Advertisement
Guest User

One got conntracked, one didn't

a guest
Mar 28th, 2020
298
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.46 KB | None | 0 0
  1. No. Time Source Destination Protocol Length Info
  2. 1 0.000000 PFSENSE_PUBLIC_IP 172.217.22.78 TCP 74 22019 → 443 [SYN] Seq=0 Win=65228 Len=0 MSS=1460 WS=128 SACK_PERM=1 TSval=14269633 TSecr=0
  3.  
  4. Frame 1: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
  5. Encapsulation type: Ethernet (1)
  6. Arrival Time: Mar 28, 2020 18:02:46.187424000 CET
  7. [Time shift for this packet: 0.000000000 seconds]
  8. Epoch Time: 1585414966.187424000 seconds
  9. [Time delta from previous captured frame: 0.000000000 seconds]
  10. [Time delta from previous displayed frame: 0.000000000 seconds]
  11. [Time since reference or first frame: 0.000000000 seconds]
  12. Frame Number: 1
  13. Frame Length: 74 bytes (592 bits)
  14. Capture Length: 74 bytes (592 bits)
  15. [Frame is marked: True]
  16. [Frame is ignored: False]
  17. [Protocols in frame: eth:ethertype:ip:tcp]
  18. [Coloring Rule Name: TCP SYN/FIN]
  19. [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
  20. Ethernet II, Src: PFSENSE_MAC (PFSENSE_MAC), Dst: KVM_HOST_MAC (KVM_HOST_MAC)
  21. Destination: KVM_HOST_MAC (KVM_HOST_MAC)
  22. Address: KVM_HOST_MAC (KVM_HOST_MAC)
  23. .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
  24. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  25. Source: PFSENSE_MAC (PFSENSE_MAC)
  26. Address: PFSENSE_MAC (PFSENSE_MAC)
  27. .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
  28. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  29. Type: IPv4 (0x0800)
  30. Internet Protocol Version 4, Src: PFSENSE_PUBLIC_IP, Dst: 172.217.22.78
  31. 0100 .... = Version: 4
  32. .... 0101 = Header Length: 20 bytes (5)
  33. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  34. 0000 00.. = Differentiated Services Codepoint: Default (0)
  35. .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
  36. Total Length: 60
  37. Identification: 0x0000 (0)
  38. Flags: 0x4000, Don't fragment
  39. 0... .... .... .... = Reserved bit: Not set
  40. .1.. .... .... .... = Don't fragment: Set
  41. ..0. .... .... .... = More fragments: Not set
  42. ...0 0000 0000 0000 = Fragment offset: 0
  43. Time to live: 64
  44. Protocol: TCP (6)
  45. Header checksum: 0xb8cd [validation disabled]
  46. [Header checksum status: Unverified]
  47. Source: PFSENSE_PUBLIC_IP
  48. Destination: 172.217.22.78
  49. Transmission Control Protocol, Src Port: 22019, Dst Port: 443, Seq: 0, Len: 0
  50. Source Port: 22019
  51. Destination Port: 443
  52. [Stream index: 0]
  53. [TCP Segment Len: 0]
  54. Sequence number: 0 (relative sequence number)
  55. [Next sequence number: 0 (relative sequence number)]
  56. Acknowledgment number: 0
  57. 1010 .... = Header Length: 40 bytes (10)
  58. Flags: 0x002 (SYN)
  59. 000. .... .... = Reserved: Not set
  60. ...0 .... .... = Nonce: Not set
  61. .... 0... .... = Congestion Window Reduced (CWR): Not set
  62. .... .0.. .... = ECN-Echo: Not set
  63. .... ..0. .... = Urgent: Not set
  64. .... ...0 .... = Acknowledgment: Not set
  65. .... .... 0... = Push: Not set
  66. .... .... .0.. = Reset: Not set
  67. .... .... ..1. = Syn: Set
  68. [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 443]
  69. [Connection establish request (SYN): server port 443]
  70. [Severity level: Chat]
  71. [Group: Sequence]
  72. .... .... ...0 = Fin: Not set
  73. [TCP Flags: ··········S·]
  74. Window size value: 65228
  75. [Calculated window size: 65228]
  76. Checksum: 0x821d [unverified]
  77. [Checksum Status: Unverified]
  78. Urgent pointer: 0
  79. Options: (20 bytes), Maximum segment size, No-Operation (NOP), Window scale, SACK permitted, Timestamps
  80. TCP Option - Maximum segment size: 1460 bytes
  81. Kind: Maximum Segment Size (2)
  82. Length: 4
  83. MSS Value: 1460
  84. TCP Option - No-Operation (NOP)
  85. Kind: No-Operation (1)
  86. TCP Option - Window scale: 7 (multiply by 128)
  87. Kind: Window Scale (3)
  88. Length: 3
  89. Shift count: 7
  90. [Multiplier: 128]
  91. TCP Option - SACK permitted
  92. Kind: SACK Permitted (4)
  93. Length: 2
  94. TCP Option - Timestamps: TSval 14269633, TSecr 0
  95. Kind: Time Stamp Option (8)
  96. Length: 10
  97. Timestamp value: 14269633
  98. Timestamp echo reply: 0
  99. [Timestamps]
  100. [Time since first frame in this TCP stream: 0.000000000 seconds]
  101. [Time since previous frame in this TCP stream: 0.000000000 seconds]
  102.  
