Ticket #10624: cute-ftp-no-problem.txt

File cute-ftp-no-problem.txt, 213.3 KB (added by difazio, 6 years ago)

wire shark text output of cuteftp working same environment

Line 
1No. Time Source Destination Protocol Length Info
2 3137 30.833312000 10.241.212.151 10.241.209.195 TCP 66 34549 > ftp [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
3
4Frame 3137: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
5 Interface id: 0
6 Encapsulation type: Ethernet (1)
7 Arrival Time: Aug 17, 2015 08:01:10.533615000 Eastern Daylight Time
8 [Time shift for this packet: 0.000000000 seconds]
9 Epoch Time: 1439812870.533615000 seconds
10 [Time delta from previous captured frame: 0.005786000 seconds]
11 [Time delta from previous displayed frame: 0.000000000 seconds]
12 [Time since reference or first frame: 30.833312000 seconds]
13 Frame Number: 3137
14 Frame Length: 66 bytes (528 bits)
15 Capture Length: 66 bytes (528 bits)
16 [Frame is marked: False]
17 [Frame is ignored: False]
18 [Protocols in frame: eth:ip:tcp]
19 [Coloring Rule Name: Checksum Errors]
20 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
21Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
22 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
23 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
24 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
25 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
26 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
27 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
28 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
29 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
30 Type: IP (0x0800)
31Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
32 Version: 4
33 Header length: 20 bytes
34 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
35 0000 00.. = Differentiated Services Codepoint: Default (0x00)
36 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
37 Total Length: 52
38 Identification: 0x0890 (2192)
39 Flags: 0x02 (Don't Fragment)
40 0... .... = Reserved bit: Not set
41 .1.. .... = Don't fragment: Set
42 ..0. .... = More fragments: Not set
43 Fragment offset: 0
44 Time to live: 128
45 Protocol: TCP (6)
46 Header checksum: 0x0000 [incorrect, should be 0x35f7 (may be caused by "IP checksum offload"?)]
47 [Good: False]
48 [Bad: True]
49 [Expert Info (Error/Checksum): Bad checksum]
50 [Message: Bad checksum]
51 [Severity level: Error]
52 [Group: Checksum]
53 Source: 10.241.212.151 (10.241.212.151)
54 Destination: 10.241.209.195 (10.241.209.195)
55 [Source GeoIP: Unknown]
56 [Destination GeoIP: Unknown]
57Transmission Control Protocol, Src Port: 34549 (34549), Dst Port: ftp (21), Seq: 0, Len: 0
58 Source port: 34549 (34549)
59 Destination port: ftp (21)
60 [Stream index: 16]
61 Sequence number: 0 (relative sequence number)
62 Header length: 32 bytes
63 Flags: 0x002 (SYN)
64 000. .... .... = Reserved: Not set
65 ...0 .... .... = Nonce: Not set
66 .... 0... .... = Congestion Window Reduced (CWR): Not set
67 .... .0.. .... = ECN-Echo: Not set
68 .... ..0. .... = Urgent: Not set
69 .... ...0 .... = Acknowledgment: Not set
70 .... .... 0... = Push: Not set
71 .... .... .0.. = Reset: Not set
72 .... .... ..1. = Syn: Set
73 [Expert Info (Chat/Sequence): Connection establish request (SYN): server port ftp]
74 [Message: Connection establish request (SYN): server port ftp]
75 [Severity level: Chat]
76 [Group: Sequence]
77 .... .... ...0 = Fin: Not set
78 Window size value: 8192
79 [Calculated window size: 8192]
80 Checksum: 0xbc63 [validation disabled]
81 [Good Checksum: False]
82 [Bad Checksum: False]
83 Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
84 Maximum segment size: 1460 bytes
85 Kind: MSS size (2)
86 Length: 4
87 MSS Value: 1460
88 No-Operation (NOP)
89 Type: 1
90 0... .... = Copy on fragmentation: No
91 .00. .... = Class: Control (0)
92 ...0 0001 = Number: No-Operation (NOP) (1)
93 Window scale: 2 (multiply by 4)
94 Kind: Window Scale (3)
95 Length: 3
96 Shift count: 2
97 [Multiplier: 4]
98 No-Operation (NOP)
99 Type: 1
100 0... .... = Copy on fragmentation: No
101 .00. .... = Class: Control (0)
102 ...0 0001 = Number: No-Operation (NOP) (1)
103 No-Operation (NOP)
104 Type: 1
105 0... .... = Copy on fragmentation: No
106 .00. .... = Class: Control (0)
107 ...0 0001 = Number: No-Operation (NOP) (1)
108 TCP SACK Permitted Option: True
109 Kind: SACK Permission (4)
110 Length: 2
111
1120000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
1130010 00 34 08 90 40 00 80 06 00 00 0a f1 d4 97 0a f1 .4..@...........
1140020 d1 c3 86 f5 00 15 fc d5 9d 41 00 00 00 00 80 02 .........A......
1150030 20 00 bc 63 00 00 02 04 05 b4 01 03 03 02 01 01 ..c............
1160040 04 02 ..
117
118No. Time Source Destination Protocol Length Info
119 3138 30.833887000 10.241.209.195 10.241.212.151 TCP 60 ftp > 34549 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
120
121Frame 3138: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
122 Interface id: 0
123 Encapsulation type: Ethernet (1)
124 Arrival Time: Aug 17, 2015 08:01:10.534190000 Eastern Daylight Time
125 [Time shift for this packet: 0.000000000 seconds]
126 Epoch Time: 1439812870.534190000 seconds
127 [Time delta from previous captured frame: 0.000575000 seconds]
128 [Time delta from previous displayed frame: 0.000575000 seconds]
129 [Time since reference or first frame: 30.833887000 seconds]
130 Frame Number: 3138
131 Frame Length: 60 bytes (480 bits)
132 Capture Length: 60 bytes (480 bits)
133 [Frame is marked: False]
134 [Frame is ignored: False]
135 [Protocols in frame: eth:ip:tcp]
136 [Coloring Rule Name: TCP SYN/FIN]
137 [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
138Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
139 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
140 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
141 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
142 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
143 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
144 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
145 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
146 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
147 Type: IP (0x0800)
148 Padding: 0000
149Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
150 Version: 4
151 Header length: 20 bytes
152 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
153 0000 00.. = Differentiated Services Codepoint: Default (0x00)
154 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
155 Total Length: 44
156 Identification: 0xe3b3 (58291)
157 Flags: 0x02 (Don't Fragment)
158 0... .... = Reserved bit: Not set
159 .1.. .... = Don't fragment: Set
160 ..0. .... = More fragments: Not set
161 Fragment offset: 0
162 Time to live: 59
163 Protocol: TCP (6)
164 Header checksum: 0x9fdb [correct]
165 [Good: True]
166 [Bad: False]
167 Source: 10.241.209.195 (10.241.209.195)
168 Destination: 10.241.212.151 (10.241.212.151)
169 [Source GeoIP: Unknown]
170 [Destination GeoIP: Unknown]
171Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34549 (34549), Seq: 0, Ack: 1, Len: 0
172 Source port: ftp (21)
173 Destination port: 34549 (34549)
174 [Stream index: 16]
175 Sequence number: 0 (relative sequence number)
176 Acknowledgment number: 1 (relative ack number)
177 Header length: 24 bytes
178 Flags: 0x012 (SYN, ACK)
179 000. .... .... = Reserved: Not set
180 ...0 .... .... = Nonce: Not set
181 .... 0... .... = Congestion Window Reduced (CWR): Not set
182 .... .0.. .... = ECN-Echo: Not set
183 .... ..0. .... = Urgent: Not set
184 .... ...1 .... = Acknowledgment: Set
185 .... .... 0... = Push: Not set
186 .... .... .0.. = Reset: Not set
187 .... .... ..1. = Syn: Set
188 [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port ftp]
189 [Message: Connection establish acknowledge (SYN+ACK): server port ftp]
190 [Severity level: Chat]
191 [Group: Sequence]
192 .... .... ...0 = Fin: Not set
193 Window size value: 65535
194 [Calculated window size: 65535]
195 Checksum: 0x533d [validation disabled]
196 [Good Checksum: False]
197 [Bad Checksum: False]
198 Options: (4 bytes), Maximum segment size
199 Maximum segment size: 1460 bytes
200 Kind: MSS size (2)
201 Length: 4
202 MSS Value: 1460
203 [SEQ/ACK analysis]
204 [This is an ACK to the segment in frame: 3137]
205 [The RTT to ACK the segment was: 0.000575000 seconds]
206
2070000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 00 .6.A.f.#......E.
2080010 00 2c e3 b3 40 00 3b 06 9f db 0a f1 d1 c3 0a f1 .,..@.;.........
2090020 d4 97 00 15 86 f5 7c 61 eb 17 fc d5 9d 42 60 12 ......|a.....B`.
2100030 ff ff 53 3d 00 00 02 04 05 b4 00 00 ..S=........
211
212No. Time Source Destination Protocol Length Info
213 3139 30.833918000 10.241.212.151 10.241.209.195 TCP 54 34549 > ftp [ACK] Seq=1 Ack=1 Win=64240 Len=0
214
215Frame 3139: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
216 Interface id: 0
217 Encapsulation type: Ethernet (1)
218 Arrival Time: Aug 17, 2015 08:01:10.534221000 Eastern Daylight Time
219 [Time shift for this packet: 0.000000000 seconds]
220 Epoch Time: 1439812870.534221000 seconds
221 [Time delta from previous captured frame: 0.000031000 seconds]
222 [Time delta from previous displayed frame: 0.000031000 seconds]
223 [Time since reference or first frame: 30.833918000 seconds]
224 Frame Number: 3139
225 Frame Length: 54 bytes (432 bits)
226 Capture Length: 54 bytes (432 bits)
227 [Frame is marked: False]
228 [Frame is ignored: False]
229 [Protocols in frame: eth:ip:tcp]
230 [Coloring Rule Name: Checksum Errors]
231 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
232Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
233 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
234 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
235 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
236 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
237 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
238 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
239 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
240 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
241 Type: IP (0x0800)
242Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
243 Version: 4
244 Header length: 20 bytes
245 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
246 0000 00.. = Differentiated Services Codepoint: Default (0x00)
247 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
248 Total Length: 40
249 Identification: 0x0891 (2193)
250 Flags: 0x02 (Don't Fragment)
251 0... .... = Reserved bit: Not set
252 .1.. .... = Don't fragment: Set
253 ..0. .... = More fragments: Not set
254 Fragment offset: 0
255 Time to live: 128
256 Protocol: TCP (6)
257 Header checksum: 0x0000 [incorrect, should be 0x3602 (may be caused by "IP checksum offload"?)]
258 [Good: False]
259 [Bad: True]
260 [Expert Info (Error/Checksum): Bad checksum]
261 [Message: Bad checksum]
262 [Severity level: Error]
263 [Group: Checksum]
264 Source: 10.241.212.151 (10.241.212.151)
265 Destination: 10.241.209.195 (10.241.209.195)
266 [Source GeoIP: Unknown]
267 [Destination GeoIP: Unknown]
268Transmission Control Protocol, Src Port: 34549 (34549), Dst Port: ftp (21), Seq: 1, Ack: 1, Len: 0
269 Source port: 34549 (34549)
270 Destination port: ftp (21)
271 [Stream index: 16]
272 Sequence number: 1 (relative sequence number)
273 Acknowledgment number: 1 (relative ack number)
274 Header length: 20 bytes
275 Flags: 0x010 (ACK)
276 000. .... .... = Reserved: Not set
277 ...0 .... .... = Nonce: Not set
278 .... 0... .... = Congestion Window Reduced (CWR): Not set
279 .... .0.. .... = ECN-Echo: Not set
280 .... ..0. .... = Urgent: Not set
281 .... ...1 .... = Acknowledgment: Set
282 .... .... 0... = Push: Not set
283 .... .... .0.. = Reset: Not set
284 .... .... ..0. = Syn: Not set
285 .... .... ...0 = Fin: Not set
286 Window size value: 64240
287 [Calculated window size: 64240]
288 [Window size scaling factor: -2 (no window scaling used)]
289 Checksum: 0xbc57 [validation disabled]
290 [Good Checksum: False]
291 [Bad Checksum: False]
292 [SEQ/ACK analysis]
293 [This is an ACK to the segment in frame: 3138]
294 [The RTT to ACK the segment was: 0.000031000 seconds]
295
2960000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
2970010 00 28 08 91 40 00 80 06 00 00 0a f1 d4 97 0a f1 .(..@...........
2980020 d1 c3 86 f5 00 15 fc d5 9d 42 7c 61 eb 18 50 10 .........B|a..P.
2990030 fa f0 bc 57 00 00 ...W..
300
301No. Time Source Destination Protocol Length Info
302 3140 30.845730000 10.241.209.195 10.241.212.151 FTP 125 Response: 220 bono FTP server (Version 4.2 Thu Apr 17 02:03:14 CDT 2008) ready.
303
304Frame 3140: 125 bytes on wire (1000 bits), 125 bytes captured (1000 bits) on interface 0
305 Interface id: 0
306 Encapsulation type: Ethernet (1)
307 Arrival Time: Aug 17, 2015 08:01:10.546033000 Eastern Daylight Time
308 [Time shift for this packet: 0.000000000 seconds]
309 Epoch Time: 1439812870.546033000 seconds
310 [Time delta from previous captured frame: 0.011812000 seconds]
311 [Time delta from previous displayed frame: 0.011812000 seconds]
312 [Time since reference or first frame: 30.845730000 seconds]
313 Frame Number: 3140
314 Frame Length: 125 bytes (1000 bits)
315 Capture Length: 125 bytes (1000 bits)
316 [Frame is marked: False]
317 [Frame is ignored: False]
318 [Protocols in frame: eth:ip:tcp:ftp]
319 [Coloring Rule Name: TCP]
320 [Coloring Rule String: tcp]
321Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
322 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
323 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
324 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
325 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
326 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
327 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
328 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
329 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
330 Type: IP (0x0800)
331Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
332 Version: 4
333 Header length: 20 bytes
334 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
335 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
336 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
337 Total Length: 111
338 Identification: 0xe3b5 (58293)
339 Flags: 0x02 (Don't Fragment)
340 0... .... = Reserved bit: Not set
341 .1.. .... = Don't fragment: Set
342 ..0. .... = More fragments: Not set
343 Fragment offset: 0
344 Time to live: 59
345 Protocol: TCP (6)
346 Header checksum: 0x9f86 [correct]
347 [Good: True]
348 [Bad: False]
349 Source: 10.241.209.195 (10.241.209.195)
350 Destination: 10.241.212.151 (10.241.212.151)
351 [Source GeoIP: Unknown]
352 [Destination GeoIP: Unknown]
353Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34549 (34549), Seq: 1, Ack: 1, Len: 71
354 Source port: ftp (21)
355 Destination port: 34549 (34549)
356 [Stream index: 16]
357 Sequence number: 1 (relative sequence number)
358 [Next sequence number: 72 (relative sequence number)]
359 Acknowledgment number: 1 (relative ack number)
360 Header length: 20 bytes
361 Flags: 0x018 (PSH, ACK)
362 000. .... .... = Reserved: Not set
363 ...0 .... .... = Nonce: Not set
364 .... 0... .... = Congestion Window Reduced (CWR): Not set
365 .... .0.. .... = ECN-Echo: Not set
366 .... ..0. .... = Urgent: Not set
367 .... ...1 .... = Acknowledgment: Set
368 .... .... 1... = Push: Set
369 .... .... .0.. = Reset: Not set
370 .... .... ..0. = Syn: Not set
371 .... .... ...0 = Fin: Not set
372 Window size value: 65535
373 [Calculated window size: 65535]
374 [Window size scaling factor: -2 (no window scaling used)]
375 Checksum: 0x4655 [validation disabled]
376 [Good Checksum: False]
377 [Bad Checksum: False]
378 [SEQ/ACK analysis]
379 [Bytes in flight: 71]
380File Transfer Protocol (FTP)
381 220 bono FTP server (Version 4.2 Thu Apr 17 02:03:14 CDT 2008) ready.\r\n
382 Response code: Service ready for new user (220)
383 Response arg: bono FTP server (Version 4.2 Thu Apr 17 02:03:14 CDT 2008) ready.
384
3850000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
3860010 00 6f e3 b5 40 00 3b 06 9f 86 0a f1 d1 c3 0a f1 .o..@.;.........
