API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 10th, 2020
398
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 29.22 KB | None | 0 0
raw download clone embed print report
  1. No. Time Source Destination Protocol Length Info
  2. 2600 30.950722 10.50.2.11 52.220.123.79 TCP 66 64410 → 22 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
  3.  
  4. Frame 2600: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{BFA1D2C4-2876-4CD1-9CD7-AE9AB38E7990}, id 0
  5. Interface id: 0 (\Device\NPF_{BFA1D2C4-2876-4CD1-9CD7-AE9AB38E7990})
  6. Interface name: \Device\NPF_{BFA1D2C4-2876-4CD1-9CD7-AE9AB38E7990}
  7. Interface description: Ethernet
  8. Encapsulation type: Ethernet (1)
  9. Arrival Time: Jun 10, 2020 11:44:16.379266000 Central Europe Daylight Time
  10. [Time shift for this packet: 0.000000000 seconds]
  11. Epoch Time: 1591782256.379266000 seconds
  12. [Time delta from previous captured frame: 0.000220000 seconds]
  13. [Time delta from previous displayed frame: 0.000000000 seconds]
  14. [Time since reference or first frame: 30.950722000 seconds]
  15. Frame Number: 2600
  16. Frame Length: 66 bytes (528 bits)
  17. Capture Length: 66 bytes (528 bits)
  18. [Frame is marked: False]
  19. [Frame is ignored: False]
  20. [Protocols in frame: eth:ethertype:ip:tcp]
  21. [Coloring Rule Name: TCP SYN/FIN]
  22. [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
  23. Ethernet II, Src: Microsof_b9:f0:1b (00:15:5d:b9:f0:1b), Dst: D-Link_3d:f2:62 (00:13:46:3d:f2:62)
  24. Destination: D-Link_3d:f2:62 (00:13:46:3d:f2:62)
  25. Address: D-Link_3d:f2:62 (00:13:46:3d:f2:62)
  26. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  27. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  28. Source: Microsof_b9:f0:1b (00:15:5d:b9:f0:1b)
  29. Address: Microsof_b9:f0:1b (00:15:5d:b9:f0:1b)
  30. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  31. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  32. Type: IPv4 (0x0800)
  33. Internet Protocol Version 4, Src: 10.50.2.11, Dst: 52.220.123.79
  34. 0100 .... = Version: 4
  35. .... 0101 = Header Length: 20 bytes (5)
  36. Differentiated Services Field: 0x02 (DSCP: CS0, ECN: ECT(0))
  37. 0000 00.. = Differentiated Services Codepoint: Default (0)
  38. .... ..10 = Explicit Congestion Notification: ECN-Capable Transport codepoint '10' (2)
  39. Total Length: 52
  40. Identification: 0x20c9 (8393)
  41. Flags: 0x4000, Don't fragment
  42. 0... .... .... .... = Reserved bit: Not set
  43. .1.. .... .... .... = Don't fragment: Set
  44. ..0. .... .... .... = More fragments: Not set
  45. Fragment offset: 0
  46. Time to live: 128
  47. Protocol: TCP (6)
  48. Header checksum: 0x0000 [validation disabled]
  49. [Header checksum status: Unverified]
  50. Source: 10.50.2.11
  51. Destination: 52.220.123.79
  52. Transmission Control Protocol, Src Port: 64410, Dst Port: 22, Seq: 0, Len: 0
  53. Source Port: 64410
  54. Destination Port: 22
  55. [Stream index: 44]
  56. [TCP Segment Len: 0]
  57. Sequence number: 0 (relative sequence number)
  58. Sequence number (raw): 1321280506
  59. [Next sequence number: 1 (relative sequence number)]
  60. Acknowledgment number: 0
  61. Acknowledgment number (raw): 0
  62. 1000 .... = Header Length: 32 bytes (8)
  63. Flags: 0x0c2 (SYN, ECN, CWR)
  64. 000. .... .... = Reserved: Not set