  103. No. Time Source Destination Protocol Length Info
  104. 36 6.205160 PFSENSE_PUBLIC_IP 172.217.22.78 TCP 74 22379 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=3863588204 TSecr=0 WS=128
  105.  
  106. Frame 36: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
  107. Encapsulation type: Ethernet (1)
  108. Arrival Time: Mar 28, 2020 18:02:52.392584000 CET
  109. [Time shift for this packet: 0.000000000 seconds]
  110. Epoch Time: 1585414972.392584000 seconds
  111. [Time delta from previous captured frame: 6.139376000 seconds]
  112. [Time delta from previous displayed frame: 6.205160000 seconds]
  113. [Time since reference or first frame: 6.205160000 seconds]
  114. Frame Number: 36
  115. Frame Length: 74 bytes (592 bits)
  116. Capture Length: 74 bytes (592 bits)
  117. [Frame is marked: False]
  118. [Frame is ignored: False]
  119. [Protocols in frame: eth:ethertype:ip:tcp]
  120. [Coloring Rule Name: TCP SYN/FIN]
  121. [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
  122. Ethernet II, Src: PFSENSE_MAC (PFSENSE_MAC), Dst: KVM_HOST_MAC (KVM_HOST_MAC)
  123. Destination: KVM_HOST_MAC (KVM_HOST_MAC)
  124. Address: KVM_HOST_MAC (KVM_HOST_MAC)
  125. .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
  126. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  127. Source: PFSENSE_MAC (PFSENSE_MAC)
  128. Address: PFSENSE_MAC (PFSENSE_MAC)
  129. .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
  130. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  131. Type: IPv4 (0x0800)
  132. Internet Protocol Version 4, Src: PFSENSE_PUBLIC_IP, Dst: 172.217.22.78
  133. 0100 .... = Version: 4
  134. .... 0101 = Header Length: 20 bytes (5)
  135. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  136. 0000 00.. = Differentiated Services Codepoint: Default (0)
  137. .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
  138. Total Length: 60
  139. Identification: 0x7ce0 (31968)
  140. Flags: 0x4000, Don't fragment
  141. 0... .... .... .... = Reserved bit: Not set
  142. .1.. .... .... .... = Don't fragment: Set
  143. ..0. .... .... .... = More fragments: Not set
  144. ...0 0000 0000 0000 = Fragment offset: 0
  145. Time to live: 63
  146. Protocol: TCP (6)
  147. Header checksum: 0x3ced [validation disabled]
  148. [Header checksum status: Unverified]
  149. Source: PFSENSE_PUBLIC_IP
  150. Destination: 172.217.22.78
  151. Transmission Control Protocol, Src Port: 22379, Dst Port: 443, Seq: 0, Len: 0
  152. Source Port: 22379
  153. Destination Port: 443
  154. [Stream index: 1]
  155. [TCP Segment Len: 0]
  156. Sequence number: 0 (relative sequence number)
  157. [Next sequence number: 0 (relative sequence number)]
  158. Acknowledgment number: 0
  159. 1010 .... = Header Length: 40 bytes (10)
  160. Flags: 0x002 (SYN)
  161. 000. .... .... = Reserved: Not set
  162. ...0 .... .... = Nonce: Not set
  163. .... 0... .... = Congestion Window Reduced (CWR): Not set
  164. .... .0.. .... = ECN-Echo: Not set
  165. .... ..0. .... = Urgent: Not set
  166. .... ...0 .... = Acknowledgment: Not set
  167. .... .... 0... = Push: Not set
  168. .... .... .0.. = Reset: Not set
  169. .... .... ..1. = Syn: Set
  170. [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 443]
  171. [Connection establish request (SYN): server port 443]
  172. [Severity level: Chat]
  173. [Group: Sequence]
  174. .... .... ...0 = Fin: Not set
  175. [TCP Flags: ··········S·]
  176. Window size value: 64240
  177. [Calculated window size: 64240]
  178. Checksum: 0x459d [unverified]
  179. [Checksum Status: Unverified]
  180. Urgent pointer: 0
  181. Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale
  182. TCP Option - Maximum segment size: 1460 bytes
  183. Kind: Maximum Segment Size (2)
  184. Length: 4
  185. MSS Value: 1460
  186. TCP Option - SACK permitted
  187. Kind: SACK Permitted (4)
  188. Length: 2
  189. TCP Option - Timestamps: TSval 3863588204, TSecr 0
  190. Kind: Time Stamp Option (8)
  191. Length: 10
  192. Timestamp value: 3863588204
  193. Timestamp echo reply: 0
  194. TCP Option - No-Operation (NOP)
  195. Kind: No-Operation (1)
  196. TCP Option - Window scale: 7 (multiply by 128)
  197. Kind: Window Scale (3)
  198. Length: 3
  199. Shift count: 7
  200. [Multiplier: 128]
  201. [Timestamps]
  202. [Time since first frame in this TCP stream: 0.000000000 seconds]
  203. [Time since previous frame in this TCP stream: 0.000000000 seconds]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement