source GeoIP: Unknown]
  842.     [Destination GeoIP: Unknown]
  843. Transmission Control Protocol, Src Port: submission (587), Dst Port: 49741 (49741), Seq: 177, Ack: 33, Len: 30
  844.     Source port: submission (587)
  845.     Destination port: 49741 (49741)
  846.     [Stream index: 201]
  847.     Sequence number: 177    (relative sequence number)
  848.     [Next sequence number: 207    (relative sequence number)]
  849.     Acknowledgment number: 33    (relative ack number)
  850.     Header length: 20 bytes
  851.     Flags: 0x018 (PSH, ACK)
  852.     Window size value: 64240
  853.     [Calculated window size: 64240]
  854.     [Window size scaling factor: -2 (no window scaling used)]
  855.     Checksum: 0x2688 [validation disabled]
  856.     [SEQ/ACK analysis]
  857. Simple Mail Transfer Protocol
  858.     Response: 220 2.0.0 Ready to start TLS\r\n
  859.         Response code: <domain> Service ready (220)
  860.         Response parameter: 2.0.0 Ready to start TLS