  65. ...0 .... .... = Nonce: Not set
  66. .... 1... .... = Congestion Window Reduced (CWR): Set
  67. .... .1.. .... = ECN-Echo: Set
  68. .... ..0. .... = Urgent: Not set
  69. .... ...0 .... = Acknowledgment: Not set
  70. .... .... 0... = Push: Not set
  71. .... .... .0.. = Reset: Not set
  72. .... .... ..1. = Syn: Set
  73. [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 22]
  74. [Connection establish request (SYN): server port 22]
  75. [Severity level: Chat]
  76. [Group: Sequence]
  77. .... .... ...0 = Fin: Not set
  78. [TCP Flags: ····CE····S·]
  79. Window size value: 8192
  80. [Calculated window size: 8192]
  81. Checksum: 0xbc8e [unverified]
  82. [Checksum Status: Unverified]
  83. Urgent pointer: 0
  84. Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
  85. TCP Option - Maximum segment size: 1460 bytes
  86. Kind: Maximum Segment Size (2)
  87. Length: 4
  88. MSS Value: 1460
  89. TCP Option - No-Operation (NOP)
  90. Kind: No-Operation (1)
  91. TCP Option - Window scale: 8 (multiply by 256)
  92. Kind: Window Scale (3)
  93. Length: 3
  94. Shift count: 8
  95. [Multiplier: 256]
  96. TCP Option - No-Operation (NOP)
  97. Kind: No-Operation (1)
  98. TCP Option - No-Operation (NOP)
  99. Kind: No-Operation (1)
  100. TCP Option - SACK permitted
  101. Kind: SACK Permitted (4)
  102. Length: 2
  103. [Timestamps]
  104. [Time since first frame in this TCP stream: 0.000000000 seconds]
  105. [Time since previous frame in this TCP stream: 0.000000000 seconds]
  106.  
  107. No. Time Source Destination Protocol Length Info
  108. 2647 31.213991 52.220.123.79 10.50.2.11 TCP 66 22 → 64410 [SYN, ACK] Seq=0 Ack=1 Win=26883 Len=0 MSS=1460 SACK_PERM=1 WS=128
  109.  
  110. Frame 2647: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{BFA1D2C4-2876-4CD1-9CD7-AE9AB38E7990}, id 0
  111. Interface id: 0 (\Device\NPF_{BFA1D2C4-2876-4CD1-9CD7-AE9AB38E7990})
  112. Interface name: \Device\NPF_{BFA1D2C4-2876-4CD1-9CD7-AE9AB38E7990}
  113. Interface description: Ethernet
  114. Encapsulation type: Ethernet (1)
  115. Arrival Time: Jun 10, 2020 11:44:16.642535000 Central Europe Daylight Time
  116. [Time shift for this packet: 0.000000000 seconds]
  117. Epoch Time: 1591782256.642535000 seconds
  118. [Time delta from previous captured frame: 0.019383000 seconds]
  119. [Time delta from previous displayed frame: 0.263269000 seconds]
  120. [Time since reference or first frame: 31.213991000 seconds]
  121. Frame Number: 2647
  122. Frame Length: 66 bytes (528 bits)
  123. Capture Length: 66 bytes (528 bits)
  124. [Frame is marked: False]
  125. [Frame is ignored: False]
  126. [Protocols in frame: eth:ethertype:ip:tcp]
  127. [Coloring Rule Name: TCP SYN/FIN]
  128. [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
  129. Ethernet II, Src: D-Link_3d:f2:62 (00:13:46:3d:f2:62), Dst: Microsof_b9:f0:1b (00:15:5d:b9:f0:1b)
  130. Destination: Microsof_b9:f0:1b (00:15:5d:b9:f0:1b)
  131. Address: Microsof_b9:f0:1b (00:15:5d:b9:f0:1b)
  132. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  133. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  134. Source: D-Link_3d:f2:62 (00:13:46:3d:f2:62)
  135. Address: D-Link_3d:f2:62 (00:13:46:3d:f2:62)
  136. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  137. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  138. Type: IPv4 (0x0800)
