API tools faq
paste
Advertisement
Guest User

One got conntracked, one didn't

a guest
Mar 28th, 2020
298
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.46 KB | None | 0 0
raw download clone embed print report
  1. No. Time Source Destination Protocol Length Info
  2. 1 0.000000 PFSENSE_PUBLIC_IP 172.217.22.78 TCP 74 22019 → 443 [SYN] Seq=0 Win=65228 Len=0 MSS=1460 WS=128 SACK_PERM=1 TSval=14269633 TSecr=0
  3.  
  4. Frame 1: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
  5. Encapsulation type: Ethernet (1)
  6. Arrival Time: Mar 28, 2020 18:02:46.187424000 CET
  7. [Time shift for this packet: 0.000000000 seconds]
  8. Epoch Time: 1585414966.187424000 seconds
  9. [Time delta from previous captured frame: 0.000000000 seconds]
  10. [Time delta from previous displayed frame: 0.000000000 seconds]
  11. [Time since reference or first frame: 0.000000000 seconds]
  12. Frame Number: 1
  13. Frame Length: 74 bytes (592 bits)
  14. Capture Length: 74 bytes (592 bits)
  15. [Frame is marked: True]
  16. [Frame is ignored: False]
  17. [Protocols in frame: eth:ethertype:ip:tcp]
  18. [Coloring Rule Name: TCP SYN/FIN]
  19. [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
  20. Ethernet II, Src: PFSENSE_MAC (PFSENSE_MAC), Dst: KVM_HOST_MAC (KVM_HOST_MAC)
  21. Destination: KVM_HOST_MAC (KVM_HOST_MAC)
  22. Address: KVM_HOST_MAC (KVM_HOST_MAC)
  23. .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
  24. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  25. Source: PFSENSE_MAC (PFSENSE_MAC)
  26. Address: PFSENSE_MAC (PFSENSE_MAC)
  27. .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
  28. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  29. Type: IPv4 (0x0800)
  30. Internet Protocol Version 4, Src: PFSENSE_PUBLIC_IP, Dst: 172.217.22.78
  31. 0100 .... = Version: 4
  32. .... 0101 = Header Length: 20 bytes (5)
  33. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  34. 0000 00.. = Differentiated Services Codepoint: Default (0)
  35. .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
  36. Total Length: 60
  37. Identification: 0x0000 (0)
  38. Flags: 0x4000, Don't fragment
  39. 0... .... .... .... = Reserved bit: Not set
  40. .1.. .... .... .... = Don't fragment: Set
  41. ..0. .... .... .... = More fragments: Not set
  42. ...0 0000 0000 0000 = Fragment offset: 0
  43. Time to live: 64
  44. Protocol: TCP (6)
  45. Header checksum: 0xb8cd [validation disabled]
  46. [Header checksum status: Unverified]
  47. Source: PFSENSE_PUBLIC_IP
  48. Destination: 172.217.22.78
  49. Transmission Control Protocol, Src Port: 22019, Dst Port: 443, Seq: 0, Len: 0
  50. Source Port: 22019
  51. Destination Port: 443
  52. [Stream index: 0]
  53. [TCP Segment Len: 0]
  54. Sequence number: 0 (relative sequence number)
  55. [Next sequence number: 0 (relative sequence number)]
  56. Acknowledgment number: 0
  57. 1010 .... = Header Length: 40 bytes (10)
  58. Flags: 0x002 (SYN)
  59. 000. .... .... = Reserved: Not set
  60. ...0 .... .... = Nonce: Not set
  61. .... 0... .... = Congestion Window Reduced (CWR): Not set
  62. .... .0.. .... = ECN-Echo: Not set
  63. .... ..0. .... = Urgent: Not set
  64. .... ...0 .... = Acknowledgment: Not set
  65. .... .... 0... = Push: Not set
  66. .... .... .0.. = Reset: Not set
  67. .... .... ..1. = Syn: Set
  68. [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 443]
  69. [Connection establish request (SYN): server port 443]
  70. [Severity level: Chat]
  71. [Group: Sequence]
  72. .... .... ...0 = Fin: Not set
  73. [TCP Flags: ··········S·]
  74. Window size value: 65228
  75. [Calculated window size: 65228]
  76. Checksum: 0x821d [unverified]
  77. [Checksum Status: Unverified]
  78. Urgent pointer: 0
  79. Options: (20 bytes), Maximum segment size, No-Operation (NOP), Window scale, SACK permitted, Timestamps
  80. TCP Option - Maximum segment size: 1460 bytes
  81. Kind: Maximum Segment Size (2)
  82. Length: 4
  83. MSS Value: 1460
  84. TCP Option - No-Operation (NOP)
  85. Kind: No-Operation (1)
  86. TCP Option - Window scale: 7 (multiply by 128)
  87. Kind: Window Scale (3)
  88. Length: 3
  89. Shift count: 7
  90. [Multiplier: 128]
  91. TCP Option - SACK permitted
  92. Kind: SACK Permitted (4)
  93. Length: 2
  94. TCP Option - Timestamps: TSval 14269633, TSecr 0
  95. Kind: Time Stamp Option (8)
  96. Length: 10
  97. Timestamp value: 14269633
  98. Timestamp echo reply: 0
  99. [Timestamps]
  100. [Time since first frame in this TCP stream: 0.000000000 seconds]
  101. [Time since previous frame in this TCP stream: 0.000000000 seconds]
  102.  