3870020 d4 97 00 15 86 f5 7c 61 eb 18 fc d5 9d 42 50 18 ......|a.....BP.
3880030 ff ff 46 55 00 00 32 32 30 20 62 6f 6e 6f 20 46 ..FU..220 bono F
3890040 54 50 20 73 65 72 76 65 72 20 28 56 65 72 73 69 TP server (Versi
3900050 6f 6e 20 34 2e 32 20 54 68 75 20 41 70 72 20 31 on 4.2 Thu Apr 1
3910060 37 20 30 32 3a 30 33 3a 31 34 20 43 44 54 20 32 7 02:03:14 CDT 2
3920070 30 30 38 29 20 72 65 61 64 79 2e 0d 0a 008) ready...
393
394No. Time Source Destination Protocol Length Info
395 3141 30.846224000 10.241.212.151 10.241.209.195 FTP 65 Request: USER root
396
397Frame 3141: 65 bytes on wire (520 bits), 65 bytes captured (520 bits) on interface 0
398 Interface id: 0
399 Encapsulation type: Ethernet (1)
400 Arrival Time: Aug 17, 2015 08:01:10.546527000 Eastern Daylight Time
401 [Time shift for this packet: 0.000000000 seconds]
402 Epoch Time: 1439812870.546527000 seconds
403 [Time delta from previous captured frame: 0.000494000 seconds]
404 [Time delta from previous displayed frame: 0.000494000 seconds]
405 [Time since reference or first frame: 30.846224000 seconds]
406 Frame Number: 3141
407 Frame Length: 65 bytes (520 bits)
408 Capture Length: 65 bytes (520 bits)
409 [Frame is marked: False]
410 [Frame is ignored: False]
411 [Protocols in frame: eth:ip:tcp:ftp]
412 [Coloring Rule Name: Checksum Errors]
413 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
414Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
415 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
416 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
417 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
418 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
419 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
420 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
421 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
422 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
423 Type: IP (0x0800)
424Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
425 Version: 4
426 Header length: 20 bytes
427 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
428 0000 00.. = Differentiated Services Codepoint: Default (0x00)
429 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
430 Total Length: 51
431 Identification: 0x0892 (2194)
432 Flags: 0x02 (Don't Fragment)
433 0... .... = Reserved bit: Not set
434 .1.. .... = Don't fragment: Set
435 ..0. .... = More fragments: Not set
436 Fragment offset: 0
437 Time to live: 128
438 Protocol: TCP (6)
439 Header checksum: 0x0000 [incorrect, should be 0x35f6 (may be caused by "IP checksum offload"?)]
440 [Good: False]
441 [Bad: True]
442 [Expert Info (Error/Checksum): Bad checksum]
443 [Message: Bad checksum]
444 [Severity level: Error]
445 [Group: Checksum]
446 Source: 10.241.212.151 (10.241.212.151)
447 Destination: 10.241.209.195 (10.241.209.195)
448 [Source GeoIP: Unknown]
449 [Destination GeoIP: Unknown]
450Transmission Control Protocol, Src Port: 34549 (34549), Dst Port: ftp (21), Seq: 1, Ack: 72, Len: 11
451 Source port: 34549 (34549)
452 Destination port: ftp (21)
453 [Stream index: 16]
454 Sequence number: 1 (relative sequence number)
455 [Next sequence number: 12 (relative sequence number)]
456 Acknowledgment number: 72 (relative ack number)
457 Header length: 20 bytes
458 Flags: 0x018 (PSH, ACK)
459 000. .... .... = Reserved: Not set
460 ...0 .... .... = Nonce: Not set
461 .... 0... .... = Congestion Window Reduced (CWR): Not set
462 .... .0.. .... = ECN-Echo: Not set
463 .... ..0. .... = Urgent: Not set
464 .... ...1 .... = Acknowledgment: Set
465 .... .... 1... = Push: Set
466 .... .... .0.. = Reset: Not set
467 .... .... ..0. = Syn: Not set
468 .... .... ...0 = Fin: Not set
469 Window size value: 64169
470 [Calculated window size: 64169]
471 [Window size scaling factor: -2 (no window scaling used)]
472 Checksum: 0xbc62 [validation disabled]
473 [Good Checksum: False]
474 [Bad Checksum: False]
475 [SEQ/ACK analysis]
476 [This is an ACK to the segment in frame: 3140]
477 [The RTT to ACK the segment was: 0.000494000 seconds]
478 [Bytes in flight: 11]
479File Transfer Protocol (FTP)
480 USER root\r\n
481 Request command: USER
482 Request arg: root
483
4840000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
4850010 00 33 08 92 40 00 80 06 00 00 0a f1 d4 97 0a f1 .3..@...........
4860020 d1 c3 86 f5 00 15 fc d5 9d 42 7c 61 eb 5f 50 18 .........B|a._P.
4870030 fa a9 bc 62 00 00 55 53 45 52 20 72 6f 6f 74 0d ...b..USER root.
4880040 0a .
489
490No. Time Source Destination Protocol Length Info
491 3142 30.850371000 10.241.209.195 10.241.212.151 FTP 87 Response: 331 Password required for root.
492
493Frame 3142: 87 bytes on wire (696 bits), 87 bytes captured (696 bits) on interface 0
494 Interface id: 0
495 Encapsulation type: Ethernet (1)
496 Arrival Time: Aug 17, 2015 08:01:10.550674000 Eastern Daylight Time
497 [Time shift for this packet: 0.000000000 seconds]
498 Epoch Time: 1439812870.550674000 seconds
499 [Time delta from previous captured frame: 0.004147000 seconds]
500 [Time delta from previous displayed frame: 0.004147000 seconds]
501 [Time since reference or first frame: 30.850371000 seconds]
502 Frame Number: 3142
503 Frame Length: 87 bytes (696 bits)
504 Capture Length: 87 bytes (696 bits)
505 [Frame is marked: False]
506 [Frame is ignored: False]
507 [Protocols in frame: eth:ip:tcp:ftp]
508 [Coloring Rule Name: TCP]
509 [Coloring Rule String: tcp]
510Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
511 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
512 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
513 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
514 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
515 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
516 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
517 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
518 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
519 Type: IP (0x0800)
520Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
521 Version: 4
522 Header length: 20 bytes
523 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
524 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
525 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
526 Total Length: 73
527 Identification: 0xe3b6 (58294)
528 Flags: 0x02 (Don't Fragment)
529 0... .... = Reserved bit: Not set
530 .1.. .... = Don't fragment: Set
531 ..0. .... = More fragments: Not set
532 Fragment offset: 0
533 Time to live: 59
534 Protocol: TCP (6)
535 Header checksum: 0x9fab [correct]
536 [Good: True]
537 [Bad: False]
538 Source: 10.241.209.195 (10.241.209.195)
539 Destination: 10.241.212.151 (10.241.212.151)
540 [Source GeoIP: Unknown]
541 [Destination GeoIP: Unknown]
542Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34549 (34549), Seq: 72, Ack: 12, Len: 33
543 Source port: ftp (21)
544 Destination port: 34549 (34549)
545 [Stream index: 16]
546 Sequence number: 72 (relative sequence number)
547 [Next sequence number: 105 (relative sequence number)]
548 Acknowledgment number: 12 (relative ack number)
549 Header length: 20 bytes
550 Flags: 0x018 (PSH, ACK)
551 000. .... .... = Reserved: Not set
552 ...0 .... .... = Nonce: Not set
553 .... 0... .... = Congestion Window Reduced (CWR): Not set
554 .... .0.. .... = ECN-Echo: Not set
555 .... ..0. .... = Urgent: Not set
556 .... ...1 .... = Acknowledgment: Set
557 .... .... 1... = Push: Set
558 .... .... .0.. = Reset: Not set
559 .... .... ..0. = Syn: Not set
560 .... .... ...0 = Fin: Not set
561 Window size value: 65535
562 [Calculated window size: 65535]
563 [Window size scaling factor: -2 (no window scaling used)]
564 Checksum: 0x942f [validation disabled]
565 [Good Checksum: False]
566 [Bad Checksum: False]
567 [SEQ/ACK analysis]
568 [This is an ACK to the segment in frame: 3141]
569 [The RTT to ACK the segment was: 0.004147000 seconds]
570 [Bytes in flight: 33]
571File Transfer Protocol (FTP)
572 331 Password required for root.\r\n
573 Response code: User name okay, need password (331)
574 Response arg: Password required for root.
575
5760000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
5770010 00 49 e3 b6 40 00 3b 06 9f ab 0a f1 d1 c3 0a f1 .I..@.;.........
5780020 d4 97 00 15 86 f5 7c 61 eb 5f fc d5 9d 4d 50 18 ......|a._...MP.
5790030 ff ff 94 2f 00 00 33 33 31 20 50 61 73 73 77 6f .../..331 Passwo
5800040 72 64 20 72 65 71 75 69 72 65 64 20 66 6f 72 20 rd required for
5810050 72 6f 6f 74 2e 0d 0a root...
582
583No. Time Source Destination Protocol Length Info
584 3143 30.850569000 10.241.212.151 10.241.209.195 FTP 67 Request: PASS cx2000
585
586Frame 3143: 67 bytes on wire (536 bits), 67 bytes captured (536 bits) on interface 0
587 Interface id: 0
588 Encapsulation type: Ethernet (1)
589 Arrival Time: Aug 17, 2015 08:01:10.550872000 Eastern Daylight Time
590 [Time shift for this packet: 0.000000000 seconds]
591 Epoch Time: 1439812870.550872000 seconds
592 [Time delta from previous captured frame: 0.000198000 seconds]
593 [Time delta from previous displayed frame: 0.000198000 seconds]
594 [Time since reference or first frame: 30.850569000 seconds]
595 Frame Number: 3143
596 Frame Length: 67 bytes (536 bits)
597 Capture Length: 67 bytes (536 bits)
598 [Frame is marked: False]
599 [Frame is ignored: False]
600 [Protocols in frame: eth:ip:tcp:ftp]
601 [Coloring Rule Name: Checksum Errors]
602 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
603Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
604 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
605 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
606 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
607 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
608 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
609 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
610 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
611 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
612 Type: IP (0x0800)
613Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
614 Version: 4
615 Header length: 20 bytes
616 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
617 0000 00.. = Differentiated Services Codepoint: Default (0x00)
618 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
619 Total Length: 53
620 Identification: 0x0893 (2195)
621 Flags: 0x02 (Don't Fragment)
622 0... .... = Reserved bit: Not set
623 .1.. .... = Don't fragment: Set
624 ..0. .... = More fragments: Not set
625 Fragment offset: 0
626 Time to live: 128
627 Protocol: TCP (6)
628 Header checksum: 0x0000 [incorrect, should be 0x35f3 (may be caused by "IP checksum offload"?)]
629 [Good: False]
630 [Bad: True]
631 [Expert Info (Error/Checksum): Bad checksum]
632 [Message: Bad checksum]
633 [Severity level: Error]
634 [Group: Checksum]
635 Source: 10.241.212.151 (10.241.212.151)
636 Destination: 10.241.209.195 (10.241.209.195)
637 [Source GeoIP: Unknown]
638 [Destination GeoIP: Unknown]
639Transmission Control Protocol, Src Port: 34549 (34549), Dst Port: ftp (21), Seq: 12, Ack: 105, Len: 13
640 Source port: 34549 (34549)
641 Destination port: ftp (21)
642 [Stream index: 16]
643 Sequence number: 12 (relative sequence number)
644 [Next sequence number: 25 (relative sequence number)]
645 Acknowledgment number: 105 (relative ack number)
646 Header length: 20 bytes
647 Flags: 0x018 (PSH, ACK)
648 000. .... .... = Reserved: Not set
649 ...0 .... .... = Nonce: Not set
650 .... 0... .... = Congestion Window Reduced (CWR): Not set
651 .... .0.. .... = ECN-Echo: Not set
652 .... ..0. .... = Urgent: Not set
653 .... ...1 .... = Acknowledgment: Set
654 .... .... 1... = Push: Set
655 .... .... .0.. = Reset: Not set
656 .... .... ..0. = Syn: Not set
657 .... .... ...0 = Fin: Not set
658 Window size value: 64136
659 [Calculated window size: 64136]
660 [Window size scaling factor: -2 (no window scaling used)]
661 Checksum: 0xbc64 [validation disabled]
662 [Good Checksum: False]
663 [Bad Checksum: False]
664 [SEQ/ACK analysis]
665 [This is an ACK to the segment in frame: 3142]
666 [The RTT to ACK the segment was: 0.000198000 seconds]
667 [Bytes in flight: 13]
668File Transfer Protocol (FTP)
669 PASS cx2000\r\n
670 Request command: PASS
671 Request arg: cx2000
672
6730000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
6740010 00 35 08 93 40 00 80 06 00 00 0a f1 d4 97 0a f1 .5..@...........
6750020 d1 c3 86 f5 00 15 fc d5 9d 4d 7c 61 eb 80 50 18 .........M|a..P.
6760030 fa 88 bc 64 00 00 50 41 53 53 20 63 78 32 30 30 ...d..PASS cx200
6770040 30 0d 0a 0..
678
679No. Time Source Destination Protocol Length Info
680 3144 30.851388000 10.241.209.195 10.241.212.151 TCP 60 ftp > 34549 [ACK] Seq=105 Ack=25 Win=65535 Len=0
681
682Frame 3144: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
683 Interface id: 0
684 Encapsulation type: Ethernet (1)
685 Arrival Time: Aug 17, 2015 08:01:10.551691000 Eastern Daylight Time
686 [Time shift for this packet: 0.000000000 seconds]
687 Epoch Time: 1439812870.551691000 seconds
688 [Time delta from previous captured frame: 0.000819000 seconds]
689 [Time delta from previous displayed frame: 0.000819000 seconds]
690 [Time since reference or first frame: 30.851388000 seconds]
691 Frame Number: 3144
692 Frame Length: 60 bytes (480 bits)
693 Capture Length: 60 bytes (480 bits)
694 [Frame is marked: False]
695 [Frame is ignored: False]
696 [Protocols in frame: eth:ip:tcp]
697 [Coloring Rule Name: TCP]
698 [Coloring Rule String: tcp]
699Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
700 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
701 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
702 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
703 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
704 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
705 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
706 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
707 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
708 Type: IP (0x0800)
709 Padding: 000000000000
710Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
711 Version: 4
712 Header length: 20 bytes
713 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
714 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
715 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
716 Total Length: 40
717 Identification: 0xe3b7 (58295)
718 Flags: 0x02 (Don't Fragment)
719 0... .... = Reserved bit: Not set
720 .1.. .... = Don't fragment: Set
721 ..0. .... = More fragments: Not set
722 Fragment offset: 0
723 Time to live: 59
724 Protocol: TCP (6)
725 Header checksum: 0x9fcb [correct]
726 [Good: True]
727 [Bad: False]
728 Source: 10.241.209.195 (10.241.209.195)
729 Destination: 10.241.212.151 (10.241.212.151)
730 [Source GeoIP: Unknown]
731 [Destination GeoIP: Unknown]
732Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34549 (34549), Seq: 105, Ack: 25, Len: 0
733 Source port: ftp (21)
734 Destination port: 34549 (34549)
735 [Stream index: 16]
736 Sequence number: 105 (relative sequence number)
737 Acknowledgment number: 25 (relative ack number)
738 Header length: 20 bytes
739 Flags: 0x010 (ACK)
740 000. .... .... = Reserved: Not set
741 ...0 .... .... = Nonce: Not set
742 .... 0... .... = Congestion Window Reduced (CWR): Not set
743 .... .0.. .... = ECN-Echo: Not set
744 .... ..0. .... = Urgent: Not set
745 .... ...1 .... = Acknowledgment: Set
746 .... .... 0... = Push: Not set
747 .... .... .0.. = Reset: Not set
748 .... .... ..0. = Syn: Not set
749 .... .... ...0 = Fin: Not set
750 Window size value: 65535
751 [Calculated window size: 65535]
752 [Window size scaling factor: -2 (no window scaling used)]
753 Checksum: 0x6a7a [validation disabled]
754 [Good Checksum: False]
755 [Bad Checksum: False]
756 [SEQ/ACK analysis]
757 [This is an ACK to the segment in frame: 3143]
758 [The RTT to ACK the segment was: 0.000819000 seconds]
759
7600000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
7610010 00 28 e3 b7 40 00 3b 06 9f cb 0a f1 d1 c3 0a f1 .(..@.;.........