  139. Internet Protocol Version 4, Src: 52.220.123.79, Dst: 10.50.2.11
  140. 0100 .... = Version: 4
  141. .... 0101 = Header Length: 20 bytes (5)
  142. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  143. 0000 00.. = Differentiated Services Codepoint: Default (0)
  144. .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
  145. Total Length: 52
  146. Identification: 0x0000 (0)
  147. Flags: 0x0000
  148. 0... .... .... .... = Reserved bit: Not set
  149. .0.. .... .... .... = Don't fragment: Not set
  150. ..0. .... .... .... = More fragments: Not set
  151. Fragment offset: 0
  152. Time to live: 232
  153. Protocol: TCP (6)
  154. Header checksum: 0x165c [validation disabled]
  155. [Header checksum status: Unverified]
  156. Source: 52.220.123.79
  157. Destination: 10.50.2.11
  158. Transmission Control Protocol, Src Port: 22, Dst Port: 64410, Seq: 0, Ack: 1, Len: 0
  159. Source Port: 22
  160. Destination Port: 64410
  161. [Stream index: 44]
  162. [TCP Segment Len: 0]
  163. Sequence number: 0 (relative sequence number)
  164. Sequence number (raw): 267729426
  165. [Next sequence number: 1 (relative sequence number)]
  166. Acknowledgment number: 1 (relative ack number)
  167. Acknowledgment number (raw): 1321280507
  168. 1000 .... = Header Length: 32 bytes (8)
  169. Flags: 0x012 (SYN, ACK)
  170. 000. .... .... = Reserved: Not set
  171. ...0 .... .... = Nonce: Not set
  172. .... 0... .... = Congestion Window Reduced (CWR): Not set
  173. .... .0.. .... = ECN-Echo: Not set
  174. .... ..0. .... = Urgent: Not set
  175. .... ...1 .... = Acknowledgment: Set
  176. .... .... 0... = Push: Not set
  177. .... .... .0.. = Reset: Not set
  178. .... .... ..1. = Syn: Set
  179. [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port 22]
  180. [Connection establish acknowledge (SYN+ACK): server port 22]
  181. [Severity level: Chat]
  182. [Group: Sequence]
  183. .... .... ...0 = Fin: Not set
  184. [TCP Flags: ·······A··S·]
  185. Window size value: 26883
  186. [Calculated window size: 26883]
  187. Checksum: 0x9121 [unverified]
  188. [Checksum Status: Unverified]
  189. Urgent pointer: 0
  190. Options: (12 bytes), Maximum segment size, No-Operation (NOP), No-Operation (NOP), SACK permitted, No-Operation (NOP), Window scale
  191. TCP Option - Maximum segment size: 1460 bytes
  192. Kind: Maximum Segment Size (2)
  193. Length: 4
  194. MSS Value: 1460
  195. TCP Option - No-Operation (NOP)
  196. Kind: No-Operation (1)
  197. TCP Option - No-Operation (NOP)
  198. Kind: No-Operation (1)
  199. TCP Option - SACK permitted
  200. Kind: SACK Permitted (4)
  201. Length: 2
  202. TCP Option - No-Operation (NOP)
  203. Kind: No-Operation (1)
  204. TCP Option - Window scale: 7 (multiply by 128)
  205. Kind: Window Scale (3)
  206. Length: 3
  207. Shift count: 7
  208. [Multiplier: 128]
  209. [SEQ/ACK analysis]
  210. [This is an ACK to the segment in frame: 2600]
  211. [The RTT to ACK the segment was: 0.263269000 seconds]
  212. [Timestamps]
  213. [Time since first frame in this TCP stream: 0.263269000 seconds]
  214. [Time since previous frame in this TCP stream: 0.263269000 seconds]
  215.  
  216. No. Time Source Destination Protocol Length Info
  217. 2648 31.214009 10.50.2.11 52.220.123.79 TCP 54 64410 → 22 [RST] Seq=1 Win=0 Len=0
  218.  
