API tools faq
paste
Advertisement
Guest User

ping + rdp GW 1.5 - ping OK - RDP fallito

a guest
Sep 16th, 2019
127
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 68.21 KB | None | 0 0
raw download clone embed print report
  1. No. Time Source Destination Protocol Length Info
  2. 1 0.000000 HewlettP_f4:5d:3e Broadcast ARP 60 Who has 10.0.6.99? Tell 10.0.6.77
  3.  
  4. Frame 1: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
  5. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  6. Encapsulation type: Ethernet (1)
  7. Arrival Time: Sep 16, 2019 10:59:30.737539000 ora legale Europa occidentale
  8. [Time shift for this packet: 0.000000000 seconds]
  9. Epoch Time: 1568624370.737539000 seconds
  10. [Time delta from previous captured frame: 0.000000000 seconds]
  11. [Time delta from previous displayed frame: 0.000000000 seconds]
  12. [Time since reference or first frame: 0.000000000 seconds]
  13. Frame Number: 1
  14. Frame Length: 60 bytes (480 bits)
  15. Capture Length: 60 bytes (480 bits)
  16. [Frame is marked: False]
  17. [Frame is ignored: False]
  18. [Protocols in frame: eth:ethertype:arp]
  19. [Coloring Rule Name: ARP]
  20. [Coloring Rule String: arp]
  21. Ethernet II, Src: HewlettP_f4:5d:3e (78:e7:d1:f4:5d:3e), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
  22. Destination: Broadcast (ff:ff:ff:ff:ff:ff)
  23. Address: Broadcast (ff:ff:ff:ff:ff:ff)
  24. .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
  25. .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
  26. Source: HewlettP_f4:5d:3e (78:e7:d1:f4:5d:3e)
  27. Address: HewlettP_f4:5d:3e (78:e7:d1:f4:5d:3e)
  28. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  29. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  30. Type: ARP (0x0806)
  31. Padding: 000000000000000000000000000000000000
  32. Address Resolution Protocol (request)
  33.  
  34. No. Time Source Destination Protocol Length Info
  35. 2 0.493393 10.0.1.37 10.0.6.77 ICMP 74 Echo (ping) request id=0x0001, seq=10064/20519, ttl=128 (reply in 3)
  36.  
  37. Frame 2: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface 0
  38. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  39. Encapsulation type: Ethernet (1)
  40. Arrival Time: Sep 16, 2019 10:59:31.230932000 ora legale Europa occidentale
  41. [Time shift for this packet: 0.000000000 seconds]
  42. Epoch Time: 1568624371.230932000 seconds
  43. [Time delta from previous captured frame: 0.493393000 seconds]
  44. [Time delta from previous displayed frame: 0.493393000 seconds]
  45. [Time since reference or first frame: 0.493393000 seconds]
  46. Frame Number: 2
  47. Frame Length: 74 bytes (592 bits)
  48. Capture Length: 74 bytes (592 bits)
  49. [Frame is marked: False]
  50. [Frame is ignored: False]
  51. [Protocols in frame: eth:ethertype:ip:icmp:data]
  52. [Coloring Rule Name: ICMP]
  53. [Coloring Rule String: icmp || icmpv6]
  54. Ethernet II, Src: HewlettP_33:67:b9 (34:64:a9:33:67:b9), Dst: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  55. Destination: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  56. Address: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  57. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  58. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  59. Source: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  60. Address: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  61. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  62. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  63. Type: IPv4 (0x0800)
  64. Internet Protocol Version 4, Src: 10.0.1.37, Dst: 10.0.6.77
  65. 0100 .... = Version: 4
  66. .... 0101 = Header Length: 20 bytes (5)
  67. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  68. Total Length: 60
  69. Identification: 0x5c88 (23688)
  70. Flags: 0x00
  71. Fragment offset: 0
  72. Time to live: 128
  73. Protocol: ICMP (1)
  74. Header checksum: 0xc2c7 [validation disabled]
  75. [Header checksum status: Unverified]
  76. Source: 10.0.1.37
  77. Destination: 10.0.6.77
  78. [Source GeoIP: Unknown]
  79. [Destination GeoIP: Unknown]
  80. Internet Control Message Protocol
  81. Type: 8 (Echo (ping) request)
  82. Code: 0
  83. Checksum: 0x260b [correct]
  84. [Checksum Status: Good]
  85. Identifier (BE): 1 (0x0001)
  86. Identifier (LE): 256 (0x0100)
  87. Sequence number (BE): 10064 (0x2750)
  88. Sequence number (LE): 20519 (0x5027)
  89. [Response frame: 3]
  90. Data (32 bytes)
  91.  
  92. 0000 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 abcdefghijklmnop
  93. 0010 71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi
  94. Data: 6162636465666768696a6b6c6d6e6f707172737475767761...
  95. [Length: 32]
  96.  
  97. No. Time Source Destination Protocol Length Info
  98. 3 0.503447 10.0.6.77 10.0.1.37 ICMP 74 Echo (ping) reply id=0x0001, seq=10064/20519, ttl=127 (request in 2)
  99.  
  100. Frame 3: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface 0
  101. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  102. Encapsulation type: Ethernet (1)
  103. Arrival Time: Sep 16, 2019 10:59:31.240986000 ora legale Europa occidentale
  104. [Time shift for this packet: 0.000000000 seconds]
  105. Epoch Time: 1568624371.240986000 seconds
  106. [Time delta from previous captured frame: 0.010054000 seconds]
  107. [Time delta from previous displayed frame: 0.010054000 seconds]
  108. [Time since reference or first frame: 0.503447000 seconds]
  109. Frame Number: 3
  110. Frame Length: 74 bytes (592 bits)
  111. Capture Length: 74 bytes (592 bits)
  112. [Frame is marked: False]
  113. [Frame is ignored: False]
  114. [Protocols in frame: eth:ethertype:ip:icmp:data]
  115. [Coloring Rule Name: ICMP]
  116. [Coloring Rule String: icmp || icmpv6]
  117. Ethernet II, Src: Routerbo_94:ed:f3 (00:0c:42:94:ed:f3), Dst: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  118. Destination: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  119. Address: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  120. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  121. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  122. Source: Routerbo_94:ed:f3 (00:0c:42:94:ed:f3)
  123. Address: Routerbo_94:ed:f3 (00:0c:42:94:ed:f3)
  124. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  125. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  126. Type: IPv4 (0x0800)
  127. Internet Protocol Version 4, Src: 10.0.6.77, Dst: 10.0.1.37
  128. 0100 .... = Version: 4
  129. .... 0101 = Header Length: 20 bytes (5)
  130. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  131. Total Length: 60
  132. Identification: 0x2a65 (10853)
  133. Flags: 0x00
  134. Fragment offset: 0
  135. Time to live: 127
  136. Protocol: ICMP (1)
  137. Header checksum: 0xf5ea [validation disabled]
  138. [Header checksum status: Unverified]
  139. Source: 10.0.6.77
  140. Destination: 10.0.1.37
  141. [Source GeoIP: Unknown]
  142. [Destination GeoIP: Unknown]
  143. Internet Control Message Protocol
  144. Type: 0 (Echo (ping) reply)
  145. Code: 0
  146. Checksum: 0x2e0b [correct]
  147. [Checksum Status: Good]
  148. Identifier (BE): 1 (0x0001)
  149. Identifier (LE): 256 (0x0100)
  150. Sequence number (BE): 10064 (0x2750)
  151. Sequence number (LE): 20519 (0x5027)
  152. [Request frame: 2]
  153. [Response time: 10.054 ms]
  154. Data (32 bytes)
  155.  
  156. 0000 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 abcdefghijklmnop
  157. 0010 71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi
  158. Data: 6162636465666768696a6b6c6d6e6f707172737475767761...
  159. [Length: 32]
  160.  
  161. No. Time Source Destination Protocol Length Info
  162. 4 0.897774 HewlettP_f4:5d:3e Broadcast ARP 60 Who has 10.0.6.99? Tell 10.0.6.77
  163.  
  164. Frame 4: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
  165. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  166. Encapsulation type: Ethernet (1)
  167. Arrival Time: Sep 16, 2019 10:59:31.635313000 ora legale Europa occidentale
  168. [Time shift for this packet: 0.000000000 seconds]
  169. Epoch Time: 1568624371.635313000 seconds
  170. [Time delta from previous captured frame: 0.394327000 seconds]
  171. [Time delta from previous displayed frame: 0.394327000 seconds]
  172. [Time since reference or first frame: 0.897774000 seconds]
  173. Frame Number: 4
  174. Frame Length: 60 bytes (480 bits)
  175. Capture Length: 60 bytes (480 bits)
  176. [Frame is marked: False]
  177. [Frame is ignored: False]
  178. [Protocols in frame: eth:ethertype:arp]
  179. [Coloring Rule Name: ARP]
  180. [Coloring Rule String: arp]
  181. Ethernet II, Src: HewlettP_f4:5d:3e (78:e7:d1:f4:5d:3e), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
  182. Destination: Broadcast (ff:ff:ff:ff:ff:ff)
  183. Address: Broadcast (ff:ff:ff:ff:ff:ff)
  184. .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
  185. .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
  186. Source: HewlettP_f4:5d:3e (78:e7:d1:f4:5d:3e)
  187. Address: HewlettP_f4:5d:3e (78:e7:d1:f4:5d:3e)
  188. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  189. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  190. Type: ARP (0x0806)
  191. Padding: 000000000000000000000000000000000000
  192. Address Resolution Protocol (request)
  193.  