7620020 d4 97 00 15 86 f5 7c 61 eb 80 fc d5 9d 5a 50 10 ......|a.....ZP.
7630030 ff ff 6a 7a 00 00 00 00 00 00 00 00 ..jz........
764
765No. Time Source Destination Protocol Length Info
766 3145 30.872975000 10.241.209.195 10.241.212.151 FTP 138 Response: 230-Last unsuccessful login: Mon Aug 10 15:51:52 EST 2015 on ssh from 10.13.46.162
767
768Frame 3145: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits) on interface 0
769 Interface id: 0
770 Encapsulation type: Ethernet (1)
771 Arrival Time: Aug 17, 2015 08:01:10.573278000 Eastern Daylight Time
772 [Time shift for this packet: 0.000000000 seconds]
773 Epoch Time: 1439812870.573278000 seconds
774 [Time delta from previous captured frame: 0.021587000 seconds]
775 [Time delta from previous displayed frame: 0.021587000 seconds]
776 [Time since reference or first frame: 30.872975000 seconds]
777 Frame Number: 3145
778 Frame Length: 138 bytes (1104 bits)
779 Capture Length: 138 bytes (1104 bits)
780 [Frame is marked: False]
781 [Frame is ignored: False]
782 [Protocols in frame: eth:ip:tcp:ftp]
783 [Coloring Rule Name: TCP]
784 [Coloring Rule String: tcp]
785Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
786 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
787 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
788 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
789 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
790 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
791 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
792 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
793 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
794 Type: IP (0x0800)
795Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
796 Version: 4
797 Header length: 20 bytes
798 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
799 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
800 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
801 Total Length: 124
802 Identification: 0xe3b8 (58296)
803 Flags: 0x02 (Don't Fragment)
804 0... .... = Reserved bit: Not set
805 .1.. .... = Don't fragment: Set
806 ..0. .... = More fragments: Not set
807 Fragment offset: 0
808 Time to live: 59
809 Protocol: TCP (6)
810 Header checksum: 0x9f76 [correct]
811 [Good: True]
812 [Bad: False]
813 Source: 10.241.209.195 (10.241.209.195)
814 Destination: 10.241.212.151 (10.241.212.151)
815 [Source GeoIP: Unknown]
816 [Destination GeoIP: Unknown]
817Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34549 (34549), Seq: 105, Ack: 25, Len: 84
818 Source port: ftp (21)
819 Destination port: 34549 (34549)
820 [Stream index: 16]
821 Sequence number: 105 (relative sequence number)
822 [Next sequence number: 189 (relative sequence number)]
823 Acknowledgment number: 25 (relative ack number)
824 Header length: 20 bytes
825 Flags: 0x018 (PSH, ACK)
826 000. .... .... = Reserved: Not set
827 ...0 .... .... = Nonce: Not set
828 .... 0... .... = Congestion Window Reduced (CWR): Not set
829 .... .0.. .... = ECN-Echo: Not set
830 .... ..0. .... = Urgent: Not set
831 .... ...1 .... = Acknowledgment: Set
832 .... .... 1... = Push: Set
833 .... .... .0.. = Reset: Not set
834 .... .... ..0. = Syn: Not set
835 .... .... ...0 = Fin: Not set
836 Window size value: 65535
837 [Calculated window size: 65535]
838 [Window size scaling factor: -2 (no window scaling used)]
839 Checksum: 0xdbfd [validation disabled]
840 [Good Checksum: False]
841 [Bad Checksum: False]
842 [SEQ/ACK analysis]
843 [Bytes in flight: 84]
844File Transfer Protocol (FTP)
845 230-Last unsuccessful login: Mon Aug 10 15:51:52 EST 2015 on ssh from 10.13.46.162\r\n
846 Response code: User logged in, proceed (230)
847 Response arg: Last unsuccessful login: Mon Aug 10 15:51:52 EST 2015 on ssh from 10.13.46.162
848
8490000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
8500010 00 7c e3 b8 40 00 3b 06 9f 76 0a f1 d1 c3 0a f1 .|..@.;..v......
8510020 d4 97 00 15 86 f5 7c 61 eb 80 fc d5 9d 5a 50 18 ......|a.....ZP.
8520030 ff ff db fd 00 00 32 33 30 2d 4c 61 73 74 20 75 ......230-Last u
8530040 6e 73 75 63 63 65 73 73 66 75 6c 20 6c 6f 67 69 nsuccessful logi
8540050 6e 3a 20 4d 6f 6e 20 41 75 67 20 31 30 20 31 35 n: Mon Aug 10 15
8550060 3a 35 31 3a 35 32 20 45 53 54 20 32 30 31 35 20 :51:52 EST 2015
8560070 6f 6e 20 73 73 68 20 66 72 6f 6d 20 31 30 2e 31 on ssh from 10.1
8570080 33 2e 34 36 2e 31 36 32 0d 0a 3.46.162..
858
859No. Time Source Destination Protocol Length Info
860 3146 30.873100000 10.241.209.195 10.241.212.151 FTP 130 Response: 230-Last login: Sun Aug 16 15:24:37 EST 2015 on /dev/pts/0 from lab-hop176
861
862Frame 3146: 130 bytes on wire (1040 bits), 130 bytes captured (1040 bits) on interface 0
863 Interface id: 0
864 Encapsulation type: Ethernet (1)
865 Arrival Time: Aug 17, 2015 08:01:10.573403000 Eastern Daylight Time
866 [Time shift for this packet: 0.000000000 seconds]
867 Epoch Time: 1439812870.573403000 seconds
868 [Time delta from previous captured frame: 0.000125000 seconds]
869 [Time delta from previous displayed frame: 0.000125000 seconds]
870 [Time since reference or first frame: 30.873100000 seconds]
871 Frame Number: 3146
872 Frame Length: 130 bytes (1040 bits)
873 Capture Length: 130 bytes (1040 bits)
874 [Frame is marked: False]
875 [Frame is ignored: False]
876 [Protocols in frame: eth:ip:tcp:ftp]
877 [Coloring Rule Name: TCP]
878 [Coloring Rule String: tcp]
879Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
880 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
881 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
882 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
883 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
884 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
885 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
886 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
887 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
888 Type: IP (0x0800)
889Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
890 Version: 4
891 Header length: 20 bytes
892 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
893 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
894 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
895 Total Length: 116
896 Identification: 0xe3b9 (58297)
897 Flags: 0x02 (Don't Fragment)
898 0... .... = Reserved bit: Not set
899 .1.. .... = Don't fragment: Set
900 ..0. .... = More fragments: Not set
901 Fragment offset: 0
902 Time to live: 59
903 Protocol: TCP (6)
904 Header checksum: 0x9f7d [correct]
905 [Good: True]
906 [Bad: False]
907 Source: 10.241.209.195 (10.241.209.195)
908 Destination: 10.241.212.151 (10.241.212.151)
909 [Source GeoIP: Unknown]
910 [Destination GeoIP: Unknown]
911Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34549 (34549), Seq: 189, Ack: 25, Len: 76
912 Source port: ftp (21)
913 Destination port: 34549 (34549)
914 [Stream index: 16]
915 Sequence number: 189 (relative sequence number)
916 [Next sequence number: 265 (relative sequence number)]
917 Acknowledgment number: 25 (relative ack number)
918 Header length: 20 bytes
919 Flags: 0x018 (PSH, ACK)
920 000. .... .... = Reserved: Not set
921 ...0 .... .... = Nonce: Not set
922 .... 0... .... = Congestion Window Reduced (CWR): Not set
923 .... .0.. .... = ECN-Echo: Not set
924 .... ..0. .... = Urgent: Not set
925 .... ...1 .... = Acknowledgment: Set
926 .... .... 1... = Push: Set
927 .... .... .0.. = Reset: Not set
928 .... .... ..0. = Syn: Not set
929 .... .... ...0 = Fin: Not set
930 Window size value: 65535
931 [Calculated window size: 65535]
932 [Window size scaling factor: -2 (no window scaling used)]
933 Checksum: 0xa128 [validation disabled]
934 [Good Checksum: False]
935 [Bad Checksum: False]
936 [SEQ/ACK analysis]
937 [Bytes in flight: 160]
938File Transfer Protocol (FTP)
939 230-Last login: Sun Aug 16 15:24:37 EST 2015 on /dev/pts/0 from lab-hop176\r\n
940 Response code: User logged in, proceed (230)
941 Response arg: Last login: Sun Aug 16 15:24:37 EST 2015 on /dev/pts/0 from lab-hop176
942
9430000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
9440010 00 74 e3 b9 40 00 3b 06 9f 7d 0a f1 d1 c3 0a f1 .t..@.;..}......
9450020 d4 97 00 15 86 f5 7c 61 eb d4 fc d5 9d 5a 50 18 ......|a.....ZP.
9460030 ff ff a1 28 00 00 32 33 30 2d 4c 61 73 74 20 6c ...(..230-Last l
9470040 6f 67 69 6e 3a 20 53 75 6e 20 41 75 67 20 31 36 ogin: Sun Aug 16
9480050 20 31 35 3a 32 34 3a 33 37 20 45 53 54 20 32 30 15:24:37 EST 20
9490060 31 35 20 6f 6e 20 2f 64 65 76 2f 70 74 73 2f 30 15 on /dev/pts/0
9500070 20 66 72 6f 6d 20 6c 61 62 2d 68 6f 70 31 37 36 from lab-hop176
9510080 0d 0a ..
952
953No. Time Source Destination Protocol Length Info
954 3147 30.873124000 10.241.212.151 10.241.209.195 TCP 54 34549 > ftp [ACK] Seq=25 Ack=265 Win=63976 Len=0
955
956Frame 3147: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
957 Interface id: 0
958 Encapsulation type: Ethernet (1)
959 Arrival Time: Aug 17, 2015 08:01:10.573427000 Eastern Daylight Time
960 [Time shift for this packet: 0.000000000 seconds]
961 Epoch Time: 1439812870.573427000 seconds
962 [Time delta from previous captured frame: 0.000024000 seconds]
963 [Time delta from previous displayed frame: 0.000024000 seconds]
964 [Time since reference or first frame: 30.873124000 seconds]
965 Frame Number: 3147
966 Frame Length: 54 bytes (432 bits)
967 Capture Length: 54 bytes (432 bits)
968 [Frame is marked: False]
969 [Frame is ignored: False]
970 [Protocols in frame: eth:ip:tcp]
971 [Coloring Rule Name: Checksum Errors]
972 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
973Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
974 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
975 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
976 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
977 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
978 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
979 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
980 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
981 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
982 Type: IP (0x0800)
983Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
984 Version: 4
985 Header length: 20 bytes
986 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
987 0000 00.. = Differentiated Services Codepoint: Default (0x00)
988 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
989 Total Length: 40
990 Identification: 0x0894 (2196)
991 Flags: 0x02 (Don't Fragment)
992 0... .... = Reserved bit: Not set
993 .1.. .... = Don't fragment: Set
994 ..0. .... = More fragments: Not set
995 Fragment offset: 0
996 Time to live: 128
997 Protocol: TCP (6)
998 Header checksum: 0x0000 [incorrect, should be 0x35ff (may be caused by "IP checksum offload"?)]
999 [Good: False]
1000 [Bad: True]
1001 [Expert Info (Error/Checksum): Bad checksum]
1002 [Message: Bad checksum]
1003 [Severity level: Error]
1004 [Group: Checksum]
1005 Source: 10.241.212.151 (10.241.212.151)
1006 Destination: 10.241.209.195 (10.241.209.195)
1007 [Source GeoIP: Unknown]
1008 [Destination GeoIP: Unknown]
1009Transmission Control Protocol, Src Port: 34549 (34549), Dst Port: ftp (21), Seq: 25, Ack: 265, Len: 0
1010 Source port: 34549 (34549)
1011 Destination port: ftp (21)
1012 [Stream index: 16]
1013 Sequence number: 25 (relative sequence number)
1014 Acknowledgment number: 265 (relative ack number)
1015 Header length: 20 bytes
1016 Flags: 0x010 (ACK)
1017 000. .... .... = Reserved: Not set
1018 ...0 .... .... = Nonce: Not set
1019 .... 0... .... = Congestion Window Reduced (CWR): Not set
1020 .... .0.. .... = ECN-Echo: Not set
1021 .... ..0. .... = Urgent: Not set
1022 .... ...1 .... = Acknowledgment: Set
1023 .... .... 0... = Push: Not set
1024 .... .... .0.. = Reset: Not set
1025 .... .... ..0. = Syn: Not set
1026 .... .... ...0 = Fin: Not set
1027 Window size value: 63976
1028 [Calculated window size: 63976]
1029 [Window size scaling factor: -2 (no window scaling used)]
1030 Checksum: 0xbc57 [validation disabled]
1031 [Good Checksum: False]
1032 [Bad Checksum: False]
1033 [SEQ/ACK analysis]
1034 [This is an ACK to the segment in frame: 3146]
1035 [The RTT to ACK the segment was: 0.000024000 seconds]
1036
10370000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
10380010 00 28 08 94 40 00 80 06 00 00 0a f1 d4 97 0a f1 .(..@...........
10390020 d1 c3 86 f5 00 15 fc d5 9d 5a 7c 61 ec 20 50 10 .........Z|a. P.
10400030 f9 e8 bc 57 00 00 ...W..
1041
1042No. Time Source Destination Protocol Length Info
1043 3148 30.875615000 10.241.209.195 10.241.212.151 FTP 80 Response: 230 User root logged in.
1044
1045Frame 3148: 80 bytes on wire (640 bits), 80 bytes captured (640 bits) on interface 0
1046 Interface id: 0
1047 Encapsulation type: Ethernet (1)
1048 Arrival Time: Aug 17, 2015 08:01:10.575918000 Eastern Daylight Time
1049 [Time shift for this packet: 0.000000000 seconds]
1050 Epoch Time: 1439812870.575918000 seconds
1051 [Time delta from previous captured frame: 0.002491000 seconds]
1052 [Time delta from previous displayed frame: 0.002491000 seconds]
1053 [Time since reference or first frame: 30.875615000 seconds]
1054 Frame Number: 3148
1055 Frame Length: 80 bytes (640 bits)
1056 Capture Length: 80 bytes (640 bits)
1057 [Frame is marked: False]
1058 [Frame is ignored: False]
1059 [Protocols in frame: eth:ip:tcp:ftp]
1060 [Coloring Rule Name: TCP]
1061 [Coloring Rule String: tcp]
1062Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1063 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1064 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1065 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1066 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1067 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
1068 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
1069 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1070 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1071 Type: IP (0x0800)
1072Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
1073 Version: 4
1074 Header length: 20 bytes
1075 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1076 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
1077 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1078 Total Length: 66
1079 Identification: 0xe3ba (58298)
1080 Flags: 0x02 (Don't Fragment)
1081 0... .... = Reserved bit: Not set
1082 .1.. .... = Don't fragment: Set
1083 ..0. .... = More fragments: Not set
1084 Fragment offset: 0
1085 Time to live: 59
1086 Protocol: TCP (6)
1087 Header checksum: 0x9fae [correct]
1088 [Good: True]
1089 [Bad: False]
1090 Source: 10.241.209.195 (10.241.209.195)
1091 Destination: 10.241.212.151 (10.241.212.151)
1092 [Source GeoIP: Unknown]
1093 [Destination GeoIP: Unknown]
1094Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34549 (34549), Seq: 265, Ack: 25, Len: 26
1095 Source port: ftp (21)
1096 Destination port: 34549 (34549)
1097 [Stream index: 16]
1098 Sequence number: 265 (relative sequence number)
1099 [Next sequence number: 291 (relative sequence number)]
1100 Acknowledgment number: 25 (relative ack number)
1101 Header length: 20 bytes
1102 Flags: 0x018 (PSH, ACK)
1103 000. .... .... = Reserved: Not set
1104 ...0 .... .... = Nonce: Not set
1105 .... 0... .... = Congestion Window Reduced (CWR): Not set
1106 .... .0.. .... = ECN-Echo: Not set
1107 .... ..0. .... = Urgent: Not set
1108 .... ...1 .... = Acknowledgment: Set
1109 .... .... 1... = Push: Set
1110 .... .... .0.. = Reset: Not set
1111 .... .... ..0. = Syn: Not set
1112 .... .... ...0 = Fin: Not set
1113 Window size value: 65535
1114 [Calculated window size: 65535]
1115 [Window size scaling factor: -2 (no window scaling used)]
1116 Checksum: 0x73a0 [validation disabled]
1117 [Good Checksum: False]
1118 [Bad Checksum: False]
1119 [SEQ/ACK analysis]
1120 [Bytes in flight: 26]
1121File Transfer Protocol (FTP)
1122 230 User root logged in.\r\n
1123 Response code: User logged in, proceed (230)
1124 Response arg: User root logged in.
1125
11260000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
11270010 00 42 e3 ba 40 00 3b 06 9f ae 0a f1 d1 c3 0a f1 .B..@.;.........