  219. Frame 2648: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{BFA1D2C4-2876-4CD1-9CD7-AE9AB38E7990}, id 0
  220. Interface id: 0 (\Device\NPF_{BFA1D2C4-2876-4CD1-9CD7-AE9AB38E7990})
  221. Interface name: \Device\NPF_{BFA1D2C4-2876-4CD1-9CD7-AE9AB38E7990}
  222. Interface description: Ethernet
  223. Encapsulation type: Ethernet (1)
  224. Arrival Time: Jun 10, 2020 11:44:16.642553000 Central Europe Daylight Time
  225. [Time shift for this packet: 0.000000000 seconds]
  226. Epoch Time: 1591782256.642553000 seconds
  227. [Time delta from previous captured frame: 0.000018000 seconds]
  228. [Time delta from previous displayed frame: 0.000018000 seconds]
  229. [Time since reference or first frame: 31.214009000 seconds]
  230. Frame Number: 2648
  231. Frame Length: 54 bytes (432 bits)
  232. Capture Length: 54 bytes (432 bits)
  233. [Frame is marked: False]
  234. [Frame is ignored: False]
  235. [Protocols in frame: eth:ethertype:ip:tcp]
  236. [Coloring Rule Name: TCP RST]
  237. [Coloring Rule String: tcp.flags.reset eq 1]
  238. Ethernet II, Src: Microsof_b9:f0:1b (00:15:5d:b9:f0:1b), Dst: D-Link_3d:f2:62 (00:13:46:3d:f2:62)
  239. Destination: D-Link_3d:f2:62 (00:13:46:3d:f2:62)
  240. Address: D-Link_3d:f2:62 (00:13:46:3d:f2:62)
  241. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  242. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  243. Source: Microsof_b9:f0:1b (00:15:5d:b9:f0:1b)
  244. Address: Microsof_b9:f0:1b (00:15:5d:b9:f0:1b)
  245. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  246. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  247. Type: IPv4 (0x0800)
  248. Internet Protocol Version 4, Src: 10.50.2.11, Dst: 52.220.123.79
  249. 0100 .... = Version: 4
  250. .... 0101 = Header Length: 20 bytes (5)
  251. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  252. 0000 00.. = Differentiated Services Codepoint: Default (0)
  253. .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
  254. Total Length: 40
  255. Identification: 0x20ca (8394)
  256. Flags: 0x4000, Don't fragment
  257. 0... .... .... .... = Reserved bit: Not set
  258. .1.. .... .... .... = Don't fragment: Set
  259. ..0. .... .... .... = More fragments: Not set
  260. Fragment offset: 0
  261. Time to live: 128
  262. Protocol: TCP (6)
  263. Header checksum: 0x0000 [validation disabled]
  264. [Header checksum status: Unverified]
  265. Source: 10.50.2.11
  266. Destination: 52.220.123.79
  267. Transmission Control Protocol, Src Port: 64410, Dst Port: 22, Seq: 1, Len: 0
  268. Source Port: 64410
  269. Destination Port: 22
  270. [Stream index: 44]
  271. [TCP Segment Len: 0]
  272. Sequence number: 1 (relative sequence number)
  273. Sequence number (raw): 1321280507
  274. [Next sequence number: 1 (relative sequence number)]
  275. Acknowledgment number: 1321280507
  276. [Expert Info (Note/Protocol): The acknowledgment number field is nonzero while the ACK flag is not set]
  277. [The acknowledgment number field is nonzero while the ACK flag is not set]
  278. [Severity level: Note]
  279. [Group: Protocol]
  280. Acknowledgment number (raw): 1321280507
  281. 0101 .... = Header Length: 20 bytes (5)
  282. Flags: 0x004 (RST)
  283. 000. .... .... = Reserved: Not set
  284. ...0 .... .... = Nonce: Not set
  285. .... 0... .... = Congestion Window Reduced (CWR): Not set
  286. .... .0.. .... = ECN-Echo: Not set
  287. .... ..0. .... = Urgent: Not set
  288. .... ...0 .... = Acknowledgment: Not set
  289. .... .... 0... = Push: Not set
  290. .... .... .1.. = Reset: Set
  291. [Expert Info (Warning/Sequence): Connection reset (RST)]
  292. [Connection reset (RST)]
  293. [Severity level: Warning]
  294. [Group: Sequence]
  295. .... .... ..0. = Syn: Not set
  296. .... .... ...0 = Fin: Not set
  297. [TCP Flags: ·········R··]
  298. Window size value: 0
  299. [Calculated window size: 0]
  300. [Window size scaling factor: 256]
  301. Checksum: 0xbc82 [unverified]
  302. [Checksum Status: Unverified]
  303. Urgent pointer: 0
  304. [Timestamps]
  305. [Time since first frame in this TCP stream: 0.263287000 seconds]
  306. [Time since previous frame in this TCP stream: 0.000018000 seconds]
  307.  