  194. No. Time Source Destination Protocol Length Info
  195. 5 1.494286 10.0.1.37 10.0.6.77 ICMP 74 Echo (ping) request id=0x0001, seq=10065/20775, ttl=128 (reply in 6)
  196.  
  197. Frame 5: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface 0
  198. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  199. Encapsulation type: Ethernet (1)
  200. Arrival Time: Sep 16, 2019 10:59:32.231825000 ora legale Europa occidentale
  201. [Time shift for this packet: 0.000000000 seconds]
  202. Epoch Time: 1568624372.231825000 seconds
  203. [Time delta from previous captured frame: 0.596512000 seconds]
  204. [Time delta from previous displayed frame: 0.596512000 seconds]
  205. [Time since reference or first frame: 1.494286000 seconds]
  206. Frame Number: 5
  207. Frame Length: 74 bytes (592 bits)
  208. Capture Length: 74 bytes (592 bits)
  209. [Frame is marked: False]
  210. [Frame is ignored: False]
  211. [Protocols in frame: eth:ethertype:ip:icmp:data]
  212. [Coloring Rule Name: ICMP]
  213. [Coloring Rule String: icmp || icmpv6]
  214. Ethernet II, Src: HewlettP_33:67:b9 (34:64:a9:33:67:b9), Dst: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  215. Destination: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  216. Address: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  217. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  218. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  219. Source: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  220. Address: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  221. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  222. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  223. Type: IPv4 (0x0800)
  224. Internet Protocol Version 4, Src: 10.0.1.37, Dst: 10.0.6.77
  225. 0100 .... = Version: 4
  226. .... 0101 = Header Length: 20 bytes (5)
  227. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  228. Total Length: 60
  229. Identification: 0x5c93 (23699)
  230. Flags: 0x00
  231. Fragment offset: 0
  232. Time to live: 128
  233. Protocol: ICMP (1)
  234. Header checksum: 0xc2bc [validation disabled]
  235. [Header checksum status: Unverified]
  236. Source: 10.0.1.37
  237. Destination: 10.0.6.77
  238. [Source GeoIP: Unknown]
  239. [Destination GeoIP: Unknown]
  240. Internet Control Message Protocol
  241. Type: 8 (Echo (ping) request)
  242. Code: 0
  243. Checksum: 0x260a [correct]
  244. [Checksum Status: Good]
  245. Identifier (BE): 1 (0x0001)
  246. Identifier (LE): 256 (0x0100)
  247. Sequence number (BE): 10065 (0x2751)
  248. Sequence number (LE): 20775 (0x5127)
  249. [Response frame: 6]
  250. Data (32 bytes)
  251.  
  252. 0000 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 abcdefghijklmnop
  253. 0010 71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi
  254. Data: 6162636465666768696a6b6c6d6e6f707172737475767761...
  255. [Length: 32]
  256.  
  257. No. Time Source Destination Protocol Length Info
  258. 6 1.497867 10.0.6.77 10.0.1.37 ICMP 74 Echo (ping) reply id=0x0001, seq=10065/20775, ttl=127 (request in 5)
  259.  
  260. Frame 6: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface 0
  261. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  262. Encapsulation type: Ethernet (1)
  263. Arrival Time: Sep 16, 2019 10:59:32.235406000 ora legale Europa occidentale
  264. [Time shift for this packet: 0.000000000 seconds]
  265. Epoch Time: 1568624372.235406000 seconds
  266. [Time delta from previous captured frame: 0.003581000 seconds]
  267. [Time delta from previous displayed frame: 0.003581000 seconds]
  268. [Time since reference or first frame: 1.497867000 seconds]
  269. Frame Number: 6
  270. Frame Length: 74 bytes (592 bits)
  271. Capture Length: 74 bytes (592 bits)
  272. [Frame is marked: False]
  273. [Frame is ignored: False]
  274. [Protocols in frame: eth:ethertype:ip:icmp:data]
  275. [Coloring Rule Name: ICMP]
  276. [Coloring Rule String: icmp || icmpv6]
  277. Ethernet II, Src: Routerbo_94:ed:f3 (00:0c:42:94:ed:f3), Dst: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  278. Destination: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  279. Address: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  280. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  281. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  282. Source: Routerbo_94:ed:f3 (00:0c:42:94:ed:f3)
  283. Address: Routerbo_94:ed:f3 (00:0c:42:94:ed:f3)
  284. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  285. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  286. Type: IPv4 (0x0800)
  287. Internet Protocol Version 4, Src: 10.0.6.77, Dst: 10.0.1.37
  288. 0100 .... = Version: 4
  289. .... 0101 = Header Length: 20 bytes (5)
  290. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  291. Total Length: 60
  292. Identification: 0x2a66 (10854)
  293. Flags: 0x00
  294. Fragment offset: 0
  295. Time to live: 127
  296. Protocol: ICMP (1)
  297. Header checksum: 0xf5e9 [validation disabled]
  298. [Header checksum status: Unverified]
  299. Source: 10.0.6.77
  300. Destination: 10.0.1.37
  301. [Source GeoIP: Unknown]
  302. [Destination GeoIP: Unknown]
  303. Internet Control Message Protocol
  304. Type: 0 (Echo (ping) reply)
  305. Code: 0
  306. Checksum: 0x2e0a [correct]
  307. [Checksum Status: Good]
  308. Identifier (BE): 1 (0x0001)
  309. Identifier (LE): 256 (0x0100)
  310. Sequence number (BE): 10065 (0x2751)
  311. Sequence number (LE): 20775 (0x5127)
  312. [Request frame: 5]
  313. [Response time: 3.581 ms]
  314. Data (32 bytes)
  315.  
  316. 0000 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 abcdefghijklmnop
  317. 0010 71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi
  318. Data: 6162636465666768696a6b6c6d6e6f707172737475767761...
  319. [Length: 32]
  320.  
  321. No. Time Source Destination Protocol Length Info
  322. 7 1.897312 HewlettP_f4:5d:3e Broadcast ARP 60 Who has 10.0.6.99? Tell 10.0.6.77
  323.  
  324. Frame 7: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
  325. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  326. Encapsulation type: Ethernet (1)
  327. Arrival Time: Sep 16, 2019 10:59:32.634851000 ora legale Europa occidentale
  328. [Time shift for this packet: 0.000000000 seconds]
  329. Epoch Time: 1568624372.634851000 seconds
  330. [Time delta from previous captured frame: 0.399445000 seconds]
  331. [Time delta from previous displayed frame: 0.399445000 seconds]
  332. [Time since reference or first frame: 1.897312000 seconds]
  333. Frame Number: 7
  334. Frame Length: 60 bytes (480 bits)
  335. Capture Length: 60 bytes (480 bits)
  336. [Frame is marked: False]
  337. [Frame is ignored: False]
  338. [Protocols in frame: eth:ethertype:arp]
  339. [Coloring Rule Name: ARP]
  340. [Coloring Rule String: arp]
  341. Ethernet II, Src: HewlettP_f4:5d:3e (78:e7:d1:f4:5d:3e), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
  342. Destination: Broadcast (ff:ff:ff:ff:ff:ff)
  343. Address: Broadcast (ff:ff:ff:ff:ff:ff)
  344. .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
  345. .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
  346. Source: HewlettP_f4:5d:3e (78:e7:d1:f4:5d:3e)
  347. Address: HewlettP_f4:5d:3e (78:e7:d1:f4:5d:3e)
  348. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  349. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  350. Type: ARP (0x0806)
  351. Padding: 000000000000000000000000000000000000
  352. Address Resolution Protocol (request)
  353.  
  354. No. Time Source Destination Protocol Length Info
  355. 8 2.496312 10.0.1.37 10.0.6.77 ICMP 74 Echo (ping) request id=0x0001, seq=10066/21031, ttl=128 (reply in 9)
  356.  
  357. Frame 8: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface 0
  358. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  359. Encapsulation type: Ethernet (1)
  360. Arrival Time: Sep 16, 2019 10:59:33.233851000 ora legale Europa occidentale
  361. [Time shift for this packet: 0.000000000 seconds]
  362. Epoch Time: 1568624373.233851000 seconds
  363. [Time delta from previous captured frame: 0.599000000 seconds]
  364. [Time delta from previous displayed frame: 0.599000000 seconds]
  365. [Time since reference or first frame: 2.496312000 seconds]
  366. Frame Number: 8
  367. Frame Length: 74 bytes (592 bits)
  368. Capture Length: 74 bytes (592 bits)
  369. [Frame is marked: False]
  370. [Frame is ignored: False]
  371. [Protocols in frame: eth:ethertype:ip:icmp:data]
  372. [Coloring Rule Name: ICMP]
  373. [Coloring Rule String: icmp || icmpv6]
  374. Ethernet II, Src: HewlettP_33:67:b9 (34:64:a9:33:67:b9), Dst: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  375. Destination: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  376. Address: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  377. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  378. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  379. Source: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  380. Address: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  381. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  382. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  383. Type: IPv4 (0x0800)
  384. Internet Protocol Version 4, Src: 10.0.1.37, Dst: 10.0.6.77
  385. 0100 .... = Version: 4
  386. .... 0101 = Header Length: 20 bytes (5)
  387. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  388. Total Length: 60
  389. Identification: 0x5c95 (23701)
  390. Flags: 0x00
  391. Fragment offset: 0
  392. Time to live: 128
  393. Protocol: ICMP (1)
  394. Header checksum: 0xc2ba [validation disabled]
  395. [Header checksum status: Unverified]
  396. Source: 10.0.1.37
  397. Destination: 10.0.6.77
  398. [Source GeoIP: Unknown]
  399. [Destination GeoIP: Unknown]
  400. Internet Control Message Protocol
  401. Type: 8 (Echo (ping) request)
  402. Code: 0
  403. Checksum: 0x2609 [correct]
  404. [Checksum Status: Good]
  405. Identifier (BE): 1 (0x0001)
  406. Identifier (LE): 256 (0x0100)
  407. Sequence number (BE): 10066 (0x2752)
  408. Sequence number (LE): 21031 (0x5227)
  409. [Response frame: 9]
  410. Data (32 bytes)
  411.  
  412. 0000 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 abcdefghijklmnop
  413. 0010 71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi
  414. Data: 6162636465666768696a6b6c6d6e6f707172737475767761...
  415. [Length: 32]
  416.  
  417. No. Time Source Destination Protocol Length Info
  418. 9 2.498727 10.0.6.77 10.0.1.37 ICMP 74 Echo (ping) reply id=0x0001, seq=10066/21031, ttl=127 (request in 8)
  419.  
  420. Frame 9: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface 0
  421. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  422. Encapsulation type: Ethernet (1)
  423. Arrival Time: Sep 16, 2019 10:59:33.236266000 ora legale Europa occidentale
  424. [Time shift for this packet: 0.000000000 seconds]
  425. Epoch Time: 1568624373.236266000 seconds
  426. [Time delta from previous captured frame: 0.002415000 seconds]
  427. [Time delta from previous displayed frame: 0.002415000 seconds]
  428. [Time since reference or first frame: 2.498727000 seconds]
  429. Frame Number: 9
  430. Frame Length: 74 bytes (592 bits)
  431. Capture Length: 74 bytes (592 bits)
  432. [Frame is marked: False]
  433. [Frame is ignored: False]
  434. [Protocols in frame: eth:ethertype:ip:icmp:data]
  435. [Coloring Rule Name: ICMP]
  436. [Coloring Rule String: icmp || icmpv6]
  437. Ethernet II, Src: Routerbo_94:ed:f3 (00:0c:42:94:ed:f3), Dst: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  438. Destination: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  439. Address: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  440. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  441. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  442. Source: Routerbo_94:ed:f3 (00:0c:42:94:ed:f3)
  443. Address: Routerbo_94:ed:f3 (00:0c:42:94:ed:f3)
  444. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  445. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  446. Type: IPv4 (0x0800)
  447. Internet Protocol Version 4, Src: 10.0.6.77, Dst: 10.0.1.37
  448. 0100 .... = Version: 4
  449. .... 0101 = Header Length: 20 bytes (5)
  450. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  451. Total Length: 60
  452. Identification: 0x2a67 (10855)
  453. Flags: 0x00
  454. Fragment offset: 0
  455. Time to live: 127
  456. Protocol: ICMP (1)
  457. Header checksum: 0xf5e8 [validation disabled]
  458. [Header checksum status: Unverified]
  459. Source: 10.0.6.77
  460. Destination: 10.0.1.37
  461. [Source GeoIP: Unknown]
  462. [Destination GeoIP: Unknown]
  463. Internet Control Message Protocol
  464. Type: 0 (Echo (ping) reply)
  465. Code: 0
  466. Checksum: 0x2e09 [correct]
  467. [Checksum Status: Good]
  468. Identifier (BE): 1 (0x0001)
  469. Identifier (LE): 256 (0x0100)
  470. Sequence number (BE): 10066 (0x2752)
  471. Sequence number (LE): 21031 (0x5227)
  472. [Request frame: 8]
  473. [Response time: 2.415 ms]
  474. Data (32 bytes)
  475.  
  476. 0000 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 abcdefghijklmnop
  477. 0010 71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi
  478. Data: 6162636465666768696a6b6c6d6e6f707172737475767761...
  479. [Length: 32]
  480.  
  481. No. Time Source Destination Protocol Length Info
  482. 10 3.498300 10.0.1.37 10.0.6.77 ICMP 74 Echo (ping) request id=0x0001, seq=10067/21287, ttl=128 (reply in 11)
  483.  
  484. Frame 10: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface 0
  485. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  486. Encapsulation type: Ethernet (1)
  487. Arrival Time: Sep 16, 2019 10:59:34.235839000 ora legale Europa occidentale
  488. [Time shift for this packet: 0.000000000 seconds]
  489. Epoch Time: 1568624374.235839000 seconds
  490. [Time delta from previous captured frame: 0.999573000 seconds]
  491. [Time delta from previous displayed frame: 0.999573000 seconds]
  492. [Time since reference or first frame: 3.498300000 seconds]
  493. Frame Number: 10
  494. Frame Length: 74 bytes (592 bits)
  495. Capture Length: 74 bytes (592 bits)
  496. [Frame is marked: False]
  497. [Frame is ignored: False]
  498. [Protocols in frame: eth:ethertype:ip:icmp:data]
  499. [Coloring Rule Name: ICMP]
  500. [Coloring Rule String: icmp || icmpv6]
  501. Ethernet II, Src: HewlettP_33:67:b9 (34:64:a9:33:67:b9), Dst: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  502. Destination: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  503. Address: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  504. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  505. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  506. Source: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  507. Address: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  508. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  509. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  510. Type: IPv4 (0x0800)
  511. Internet Protocol Version 4, Src: 10.0.1.37, Dst: 10.0.6.77
  512. 0100 .... = Version: 4
  513. .... 0101 = Header Length: 20 bytes (5)
  514. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  515. Total Length: 60
  516. Identification: 0x5c9b (23707)
  517. Flags: 0x00
  518. Fragment offset: 0
  519. Time to live: 128
  520. Protocol: ICMP (1)
  521. Header checksum: 0xc2b4 [validation disabled]
  522. [Header checksum status: Unverified]
  523. Source: 10.0.1.37
  524. Destination: 10.0.6.77
  525. [Source GeoIP: Unknown]
  526. [Destination GeoIP: Unknown]
  527. Internet Control Message Protocol
  528. Type: 8 (Echo (ping) request)
  529. Code: 0
  530. Checksum: 0x2608 [correct]
  531. [Checksum Status: Good]
  532. Identifier (BE): 1 (0x0001)
  533. Identifier (LE): 256 (0x0100)
  534. Sequence number (BE): 10067 (0x2753)
  535. Sequence number (LE): 21287 (0x5327)
  536. [Response frame: 11]
  537. Data (32 bytes)
  538.  
  539. 0000 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 abcdefghijklmnop
  540. 0010 71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi
  541. Data: 6162636465666768696a6b6c6d6e6f707172737475767761...
  542. [Length: 32]
  543.  
  544. No. Time Source Destination Protocol Length Info
  545. 11 3.502175 10.0.6.77 10.0.1.37 ICMP 74 Echo (ping) reply id=0x0001, seq=10067/21287, ttl=127 (request in 10)
  546.  
  547. Frame 11: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface 0
  548. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  549. Encapsulation type: Ethernet (1)
  550. Arrival Time: Sep 16, 2019 10:59:34.239714000 ora legale Europa occidentale
  551. [Time shift for this packet: 0.000000000 seconds]
  552. Epoch Time: 1568624374.239714000 seconds
  553. [Time delta from previous captured frame: 0.003875000 seconds]
  554. [Time delta from previous displayed frame: 0.003875000 seconds]
  555. [Time since reference or first frame: 3.502175000 seconds]
  556. Frame Number: 11
  557. Frame Length: 74 bytes (592 bits)
  558. Capture Length: 74 bytes (592 bits)
  559. [Frame is marked: False]
  560. [Frame is ignored: False]
  561. [Protocols in frame: eth:ethertype:ip:icmp:data]
  562. [Coloring Rule Name: ICMP]
  563. [Coloring Rule String: icmp || icmpv6]
  564. Ethernet II, Src: Routerbo_94:ed:f3 (00:0c:42:94:ed:f3), Dst: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  565. Destination: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  566. Address: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  567. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  568. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  569. Source: Routerbo_94:ed:f3 (00:0c:42:94:ed:f3)
  570. Address: Routerbo_94:ed:f3 (00:0c:42:94:ed:f3)
  571. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  572. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  573. Type: IPv4 (0x0800)
  574. Internet Protocol Version 4, Src: 10.0.6.77, Dst: 10.0.1.37
  575. 0100 .... = Version: 4
  576. .... 0101 = Header Length: 20 bytes (5)
  577. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  578. Total Length: 60
  579. Identification: 0x2a69 (10857)
  580. Flags: 0x00
  581. Fragment offset: 0
  582. Time to live: 127
  583. Protocol: ICMP (1)
  584. Header checksum: 0xf5e6 [validation disabled]
  585. [Header checksum status: Unverified]
  586. Source: 10.0.6.77
  587. Destination: 10.0.1.37
  588. [Source GeoIP: Unknown]
  589. [Destination GeoIP: Unknown]
  590. Internet Control Message Protocol
  591. Type: 0 (Echo (ping) reply)
  592. Code: 0
  593. Checksum: 0x2e08 [correct]
  594. [Checksum Status: Good]
  595. Identifier (BE): 1 (0x0001)
  596. Identifier (LE): 256 (0x0100)
  597. Sequence number (BE): 10067 (0x2753)
  598. Sequence number (LE): 21287 (0x5327)
  599. [Request frame: 10]
  600. [Response time: 3.875 ms]
  601. Data (32 bytes)
  602.  
  603. 0000 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 abcdefghijklmnop
  604. 0010 71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi
  605. Data: 6162636465666768696a6b6c6d6e6f707172737475767761...
  606. [Length: 32]
  607.  
  608. No. Time Source Destination Protocol Length Info
  609. 12 10.835403 10.0.1.37 10.0.6.77 TCP 66 59483 → 3389 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
  610.  
  611. Frame 12: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
  612. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  613. Encapsulation type: Ethernet (1)
  614. Arrival Time: Sep 16, 2019 10:59:41.572942000 ora legale Europa occidentale
  615. [Time shift for this packet: 0.000000000 seconds]
  616. Epoch Time: 1568624381.572942000 seconds
  617. [Time delta from previous captured frame: 7.333228000 seconds]
  618. [Time delta from previous displayed frame: 7.333228000 seconds]
  619. [Time since reference or first frame: 10.835403000 seconds]
  620. Frame Number: 12
  621. Frame Length: 66 bytes (528 bits)
  622. Capture Length: 66 bytes (528 bits)
  623. [Frame is marked: False]
  624. [Frame is ignored: False]
  625. [Protocols in frame: eth:ethertype:ip:tcp]
  626. [Coloring Rule Name: TCP SYN/FIN]
  627. [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
  628. Ethernet II, Src: HewlettP_33:67:b9 (34:64:a9:33:67:b9), Dst: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  629. Destination: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  630. Address: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  631. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  632. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  633. Source: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  634. Address: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  635. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  636. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  637. Type: IPv4 (0x0800)
  638. Internet Protocol Version 4, Src: 10.0.1.37, Dst: 10.0.6.77
  639. 0100 .... = Version: 4
  640. .... 0101 = Header Length: 20 bytes (5)
  641. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  642. Total Length: 52
  643. Identification: 0x5cb6 (23734)
  644. Flags: 0x02 (Don't Fragment)
  645. Fragment offset: 0
  646. Time to live: 128
  647. Protocol: TCP (6)
  648. Header checksum: 0x829c [validation disabled]
  649. [Header checksum status: Unverified]
  650. Source: 10.0.1.37
  651. Destination: 10.0.6.77
  652. [Source GeoIP: Unknown]
  653. [Destination GeoIP: Unknown]
  654. Transmission Control Protocol, Src Port: 59483, Dst Port: 3389, Seq: 0, Len: 0
  655. Source Port: 59483
  656. Destination Port: 3389
  657. [Stream index: 0]
  658. [TCP Segment Len: 0]
  659. Sequence number: 0 (relative sequence number)
  660. Acknowledgment number: 0
  661. 1000 .... = Header Length: 32 bytes (8)
  662. Flags: 0x002 (SYN)
  663. Window size value: 8192
  664. [Calculated window size: 8192]
  665. Checksum: 0x2b92 [unverified]
  666. [Checksum Status: Unverified]
  667. Urgent pointer: 0
  668. Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
  669.  
  670. No. Time Source Destination Protocol Length Info
  671. 13 10.838089 10.0.6.77 10.0.1.37 TCP 66 3389 → 59483 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
  672.  
  673. Frame 13: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
  674. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  675. Encapsulation type: Ethernet (1)
  676. Arrival Time: Sep 16, 2019 10:59:41.575628000 ora legale Europa occidentale
  677. [Time shift for this packet: 0.000000000 seconds]
  678. Epoch Time: 1568624381.575628000 seconds
  679. [Time delta from previous captured frame: 0.002686000 seconds]
  680. [Time delta from previous displayed frame: 0.002686000 seconds]
  681. [Time since reference or first frame: 10.838089000 seconds]
  682. Frame Number: 13
  683. Frame Length: 66 bytes (528 bits)
  684. Capture Length: 66 bytes (528 bits)
  685. [Frame is marked: False]
  686. [Frame is ignored: False]
  687. [Protocols in frame: eth:ethertype:ip:tcp]
  688. [Coloring Rule Name: TCP SYN/FIN]
  689. [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
  690. Ethernet II, Src: Routerbo_94:ed:f3 (00:0c:42:94:ed:f3), Dst: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  691. Destination: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  692. Address: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  693. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  694. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  695. Source: Routerbo_94:ed:f3 (00:0c:42:94:ed:f3)
  696. Address: Routerbo_94:ed:f3 (00:0c:42:94:ed:f3)
  697. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  698. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  699. Type: IPv4 (0x0800)
  700. Internet Protocol Version 4, Src: 10.0.6.77, Dst: 10.0.1.37
  701. 0100 .... = Version: 4
  702. .... 0101 = Header Length: 20 bytes (5)
  703. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  704. Total Length: 52
  705. Identification: 0x2a6c (10860)
  706. Flags: 0x02 (Don't Fragment)
  707. Fragment offset: 0
  708. Time to live: 127
  709. Protocol: TCP (6)
  710. Header checksum: 0xb5e6 [validation disabled]
  711. [Header checksum status: Unverified]
  712. Source: 10.0.6.77
  713. Destination: 10.0.1.37
  714. [Source GeoIP: Unknown]
  715. [Destination GeoIP: Unknown]
  716. Transmission Control Protocol, Src Port: 3389, Dst Port: 59483, Seq: 0, Ack: 1, Len: 0
  717. Source Port: 3389
  718. Destination Port: 59483
  719. [Stream index: 0]
  720. [TCP Segment Len: 0]
  721. Sequence number: 0 (relative sequence number)
  722. Acknowledgment number: 1 (relative ack number)
  723. 1000 .... = Header Length: 32 bytes (8)
  724. Flags: 0x012 (SYN, ACK)
  725. Window size value: 8192
  726. [Calculated window size: 8192]
  727. Checksum: 0x7b42 [unverified]
  728. [Checksum Status: Unverified]
  729. Urgent pointer: 0
  730. Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
  731. [SEQ/ACK analysis]
  732.  
  733. No. Time Source Destination Protocol Length Info
  734. 14 10.838122 10.0.1.37 10.0.6.77 TCP 54 59483 → 3389 [ACK] Seq=1 Ack=1 Win=65700 Len=0
  735.  
  736. Frame 14: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
  737. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  738. Encapsulation type: Ethernet (1)
  739. Arrival Time: Sep 16, 2019 10:59:41.575661000 ora legale Europa occidentale
  740. [Time shift for this packet: 0.000000000 seconds]
  741. Epoch Time: 1568624381.575661000 seconds
  742. [Time delta from previous captured frame: 0.000033000 seconds]
  743. [Time delta from previous displayed frame: 0.000033000 seconds]
  744. [Time since reference or first frame: 10.838122000 seconds]
  745. Frame Number: 14
  746. Frame Length: 54 bytes (432 bits)
  747. Capture Length: 54 bytes (432 bits)
  748. [Frame is marked: False]
  749. [Frame is ignored: False]
  750. [Protocols in frame: eth:ethertype:ip:tcp]
  751. [Coloring Rule Name: TCP]
  752. [Coloring Rule String: tcp]
  753. Ethernet II, Src: HewlettP_33:67:b9 (34:64:a9:33:67:b9), Dst: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  754. Destination: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  755. Address: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  756. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  757. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  758. Source: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  759. Address: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  760. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  761. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  762. Type: IPv4 (0x0800)
  763. Internet Protocol Version 4, Src: 10.0.1.37, Dst: 10.0.6.77
  764. 0100 .... = Version: 4
  765. .... 0101 = Header Length: 20 bytes (5)
  766. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  767. Total Length: 40
  768. Identification: 0x5cb7 (23735)
  769. Flags: 0x02 (Don't Fragment)
  770. Fragment offset: 0
  771. Time to live: 128
  772. Protocol: TCP (6)
  773. Header checksum: 0x82a7 [validation disabled]
  774. [Header checksum status: Unverified]
  775. Source: 10.0.1.37
  776. Destination: 10.0.6.77
  777. [Source GeoIP: Unknown]
  778. [Destination GeoIP: Unknown]
  779. Transmission Control Protocol, Src Port: 59483, Dst Port: 3389, Seq: 1, Ack: 1, Len: 0
  780. Source Port: 59483
  781. Destination Port: 3389
  782. [Stream index: 0]
  783. [TCP Segment Len: 0]
  784. Sequence number: 1 (relative sequence number)
  785. Acknowledgment number: 1 (relative ack number)
  786. 0101 .... = Header Length: 20 bytes (5)
  787. Flags: 0x010 (ACK)
  788. Window size value: 16425
  789. [Calculated window size: 65700]
  790. [Window size scaling factor: 4]
  791. Checksum: 0x9bec [unverified]
  792. [Checksum Status: Unverified]
  793. Urgent pointer: 0
  794. [SEQ/ACK analysis]
  795.  
  796. No. Time Source Destination Protocol Length Info
  797. 15 10.838290 10.0.1.37 10.0.6.77 TCP 73 59483 → 3389 [PSH, ACK] Seq=1 Ack=1 Win=65700 Len=19
  798.  
  799. Frame 15: 73 bytes on wire (584 bits), 73 bytes captured (584 bits) on interface 0
  800. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  801. Encapsulation type: Ethernet (1)
  802. Arrival Time: Sep 16, 2019 10:59:41.575829000 ora legale Europa occidentale
  803. [Time shift for this packet: 0.000000000 seconds]
  804. Epoch Time: 1568624381.575829000 seconds
  805. [Time delta from previous captured frame: 0.000168000 seconds]
  806. [Time delta from previous displayed frame: 0.000168000 seconds]
  807. [Time since reference or first frame: 10.838290000 seconds]
  808. Frame Number: 15
  809. Frame Length: 73 bytes (584 bits)
  810. Capture Length: 73 bytes (584 bits)
  811. [Frame is marked: False]
  812. [Frame is ignored: False]
  813. [Protocols in frame: eth:ethertype:ip:tcp:data]
  814. [Coloring Rule Name: TCP]
  815. [Coloring Rule String: tcp]
  816. Ethernet II, Src: HewlettP_33:67:b9 (34:64:a9:33:67:b9), Dst: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  817. Destination: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  818. Address: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  819. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  820. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  821. Source: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  822. Address: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  823. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  824. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  825. Type: IPv4 (0x0800)
  826. Internet Protocol Version 4, Src: 10.0.1.37, Dst: 10.0.6.77
  827. 0100 .... = Version: 4
  828. .... 0101 = Header Length: 20 bytes (5)
  829. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  830. Total Length: 59
  831. Identification: 0x5cb8 (23736)
  832. Flags: 0x02 (Don't Fragment)
  833. Fragment offset: 0
  834. Time to live: 128
  835. Protocol: TCP (6)
  836. Header checksum: 0x8293 [validation disabled]
  837. [Header checksum status: Unverified]
  838. Source: 10.0.1.37
  839. Destination: 10.0.6.77
  840. [Source GeoIP: Unknown]
  841. [Destination GeoIP: Unknown]
  842. Transmission Control Protocol, Src Port: 59483, Dst Port: 3389, Seq: 1, Ack: 1, Len: 19
  843. Source Port: 59483
  844. Destination Port: 3389
  845. [Stream index: 0]
  846. [TCP Segment Len: 19]
  847. Sequence number: 1 (relative sequence number)
  848. [Next sequence number: 20 (relative sequence number)]
  849. Acknowledgment number: 1 (relative ack number)
  850. 0101 .... = Header Length: 20 bytes (5)
  851. Flags: 0x018 (PSH, ACK)
  852. Window size value: 16425
  853. [Calculated window size: 65700]
  854. [Window size scaling factor: 4]
  855. Checksum: 0x89d2 [unverified]
  856. [Checksum Status: Unverified]
  857. Urgent pointer: 0
  858. [SEQ/ACK analysis]
  859. TCP payload (19 bytes)
  860. Data (19 bytes)
  861.  
  862. 0000 03 00 00 13 0e e0 00 00 00 00 00 01 00 08 00 03 ................
  863. 0010 00 00 00 ...
  864. Data: 030000130ee000000000000100080003000000
  865. [Length: 19]
  866.  
  867. No. Time Source Destination Protocol Length Info
  868. 16 11.135150 10.0.1.37 10.0.6.77 TCP 73 [TCP Retransmission] 59483 → 3389 [PSH, ACK] Seq=1 Ack=1 Win=65700 Len=19
  869.  
  870. Frame 16: 73 bytes on wire (584 bits), 73 bytes captured (584 bits) on interface 0
  871. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  872. Encapsulation type: Ethernet (1)
  873. Arrival Time: Sep 16, 2019 10:59:41.872689000 ora legale Europa occidentale
  874. [Time shift for this packet: 0.000000000 seconds]
  875. Epoch Time: 1568624381.872689000 seconds
  876. [Time delta from previous captured frame: 0.296860000 seconds]
  877. [Time delta from previous displayed frame: 0.296860000 seconds]
  878. [Time since reference or first frame: 11.135150000 seconds]
  879. Frame Number: 16
  880. Frame Length: 73 bytes (584 bits)
  881. Capture Length: 73 bytes (584 bits)
  882. [Frame is marked: False]
  883. [Frame is ignored: False]
  884. [Protocols in frame: eth:ethertype:ip:tcp]
  885. [Coloring Rule Name: Bad TCP]
  886. [Coloring Rule String: tcp.analysis.flags && !tcp.analysis.window_update]
  887. Ethernet II, Src: HewlettP_33:67:b9 (34:64:a9:33:67:b9), Dst: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  888. Destination: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  889. Address: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  890. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  891. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  892. Source: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  893. Address: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  894. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  895. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  896. Type: IPv4 (0x0800)
  897. Internet Protocol Version 4, Src: 10.0.1.37, Dst: 10.0.6.77
  898. 0100 .... = Version: 4
  899. .... 0101 = Header Length: 20 bytes (5)
  900. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  901. Total Length: 59
  902. Identification: 0x5cba (23738)
  903. Flags: 0x02 (Don't Fragment)
  904. Fragment offset: 0
  905. Time to live: 128
  906. Protocol: TCP (6)
  907. Header checksum: 0x8291 [validation disabled]
  908. [Header checksum status: Unverified]
  909. Source: 10.0.1.37
  910. Destination: 10.0.6.77
  911. [Source GeoIP: Unknown]
  912. [Destination GeoIP: Unknown]
  913. Transmission Control Protocol, Src Port: 59483, Dst Port: 3389, Seq: 1, Ack: 1, Len: 19
  914. Source Port: 59483
  915. Destination Port: 3389
  916. [Stream index: 0]
  917. [TCP Segment Len: 19]
  918. Sequence number: 1 (relative sequence number)
  919. [Next sequence number: 20 (relative sequence number)]
  920. Acknowledgment number: 1 (relative ack number)
  921. 0101 .... = Header Length: 20 bytes (5)
  922. Flags: 0x018 (PSH, ACK)
  923. Window size value: 16425
  924. [Calculated window size: 65700]
  925. [Window size scaling factor: 4]
  926. Checksum: 0x89d2 [unverified]
  927. [Checksum Status: Unverified]
  928. Urgent pointer: 0
  929. [SEQ/ACK analysis]
  930. TCP payload (19 bytes)
  931. Retransmitted TCP segment data (19 bytes)
  932.  
  933. No. Time Source Destination Protocol Length Info
  934. 17 11.735159 10.0.1.37 10.0.6.77 TCP 73 [TCP Retransmission] 59483 → 3389 [PSH, ACK] Seq=1 Ack=1 Win=65700 Len=19
  935.  
  936. Frame 17: 73 bytes on wire (584 bits), 73 bytes captured (584 bits) on interface 0
  937. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  938. Encapsulation type: Ethernet (1)
  939. Arrival Time: Sep 16, 2019 10:59:42.472698000 ora legale Europa occidentale
  940. [Time shift for this packet: 0.000000000 seconds]
  941. Epoch Time: 1568624382.472698000 seconds
  942. [Time delta from previous captured frame: 0.600009000 seconds]
  943. [Time delta from previous displayed frame: 0.600009000 seconds]
  944. [Time since reference or first frame: 11.735159000 seconds]
  945. Frame Number: 17
  946. Frame Length: 73 bytes (584 bits)
  947. Capture Length: 73 bytes (584 bits)
  948. [Frame is marked: False]
  949. [Frame is ignored: False]
  950. [Protocols in frame: eth:ethertype:ip:tcp]
  951. [Coloring Rule Name: Bad TCP]
  952. [Coloring Rule String: tcp.analysis.flags && !tcp.analysis.window_update]
  953. Ethernet II, Src: HewlettP_33:67:b9 (34:64:a9:33:67:b9), Dst: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  954. Destination: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  955. Address: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  956. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  957. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  958. Source: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  959. Address: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  960. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  961. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  962. Type: IPv4 (0x0800)
  963. Internet Protocol Version 4, Src: 10.0.1.37, Dst: 10.0.6.77
  964. 0100 .... = Version: 4
  965. .... 0101 = Header Length: 20 bytes (5)
  966. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  967. Total Length: 59
  968. Identification: 0x5cbe (23742)
  969. Flags: 0x02 (Don't Fragment)
  970. Fragment offset: 0
  971. Time to live: 128
  972. Protocol: TCP (6)
  973. Header checksum: 0x828d [validation disabled]
  974. [Header checksum status: Unverified]
  975. Source: 10.0.1.37
  976. Destination: 10.0.6.77
  977. [Source GeoIP: Unknown]
  978. [Destination GeoIP: Unknown]
  979. Transmission Control Protocol, Src Port: 59483, Dst Port: 3389, Seq: 1, Ack: 1, Len: 19
  980. Source Port: 59483
  981. Destination Port: 3389
  982. [Stream index: 0]
  983. [TCP Segment Len: 19]
  984. Sequence number: 1 (relative sequence number)
  985. [Next sequence number: 20 (relative sequence number)]
  986. Acknowledgment number: 1 (relative ack number)
  987. 0101 .... = Header Length: 20 bytes (5)
  988. Flags: 0x018 (PSH, ACK)
  989. Window size value: 16425
  990. [Calculated window size: 65700]
  991. [Window size scaling factor: 4]
  992. Checksum: 0x89d2 [unverified]
  993. [Checksum Status: Unverified]
  994. Urgent pointer: 0
  995. [SEQ/ACK analysis]
  996. TCP payload (19 bytes)
  997. Retransmitted TCP segment data (19 bytes)
  998.  
  999. No. Time Source Destination Protocol Length Info
  1000. 18 12.935000 10.0.1.37 10.0.6.77 TCP 73 [TCP Retransmission] 59483 → 3389 [PSH, ACK] Seq=1 Ack=1 Win=65700 Len=19
  1001.  
  1002. Frame 18: 73 bytes on wire (584 bits), 73 bytes captured (584 bits) on interface 0
  1003. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  1004. Encapsulation type: Ethernet (1)
  1005. Arrival Time: Sep 16, 2019 10:59:43.672539000 ora legale Europa occidentale
  1006. [Time shift for this packet: 0.000000000 seconds]
  1007. Epoch Time: 1568624383.672539000 seconds
  1008. [Time delta from previous captured frame: 1.199841000 seconds]
  1009. [Time delta from previous displayed frame: 1.199841000 seconds]
  1010. [Time since reference or first frame: 12.935000000 seconds]
  1011. Frame Number: 18
  1012. Frame Length: 73 bytes (584 bits)
  1013. Capture Length: 73 bytes (584 bits)
  1014. [Frame is marked: False]
  1015. [Frame is ignored: False]
  1016. [Protocols in frame: eth:ethertype:ip:tcp]
  1017. [Coloring Rule Name: Bad TCP]
  1018. [Coloring Rule String: tcp.analysis.flags && !tcp.analysis.window_update]
  1019. Ethernet II, Src: HewlettP_33:67:b9 (34:64:a9:33:67:b9), Dst: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  1020. Destination: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  1021. Address: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  1022. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  1023. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  1024. Source: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  1025. Address: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  1026. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  1027. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  1028. Type: IPv4 (0x0800)
  1029. Internet Protocol Version 4, Src: 10.0.1.37, Dst: 10.0.6.77
  1030. 0100 .... = Version: 4
  1031. .... 0101 = Header Length: 20 bytes (5)
  1032. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  1033. Total Length: 59
  1034. Identification: 0x5cc0 (23744)
  1035. Flags: 0x02 (Don't Fragment)
  1036. Fragment offset: 0
  1037. Time to live: 128
  1038. Protocol: TCP (6)
  1039. Header checksum: 0x828b [validation disabled]
  1040. [Header checksum status: Unverified]
  1041. Source: 10.0.1.37
  1042. Destination: 10.0.6.77
  1043. [Source GeoIP: Unknown]
  1044. [Destination GeoIP: Unknown]
  1045. Transmission Control Protocol, Src Port: 59483, Dst Port: 3389, Seq: 1, Ack: 1, Len: 19
  1046. Source Port: 59483
  1047. Destination Port: 3389
  1048. [Stream index: 0]
  1049. [TCP Segment Len: 19]
  1050. Sequence number: 1 (relative sequence number)
  1051. [Next sequence number: 20 (relative sequence number)]
  1052. Acknowledgment number: 1 (relative ack number)
  1053. 0101 .... = Header Length: 20 bytes (5)
  1054. Flags: 0x018 (PSH, ACK)
  1055. Window size value: 16425
  1056. [Calculated window size: 65700]
  1057. [Window size scaling factor: 4]
  1058. Checksum: 0x89d2 [unverified]
  1059. [Checksum Status: Unverified]
  1060. Urgent pointer: 0
  1061. [SEQ/ACK analysis]
  1062. TCP payload (19 bytes)
  1063. Retransmitted TCP segment data (19 bytes)
  1064.  
  1065. No. Time Source Destination Protocol Length Info
  1066. 19 13.837075 10.0.6.77 10.0.1.37 TCP 66 [TCP Retransmission] 3389 → 59483 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
  1067.  
  1068. Frame 19: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
  1069. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  1070. Encapsulation type: Ethernet (1)
  1071. Arrival Time: Sep 16, 2019 10:59:44.574614000 ora legale Europa occidentale
  1072. [Time shift for this packet: 0.000000000 seconds]
  1073. Epoch Time: 1568624384.574614000 seconds
  1074. [Time delta from previous captured frame: 0.902075000 seconds]
  1075. [Time delta from previous displayed frame: 0.902075000 seconds]
  1076. [Time since reference or first frame: 13.837075000 seconds]
  1077. Frame Number: 19
  1078. Frame Length: 66 bytes (528 bits)
  1079. Capture Length: 66 bytes (528 bits)
  1080. [Frame is marked: False]
  1081. [Frame is ignored: False]
  1082. [Protocols in frame: eth:ethertype:ip:tcp]
  1083. [Coloring Rule Name: Bad TCP]
  1084. [Coloring Rule String: tcp.analysis.flags && !tcp.analysis.window_update]
  1085. Ethernet II, Src: Routerbo_94:ed:f3 (00:0c:42:94:ed:f3), Dst: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  1086. Destination: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  1087. Address: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  1088. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  1089. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  1090. Source: Routerbo_94:ed:f3 (00:0c:42:94:ed:f3)
  1091. Address: Routerbo_94:ed:f3 (00:0c:42:94:ed:f3)
  1092. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  1093. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  1094. Type: IPv4 (0x0800)
  1095. Internet Protocol Version 4, Src: 10.0.6.77, Dst: 10.0.1.37
  1096. 0100 .... = Version: 4
  1097. .... 0101 = Header Length: 20 bytes (5)
  1098. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  1099. Total Length: 52
  1100. Identification: 0x2a6e (10862)
  1101. Flags: 0x02 (Don't Fragment)
  1102. Fragment offset: 0
  1103. Time to live: 127
  1104. Protocol: TCP (6)
  1105. Header checksum: 0xb5e4 [validation disabled]
  1106. [Header checksum status: Unverified]
  1107. Source: 10.0.6.77
  1108. Destination: 10.0.1.37
  1109. [Source GeoIP: Unknown]
  1110. [Destination GeoIP: Unknown]
  1111. Transmission Control Protocol, Src Port: 3389, Dst Port: 59483, Seq: 0, Ack: 1, Len: 0
  1112. Source Port: 3389
  1113. Destination Port: 59483
  1114. [Stream index: 0]
  1115. [TCP Segment Len: 0]
  1116. Sequence number: 0 (relative sequence number)
  1117. Acknowledgment number: 1 (relative ack number)
  1118. 1000 .... = Header Length: 32 bytes (8)
  1119. Flags: 0x012 (SYN, ACK)
  1120. Window size value: 8192
  1121. [Calculated window size: 8192]
  1122. Checksum: 0x7b42 [unverified]
  1123. [Checksum Status: Unverified]
  1124. Urgent pointer: 0
  1125. Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
  1126. [SEQ/ACK analysis]
  1127.  
  1128. No. Time Source Destination Protocol Length Info
  1129. 20 13.837125 10.0.1.37 10.0.6.77 TCP 66 [TCP Dup ACK 14#1] 59483 → 3389 [ACK] Seq=20 Ack=1 Win=65700 Len=0 SLE=0 SRE=1
  1130.  
  1131. Frame 20: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
  1132. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  1133. Encapsulation type: Ethernet (1)
  1134. Arrival Time: Sep 16, 2019 10:59:44.574664000 ora legale Europa occidentale
  1135. [Time shift for this packet: 0.000000000 seconds]
  1136. Epoch Time: 1568624384.574664000 seconds
  1137. [Time delta from previous captured frame: 0.000050000 seconds]
  1138. [Time delta from previous displayed frame: 0.000050000 seconds]
  1139. [Time since reference or first frame: 13.837125000 seconds]
  1140. Frame Number: 20
  1141. Frame Length: 66 bytes (528 bits)
  1142. Capture Length: 66 bytes (528 bits)
  1143. [Frame is marked: False]
  1144. [Frame is ignored: False]
  1145. [Protocols in frame: eth:ethertype:ip:tcp]
  1146. [Coloring Rule Name: Bad TCP]
  1147. [Coloring Rule String: tcp.analysis.flags && !tcp.analysis.window_update]
  1148. Ethernet II, Src: HewlettP_33:67:b9 (34:64:a9:33:67:b9), Dst: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  1149. Destination: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  1150. Address: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  1151. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  1152. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  1153. Source: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  1154. Address: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  1155. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  1156. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  1157. Type: IPv4 (0x0800)
  1158. Internet Protocol Version 4, Src: 10.0.1.37, Dst: 10.0.6.77
  1159. 0100 .... = Version: 4
  1160. .... 0101 = Header Length: 20 bytes (5)
  1161. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  1162. Total Length: 52
  1163. Identification: 0x5cc2 (23746)
  1164. Flags: 0x02 (Don't Fragment)
  1165. Fragment offset: 0
  1166. Time to live: 128
  1167. Protocol: TCP (6)
  1168. Header checksum: 0x8290 [validation disabled]
  1169. [Header checksum status: Unverified]
  1170. Source: 10.0.1.37
  1171. Destination: 10.0.6.77
  1172. [Source GeoIP: Unknown]
  1173. [Destination GeoIP: Unknown]
  1174. Transmission Control Protocol, Src Port: 59483, Dst Port: 3389, Seq: 20, Ack: 1, Len: 0
  1175. Source Port: 59483
  1176. Destination Port: 3389
  1177. [Stream index: 0]
  1178. [TCP Segment Len: 0]
  1179. Sequence number: 20 (relative sequence number)
  1180. Acknowledgment number: 1 (relative ack number)
  1181. 1000 .... = Header Length: 32 bytes (8)
  1182. Flags: 0x010 (ACK)
  1183. Window size value: 16425
  1184. [Calculated window size: 65700]
  1185. [Window size scaling factor: 4]
  1186. Checksum: 0x0550 [unverified]
  1187. [Checksum Status: Unverified]
  1188. Urgent pointer: 0
  1189. Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), SACK
  1190. [SEQ/ACK analysis]
  1191.  
  1192. No. Time Source Destination Protocol Length Info
  1193. 21 15.335123 10.0.1.37 10.0.6.77 TCP 73 [TCP Retransmission] 59483 → 3389 [PSH, ACK] Seq=1 Ack=1 Win=65700 Len=19
  1194.  
  1195. Frame 21: 73 bytes on wire (584 bits), 73 bytes captured (584 bits) on interface 0
  1196. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  1197. Encapsulation type: Ethernet (1)
  1198. Arrival Time: Sep 16, 2019 10:59:46.072662000 ora legale Europa occidentale
  1199. [Time shift for this packet: 0.000000000 seconds]
  1200. Epoch Time: 1568624386.072662000 seconds
  1201. [Time delta from previous captured frame: 1.497998000 seconds]
  1202. [Time delta from previous displayed frame: 1.497998000 seconds]
  1203. [Time since reference or first frame: 15.335123000 seconds]
  1204. Frame Number: 21
  1205. Frame Length: 73 bytes (584 bits)
  1206. Capture Length: 73 bytes (584 bits)
  1207. [Frame is marked: False]
  1208. [Frame is ignored: False]
  1209. [Protocols in frame: eth:ethertype:ip:tcp]
  1210. [Coloring Rule Name: Bad TCP]
  1211. [Coloring Rule String: tcp.analysis.flags && !tcp.analysis.window_update]
  1212. Ethernet II, Src: HewlettP_33:67:b9 (34:64:a9:33:67:b9), Dst: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  1213. Destination: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  1214. Address: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  1215. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  1216. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  1217. Source: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  1218. Address: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  1219. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  1220. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  1221. Type: IPv4 (0x0800)
  1222. Internet Protocol Version 4, Src: 10.0.1.37, Dst: 10.0.6.77
  1223. 0100 .... = Version: 4
  1224. .... 0101 = Header Length: 20 bytes (5)
  1225. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  1226. Total Length: 59
  1227. Identification: 0x5cc8 (23752)
  1228. Flags: 0x02 (Don't Fragment)
  1229. Fragment offset: 0
  1230. Time to live: 128
  1231. Protocol: TCP (6)
  1232. Header checksum: 0x8283 [validation disabled]
  1233. [Header checksum status: Unverified]
  1234. Source: 10.0.1.37
  1235. Destination: 10.0.6.77
  1236. [Source GeoIP: Unknown]
  1237. [Destination GeoIP: Unknown]
  1238. Transmission Control Protocol, Src Port: 59483, Dst Port: 3389, Seq: 1, Ack: 1, Len: 19
  1239. Source Port: 59483
  1240. Destination Port: 3389
  1241. [Stream index: 0]
  1242. [TCP Segment Len: 19]
  1243. Sequence number: 1 (relative sequence number)
  1244. [Next sequence number: 20 (relative sequence number)]
  1245. Acknowledgment number: 1 (relative ack number)
  1246. 0101 .... = Header Length: 20 bytes (5)
  1247. Flags: 0x018 (PSH, ACK)
  1248. Window size value: 16425
  1249. [Calculated window size: 65700]
  1250. [Window size scaling factor: 4]
  1251. Checksum: 0x89d2 [unverified]
  1252. [Checksum Status: Unverified]
  1253. Urgent pointer: 0
  1254. [SEQ/ACK analysis]
  1255. TCP payload (19 bytes)
  1256. Retransmitted TCP segment data (19 bytes)
  1257.  
  1258. No. Time Source Destination Protocol Length Info
  1259. 22 19.379106 HewlettP_f4:5d:3e Broadcast ARP 60 Who has 10.0.6.110? Tell 10.0.6.77
  1260.  
  1261. Frame 22: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
  1262. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  1263. Encapsulation type: Ethernet (1)
  1264. Arrival Time: Sep 16, 2019 10:59:50.116645000 ora legale Europa occidentale
  1265. [Time shift for this packet: 0.000000000 seconds]
  1266. Epoch Time: 1568624390.116645000 seconds
  1267. [Time delta from previous captured frame: 4.043983000 seconds]
  1268. [Time delta from previous displayed frame: 4.043983000 seconds]
  1269. [Time since reference or first frame: 19.379106000 seconds]
  1270. Frame Number: 22
  1271. Frame Length: 60 bytes (480 bits)
  1272. Capture Length: 60 bytes (480 bits)
  1273. [Frame is marked: False]
  1274. [Frame is ignored: False]
  1275. [Protocols in frame: eth:ethertype:arp]
  1276. [Coloring Rule Name: ARP]
  1277. [Coloring Rule String: arp]
  1278. Ethernet II, Src: HewlettP_f4:5d:3e (78:e7:d1:f4:5d:3e), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
  1279. Destination: Broadcast (ff:ff:ff:ff:ff:ff)
  1280. Address: Broadcast (ff:ff:ff:ff:ff:ff)
  1281. .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
  1282. .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
  1283. Source: HewlettP_f4:5d:3e (78:e7:d1:f4:5d:3e)
  1284. Address: HewlettP_f4:5d:3e (78:e7:d1:f4:5d:3e)
  1285. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  1286. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  1287. Type: ARP (0x0806)
  1288. Padding: 000000000000000000000000000000000000
  1289. Address Resolution Protocol (request)
  1290.  
  1291. No. Time Source Destination Protocol Length Info
  1292. 23 19.379106 AsrockIn_d4:b5:89 Broadcast ARP 60 Who has 10.0.6.77? Tell 10.0.6.110
  1293.  
  1294. Frame 23: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
  1295. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  1296. Encapsulation type: Ethernet (1)
  1297. Arrival Time: Sep 16, 2019 10:59:50.116645000 ora legale Europa occidentale
  1298. [Time shift for this packet: 0.000000000 seconds]
  1299. Epoch Time: 1568624390.116645000 seconds
  1300. [Time delta from previous captured frame: 0.000000000 seconds]
  1301. [Time delta from previous displayed frame: 0.000000000 seconds]
  1302. [Time since reference or first frame: 19.379106000 seconds]
  1303. Frame Number: 23
  1304. Frame Length: 60 bytes (480 bits)
  1305. Capture Length: 60 bytes (480 bits)
  1306. [Frame is marked: False]
  1307. [Frame is ignored: False]
  1308. [Protocols in frame: eth:ethertype:arp]
  1309. [Coloring Rule Name: ARP]
  1310. [Coloring Rule String: arp]
  1311. Ethernet II, Src: AsrockIn_d4:b5:89 (00:25:22:d4:b5:89), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
  1312. Destination: Broadcast (ff:ff:ff:ff:ff:ff)
  1313. Address: Broadcast (ff:ff:ff:ff:ff:ff)
  1314. .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
  1315. .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
  1316. Source: AsrockIn_d4:b5:89 (00:25:22:d4:b5:89)
  1317. Address: AsrockIn_d4:b5:89 (00:25:22:d4:b5:89)
  1318. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  1319. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  1320. Type: ARP (0x0806)
  1321. Padding: 000000000000000000000000000000000000
  1322. Address Resolution Protocol (request)
  1323.  
  1324. No. Time Source Destination Protocol Length Info
  1325. 24 20.129927 10.0.1.37 10.0.6.77 TCP 73 [TCP Retransmission] 59483 → 3389 [PSH, ACK] Seq=1 Ack=1 Win=65700 Len=19
  1326.  
  1327. Frame 24: 73 bytes on wire (584 bits), 73 bytes captured (584 bits) on interface 0
  1328. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  1329. Encapsulation type: Ethernet (1)
  1330. Arrival Time: Sep 16, 2019 10:59:50.867466000 ora legale Europa occidentale
  1331. [Time shift for this packet: 0.000000000 seconds]
  1332. Epoch Time: 1568624390.867466000 seconds
  1333. [Time delta from previous captured frame: 0.750821000 seconds]
  1334. [Time delta from previous displayed frame: 0.750821000 seconds]
  1335. [Time since reference or first frame: 20.129927000 seconds]
  1336. Frame Number: 24
  1337. Frame Length: 73 bytes (584 bits)
  1338. Capture Length: 73 bytes (584 bits)
  1339. [Frame is marked: False]
  1340. [Frame is ignored: False]
  1341. [Protocols in frame: eth:ethertype:ip:tcp]
  1342. [Coloring Rule Name: Bad TCP]
  1343. [Coloring Rule String: tcp.analysis.flags && !tcp.analysis.window_update]
  1344. Ethernet II, Src: HewlettP_33:67:b9 (34:64:a9:33:67:b9), Dst: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  1345. Destination: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  1346. Address: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  1347. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  1348. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  1349. Source: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  1350. Address: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  1351. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  1352. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  1353. Type: IPv4 (0x0800)
  1354. Internet Protocol Version 4, Src: 10.0.1.37, Dst: 10.0.6.77
  1355. 0100 .... = Version: 4
  1356. .... 0101 = Header Length: 20 bytes (5)
  1357. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  1358. Total Length: 59
  1359. Identification: 0x5cd7 (23767)
  1360. Flags: 0x02 (Don't Fragment)
  1361. Fragment offset: 0
  1362. Time to live: 128
  1363. Protocol: TCP (6)
  1364. Header checksum: 0x8274 [validation disabled]
  1365. [Header checksum status: Unverified]
  1366. Source: 10.0.1.37
  1367. Destination: 10.0.6.77
  1368. [Source GeoIP: Unknown]
  1369. [Destination GeoIP: Unknown]
  1370. Transmission Control Protocol, Src Port: 59483, Dst Port: 3389, Seq: 1, Ack: 1, Len: 19
  1371. Source Port: 59483
  1372. Destination Port: 3389
  1373. [Stream index: 0]
  1374. [TCP Segment Len: 19]
  1375. Sequence number: 1 (relative sequence number)
  1376. [Next sequence number: 20 (relative sequence number)]
  1377. Acknowledgment number: 1 (relative ack number)
  1378. 0101 .... = Header Length: 20 bytes (5)
  1379. Flags: 0x018 (PSH, ACK)
  1380. Window size value: 16425
  1381. [Calculated window size: 65700]
  1382. [Window size scaling factor: 4]
  1383. Checksum: 0x89d2 [unverified]
  1384. [Checksum Status: Unverified]
  1385. Urgent pointer: 0
  1386. [SEQ/ACK analysis]
  1387. TCP payload (19 bytes)
  1388. Retransmitted TCP segment data (19 bytes)
  1389.  
  1390. No. Time Source Destination Protocol Length Info
  1391. 25 29.729849 10.0.1.37 10.0.6.77 TCP 54 59483 → 3389 [RST, ACK] Seq=20 Ack=1 Win=0 Len=0
  1392.  
  1393. Frame 25: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
  1394. Interface id: 0 (\Device\NPF_{7090D055-6B2E-4FE4-A7B9-143396B04256})
  1395. Encapsulation type: Ethernet (1)
  1396. Arrival Time: Sep 16, 2019 11:00:00.467388000 ora legale Europa occidentale
  1397. [Time shift for this packet: 0.000000000 seconds]
  1398. Epoch Time: 1568624400.467388000 seconds
  1399. [Time delta from previous captured frame: 9.599922000 seconds]
  1400. [Time delta from previous displayed frame: 9.599922000 seconds]
  1401. [Time since reference or first frame: 29.729849000 seconds]
  1402. Frame Number: 25
  1403. Frame Length: 54 bytes (432 bits)
  1404. Capture Length: 54 bytes (432 bits)
  1405. [Frame is marked: False]
  1406. [Frame is ignored: False]
  1407. [Protocols in frame: eth:ethertype:ip:tcp]
  1408. [Coloring Rule Name: TCP RST]
  1409. [Coloring Rule String: tcp.flags.reset eq 1]
  1410. Ethernet II, Src: HewlettP_33:67:b9 (34:64:a9:33:67:b9), Dst: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  1411. Destination: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  1412. Address: Vmware_cd:fe:b2 (00:0c:29:cd:fe:b2)
  1413. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  1414. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  1415. Source: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  1416. Address: HewlettP_33:67:b9 (34:64:a9:33:67:b9)
  1417. .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  1418. .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  1419. Type: IPv4 (0x0800)
  1420. Internet Protocol Version 4, Src: 10.0.1.37, Dst: 10.0.6.77
  1421. 0100 .... = Version: 4
  1422. .... 0101 = Header Length: 20 bytes (5)
  1423. Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
  1424. Total Length: 40
  1425. Identification: 0x5cf8 (23800)
  1426. Flags: 0x02 (Don't Fragment)
  1427. Fragment offset: 0
  1428. Time to live: 128
  1429. Protocol: TCP (6)
  1430. Header checksum: 0x8266 [validation disabled]
  1431. [Header checksum status: Unverified]
  1432. Source: 10.0.1.37
  1433. Destination: 10.0.6.77
  1434. [Source GeoIP: Unknown]
  1435. [Destination GeoIP: Unknown]
  1436. Transmission Control Protocol, Src Port: 59483, Dst Port: 3389, Seq: 20, Ack: 1, Len: 0
  1437. Source Port: 59483
  1438. Destination Port: 3389
  1439. [Stream index: 0]
  1440. [TCP Segment Len: 0]
  1441. Sequence number: 20 (relative sequence number)
  1442. Acknowledgment number: 1 (relative ack number)
  1443. 0101 .... = Header Length: 20 bytes (5)
  1444. Flags: 0x014 (RST, ACK)
  1445. Window size value: 0
  1446. [Calculated window size: 0]
  1447. [Window size scaling factor: 4]
  1448. Checksum: 0xdbfe [unverified]
  1449. [Checksum Status: Unverified]
  1450. Urgent pointer: 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!