11280020 d4 97 00 15 86 f5 7c 61 ec 20 fc d5 9d 5a 50 18 ......|a. ...ZP.
11290030 ff ff 73 a0 00 00 32 33 30 20 55 73 65 72 20 72 ..s...230 User r
11300040 6f 6f 74 20 6c 6f 67 67 65 64 20 69 6e 2e 0d 0a oot logged in...
1131
1132No. Time Source Destination Protocol Length Info
1133 3149 30.875965000 10.241.212.151 10.241.209.195 FTP 60 Request: SYST
1134
1135Frame 3149: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
1136 Interface id: 0
1137 Encapsulation type: Ethernet (1)
1138 Arrival Time: Aug 17, 2015 08:01:10.576268000 Eastern Daylight Time
1139 [Time shift for this packet: 0.000000000 seconds]
1140 Epoch Time: 1439812870.576268000 seconds
1141 [Time delta from previous captured frame: 0.000350000 seconds]
1142 [Time delta from previous displayed frame: 0.000350000 seconds]
1143 [Time since reference or first frame: 30.875965000 seconds]
1144 Frame Number: 3149
1145 Frame Length: 60 bytes (480 bits)
1146 Capture Length: 60 bytes (480 bits)
1147 [Frame is marked: False]
1148 [Frame is ignored: False]
1149 [Protocols in frame: eth:ip:tcp:ftp]
1150 [Coloring Rule Name: Checksum Errors]
1151 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
1152Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1153 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1154 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1155 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1156 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1157 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1158 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1159 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1160 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1161 Type: IP (0x0800)
1162Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
1163 Version: 4
1164 Header length: 20 bytes
1165 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1166 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1167 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1168 Total Length: 46
1169 Identification: 0x0895 (2197)
1170 Flags: 0x02 (Don't Fragment)
1171 0... .... = Reserved bit: Not set
1172 .1.. .... = Don't fragment: Set
1173 ..0. .... = More fragments: Not set
1174 Fragment offset: 0
1175 Time to live: 128
1176 Protocol: TCP (6)
1177 Header checksum: 0x0000 [incorrect, should be 0x35f8 (may be caused by "IP checksum offload"?)]
1178 [Good: False]
1179 [Bad: True]
1180 [Expert Info (Error/Checksum): Bad checksum]
1181 [Message: Bad checksum]
1182 [Severity level: Error]
1183 [Group: Checksum]
1184 Source: 10.241.212.151 (10.241.212.151)
1185 Destination: 10.241.209.195 (10.241.209.195)
1186 [Source GeoIP: Unknown]
1187 [Destination GeoIP: Unknown]
1188Transmission Control Protocol, Src Port: 34549 (34549), Dst Port: ftp (21), Seq: 25, Ack: 291, Len: 6
1189 Source port: 34549 (34549)
1190 Destination port: ftp (21)
1191 [Stream index: 16]
1192 Sequence number: 25 (relative sequence number)
1193 [Next sequence number: 31 (relative sequence number)]
1194 Acknowledgment number: 291 (relative ack number)
1195 Header length: 20 bytes
1196 Flags: 0x018 (PSH, ACK)
1197 000. .... .... = Reserved: Not set
1198 ...0 .... .... = Nonce: Not set
1199 .... 0... .... = Congestion Window Reduced (CWR): Not set
1200 .... .0.. .... = ECN-Echo: Not set
1201 .... ..0. .... = Urgent: Not set
1202 .... ...1 .... = Acknowledgment: Set
1203 .... .... 1... = Push: Set
1204 .... .... .0.. = Reset: Not set
1205 .... .... ..0. = Syn: Not set
1206 .... .... ...0 = Fin: Not set
1207 Window size value: 63950
1208 [Calculated window size: 63950]
1209 [Window size scaling factor: -2 (no window scaling used)]
1210 Checksum: 0xbc5d [validation disabled]
1211 [Good Checksum: False]
1212 [Bad Checksum: False]
1213 [SEQ/ACK analysis]
1214 [This is an ACK to the segment in frame: 3148]
1215 [The RTT to ACK the segment was: 0.000350000 seconds]
1216 [Bytes in flight: 6]
1217File Transfer Protocol (FTP)
1218 SYST\r\n
1219 Request command: SYST
1220
12210000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
12220010 00 2e 08 95 40 00 80 06 00 00 0a f1 d4 97 0a f1 ....@...........
12230020 d1 c3 86 f5 00 15 fc d5 9d 5a 7c 61 ec 3a 50 18 .........Z|a.:P.
12240030 f9 ce bc 5d 00 00 53 59 53 54 0d 0a ...]..SYST..
1225
1226No. Time Source Destination Protocol Length Info
1227 3150 30.876156000 10.241.209.195 10.241.212.151 FTP 89 Response: 215 UNIX Type: L8 Version: BSD-44
1228
1229Frame 3150: 89 bytes on wire (712 bits), 89 bytes captured (712 bits) on interface 0
1230 Interface id: 0
1231 Encapsulation type: Ethernet (1)
1232 Arrival Time: Aug 17, 2015 08:01:10.576459000 Eastern Daylight Time
1233 [Time shift for this packet: 0.000000000 seconds]
1234 Epoch Time: 1439812870.576459000 seconds
1235 [Time delta from previous captured frame: 0.000191000 seconds]
1236 [Time delta from previous displayed frame: 0.000191000 seconds]
1237 [Time since reference or first frame: 30.876156000 seconds]
1238 Frame Number: 3150
1239 Frame Length: 89 bytes (712 bits)
1240 Capture Length: 89 bytes (712 bits)
1241 [Frame is marked: False]
1242 [Frame is ignored: False]
1243 [Protocols in frame: eth:ip:tcp:ftp]
1244 [Coloring Rule Name: TCP]
1245 [Coloring Rule String: tcp]
1246Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1247 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1248 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1249 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1250 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1251 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
1252 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
1253 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1254 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1255 Type: IP (0x0800)
1256Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
1257 Version: 4
1258 Header length: 20 bytes
1259 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1260 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
1261 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1262 Total Length: 75
1263 Identification: 0xe3bb (58299)
1264 Flags: 0x02 (Don't Fragment)
1265 0... .... = Reserved bit: Not set
1266 .1.. .... = Don't fragment: Set
1267 ..0. .... = More fragments: Not set
1268 Fragment offset: 0
1269 Time to live: 59
1270 Protocol: TCP (6)
1271 Header checksum: 0x9fa4 [correct]
1272 [Good: True]
1273 [Bad: False]
1274 Source: 10.241.209.195 (10.241.209.195)
1275 Destination: 10.241.212.151 (10.241.212.151)
1276 [Source GeoIP: Unknown]
1277 [Destination GeoIP: Unknown]
1278Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34549 (34549), Seq: 291, Ack: 31, Len: 35
1279 Source port: ftp (21)
1280 Destination port: 34549 (34549)
1281 [Stream index: 16]
1282 Sequence number: 291 (relative sequence number)
1283 [Next sequence number: 326 (relative sequence number)]
1284 Acknowledgment number: 31 (relative ack number)
1285 Header length: 20 bytes
1286 Flags: 0x018 (PSH, ACK)
1287 000. .... .... = Reserved: Not set
1288 ...0 .... .... = Nonce: Not set
1289 .... 0... .... = Congestion Window Reduced (CWR): Not set
1290 .... .0.. .... = ECN-Echo: Not set
1291 .... ..0. .... = Urgent: Not set
1292 .... ...1 .... = Acknowledgment: Set
1293 .... .... 1... = Push: Set
1294 .... .... .0.. = Reset: Not set
1295 .... .... ..0. = Syn: Not set
1296 .... .... ...0 = Fin: Not set
1297 Window size value: 65535
1298 [Calculated window size: 65535]
1299 [Window size scaling factor: -2 (no window scaling used)]
1300 Checksum: 0x8ce1 [validation disabled]
1301 [Good Checksum: False]
1302 [Bad Checksum: False]
1303 [SEQ/ACK analysis]
1304 [This is an ACK to the segment in frame: 3149]
1305 [The RTT to ACK the segment was: 0.000191000 seconds]
1306 [Bytes in flight: 35]
1307File Transfer Protocol (FTP)
1308 215 UNIX Type: L8 Version: BSD-44\r\n
1309 Response code: NAME system type (215)
1310 Response arg: UNIX Type: L8 Version: BSD-44
1311
13120000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
13130010 00 4b e3 bb 40 00 3b 06 9f a4 0a f1 d1 c3 0a f1 .K..@.;.........
13140020 d4 97 00 15 86 f5 7c 61 ec 3a fc d5 9d 60 50 18 ......|a.:...`P.
13150030 ff ff 8c e1 00 00 32 31 35 20 55 4e 49 58 20 54 ......215 UNIX T
13160040 79 70 65 3a 20 4c 38 20 56 65 72 73 69 6f 6e 3a ype: L8 Version:
13170050 20 42 53 44 2d 34 34 0d 0a BSD-44..
1318
1319No. Time Source Destination Protocol Length Info
1320 3151 30.879823000 10.241.212.151 10.241.209.195 FTP 59 Request: PWD
1321
1322Frame 3151: 59 bytes on wire (472 bits), 59 bytes captured (472 bits) on interface 0
1323 Interface id: 0
1324 Encapsulation type: Ethernet (1)
1325 Arrival Time: Aug 17, 2015 08:01:10.580126000 Eastern Daylight Time
1326 [Time shift for this packet: 0.000000000 seconds]
1327 Epoch Time: 1439812870.580126000 seconds
1328 [Time delta from previous captured frame: 0.003667000 seconds]
1329 [Time delta from previous displayed frame: 0.003667000 seconds]
1330 [Time since reference or first frame: 30.879823000 seconds]
1331 Frame Number: 3151
1332 Frame Length: 59 bytes (472 bits)
1333 Capture Length: 59 bytes (472 bits)
1334 [Frame is marked: False]
1335 [Frame is ignored: False]
1336 [Protocols in frame: eth:ip:tcp:ftp]
1337 [Coloring Rule Name: Checksum Errors]
1338 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
1339Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1340 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1341 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1342 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1343 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1344 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1345 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1346 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1347 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1348 Type: IP (0x0800)
1349Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
1350 Version: 4
1351 Header length: 20 bytes
1352 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1353 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1354 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1355 Total Length: 45
1356 Identification: 0x0896 (2198)
1357 Flags: 0x02 (Don't Fragment)
1358 0... .... = Reserved bit: Not set
1359 .1.. .... = Don't fragment: Set
1360 ..0. .... = More fragments: Not set
1361 Fragment offset: 0
1362 Time to live: 128
1363 Protocol: TCP (6)
1364 Header checksum: 0x0000 [incorrect, should be 0x35f8 (may be caused by "IP checksum offload"?)]
1365 [Good: False]
1366 [Bad: True]
1367 [Expert Info (Error/Checksum): Bad checksum]
1368 [Message: Bad checksum]
1369 [Severity level: Error]
1370 [Group: Checksum]
1371 Source: 10.241.212.151 (10.241.212.151)
1372 Destination: 10.241.209.195 (10.241.209.195)
1373 [Source GeoIP: Unknown]
1374 [Destination GeoIP: Unknown]
1375Transmission Control Protocol, Src Port: 34549 (34549), Dst Port: ftp (21), Seq: 31, Ack: 326, Len: 5
1376 Source port: 34549 (34549)
1377 Destination port: ftp (21)
1378 [Stream index: 16]
1379 Sequence number: 31 (relative sequence number)
1380 [Next sequence number: 36 (relative sequence number)]
1381 Acknowledgment number: 326 (relative ack number)
1382 Header length: 20 bytes
1383 Flags: 0x018 (PSH, ACK)
1384 000. .... .... = Reserved: Not set
1385 ...0 .... .... = Nonce: Not set
1386 .... 0... .... = Congestion Window Reduced (CWR): Not set
1387 .... .0.. .... = ECN-Echo: Not set
1388 .... ..0. .... = Urgent: Not set
1389 .... ...1 .... = Acknowledgment: Set
1390 .... .... 1... = Push: Set
1391 .... .... .0.. = Reset: Not set
1392 .... .... ..0. = Syn: Not set
1393 .... .... ...0 = Fin: Not set
1394 Window size value: 63915
1395 [Calculated window size: 63915]
1396 [Window size scaling factor: -2 (no window scaling used)]
1397 Checksum: 0xbc5c [validation disabled]
1398 [Good Checksum: False]
1399 [Bad Checksum: False]
1400 [SEQ/ACK analysis]
1401 [This is an ACK to the segment in frame: 3150]
1402 [The RTT to ACK the segment was: 0.003667000 seconds]
1403 [Bytes in flight: 5]
1404File Transfer Protocol (FTP)
1405 PWD\r\n
1406 Request command: PWD
1407
14080000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
14090010 00 2d 08 96 40 00 80 06 00 00 0a f1 d4 97 0a f1 .-..@...........
14100020 d1 c3 86 f5 00 15 fc d5 9d 60 7c 61 ec 5d 50 18 .........`|a.]P.
14110030 f9 ab bc 5c 00 00 50 57 44 0d 0a ...\..PWD..
1412
1413No. Time Source Destination Protocol Length Info
1414 3152 30.880116000 10.241.209.195 10.241.212.151 FTP 85 Response: 257 "/" is current directory.
1415
1416Frame 3152: 85 bytes on wire (680 bits), 85 bytes captured (680 bits) on interface 0
1417 Interface id: 0
1418 Encapsulation type: Ethernet (1)
1419 Arrival Time: Aug 17, 2015 08:01:10.580419000 Eastern Daylight Time
1420 [Time shift for this packet: 0.000000000 seconds]
1421 Epoch Time: 1439812870.580419000 seconds
1422 [Time delta from previous captured frame: 0.000293000 seconds]
1423 [Time delta from previous displayed frame: 0.000293000 seconds]
1424 [Time since reference or first frame: 30.880116000 seconds]
1425 Frame Number: 3152
1426 Frame Length: 85 bytes (680 bits)
1427 Capture Length: 85 bytes (680 bits)
1428 [Frame is marked: False]
1429 [Frame is ignored: False]
1430 [Protocols in frame: eth:ip:tcp:ftp]
1431 [Coloring Rule Name: TCP]
1432 [Coloring Rule String: tcp]
1433Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1434 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1435 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1436 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1437 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1438 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
1439 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
1440 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1441 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1442 Type: IP (0x0800)
1443Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
1444 Version: 4
1445 Header length: 20 bytes
1446 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1447 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
1448 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1449 Total Length: 71
1450 Identification: 0xe3bc (58300)
1451 Flags: 0x02 (Don't Fragment)
1452 0... .... = Reserved bit: Not set
1453 .1.. .... = Don't fragment: Set
1454 ..0. .... = More fragments: Not set
1455 Fragment offset: 0
1456 Time to live: 59
1457 Protocol: TCP (6)
1458 Header checksum: 0x9fa7 [correct]
1459 [Good: True]
1460 [Bad: False]
1461 Source: 10.241.209.195 (10.241.209.195)
1462 Destination: 10.241.212.151 (10.241.212.151)
1463 [Source GeoIP: Unknown]
1464 [Destination GeoIP: Unknown]
1465Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34549 (34549), Seq: 326, Ack: 36, Len: 31
1466 Source port: ftp (21)
1467 Destination port: 34549 (34549)
1468 [Stream index: 16]
1469 Sequence number: 326 (relative sequence number)
1470 [Next sequence number: 357 (relative sequence number)]
1471 Acknowledgment number: 36 (relative ack number)
1472 Header length: 20 bytes
1473 Flags: 0x018 (PSH, ACK)
1474 000. .... .... = Reserved: Not set
1475 ...0 .... .... = Nonce: Not set
1476 .... 0... .... = Congestion Window Reduced (CWR): Not set
1477 .... .0.. .... = ECN-Echo: Not set
1478 .... ..0. .... = Urgent: Not set
1479 .... ...1 .... = Acknowledgment: Set
1480 .... .... 1... = Push: Set
1481 .... .... .0.. = Reset: Not set
1482 .... .... ..0. = Syn: Not set
1483 .... .... ...0 = Fin: Not set
1484 Window size value: 65535
1485 [Calculated window size: 65535]
1486 [Window size scaling factor: -2 (no window scaling used)]
1487 Checksum: 0xcd73 [validation disabled]
1488 [Good Checksum: False]
1489 [Bad Checksum: False]
1490 [SEQ/ACK analysis]
1491 [This is an ACK to the segment in frame: 3151]
1492 [The RTT to ACK the segment was: 0.000293000 seconds]
1493 [Bytes in flight: 31]
1494File Transfer Protocol (FTP)
1495 257 "/" is current directory.\r\n
1496 Response code: PATHNAME created (257)
1497 Response arg: "/" is current directory.
1498
14990000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
15000010 00 47 e3 bc 40 00 3b 06 9f a7 0a f1 d1 c3 0a f1 .G..@.;.........