  308. No. Time Source Destination Protocol Length Info
  309. 35938 211.569592 10.50.2.11 195.144.107.198 TCP 66 64431 → 22 [SYN, ECN, CWR] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
  310.  
  311. Frame 35938: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{BFA1D2C4-2876-4CD1-9CD7-AE9AB38E7990}, id 0
  312. Interface id: 0 (\Device\NPF_{BFA1D2C4-2876-4CD1-9CD7-AE9AB38E7990})
  313. Interface name: \Device\NPF_{BFA1D2C4-2876-4CD1-9CD7-AE9AB38E7990}
  314. Interface description: Ethernet
  315. Encapsulation type: Ethernet (1)
  316. Arrival Time: Jun 10, 2020 11:47:16.998136000 Central Europe Daylight Time
  317. [Time shift for this packet: 0.000000000 seconds]
  318. Epoch Time: 1591782436.998136000 seconds
  319. [Time delta from previous captured frame: 0.000007000 seconds]
  320. [Time delta from previous displayed frame: 180.355583000 seconds]
  321. [Time since reference or first frame: 211.569592000 seconds]
  322. Frame Number: 35938
  323. Frame Length: 66 bytes (528 bits)
  324. Capture Length: 66 bytes (528 bits)
  325. [Frame is marked: False]
  326. [Frame is ignored: False]
  327. [Protocols in frame: eth:ethertype:ip:tcp]
  328. [Coloring Rule Name: TCP SYN/FIN]
  329. [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
  330. Ethernet II, Src: Microsof_b9:f0:1b (00:15:5d:b9:f0:1b), Dst: D-Link_3d:f2:62 (00:13:46:3d:f2:62)
  331. Destination: D-Link_3d:f2:62 (00:13:46:3d:f2:62)
  332. Address: D-Link_3d:f2:62 (00:13:46:3d:f2:62)
  333. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  334. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  335. Source: Microsof_b9:f0:1b (00:15:5d:b9:f0:1b)
  336. Address: Microsof_b9:f0:1b (00:15:5d:b9:f0:1b)
  337. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  338. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  339. Type: IPv4 (0x0800)
  340. Internet Protocol Version 4, Src: 10.50.2.11, Dst: 195.144.107.198
  341. 0100 .... = Version: 4
  342. .... 0101 = Header Length: 20 bytes (5)
  343. Differentiated Services Field: 0x02 (DSCP: CS0, ECN: ECT(0))
  344. 0000 00.. = Differentiated Services Codepoint: Default (0)
  345. .... ..10 = Explicit Congestion Notification: ECN-Capable Transport codepoint '10' (2)
  346. Total Length: 52
  347. Identification: 0x0092 (146)
  348. Flags: 0x4000, Don't fragment
  349. 0... .... .... .... = Reserved bit: Not set
  350. .1.. .... .... .... = Don't fragment: Set
  351. ..0. .... .... .... = More fragments: Not set
  352. Fragment offset: 0
  353. Time to live: 128
  354. Protocol: TCP (6)
  355. Header checksum: 0x0000 [validation disabled]
  356. [Header checksum status: Unverified]
  357. Source: 10.50.2.11
  358. Destination: 195.144.107.198
  359. Transmission Control Protocol, Src Port: 64431, Dst Port: 22, Seq: 0, Len: 0
  360. Source Port: 64431
  361. Destination Port: 22
  362. [Stream index: 102]
  363. [TCP Segment Len: 0]
  364. Sequence number: 0 (relative sequence number)
  365. Sequence number (raw): 3494354065
  366. [Next sequence number: 1 (relative sequence number)]
  367. Acknowledgment number: 0
  368. Acknowledgment number (raw): 0
  369. 1000 .... = Header Length: 32 bytes (8)
  370. Flags: 0x0c2 (SYN, ECN, CWR)
  371. 000. .... .... = Reserved: Not set
  372. ...0 .... .... = Nonce: Not set