  103. No. Time Source Destination Protocol Length Info
  104. 36 6.205160 PFSENSE_PUBLIC_IP 172.217.22.78 TCP 74 22379 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=3863588204 TSecr=0 WS=128
  105.  
  106. Frame 36: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
  107. Encapsulation type: Ethernet (1)
  108. Arrival Time: Mar 28, 2020 18:02:52.392584000 CET
  109. [Time shift for this packet: 0.000000000 seconds]
  110. Epoch Time: 1585414972.392584000 seconds
  111. [Time delta from previous captured frame: 6.139376000 seconds]
  112. [Time delta from previous displayed frame: 6.205160000 seconds]
  113. [Time since reference or first frame: 6.205160000 seconds]
  114. Frame Number: 36
  115. Frame Length: 74 bytes (592 bits)
  116. Capture Length: 74 bytes (592 bits)
  117. [Frame is marked: False]
  118. [Frame is ignored: False]
  119. [Protocols in frame: eth:ethertype:ip:tcp]
  120. [Coloring Rule Name: TCP SYN/FIN]
  121. [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
  122. Ethernet II, Src: PFSENSE_MAC (PFSENSE_MAC), Dst: KVM_HOST_MAC (KVM_HOST_MAC)
  123. Destination: KVM_HOST_MAC (KVM_HOST_MAC)
  124. Address: KVM_HOST_MAC (KVM_HOST_MAC)
  125. .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
  126. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  127. Source: PFSENSE_MAC (PFSENSE_MAC)
  128. Address: PFSENSE_MAC (PFSENSE_MAC)
  129. .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
  130. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  131. Type: IPv4 (0x0800)
  132. Internet Protocol Version 4, Src: PFSENSE_PUBLIC_IP, Dst: 172.217.22.78
  133. 0100 .... = Version: 4
  134. .... 0101 = Header Length: 20 bytes (5)
  135. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  136. 0000 00.. = Differentiated Services Codepoint: Default (0)
  137. .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
  138. Total Length: 60
  139. Identification: 0x7ce0 (31968)
  140. Flags: 0x4000, Don't fragment
  141. 0... .... .... .... = Reserved bit: Not set
  142. .1.. .... .... .... = Don't fragment: Set
  143. ..0. .... .... .... = More fragments: Not set
  144. ...0 0000 0000 0000 = Fragment offset: 0
  145. Time to live: 63
  146. Protocol: TCP (6)
  147. Header checksum: 0x3ced [validation disabled]
  148. [Header checksum status: Unverified]
  149. Source: PFSENSE_PUBLIC_IP
  150. Destination: 172.217.22.78
  151. Transmission Control Protocol, Src Port: 22379, Dst Port: 443, Seq: 0, Len: 0
  152. Source Port: 22379
  153. Destination Port: 443
  154. [Stream index: 1]
  155. [TCP Segment Len: 0]
  156. Sequence number: 0 (relative sequence number)
  157. [Next sequence number: 0 (relative sequence number)]
  158. Acknowledgment number: 0
  159. 1010 .... = Header Length: 40 bytes (10)
  160. Flags: 0x002 (SYN)
  161. 000. .... .... = Reserved: Not set
  162. ...0 .... .... = Nonce: Not set
  163. .... 0... .... = Congestion Window Reduced (CWR): Not set
  164. .... .0.. .... = ECN-Echo: Not set
  165. .... ..0. .... = Urgent: Not set
  166. .... ...0 .... = Acknowledgment: Not set
  167. .... .... 0... = Push: Not set
  168. .... .... .0.. = Reset: Not set
  169. .... .... ..1. = Syn: Set
  170. [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 443]
  171. [Connection establish request (SYN): server port 443]
  172. [Severity level: Chat]
  173. [Group: Sequence]
  174. .... .... ...0 = Fin: Not set
  175. [TCP Flags: ··········S·]
  176. Window size value: 64240
  177. [Calculated window size: 64240]
  178. Checksum: 0x459d [unverified]
  179. [Checksum Status: Unverified]
  180. Urgent pointer: 0
  181. Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale
  182. TCP Option - Maximum segment size: 1460 bytes
  183. Kind: Maximum Segment Size (2)
  184. Length: 4
  185. MSS Value: 1460
  186. TCP Option - SACK permitted
  187. Kind: SACK Permitted (4)
  188. Length: 2
  189. TCP Option - Timestamps: TSval 3863588204, TSecr 0
  190. Kind: Time Stamp Option (8)
  191. Length: 10
  192. Timestamp value: 3863588204
  193. Timestamp echo reply: 0
  194. TCP Option - No-Operation (NOP)
  195. Kind: No-Operation (1)
  196. TCP Option - Window scale: 7 (multiply by 128)
  197. Kind: Window Scale (3)
  198. Length: 3
  199. Shift count: 7
  200. [Multiplier: 128]
  201. [Timestamps]
  202. [Time since first frame in this TCP stream: 0.000000000 seconds]
  203. [Time since previous frame in this TCP stream: 0.000000000 seconds]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!