15010020 d4 97 00 15 86 f5 7c 61 ec 5d fc d5 9d 65 50 18 ......|a.]...eP.
15020030 ff ff cd 73 00 00 32 35 37 20 22 2f 22 20 69 73 ...s..257 "/" is
15030040 20 63 75 72 72 65 6e 74 20 64 69 72 65 63 74 6f current directo
15040050 72 79 2e 0d 0a ry...
1505
1506No. Time Source Destination Protocol Length Info
1507 3153 30.880530000 10.241.212.151 10.241.209.195 FTP 60 Request: FEAT
1508
1509Frame 3153: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
1510 Interface id: 0
1511 Encapsulation type: Ethernet (1)
1512 Arrival Time: Aug 17, 2015 08:01:10.580833000 Eastern Daylight Time
1513 [Time shift for this packet: 0.000000000 seconds]
1514 Epoch Time: 1439812870.580833000 seconds
1515 [Time delta from previous captured frame: 0.000414000 seconds]
1516 [Time delta from previous displayed frame: 0.000414000 seconds]
1517 [Time since reference or first frame: 30.880530000 seconds]
1518 Frame Number: 3153
1519 Frame Length: 60 bytes (480 bits)
1520 Capture Length: 60 bytes (480 bits)
1521 [Frame is marked: False]
1522 [Frame is ignored: False]
1523 [Protocols in frame: eth:ip:tcp:ftp]
1524 [Coloring Rule Name: Checksum Errors]
1525 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
1526Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1527 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1528 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1529 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1530 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1531 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1532 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1533 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1534 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1535 Type: IP (0x0800)
1536Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
1537 Version: 4
1538 Header length: 20 bytes
1539 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1540 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1541 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1542 Total Length: 46
1543 Identification: 0x0897 (2199)
1544 Flags: 0x02 (Don't Fragment)
1545 0... .... = Reserved bit: Not set
1546 .1.. .... = Don't fragment: Set
1547 ..0. .... = More fragments: Not set
1548 Fragment offset: 0
1549 Time to live: 128
1550 Protocol: TCP (6)
1551 Header checksum: 0x0000 [incorrect, should be 0x35f6 (may be caused by "IP checksum offload"?)]
1552 [Good: False]
1553 [Bad: True]
1554 [Expert Info (Error/Checksum): Bad checksum]
1555 [Message: Bad checksum]
1556 [Severity level: Error]
1557 [Group: Checksum]
1558 Source: 10.241.212.151 (10.241.212.151)
1559 Destination: 10.241.209.195 (10.241.209.195)
1560 [Source GeoIP: Unknown]
1561 [Destination GeoIP: Unknown]
1562Transmission Control Protocol, Src Port: 34549 (34549), Dst Port: ftp (21), Seq: 36, Ack: 357, Len: 6
1563 Source port: 34549 (34549)
1564 Destination port: ftp (21)
1565 [Stream index: 16]
1566 Sequence number: 36 (relative sequence number)
1567 [Next sequence number: 42 (relative sequence number)]
1568 Acknowledgment number: 357 (relative ack number)
1569 Header length: 20 bytes
1570 Flags: 0x018 (PSH, ACK)
1571 000. .... .... = Reserved: Not set
1572 ...0 .... .... = Nonce: Not set
1573 .... 0... .... = Congestion Window Reduced (CWR): Not set
1574 .... .0.. .... = ECN-Echo: Not set
1575 .... ..0. .... = Urgent: Not set
1576 .... ...1 .... = Acknowledgment: Set
1577 .... .... 1... = Push: Set
1578 .... .... .0.. = Reset: Not set
1579 .... .... ..0. = Syn: Not set
1580 .... .... ...0 = Fin: Not set
1581 Window size value: 63884
1582 [Calculated window size: 63884]
1583 [Window size scaling factor: -2 (no window scaling used)]
1584 Checksum: 0xbc5d [validation disabled]
1585 [Good Checksum: False]
1586 [Bad Checksum: False]
1587 [SEQ/ACK analysis]
1588 [This is an ACK to the segment in frame: 3152]
1589 [The RTT to ACK the segment was: 0.000414000 seconds]
1590 [Bytes in flight: 6]
1591File Transfer Protocol (FTP)
1592 FEAT\r\n
1593 Request command: FEAT
1594
15950000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
15960010 00 2e 08 97 40 00 80 06 00 00 0a f1 d4 97 0a f1 ....@...........
15970020 d1 c3 86 f5 00 15 fc d5 9d 65 7c 61 ec 7c 50 18 .........e|a.|P.
15980030 f9 8c bc 5d 00 00 46 45 41 54 0d 0a ...]..FEAT..
1599
1600No. Time Source Destination Protocol Length Info
1601 3154 30.880753000 10.241.209.195 10.241.212.151 FTP 91 Response: 500 'FEAT': command not understood.
1602
1603Frame 3154: 91 bytes on wire (728 bits), 91 bytes captured (728 bits) on interface 0
1604 Interface id: 0
1605 Encapsulation type: Ethernet (1)
1606 Arrival Time: Aug 17, 2015 08:01:10.581056000 Eastern Daylight Time
1607 [Time shift for this packet: 0.000000000 seconds]
1608 Epoch Time: 1439812870.581056000 seconds
1609 [Time delta from previous captured frame: 0.000223000 seconds]
1610 [Time delta from previous displayed frame: 0.000223000 seconds]
1611 [Time since reference or first frame: 30.880753000 seconds]
1612 Frame Number: 3154
1613 Frame Length: 91 bytes (728 bits)
1614 Capture Length: 91 bytes (728 bits)
1615 [Frame is marked: False]
1616 [Frame is ignored: False]
1617 [Protocols in frame: eth:ip:tcp:ftp]
1618 [Coloring Rule Name: TCP]
1619 [Coloring Rule String: tcp]
1620Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1621 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1622 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1623 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1624 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1625 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
1626 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
1627 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1628 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1629 Type: IP (0x0800)
1630Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
1631 Version: 4
1632 Header length: 20 bytes
1633 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1634 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
1635 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1636 Total Length: 77
1637 Identification: 0xe3bd (58301)
1638 Flags: 0x02 (Don't Fragment)
1639 0... .... = Reserved bit: Not set
1640 .1.. .... = Don't fragment: Set
1641 ..0. .... = More fragments: Not set
1642 Fragment offset: 0
1643 Time to live: 59
1644 Protocol: TCP (6)
1645 Header checksum: 0x9fa0 [correct]
1646 [Good: True]
1647 [Bad: False]
1648 Source: 10.241.209.195 (10.241.209.195)
1649 Destination: 10.241.212.151 (10.241.212.151)
1650 [Source GeoIP: Unknown]
1651 [Destination GeoIP: Unknown]
1652Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34549 (34549), Seq: 357, Ack: 42, Len: 37
1653 Source port: ftp (21)
1654 Destination port: 34549 (34549)
1655 [Stream index: 16]
1656 Sequence number: 357 (relative sequence number)
1657 [Next sequence number: 394 (relative sequence number)]
1658 Acknowledgment number: 42 (relative ack number)
1659 Header length: 20 bytes
1660 Flags: 0x018 (PSH, ACK)
1661 000. .... .... = Reserved: Not set
1662 ...0 .... .... = Nonce: Not set
1663 .... 0... .... = Congestion Window Reduced (CWR): Not set
1664 .... .0.. .... = ECN-Echo: Not set
1665 .... ..0. .... = Urgent: Not set
1666 .... ...1 .... = Acknowledgment: Set
1667 .... .... 1... = Push: Set
1668 .... .... .0.. = Reset: Not set
1669 .... .... ..0. = Syn: Not set
1670 .... .... ...0 = Fin: Not set
1671 Window size value: 65535
1672 [Calculated window size: 65535]
1673 [Window size scaling factor: -2 (no window scaling used)]
1674 Checksum: 0x27fd [validation disabled]
1675 [Good Checksum: False]
1676 [Bad Checksum: False]
1677 [SEQ/ACK analysis]
1678 [This is an ACK to the segment in frame: 3153]
1679 [The RTT to ACK the segment was: 0.000223000 seconds]
1680 [Bytes in flight: 37]
1681File Transfer Protocol (FTP)
1682 500 'FEAT': command not understood.\r\n
1683 Response code: Syntax error, command unrecognized (500)
1684 Response arg: 'FEAT': command not understood.
1685
16860000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
16870010 00 4d e3 bd 40 00 3b 06 9f a0 0a f1 d1 c3 0a f1 .M..@.;.........
16880020 d4 97 00 15 86 f5 7c 61 ec 7c fc d5 9d 6b 50 18 ......|a.|...kP.
16890030 ff ff 27 fd 00 00 35 30 30 20 27 46 45 41 54 27 ..'...500 'FEAT'
16900040 3a 20 63 6f 6d 6d 61 6e 64 20 6e 6f 74 20 75 6e : command not un
16910050 64 65 72 73 74 6f 6f 64 2e 0d 0a derstood...
1692
1693No. Time Source Destination Protocol Length Info
1694 3155 30.881169000 10.241.212.151 10.241.209.195 FTP 68 Request: OPTS UTF8 on
1695
1696Frame 3155: 68 bytes on wire (544 bits), 68 bytes captured (544 bits) on interface 0
1697 Interface id: 0
1698 Encapsulation type: Ethernet (1)
1699 Arrival Time: Aug 17, 2015 08:01:10.581472000 Eastern Daylight Time
1700 [Time shift for this packet: 0.000000000 seconds]
1701 Epoch Time: 1439812870.581472000 seconds
1702 [Time delta from previous captured frame: 0.000416000 seconds]
1703 [Time delta from previous displayed frame: 0.000416000 seconds]
1704 [Time since reference or first frame: 30.881169000 seconds]
1705 Frame Number: 3155
1706 Frame Length: 68 bytes (544 bits)
1707 Capture Length: 68 bytes (544 bits)
1708 [Frame is marked: False]
1709 [Frame is ignored: False]
1710 [Protocols in frame: eth:ip:tcp:ftp]
1711 [Coloring Rule Name: Checksum Errors]
1712 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
1713Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1714 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1715 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1716 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1717 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1718 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1719 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1720 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1721 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1722 Type: IP (0x0800)
1723Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
1724 Version: 4
1725 Header length: 20 bytes
1726 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1727 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1728 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1729 Total Length: 54
1730 Identification: 0x0898 (2200)
1731 Flags: 0x02 (Don't Fragment)
1732 0... .... = Reserved bit: Not set
1733 .1.. .... = Don't fragment: Set
1734 ..0. .... = More fragments: Not set
1735 Fragment offset: 0
1736 Time to live: 128
1737 Protocol: TCP (6)
1738 Header checksum: 0x0000 [incorrect, should be 0x35ed (may be caused by "IP checksum offload"?)]
1739 [Good: False]
1740 [Bad: True]
1741 [Expert Info (Error/Checksum): Bad checksum]
1742 [Message: Bad checksum]
1743 [Severity level: Error]
1744 [Group: Checksum]
1745 Source: 10.241.212.151 (10.241.212.151)
1746 Destination: 10.241.209.195 (10.241.209.195)
1747 [Source GeoIP: Unknown]
1748 [Destination GeoIP: Unknown]
1749Transmission Control Protocol, Src Port: 34549 (34549), Dst Port: ftp (21), Seq: 42, Ack: 394, Len: 14
1750 Source port: 34549 (34549)
1751 Destination port: ftp (21)
1752 [Stream index: 16]
1753 Sequence number: 42 (relative sequence number)
1754 [Next sequence number: 56 (relative sequence number)]
1755 Acknowledgment number: 394 (relative ack number)
1756 Header length: 20 bytes
1757 Flags: 0x018 (PSH, ACK)
1758 000. .... .... = Reserved: Not set
1759 ...0 .... .... = Nonce: Not set
1760 .... 0... .... = Congestion Window Reduced (CWR): Not set
1761 .... .0.. .... = ECN-Echo: Not set
1762 .... ..0. .... = Urgent: Not set
1763 .... ...1 .... = Acknowledgment: Set
1764 .... .... 1... = Push: Set
1765 .... .... .0.. = Reset: Not set
1766 .... .... ..0. = Syn: Not set
1767 .... .... ...0 = Fin: Not set
1768 Window size value: 63847
1769 [Calculated window size: 63847]
1770 [Window size scaling factor: -2 (no window scaling used)]
1771 Checksum: 0xbc65 [validation disabled]
1772 [Good Checksum: False]
1773 [Bad Checksum: False]
1774 [SEQ/ACK analysis]
1775 [This is an ACK to the segment in frame: 3154]
1776 [The RTT to ACK the segment was: 0.000416000 seconds]
1777 [Bytes in flight: 14]
1778File Transfer Protocol (FTP)
1779 OPTS UTF8 on\r\n
1780 Request command: OPTS
1781 Request arg: UTF8 on
1782
17830000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
17840010 00 36 08 98 40 00 80 06 00 00 0a f1 d4 97 0a f1 .6..@...........
17850020 d1 c3 86 f5 00 15 fc d5 9d 6b 7c 61 ec a1 50 18 .........k|a..P.
17860030 f9 67 bc 65 00 00 4f 50 54 53 20 55 54 46 38 20 .g.e..OPTS UTF8
17870040 6f 6e 0d 0a on..
1788
1789No. Time Source Destination Protocol Length Info
1790 3156 30.881355000 10.241.209.195 10.241.212.151 FTP 99 Response: 500 'OPTS UTF8 on': command not understood.
1791
1792Frame 3156: 99 bytes on wire (792 bits), 99 bytes captured (792 bits) on interface 0
1793 Interface id: 0
1794 Encapsulation type: Ethernet (1)
1795 Arrival Time: Aug 17, 2015 08:01:10.581658000 Eastern Daylight Time
1796 [Time shift for this packet: 0.000000000 seconds]
1797 Epoch Time: 1439812870.581658000 seconds
1798 [Time delta from previous captured frame: 0.000186000 seconds]
1799 [Time delta from previous displayed frame: 0.000186000 seconds]
1800 [Time since reference or first frame: 30.881355000 seconds]
1801 Frame Number: 3156
1802 Frame Length: 99 bytes (792 bits)
1803 Capture Length: 99 bytes (792 bits)
1804 [Frame is marked: False]
1805 [Frame is ignored: False]
1806 [Protocols in frame: eth:ip:tcp:ftp]
1807 [Coloring Rule Name: TCP]
1808 [Coloring Rule String: tcp]
1809Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1810 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1811 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1812 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1813 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1814 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
1815 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
1816 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1817 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1818 Type: IP (0x0800)
1819Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
1820 Version: 4
1821 Header length: 20 bytes
1822 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1823 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
1824 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1825 Total Length: 85
1826 Identification: 0xe3be (58302)
1827 Flags: 0x02 (Don't Fragment)
1828 0... .... = Reserved bit: Not set
1829 .1.. .... = Don't fragment: Set
1830 ..0. .... = More fragments: Not set
1831 Fragment offset: 0
1832 Time to live: 59
1833 Protocol: TCP (6)
1834 Header checksum: 0x9f97 [correct]
1835 [Good: True]
1836 [Bad: False]
1837 Source: 10.241.209.195 (10.241.209.195)
1838 Destination: 10.241.212.151 (10.241.212.151)
1839 [Source GeoIP: Unknown]
1840 [Destination GeoIP: Unknown]
1841Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34549 (34549), Seq: 394, Ack: 56, Len: 45
1842 Source port: ftp (21)
1843 Destination port: 34549 (34549)
1844 [Stream index: 16]
1845 Sequence number: 394 (relative sequence number)
1846 [Next sequence number: 439 (relative sequence number)]
1847 Acknowledgment number: 56 (relative ack number)
1848 Header length: 20 bytes
1849 Flags: 0x018 (PSH, ACK)
1850 000. .... .... = Reserved: Not set
1851 ...0 .... .... = Nonce: Not set
1852 .... 0... .... = Congestion Window Reduced (CWR): Not set
1853 .... .0.. .... = ECN-Echo: Not set
1854 .... ..0. .... = Urgent: Not set
1855 .... ...1 .... = Acknowledgment: Set
1856 .... .... 1... = Push: Set
1857 .... .... .0.. = Reset: Not set
1858 .... .... ..0. = Syn: Not set
1859 .... .... ...0 = Fin: Not set
1860 Window size value: 65535
1861 [Calculated window size: 65535]
1862 [Window size scaling factor: -2 (no window scaling used)]
1863 Checksum: 0xf389 [validation disabled]
1864 [Good Checksum: False]
1865 [Bad Checksum: False]
1866 [SEQ/ACK analysis]
1867 [This is an ACK to the segment in frame: 3155]
1868 [The RTT to ACK the segment was: 0.000186000 seconds]
1869 [Bytes in flight: 45]
1870File Transfer Protocol (FTP)
1871 500 'OPTS UTF8 on': command not understood.\r\n
1872 Response code: Syntax error, command unrecognized (500)
1873 Response arg: 'OPTS UTF8 on': command not understood.
1874
18750000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
18760010 00 55 e3 be 40 00 3b 06 9f 97 0a f1 d1 c3 0a f1 .U..@.;.........
18770020 d4 97 00 15 86 f5 7c 61 ec a1 fc d5 9d 79 50 18 ......|a.....yP.
18780030 ff ff f3 89 00 00 35 30 30 20 27 4f 50 54 53 20 ......500 'OPTS
18790040 55 54 46 38 20 6f 6e 27 3a 20 63 6f 6d 6d 61 6e UTF8 on': comman
18800050 64 20 6e 6f 74 20 75 6e 64 65 72 73 74 6f 6f 64 d not understood
18810060 2e 0d 0a ...
1882
1883No. Time Source Destination Protocol Length Info
1884 3157 30.881562000 10.241.212.151 10.241.209.195 FTP 64 Request: REST 100
1885
1886Frame 3157: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) on interface 0
1887 Interface id: 0
1888 Encapsulation type: Ethernet (1)
1889 Arrival Time: Aug 17, 2015 08:01:10.581865000 Eastern Daylight Time
1890 [Time shift for this packet: 0.000000000 seconds]
1891 Epoch Time: 1439812870.581865000 seconds
1892 [Time delta from previous captured frame: 0.000207000 seconds]
1893 [Time delta from previous displayed frame: 0.000207000 seconds]
1894 [Time since reference or first frame: 30.881562000 seconds]
1895 Frame Number: 3157
1896 Frame Length: 64 bytes (512 bits)
1897 Capture Length: 64 bytes (512 bits)
1898 [Frame is marked: False]
1899 [Frame is ignored: False]
1900 [Protocols in frame: eth:ip:tcp:ftp]
1901 [Coloring Rule Name: Checksum Errors]
1902 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
1903Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1904 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1905 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1906 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1907 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1908 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1909 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1910 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1911 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1912 Type: IP (0x0800)
1913Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
1914 Version: 4
1915 Header length: 20 bytes
1916 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1917 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1918 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1919 Total Length: 50
1920 Identification: 0x0899 (2201)
1921 Flags: 0x02 (Don't Fragment)
1922 0... .... = Reserved bit: Not set
1923 .1.. .... = Don't fragment: Set
1924 ..0. .... = More fragments: Not set
1925 Fragment offset: 0
1926 Time to live: 128
1927 Protocol: TCP (6)
1928 Header checksum: 0x0000 [incorrect, should be 0x35f0 (may be caused by "IP checksum offload"?)]
1929 [Good: False]
1930 [Bad: True]
1931 [Expert Info (Error/Checksum): Bad checksum]
1932 [Message: Bad checksum]
1933 [Severity level: Error]
1934 [Group: Checksum]
1935 Source: 10.241.212.151 (10.241.212.151)
1936 Destination: 10.241.209.195 (10.241.209.195)
1937 [Source GeoIP: Unknown]
1938 [Destination GeoIP: Unknown]
1939Transmission Control Protocol, Src Port: 34549 (34549), Dst Port: ftp (21), Seq: 56, Ack: 439, Len: 10
1940 Source port: 34549 (34549)
1941 Destination port: ftp (21)
1942 [Stream index: 16]
1943 Sequence number: 56 (relative sequence number)
1944 [Next sequence number: 66 (relative sequence number)]
1945 Acknowledgment number: 439 (relative ack number)
1946 Header length: 20 bytes
1947 Flags: 0x018 (PSH, ACK)
1948 000. .... .... = Reserved: Not set
1949 ...0 .... .... = Nonce: Not set
1950 .... 0... .... = Congestion Window Reduced (CWR): Not set
1951 .... .0.. .... = ECN-Echo: Not set
1952 .... ..0. .... = Urgent: Not set
1953 .... ...1 .... = Acknowledgment: Set
1954 .... .... 1... = Push: Set
1955 .... .... .0.. = Reset: Not set
1956 .... .... ..0. = Syn: Not set
1957 .... .... ...0 = Fin: Not set
1958 Window size value: 63802
1959 [Calculated window size: 63802]
1960 [Window size scaling factor: -2 (no window scaling used)]
1961 Checksum: 0xbc61 [validation disabled]
1962 [Good Checksum: False]
1963 [Bad Checksum: False]
1964 [SEQ/ACK analysis]
1965 [This is an ACK to the segment in frame: 3156]
1966 [The RTT to ACK the segment was: 0.000207000 seconds]
1967 [Bytes in flight: 10]
1968File Transfer Protocol (FTP)
1969 REST 100\r\n
1970 Request command: REST
1971 Request arg: 100
1972
19730000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
19740010 00 32 08 99 40 00 80 06 00 00 0a f1 d4 97 0a f1 .2..@...........
19750020 d1 c3 86 f5 00 15 fc d5 9d 79 7c 61 ec ce 50 18 .........y|a..P.
19760030 f9 3a bc 61 00 00 52 45 53 54 20 31 30 30 0d 0a .:.a..REST 100..
1977
1978No. Time Source Destination Protocol Length Info
1979 3158 30.881750000 10.241.209.195 10.241.212.151 FTP 122 Response: 350 Restarting at 100 Send STORE or RETRIEVE to initiate transfer.
1980
1981Frame 3158: 122 bytes on wire (976 bits), 122 bytes captured (976 bits) on interface 0
1982 Interface id: 0
1983 Encapsulation type: Ethernet (1)
1984 Arrival Time: Aug 17, 2015 08:01:10.582053000 Eastern Daylight Time
1985 [Time shift for this packet: 0.000000000 seconds]
1986 Epoch Time: 1439812870.582053000 seconds
1987 [Time delta from previous captured frame: 0.000188000 seconds]
1988 [Time delta from previous displayed frame: 0.000188000 seconds]
1989 [Time since reference or first frame: 30.881750000 seconds]
1990 Frame Number: 3158
1991 Frame Length: 122 bytes (976 bits)
1992 Capture Length: 122 bytes (976 bits)
1993 [Frame is marked: False]
1994 [Frame is ignored: False]
1995 [Protocols in frame: eth:ip:tcp:ftp]
1996 [Coloring Rule Name: TCP]
1997 [Coloring Rule String: tcp]
1998Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1999 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2000 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2001 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2002 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2003 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
2004 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
2005 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2006 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2007 Type: IP (0x0800)
2008Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
2009 Version: 4
2010 Header length: 20 bytes
2011 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
2012 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
2013 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
2014 Total Length: 108
2015 Identification: 0xe3bf (58303)
2016 Flags: 0x02 (Don't Fragment)
2017 0... .... = Reserved bit: Not set
2018 .1.. .... = Don't fragment: Set
2019 ..0. .... = More fragments: Not set
2020 Fragment offset: 0
2021 Time to live: 59
2022 Protocol: TCP (6)
2023 Header checksum: 0x9f7f [correct]
2024 [Good: True]
2025 [Bad: False]
2026 Source: 10.241.209.195 (10.241.209.195)
2027 Destination: 10.241.212.151 (10.241.212.151)
2028 [Source GeoIP: Unknown]
2029 [Destination GeoIP: Unknown]
2030Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34549 (34549), Seq: 439, Ack: 66, Len: 68
2031 Source port: ftp (21)
2032 Destination port: 34549 (34549)
2033 [Stream index: 16]
2034 Sequence number: 439 (relative sequence number)
2035 [Next sequence number: 507 (relative sequence number)]
2036 Acknowledgment number: 66 (relative ack number)
2037 Header length: 20 bytes
2038 Flags: 0x018 (PSH, ACK)
2039 000. .... .... = Reserved: Not set
2040 ...0 .... .... = Nonce: Not set
2041 .... 0... .... = Congestion Window Reduced (CWR): Not set
2042 .... .0.. .... = ECN-Echo: Not set
2043 .... ..0. .... = Urgent: Not set
2044 .... ...1 .... = Acknowledgment: Set
2045 .... .... 1... = Push: Set
2046 .... .... .0.. = Reset: Not set
2047 .... .... ..0. = Syn: Not set
2048 .... .... ...0 = Fin: Not set
2049 Window size value: 65535
2050 [Calculated window size: 65535]
2051 [Window size scaling factor: -2 (no window scaling used)]
2052 Checksum: 0x7cea [validation disabled]
2053 [Good Checksum: False]
2054 [Bad Checksum: False]
2055 [SEQ/ACK analysis]
2056 [This is an ACK to the segment in frame: 3157]
2057 [The RTT to ACK the segment was: 0.000188000 seconds]
2058 [Bytes in flight: 68]
2059File Transfer Protocol (FTP)
2060 350 Restarting at 100 Send STORE or RETRIEVE to initiate transfer.\r\n
2061 Response code: Requested file action pending further information (350)
2062 Response arg: Restarting at 100 Send STORE or RETRIEVE to initiate transfer.
2063
20640000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
20650010 00 6c e3 bf 40 00 3b 06 9f 7f 0a f1 d1 c3 0a f1 .l..@.;.........
20660020 d4 97 00 15 86 f5 7c 61 ec ce fc d5 9d 83 50 18 ......|a......P.
20670030 ff ff 7c ea 00 00 33 35 30 20 52 65 73 74 61 72 ..|...350 Restar
20680040 74 69 6e 67 20 61 74 20 31 30 30 20 53 65 6e 64 ting at 100 Send
20690050 20 53 54 4f 52 45 20 6f 72 20 52 45 54 52 49 45 STORE or RETRIE
20700060 56 45 20 74 6f 20 69 6e 69 74 69 61 74 65 20 74 VE to initiate t
20710070 72 61 6e 73 66 65 72 2e 0d 0a ransfer...
2072
2073No. Time Source Destination Protocol Length Info
2074 3159 30.882078000 10.241.212.151 10.241.209.195 FTP 62 Request: REST 0
2075
2076Frame 3159: 62 bytes on wire (496 bits), 62 bytes captured (496 bits) on interface 0
2077 Interface id: 0
2078 Encapsulation type: Ethernet (1)
2079 Arrival Time: Aug 17, 2015 08:01:10.582381000 Eastern Daylight Time
2080 [Time shift for this packet: 0.000000000 seconds]
2081 Epoch Time: 1439812870.582381000 seconds
2082 [Time delta from previous captured frame: 0.000328000 seconds]
2083 [Time delta from previous displayed frame: 0.000328000 seconds]
2084 [Time since reference or first frame: 30.882078000 seconds]
2085 Frame Number: 3159
2086 Frame Length: 62 bytes (496 bits)
2087 Capture Length: 62 bytes (496 bits)
2088 [Frame is marked: False]
2089 [Frame is ignored: False]
2090 [Protocols in frame: eth:ip:tcp:ftp]
2091 [Coloring Rule Name: Checksum Errors]
2092 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
2093Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2094 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2095 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2096 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2097 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2098 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2099 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2100 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2101 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2102 Type: IP (0x0800)
2103Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
2104 Version: 4
2105 Header length: 20 bytes
2106 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
2107 0000 00.. = Differentiated Services Codepoint: Default (0x00)
2108 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
2109 Total Length: 48
2110 Identification: 0x089a (2202)
2111 Flags: 0x02 (Don't Fragment)
2112 0... .... = Reserved bit: Not set
2113 .1.. .... = Don't fragment: Set
2114 ..0. .... = More fragments: Not set
2115 Fragment offset: 0
2116 Time to live: 128
2117 Protocol: TCP (6)
2118 Header checksum: 0x0000 [incorrect, should be 0x35f1 (may be caused by "IP checksum offload"?)]
2119 [Good: False]
2120 [Bad: True]
2121 [Expert Info (Error/Checksum): Bad checksum]
2122 [Message: Bad checksum]
2123 [Severity level: Error]
2124 [Group: Checksum]
2125 Source: 10.241.212.151 (10.241.212.151)
2126 Destination: 10.241.209.195 (10.241.209.195)
2127 [Source GeoIP: Unknown]
2128 [Destination GeoIP: Unknown]
2129Transmission Control Protocol, Src Port: 34549 (34549), Dst Port: ftp (21), Seq: 66, Ack: 507, Len: 8
2130 Source port: 34549 (34549)
2131 Destination port: ftp (21)
2132 [Stream index: 16]
2133 Sequence number: 66 (relative sequence number)
2134 [Next sequence number: 74 (relative sequence number)]
2135 Acknowledgment number: 507 (relative ack number)
2136 Header length: 20 bytes
2137 Flags: 0x018 (PSH, ACK)
2138 000. .... .... = Reserved: Not set
2139 ...0 .... .... = Nonce: Not set
2140 .... 0... .... = Congestion Window Reduced (CWR): Not set
2141 .... .0.. .... = ECN-Echo: Not set
2142 .... ..0. .... = Urgent: Not set
2143 .... ...1 .... = Acknowledgment: Set
2144 .... .... 1... = Push: Set
2145 .... .... .0.. = Reset: Not set
2146 .... .... ..0. = Syn: Not set
2147 .... .... ...0 = Fin: Not set
2148 Window size value: 63734
2149 [Calculated window size: 63734]
2150 [Window size scaling factor: -2 (no window scaling used)]
2151 Checksum: 0xbc5f [validation disabled]
2152 [Good Checksum: False]
2153 [Bad Checksum: False]
2154 [SEQ/ACK analysis]
2155 [This is an ACK to the segment in frame: 3158]
2156 [The RTT to ACK the segment was: 0.000328000 seconds]
2157 [Bytes in flight: 8]
2158File Transfer Protocol (FTP)
2159 REST 0\r\n
2160 Request command: REST
2161 Request arg: 0
2162
21630000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
21640010 00 30 08 9a 40 00 80 06 00 00 0a f1 d4 97 0a f1 .0..@...........
21650020 d1 c3 86 f5 00 15 fc d5 9d 83 7c 61 ed 12 50 18 ..........|a..P.
21660030 f8 f6 bc 5f 00 00 52 45 53 54 20 30 0d 0a ..._..REST 0..
2167
2168No. Time Source Destination Protocol Length Info
2169 3160 30.882241000 10.241.209.195 10.241.212.151 FTP 120 Response: 350 Restarting at 0 Send STORE or RETRIEVE to initiate transfer.
2170
2171Frame 3160: 120 bytes on wire (960 bits), 120 bytes captured (960 bits) on interface 0
2172 Interface id: 0
2173 Encapsulation type: Ethernet (1)
2174 Arrival Time: Aug 17, 2015 08:01:10.582544000 Eastern Daylight Time
2175 [Time shift for this packet: 0.000000000 seconds]
2176 Epoch Time: 1439812870.582544000 seconds
2177 [Time delta from previous captured frame: 0.000163000 seconds]
2178 [Time delta from previous displayed frame: 0.000163000 seconds]
2179 [Time since reference or first frame: 30.882241000 seconds]
2180 Frame Number: 3160
2181 Frame Length: 120 bytes (960 bits)
2182 Capture Length: 120 bytes (960 bits)
2183 [Frame is marked: False]
2184 [Frame is ignored: False]
2185 [Protocols in frame: eth:ip:tcp:ftp]
2186 [Coloring Rule Name: TCP]
2187 [Coloring Rule String: tcp]
2188Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2189 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2190 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2191 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2192 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2193 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
2194 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
2195 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2196 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2197 Type: IP (0x0800)
2198Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
2199 Version: 4
2200 Header length: 20 bytes
2201 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
2202 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
2203 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
2204 Total Length: 106
2205 Identification: 0xe3c0 (58304)
2206 Flags: 0x02 (Don't Fragment)
2207 0... .... = Reserved bit: Not set
2208 .1.. .... = Don't fragment: Set
2209 ..0. .... = More fragments: Not set
2210 Fragment offset: 0
2211 Time to live: 59
2212 Protocol: TCP (6)
2213 Header checksum: 0x9f80 [correct]
2214 [Good: True]
2215 [Bad: False]
2216 Source: 10.241.209.195 (10.241.209.195)
2217 Destination: 10.241.212.151 (10.241.212.151)
2218 [Source GeoIP: Unknown]
2219 [Destination GeoIP: Unknown]
2220Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34549 (34549), Seq: 507, Ack: 74, Len: 66
2221 Source port: ftp (21)
2222 Destination port: 34549 (34549)
2223 [Stream index: 16]
2224 Sequence number: 507 (relative sequence number)
2225 [Next sequence number: 573 (relative sequence number)]
2226 Acknowledgment number: 74 (relative ack number)
2227 Header length: 20 bytes
2228 Flags: 0x018 (PSH, ACK)
2229 000. .... .... = Reserved: Not set
2230 ...0 .... .... = Nonce: Not set
2231 .... 0... .... = Congestion Window Reduced (CWR): Not set
2232 .... .0.. .... = ECN-Echo: Not set
2233 .... ..0. .... = Urgent: Not set
2234 .... ...1 .... = Acknowledgment: Set
2235 .... .... 1... = Push: Set
2236 .... .... .0.. = Reset: Not set
2237 .... .... ..0. = Syn: Not set
2238 .... .... ...0 = Fin: Not set
2239 Window size value: 65535
2240 [Calculated window size: 65535]
2241 [Window size scaling factor: -2 (no window scaling used)]
2242 Checksum: 0xadd0 [validation disabled]
2243 [Good Checksum: False]
2244 [Bad Checksum: False]
2245 [SEQ/ACK analysis]
2246 [This is an ACK to the segment in frame: 3159]
2247 [The RTT to ACK the segment was: 0.000163000 seconds]
2248 [Bytes in flight: 66]
2249File Transfer Protocol (FTP)
2250 350 Restarting at 0 Send STORE or RETRIEVE to initiate transfer.\r\n
2251 Response code: Requested file action pending further information (350)
2252 Response arg: Restarting at 0 Send STORE or RETRIEVE to initiate transfer.
2253
22540000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
22550010 00 6a e3 c0 40 00 3b 06 9f 80 0a f1 d1 c3 0a f1 .j..@.;.........
22560020 d4 97 00 15 86 f5 7c 61 ed 12 fc d5 9d 8b 50 18 ......|a......P.
22570030 ff ff ad d0 00 00 33 35 30 20 52 65 73 74 61 72 ......350 Restar
22580040 74 69 6e 67 20 61 74 20 30 20 53 65 6e 64 20 53 ting at 0 Send S
22590050 54 4f 52 45 20 6f 72 20 52 45 54 52 49 45 56 45 TORE or RETRIEVE
22600060 20 74 6f 20 69 6e 69 74 69 61 74 65 20 74 72 61 to initiate tra
22610070 6e 73 66 65 72 2e 0d 0a nsfer...
2262
2263No. Time Source Destination Protocol Length Info
2264 3161 30.882388000 10.241.212.151 10.241.209.195 FTP 60 Request: PASV
2265
2266Frame 3161: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
2267 Interface id: 0
2268 Encapsulation type: Ethernet (1)
2269 Arrival Time: Aug 17, 2015 08:01:10.582691000 Eastern Daylight Time
2270 [Time shift for this packet: 0.000000000 seconds]
2271 Epoch Time: 1439812870.582691000 seconds
2272 [Time delta from previous captured frame: 0.000147000 seconds]
2273 [Time delta from previous displayed frame: 0.000147000 seconds]
2274 [Time since reference or first frame: 30.882388000 seconds]
2275 Frame Number: 3161
2276 Frame Length: 60 bytes (480 bits)
2277 Capture Length: 60 bytes (480 bits)
2278 [Frame is marked: False]
2279 [Frame is ignored: False]
2280 [Protocols in frame: eth:ip:tcp:ftp]
2281 [Coloring Rule Name: Checksum Errors]
2282 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
2283Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2284 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2285 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2286 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2287 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2288 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2289 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2290 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2291 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2292 Type: IP (0x0800)
2293Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
2294 Version: 4
2295 Header length: 20 bytes
2296 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
2297 0000 00.. = Differentiated Services Codepoint: Default (0x00)
2298 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
2299 Total Length: 46
2300 Identification: 0x089b (2203)
2301 Flags: 0x02 (Don't Fragment)
2302 0... .... = Reserved bit: Not set
2303 .1.. .... = Don't fragment: Set
2304 ..0. .... = More fragments: Not set
2305 Fragment offset: 0
2306 Time to live: 128
2307 Protocol: TCP (6)
2308 Header checksum: 0x0000 [incorrect, should be 0x35f2 (may be caused by "IP checksum offload"?)]
2309 [Good: False]
2310 [Bad: True]
2311 [Expert Info (Error/Checksum): Bad checksum]
2312 [Message: Bad checksum]
2313 [Severity level: Error]
2314 [Group: Checksum]
2315 Source: 10.241.212.151 (10.241.212.151)
2316 Destination: 10.241.209.195 (10.241.209.195)
2317 [Source GeoIP: Unknown]
2318 [Destination GeoIP: Unknown]
2319Transmission Control Protocol, Src Port: 34549 (34549), Dst Port: ftp (21), Seq: 74, Ack: 573, Len: 6
2320 Source port: 34549 (34549)
2321 Destination port: ftp (21)
2322 [Stream index: 16]
2323 Sequence number: 74 (relative sequence number)
2324 [Next sequence number: 80 (relative sequence number)]
2325 Acknowledgment number: 573 (relative ack number)
2326 Header length: 20 bytes
2327 Flags: 0x018 (PSH, ACK)
2328 000. .... .... = Reserved: Not set
2329 ...0 .... .... = Nonce: Not set
2330 .... 0... .... = Congestion Window Reduced (CWR): Not set
2331 .... .0.. .... = ECN-Echo: Not set
2332 .... ..0. .... = Urgent: Not set
2333 .... ...1 .... = Acknowledgment: Set
2334 .... .... 1... = Push: Set
2335 .... .... .0.. = Reset: Not set
2336 .... .... ..0. = Syn: Not set
2337 .... .... ...0 = Fin: Not set
2338 Window size value: 63668
2339 [Calculated window size: 63668]
2340 [Window size scaling factor: -2 (no window scaling used)]
2341 Checksum: 0xbc5d [validation disabled]
2342 [Good Checksum: False]
2343 [Bad Checksum: False]
2344 [SEQ/ACK analysis]
2345 [This is an ACK to the segment in frame: 3160]
2346 [The RTT to ACK the segment was: 0.000147000 seconds]
2347 [Bytes in flight: 6]
2348File Transfer Protocol (FTP)
2349 PASV\r\n
2350 Request command: PASV
2351
23520000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
23530010 00 2e 08 9b 40 00 80 06 00 00 0a f1 d4 97 0a f1 ....@...........
23540020 d1 c3 86 f5 00 15 fc d5 9d 8b 7c 61 ed 54 50 18 ..........|a.TP.
23550030 f8 b4 bc 5d 00 00 50 41 53 56 0d 0a ...]..PASV..
2356
2357No. Time Source Destination Protocol Length Info
2358 3162 30.882626000 10.241.209.195 10.241.212.151 FTP 105 Response: 227 Entering Passive Mode (10,241,209,195,137,88)
2359
2360Frame 3162: 105 bytes on wire (840 bits), 105 bytes captured (840 bits) on interface 0
2361 Interface id: 0
2362 Encapsulation type: Ethernet (1)
2363 Arrival Time: Aug 17, 2015 08:01:10.582929000 Eastern Daylight Time
2364 [Time shift for this packet: 0.000000000 seconds]
2365 Epoch Time: 1439812870.582929000 seconds
2366 [Time delta from previous captured frame: 0.000238000 seconds]
2367 [Time delta from previous displayed frame: 0.000238000 seconds]
2368 [Time since reference or first frame: 30.882626000 seconds]
2369 Frame Number: 3162
2370 Frame Length: 105 bytes (840 bits)
2371 Capture Length: 105 bytes (840 bits)
2372 [Frame is marked: False]
2373 [Frame is ignored: False]
2374 [Protocols in frame: eth:ip:tcp:ftp]
2375 [Coloring Rule Name: TCP]
2376 [Coloring Rule String: tcp]
2377Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2378 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2379 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2380 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2381 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2382 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
2383 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
2384 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2385 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2386 Type: IP (0x0800)
2387Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
2388 Version: 4
2389 Header length: 20 bytes
2390 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
2391 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
2392 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
2393 Total Length: 91
2394 Identification: 0xe3c1 (58305)
2395 Flags: 0x02 (Don't Fragment)
2396 0... .... = Reserved bit: Not set
2397 .1.. .... = Don't fragment: Set
2398 ..0. .... = More fragments: Not set
2399 Fragment offset: 0
2400 Time to live: 59
2401 Protocol: TCP (6)
2402 Header checksum: 0x9f8e [correct]
2403 [Good: True]
2404 [Bad: False]
2405 Source: 10.241.209.195 (10.241.209.195)
2406 Destination: 10.241.212.151 (10.241.212.151)
2407 [Source GeoIP: Unknown]
2408 [Destination GeoIP: Unknown]
2409Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34549 (34549), Seq: 573, Ack: 80, Len: 51
2410 Source port: ftp (21)
2411 Destination port: 34549 (34549)
2412 [Stream index: 16]
2413 Sequence number: 573 (relative sequence number)
2414 [Next sequence number: 624 (relative sequence number)]
2415 Acknowledgment number: 80 (relative ack number)
2416 Header length: 20 bytes
2417 Flags: 0x018 (PSH, ACK)
2418 000. .... .... = Reserved: Not set
2419 ...0 .... .... = Nonce: Not set
2420 .... 0... .... = Congestion Window Reduced (CWR): Not set
2421 .... .0.. .... = ECN-Echo: Not set
2422 .... ..0. .... = Urgent: Not set
2423 .... ...1 .... = Acknowledgment: Set
2424 .... .... 1... = Push: Set
2425 .... .... .0.. = Reset: Not set
2426 .... .... ..0. = Syn: Not set
2427 .... .... ...0 = Fin: Not set
2428 Window size value: 65535
2429 [Calculated window size: 65535]
2430 [Window size scaling factor: -2 (no window scaling used)]
2431 Checksum: 0xa2b4 [validation disabled]
2432 [Good Checksum: False]
2433 [Bad Checksum: False]
2434 [SEQ/ACK analysis]
2435 [This is an ACK to the segment in frame: 3161]
2436 [The RTT to ACK the segment was: 0.000238000 seconds]
2437 [Bytes in flight: 51]
2438File Transfer Protocol (FTP)
2439 227 Entering Passive Mode (10,241,209,195,137,88)\r\n
2440 Response code: Entering Passive Mode (227)
2441 Response arg: Entering Passive Mode (10,241,209,195,137,88)
2442 Passive IP address: 10.241.209.195 (10.241.209.195)
2443 Passive port: 35160
2444
24450000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
24460010 00 5b e3 c1 40 00 3b 06 9f 8e 0a f1 d1 c3 0a f1 .[..@.;.........
24470020 d4 97 00 15 86 f5 7c 61 ed 54 fc d5 9d 91 50 18 ......|a.T....P.
24480030 ff ff a2 b4 00 00 32 32 37 20 45 6e 74 65 72 69 ......227 Enteri
24490040 6e 67 20 50 61 73 73 69 76 65 20 4d 6f 64 65 20 ng Passive Mode
24500050 28 31 30 2c 32 34 31 2c 32 30 39 2c 31 39 35 2c (10,241,209,195,
24510060 31 33 37 2c 38 38 29 0d 0a 137,88)..
2452
2453No. Time Source Destination Protocol Length Info
2454 3163 30.883036000 10.241.212.151 10.241.209.195 FTP 60 Request: LIST
2455
2456Frame 3163: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
2457 Interface id: 0
2458 Encapsulation type: Ethernet (1)
2459 Arrival Time: Aug 17, 2015 08:01:10.583339000 Eastern Daylight Time
2460 [Time shift for this packet: 0.000000000 seconds]
2461 Epoch Time: 1439812870.583339000 seconds
2462 [Time delta from previous captured frame: 0.000410000 seconds]
2463 [Time delta from previous displayed frame: 0.000410000 seconds]
2464 [Time since reference or first frame: 30.883036000 seconds]
2465 Frame Number: 3163
2466 Frame Length: 60 bytes (480 bits)
2467 Capture Length: 60 bytes (480 bits)
2468 [Frame is marked: False]
2469 [Frame is ignored: False]
2470 [Protocols in frame: eth:ip:tcp:ftp]
2471 [Coloring Rule Name: Checksum Errors]
2472 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
2473Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2474 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2475 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2476 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2477 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2478 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2479 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2480 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2481 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2482 Type: IP (0x0800)
2483Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
2484 Version: 4
2485 Header length: 20 bytes
2486 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
2487 0000 00.. = Differentiated Services Codepoint: Default (0x00)
2488 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
2489 Total Length: 46
2490 Identification: 0x089c (2204)
2491 Flags: 0x02 (Don't Fragment)
2492 0... .... = Reserved bit: Not set
2493 .1.. .... = Don't fragment: Set
2494 ..0. .... = More fragments: Not set
2495 Fragment offset: 0
2496 Time to live: 128
2497 Protocol: TCP (6)
2498 Header checksum: 0x0000 [incorrect, should be 0x35f1 (may be caused by "IP checksum offload"?)]
2499 [Good: False]
2500 [Bad: True]
2501 [Expert Info (Error/Checksum): Bad checksum]
2502 [Message: Bad checksum]
2503 [Severity level: Error]
2504 [Group: Checksum]
2505 Source: 10.241.212.151 (10.241.212.151)
2506 Destination: 10.241.209.195 (10.241.209.195)
2507 [Source GeoIP: Unknown]
2508 [Destination GeoIP: Unknown]
2509Transmission Control Protocol, Src Port: 34549 (34549), Dst Port: ftp (21), Seq: 80, Ack: 624, Len: 6
2510 Source port: 34549 (34549)
2511 Destination port: ftp (21)
2512 [Stream index: 16]
2513 Sequence number: 80 (relative sequence number)
2514 [Next sequence number: 86 (relative sequence number)]
2515 Acknowledgment number: 624 (relative ack number)
2516 Header length: 20 bytes
2517 Flags: 0x018 (PSH, ACK)
2518 000. .... .... = Reserved: Not set
2519 ...0 .... .... = Nonce: Not set
2520 .... 0... .... = Congestion Window Reduced (CWR): Not set
2521 .... .0.. .... = ECN-Echo: Not set
2522 .... ..0. .... = Urgent: Not set
2523 .... ...1 .... = Acknowledgment: Set
2524 .... .... 1... = Push: Set
2525 .... .... .0.. = Reset: Not set
2526 .... .... ..0. = Syn: Not set
2527 .... .... ...0 = Fin: Not set
2528 Window size value: 63617
2529 [Calculated window size: 63617]
2530 [Window size scaling factor: -2 (no window scaling used)]
2531 Checksum: 0xbc5d [validation disabled]
2532 [Good Checksum: False]
2533 [Bad Checksum: False]
2534 [SEQ/ACK analysis]
2535 [This is an ACK to the segment in frame: 3162]
2536 [The RTT to ACK the segment was: 0.000410000 seconds]
2537 [Bytes in flight: 6]
2538File Transfer Protocol (FTP)
2539 LIST\r\n
2540 Request command: LIST
2541
25420000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
25430010 00 2e 08 9c 40 00 80 06 00 00 0a f1 d4 97 0a f1 ....@...........