  373. .... 1... .... = Congestion Window Reduced (CWR): Set
  374. .... .1.. .... = ECN-Echo: Set
  375. .... ..0. .... = Urgent: Not set
  376. .... ...0 .... = Acknowledgment: Not set
  377. .... .... 0... = Push: Not set
  378. .... .... .0.. = Reset: Not set
  379. .... .... ..1. = Syn: Set
  380. [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 22]
  381. [Connection establish request (SYN): server port 22]
  382. [Severity level: Chat]
  383. [Group: Sequence]
  384. .... .... ...0 = Fin: Not set
  385. [TCP Flags: ····CE····S·]
  386. Window size value: 8192
  387. [Calculated window size: 8192]
  388. Checksum: 0x3bba [unverified]
  389. [Checksum Status: Unverified]
  390. Urgent pointer: 0
  391. Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
  392. TCP Option - Maximum segment size: 1460 bytes
  393. Kind: Maximum Segment Size (2)
  394. Length: 4
  395. MSS Value: 1460
  396. TCP Option - No-Operation (NOP)
  397. Kind: No-Operation (1)
  398. TCP Option - Window scale: 8 (multiply by 256)
  399. Kind: Window Scale (3)
  400. Length: 3
  401. Shift count: 8
  402. [Multiplier: 256]
  403. TCP Option - No-Operation (NOP)
  404. Kind: No-Operation (1)
  405. TCP Option - No-Operation (NOP)
  406. Kind: No-Operation (1)
  407. TCP Option - SACK permitted
  408. Kind: SACK Permitted (4)
  409. Length: 2
  410. [Timestamps]
  411. [Time since first frame in this TCP stream: 0.000000000 seconds]
  412. [Time since previous frame in this TCP stream: 0.000000000 seconds]
  413.  
  414. No. Time Source Destination Protocol Length Info
  415. 35983 211.588596 195.144.107.198 10.50.2.11 TCP 66 22 → 64431 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
  416.  
  417. Frame 35983: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface \Device\NPF_{BFA1D2C4-2876-4CD1-9CD7-AE9AB38E7990}, id 0
  418. Interface id: 0 (\Device\NPF_{BFA1D2C4-2876-4CD1-9CD7-AE9AB38E7990})
  419. Interface name: \Device\NPF_{BFA1D2C4-2876-4CD1-9CD7-AE9AB38E7990}
  420. Interface description: Ethernet
  421. Encapsulation type: Ethernet (1)
  422. Arrival Time: Jun 10, 2020 11:47:17.017140000 Central Europe Daylight Time
  423. [Time shift for this packet: 0.000000000 seconds]
  424. Epoch Time: 1591782437.017140000 seconds
  425. [Time delta from previous captured frame: 0.006630000 seconds]
  426. [Time delta from previous displayed frame: 0.019004000 seconds]
  427. [Time since reference or first frame: 211.588596000 seconds]
  428. Frame Number: 35983
  429. Frame Length: 66 bytes (528 bits)
  430. Capture Length: 66 bytes (528 bits)
  431. [Frame is marked: False]
  432. [Frame is ignored: False]
  433. [Protocols in frame: eth:ethertype:ip:tcp]
  434. [Coloring Rule Name: TCP SYN/FIN]
  435. [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
  436. Ethernet II, Src: D-Link_3d:f2:62 (00:13:46:3d:f2:62), Dst: Microsof_b9:f0:1b (00:15:5d:b9:f0:1b)
  437. Destination: Microsof_b9:f0:1b (00:15:5d:b9:f0:1b)
  438. Address: Microsof_b9:f0:1b (00:15:5d:b9:f0:1b)
  439. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  440. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  441. Source: D-Link_3d:f2:62 (00:13:46:3d:f2:62)
  442. Address: D-Link_3d:f2:62 (00:13:46:3d:f2:62)
  443. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  444. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  445. Type: IPv4 (0x0800)
  446. Internet Protocol Version 4, Src: 195.144.107.198, Dst: 10.50.2.11
  447. 0100 .... = Version: 4
  448. .... 0101 = Header Length: 20 bytes (5)
  449. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  450. 0000 00.. = Differentiated Services Codepoint: Default (0)
  451. .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
  452. Total Length: 52
  453. Identification: 0x5dc3 (24003)
  454. Flags: 0x0000
  455. 0... .... .... .... = Reserved bit: Not set
  456. .0.. .... .... .... = Don't fragment: Not set
  457. ..0. .... .... .... = More fragments: Not set
  458. Fragment offset: 0
  459. Time to live: 118
  460. Protocol: TCP (6)
  461. Header checksum: 0xab6d [validation disabled]
  462. [Header checksum status: Unverified]
  463. Source: 195.144.107.198
  464. Destination: 10.50.2.11
  465. Transmission Control Protocol, Src Port: 22, Dst Port: 64431, Seq: 0, Ack: 1, Len: 0
  466. Source Port: 22
  467. Destination Port: 64431
  468. [Stream index: 102]
  469. [TCP Segment Len: 0]
  470. Sequence number: 0 (relative sequence number)
  471. Sequence number (raw): 2325046377
  472. [Next sequence number: 1 (relative sequence number)]
  473. Acknowledgment number: 1 (relative ack number)
  474. Acknowledgment number (raw): 3494354066
  475. 1000 .... = Header Length: 32 bytes (8)
  476. Flags: 0x012 (SYN, ACK)
  477. 000. .... .... = Reserved: Not set
  478. ...0 .... .... = Nonce: Not set
  479. .... 0... .... = Congestion Window Reduced (CWR): Not set
  480. .... .0.. .... = ECN-Echo: Not set
  481. .... ..0. .... = Urgent: Not set
  482. .... ...1 .... = Acknowledgment: Set
  483. .... .... 0... = Push: Not set
  484. .... .... .0.. = Reset: Not set
  485. .... .... ..1. = Syn: Set
  486. [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port 22]
  487. [Connection establish acknowledge (SYN+ACK): server port 22]
  488. [Severity level: Chat]
  489. [Group: Sequence]
  490. .... .... ...0 = Fin: Not set
  491. [TCP Flags: ·······A··S·]
  492. Window size value: 8192
  493. [Calculated window size: 8192]
  494. Checksum: 0xbbcd [unverified]
  495. [Checksum Status: Unverified]
  496. Urgent pointer: 0
  497. Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
  498. TCP Option - Maximum segment size: 1460 bytes
  499. Kind: Maximum Segment Size (2)
  500. Length: 4
  501. MSS Value: 1460
  502. TCP Option - No-Operation (NOP)
  503. Kind: No-Operation (1)
  504. TCP Option - Window scale: 8 (multiply by 256)
  505. Kind: Window Scale (3)
  506. Length: 3
  507. Shift count: 8
  508. [Multiplier: 256]
  509. TCP Option - No-Operation (NOP)
  510. Kind: No-Operation (1)
  511. TCP Option - No-Operation (NOP)
  512. Kind: No-Operation (1)
  513. TCP Option - SACK permitted
  514. Kind: SACK Permitted (4)
  515. Length: 2
  516. [SEQ/ACK analysis]
  517. [This is an ACK to the segment in frame: 35938]
  518. [The RTT to ACK the segment was: 0.019004000 seconds]
  519. [iRTT: 0.019034000 seconds]
  520. [Timestamps]
  521. [Time since first frame in this TCP stream: 0.019004000 seconds]
  522. [Time since previous frame in this TCP stream: 0.019004000 seconds]
  523.  
  524. No. Time Source Destination Protocol Length Info
  525. 35984 211.588626 10.50.2.11 195.144.107.198 TCP 54 64431 → 22 [ACK] Seq=1 Ack=1 Win=65536 Len=0
  526.  
  527. Frame 35984: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface \Device\NPF_{BFA1D2C4-2876-4CD1-9CD7-AE9AB38E7990}, id 0
  528. Interface id: 0 (\Device\NPF_{BFA1D2C4-2876-4CD1-9CD7-AE9AB38E7990})
  529. Interface name: \Device\NPF_{BFA1D2C4-2876-4CD1-9CD7-AE9AB38E7990}
  530. Interface description: Ethernet
  531. Encapsulation type: Ethernet (1)
  532. Arrival Time: Jun 10, 2020 11:47:17.017170000 Central Europe Daylight Time
  533. [Time shift for this packet: 0.000000000 seconds]
  534. Epoch Time: 1591782437.017170000 seconds
  535. [Time delta from previous captured frame: 0.000030000 seconds]
  536. [Time delta from previous displayed frame: 0.000030000 seconds]
  537. [Time since reference or first frame: 211.588626000 seconds]
  538. Frame Number: 35984
  539. Frame Length: 54 bytes (432 bits)
  540. Capture Length: 54 bytes (432 bits)
  541. [Frame is marked: False]
  542. [Frame is ignored: False]
  543. [Protocols in frame: eth:ethertype:ip:tcp]
  544. [Coloring Rule Name: TCP]
  545. [Coloring Rule String: tcp]
  546. Ethernet II, Src: Microsof_b9:f0:1b (00:15:5d:b9:f0:1b), Dst: D-Link_3d:f2:62 (00:13:46:3d:f2:62)
  547. Destination: D-Link_3d:f2:62 (00:13:46:3d:f2:62)
  548. Address: D-Link_3d:f2:62 (00:13:46:3d:f2:62)
  549. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  550. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  551. Source: Microsof_b9:f0:1b (00:15:5d:b9:f0:1b)
  552. Address: Microsof_b9:f0:1b (00:15:5d:b9:f0:1b)
  553. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  554. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  555. Type: IPv4 (0x0800)
  556. Internet Protocol Version 4, Src: 10.50.2.11, Dst: 195.144.107.198
  557. 0100 .... = Version: 4
  558. .... 0101 = Header Length: 20 bytes (5)
  559. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  560. 0000 00.. = Differentiated Services Codepoint: Default (0)
  561. .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
  562. Total Length: 40
  563. Identification: 0x0093 (147)
  564. Flags: 0x4000, Don't fragment
  565. 0... .... .... .... = Reserved bit: Not set
  566. .1.. .... .... .... = Don't fragment: Set
  567. ..0. .... .... .... = More fragments: Not set
  568. Fragment offset: 0
  569. Time to live: 128
  570. Protocol: TCP (6)
  571. Header checksum: 0x0000 [validation disabled]
  572. [Header checksum status: Unverified]
  573. Source: 10.50.2.11
  574. Destination: 195.144.107.198
  575. Transmission Control Protocol, Src Port: 64431, Dst Port: 22, Seq: 1, Ack: 1, Len: 0
  576. Source Port: 64431
  577. Destination Port: 22
  578. [Stream index: 102]
  579. [TCP Segment Len: 0]
  580. Sequence number: 1 (relative sequence number)
  581. Sequence number (raw): 3494354066
  582. [Next sequence number: 1 (relative sequence number)]
  583. Acknowledgment number: 1 (relative ack number)
  584. Acknowledgment number (raw): 2325046378
  585. 0101 .... = Header Length: 20 bytes (5)
  586. Flags: 0x010 (ACK)
  587. 000. .... .... = Reserved: Not set
  588. ...0 .... .... = Nonce: Not set
  589. .... 0... .... = Congestion Window Reduced (CWR): Not set
  590. .... .0.. .... = ECN-Echo: Not set
  591. .... ..0. .... = Urgent: Not set
  592. .... ...1 .... = Acknowledgment: Set
  593. .... .... 0... = Push: Not set
  594. .... .... .0.. = Reset: Not set
  595. .... .... ..0. = Syn: Not set
  596. .... .... ...0 = Fin: Not set
  597. [TCP Flags: ·······A····]
  598. Window size value: 256
  599. [Calculated window size: 65536]
  600. [Window size scaling factor: 256]
  601. Checksum: 0x3bae [unverified]
  602. [Checksum Status: Unverified]
  603. Urgent pointer: 0
  604. [SEQ/ACK analysis]
  605. [This is an ACK to the segment in frame: 35983]
  606. [The RTT to ACK the segment was: 0.000030000 seconds]
  607. [iRTT: 0.019034000 seconds]
  608. [Timestamps]
  609. [Time since first frame in this TCP stream: 0.019034000 seconds]
  610. [Time since previous frame in this TCP stream: 0.000030000 seconds]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!