25440020 d1 c3 86 f5 00 15 fc d5 9d 91 7c 61 ed 87 50 18 ..........|a..P.
25450030 f8 81 bc 5d 00 00 4c 49 53 54 0d 0a ...]..LIST..
2546
2547No. Time Source Destination Protocol Length Info
2548 3164 30.883415000 10.241.212.151 10.241.209.195 TCP 66 34550 > 35160 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
2549
2550Frame 3164: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
2551 Interface id: 0
2552 Encapsulation type: Ethernet (1)
2553 Arrival Time: Aug 17, 2015 08:01:10.583718000 Eastern Daylight Time
2554 [Time shift for this packet: 0.000000000 seconds]
2555 Epoch Time: 1439812870.583718000 seconds
2556 [Time delta from previous captured frame: 0.000379000 seconds]
2557 [Time delta from previous displayed frame: 0.000379000 seconds]
2558 [Time since reference or first frame: 30.883415000 seconds]
2559 Frame Number: 3164
2560 Frame Length: 66 bytes (528 bits)
2561 Capture Length: 66 bytes (528 bits)
2562 [Frame is marked: False]
2563 [Frame is ignored: False]
2564 [Protocols in frame: eth:ip:tcp]
2565 [Coloring Rule Name: Checksum Errors]
2566 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
2567Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2568 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2569 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2570 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2571 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2572 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2573 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2574 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2575 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2576 Type: IP (0x0800)
2577Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
2578 Version: 4
2579 Header length: 20 bytes
2580 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
2581 0000 00.. = Differentiated Services Codepoint: Default (0x00)
2582 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
2583 Total Length: 52
2584 Identification: 0x089d (2205)
2585 Flags: 0x02 (Don't Fragment)
2586 0... .... = Reserved bit: Not set
2587 .1.. .... = Don't fragment: Set
2588 ..0. .... = More fragments: Not set
2589 Fragment offset: 0
2590 Time to live: 128
2591 Protocol: TCP (6)
2592 Header checksum: 0x0000 [incorrect, should be 0x35ea (may be caused by "IP checksum offload"?)]
2593 [Good: False]
2594 [Bad: True]
2595 [Expert Info (Error/Checksum): Bad checksum]
2596 [Message: Bad checksum]
2597 [Severity level: Error]
2598 [Group: Checksum]
2599 Source: 10.241.212.151 (10.241.212.151)
2600 Destination: 10.241.209.195 (10.241.209.195)
2601 [Source GeoIP: Unknown]
2602 [Destination GeoIP: Unknown]
2603Transmission Control Protocol, Src Port: 34550 (34550), Dst Port: 35160 (35160), Seq: 0, Len: 0
2604 Source port: 34550 (34550)
2605 Destination port: 35160 (35160)
2606 [Stream index: 17]
2607 Sequence number: 0 (relative sequence number)
2608 Header length: 32 bytes
2609 Flags: 0x002 (SYN)
2610 000. .... .... = Reserved: Not set
2611 ...0 .... .... = Nonce: Not set
2612 .... 0... .... = Congestion Window Reduced (CWR): Not set
2613 .... .0.. .... = ECN-Echo: Not set
2614 .... ..0. .... = Urgent: Not set
2615 .... ...0 .... = Acknowledgment: Not set
2616 .... .... 0... = Push: Not set
2617 .... .... .0.. = Reset: Not set
2618 .... .... ..1. = Syn: Set
2619 [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 35160]
2620 [Message: Connection establish request (SYN): server port 35160]
2621 [Severity level: Chat]
2622 [Group: Sequence]
2623 .... .... ...0 = Fin: Not set
2624 Window size value: 8192
2625 [Calculated window size: 8192]
2626 Checksum: 0xbc63 [validation disabled]
2627 [Good Checksum: False]
2628 [Bad Checksum: False]
2629 Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
2630 Maximum segment size: 1460 bytes
2631 Kind: MSS size (2)
2632 Length: 4
2633 MSS Value: 1460
2634 No-Operation (NOP)
2635 Type: 1
2636 0... .... = Copy on fragmentation: No
2637 .00. .... = Class: Control (0)
2638 ...0 0001 = Number: No-Operation (NOP) (1)
2639 Window scale: 2 (multiply by 4)
2640 Kind: Window Scale (3)
2641 Length: 3
2642 Shift count: 2
2643 [Multiplier: 4]
2644 No-Operation (NOP)
2645 Type: 1
2646 0... .... = Copy on fragmentation: No
2647 .00. .... = Class: Control (0)
2648 ...0 0001 = Number: No-Operation (NOP) (1)
2649 No-Operation (NOP)
2650 Type: 1
2651 0... .... = Copy on fragmentation: No
2652 .00. .... = Class: Control (0)
2653 ...0 0001 = Number: No-Operation (NOP) (1)
2654 TCP SACK Permitted Option: True
2655 Kind: SACK Permission (4)
2656 Length: 2
2657
26580000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
26590010 00 34 08 9d 40 00 80 06 00 00 0a f1 d4 97 0a f1 .4..@...........
26600020 d1 c3 86 f6 89 58 7d 7f 3f ee 00 00 00 00 80 02 .....X}.?.......
26610030 20 00 bc 63 00 00 02 04 05 b4 01 03 03 02 01 01 ..c............
26620040 04 02 ..
2663
2664No. Time Source Destination Protocol Length Info
2665 3165 30.883637000 10.241.209.195 10.241.212.151 TCP 60 35160 > 34550 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
2666
2667Frame 3165: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
2668 Interface id: 0
2669 Encapsulation type: Ethernet (1)
2670 Arrival Time: Aug 17, 2015 08:01:10.583940000 Eastern Daylight Time
2671 [Time shift for this packet: 0.000000000 seconds]
2672 Epoch Time: 1439812870.583940000 seconds
2673 [Time delta from previous captured frame: 0.000222000 seconds]
2674 [Time delta from previous displayed frame: 0.000222000 seconds]
2675 [Time since reference or first frame: 30.883637000 seconds]
2676 Frame Number: 3165
2677 Frame Length: 60 bytes (480 bits)
2678 Capture Length: 60 bytes (480 bits)
2679 [Frame is marked: False]
2680 [Frame is ignored: False]
2681 [Protocols in frame: eth:ip:tcp]
2682 [Coloring Rule Name: TCP SYN/FIN]
2683 [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
2684Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2685 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2686 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2687 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2688 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2689 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
2690 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
2691 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2692 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2693 Type: IP (0x0800)
2694 Padding: 0000
2695Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
2696 Version: 4
2697 Header length: 20 bytes
2698 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
2699 0000 00.. = Differentiated Services Codepoint: Default (0x00)
2700 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
2701 Total Length: 44
2702 Identification: 0xe3c2 (58306)
2703 Flags: 0x02 (Don't Fragment)
2704 0... .... = Reserved bit: Not set
2705 .1.. .... = Don't fragment: Set
2706 ..0. .... = More fragments: Not set
2707 Fragment offset: 0
2708 Time to live: 59
2709 Protocol: TCP (6)
2710 Header checksum: 0x9fcc [correct]
2711 [Good: True]
2712 [Bad: False]
2713 Source: 10.241.209.195 (10.241.209.195)
2714 Destination: 10.241.212.151 (10.241.212.151)
2715 [Source GeoIP: Unknown]
2716 [Destination GeoIP: Unknown]
2717Transmission Control Protocol, Src Port: 35160 (35160), Dst Port: 34550 (34550), Seq: 0, Ack: 1, Len: 0
2718 Source port: 35160 (35160)
2719 Destination port: 34550 (34550)
2720 [Stream index: 17]
2721 Sequence number: 0 (relative sequence number)
2722 Acknowledgment number: 1 (relative ack number)
2723 Header length: 24 bytes
2724 Flags: 0x012 (SYN, ACK)
2725 000. .... .... = Reserved: Not set
2726 ...0 .... .... = Nonce: Not set
2727 .... 0... .... = Congestion Window Reduced (CWR): Not set
2728 .... .0.. .... = ECN-Echo: Not set
2729 .... ..0. .... = Urgent: Not set
2730 .... ...1 .... = Acknowledgment: Set
2731 .... .... 0... = Push: Not set
2732 .... .... .0.. = Reset: Not set
2733 .... .... ..1. = Syn: Set
2734 [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port 35160]
2735 [Message: Connection establish acknowledge (SYN+ACK): server port 35160]
2736 [Severity level: Chat]
2737 [Group: Sequence]
2738 .... .... ...0 = Fin: Not set
2739 Window size value: 65535
2740 [Calculated window size: 65535]
2741 Checksum: 0x6d95 [validation disabled]
2742 [Good Checksum: False]
2743 [Bad Checksum: False]
2744 Options: (4 bytes), Maximum segment size
2745 Maximum segment size: 1460 bytes
2746 Kind: MSS size (2)
2747 Length: 4
2748 MSS Value: 1460
2749 [SEQ/ACK analysis]
2750 [This is an ACK to the segment in frame: 3164]
2751 [The RTT to ACK the segment was: 0.000222000 seconds]
2752
27530000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 00 .6.A.f.#......E.
27540010 00 2c e3 c2 40 00 3b 06 9f cc 0a f1 d1 c3 0a f1 .,..@.;.........
27550020 d4 97 89 58 86 f6 76 5c 2a 2a 7d 7f 3f ef 60 12 ...X..v\**}.?.`.
27560030 ff ff 6d 95 00 00 02 04 05 b4 00 00 ..m.........
2757
2758No. Time Source Destination Protocol Length Info
2759 3166 30.883668000 10.241.212.151 10.241.209.195 TCP 54 34550 > 35160 [ACK] Seq=1 Ack=1 Win=64240 Len=0
2760
2761Frame 3166: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
2762 Interface id: 0
2763 Encapsulation type: Ethernet (1)
2764 Arrival Time: Aug 17, 2015 08:01:10.583971000 Eastern Daylight Time
2765 [Time shift for this packet: 0.000000000 seconds]
2766 Epoch Time: 1439812870.583971000 seconds
2767 [Time delta from previous captured frame: 0.000031000 seconds]
2768 [Time delta from previous displayed frame: 0.000031000 seconds]
2769 [Time since reference or first frame: 30.883668000 seconds]
2770 Frame Number: 3166
2771 Frame Length: 54 bytes (432 bits)
2772 Capture Length: 54 bytes (432 bits)
2773 [Frame is marked: False]
2774 [Frame is ignored: False]
2775 [Protocols in frame: eth:ip:tcp]
2776 [Coloring Rule Name: Checksum Errors]
2777 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
2778Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2779 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2780 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2781 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2782 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2783 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2784 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2785 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2786 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2787 Type: IP (0x0800)
2788Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
2789 Version: 4
2790 Header length: 20 bytes
2791 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
2792 0000 00.. = Differentiated Services Codepoint: Default (0x00)
2793 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
2794 Total Length: 40
2795 Identification: 0x089e (2206)
2796 Flags: 0x02 (Don't Fragment)
2797 0... .... = Reserved bit: Not set
2798 .1.. .... = Don't fragment: Set
2799 ..0. .... = More fragments: Not set
2800 Fragment offset: 0
2801 Time to live: 128
2802 Protocol: TCP (6)
2803 Header checksum: 0x0000 [incorrect, should be 0x35f5 (may be caused by "IP checksum offload"?)]
2804 [Good: False]
2805 [Bad: True]
2806 [Expert Info (Error/Checksum): Bad checksum]
2807 [Message: Bad checksum]
2808 [Severity level: Error]
2809 [Group: Checksum]
2810 Source: 10.241.212.151 (10.241.212.151)
2811 Destination: 10.241.209.195 (10.241.209.195)
2812 [Source GeoIP: Unknown]
2813 [Destination GeoIP: Unknown]
2814Transmission Control Protocol, Src Port: 34550 (34550), Dst Port: 35160 (35160), Seq: 1, Ack: 1, Len: 0
2815 Source port: 34550 (34550)
2816 Destination port: 35160 (35160)
2817 [Stream index: 17]
2818 Sequence number: 1 (relative sequence number)
2819 Acknowledgment number: 1 (relative ack number)
2820 Header length: 20 bytes
2821 Flags: 0x010 (ACK)
2822 000. .... .... = Reserved: Not set
2823 ...0 .... .... = Nonce: Not set
2824 .... 0... .... = Congestion Window Reduced (CWR): Not set
2825 .... .0.. .... = ECN-Echo: Not set
2826 .... ..0. .... = Urgent: Not set
2827 .... ...1 .... = Acknowledgment: Set
2828 .... .... 0... = Push: Not set
2829 .... .... .0.. = Reset: Not set
2830 .... .... ..0. = Syn: Not set
2831 .... .... ...0 = Fin: Not set
2832 Window size value: 64240
2833 [Calculated window size: 64240]
2834 [Window size scaling factor: -2 (no window scaling used)]
2835 Checksum: 0xbc57 [validation disabled]
2836 [Good Checksum: False]
2837 [Bad Checksum: False]
2838 [SEQ/ACK analysis]
2839 [This is an ACK to the segment in frame: 3165]
2840 [The RTT to ACK the segment was: 0.000031000 seconds]
2841
28420000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
28430010 00 28 08 9e 40 00 80 06 00 00 0a f1 d4 97 0a f1 .(..@...........
28440020 d1 c3 86 f6 89 58 7d 7f 3f ef 76 5c 2a 2b 50 10 .....X}.?.v\*+P.
28450030 fa f0 bc 57 00 00 ...W..
2846
2847No. Time Source Destination Protocol Length Info
2848 3167 30.884758000 10.241.209.195 10.241.212.151 FTP 96 Response: 150 Opening data connection for /bin/ls.
2849
2850Frame 3167: 96 bytes on wire (768 bits), 96 bytes captured (768 bits) on interface 0
2851 Interface id: 0
2852 Encapsulation type: Ethernet (1)
2853 Arrival Time: Aug 17, 2015 08:01:10.585061000 Eastern Daylight Time
2854 [Time shift for this packet: 0.000000000 seconds]
2855 Epoch Time: 1439812870.585061000 seconds
2856 [Time delta from previous captured frame: 0.001090000 seconds]
2857 [Time delta from previous displayed frame: 0.001090000 seconds]
2858 [Time since reference or first frame: 30.884758000 seconds]
2859 Frame Number: 3167
2860 Frame Length: 96 bytes (768 bits)
2861 Capture Length: 96 bytes (768 bits)
2862 [Frame is marked: False]
2863 [Frame is ignored: False]
2864 [Protocols in frame: eth:ip:tcp:ftp]
2865 [Coloring Rule Name: TCP]
2866 [Coloring Rule String: tcp]
2867Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2868 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2869 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2870 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2871 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2872 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
2873 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
2874 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2875 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2876 Type: IP (0x0800)
2877Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
2878 Version: 4
2879 Header length: 20 bytes
2880 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
2881 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
2882 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
2883 Total Length: 82
2884 Identification: 0xe3c3 (58307)
2885 Flags: 0x02 (Don't Fragment)
2886 0... .... = Reserved bit: Not set
2887 .1.. .... = Don't fragment: Set
2888 ..0. .... = More fragments: Not set
2889 Fragment offset: 0
2890 Time to live: 59
2891 Protocol: TCP (6)
2892 Header checksum: 0x9f95 [correct]
2893 [Good: True]
2894 [Bad: False]
2895 Source: 10.241.209.195 (10.241.209.195)
2896 Destination: 10.241.212.151 (10.241.212.151)
2897 [Source GeoIP: Unknown]
2898 [Destination GeoIP: Unknown]
2899Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34549 (34549), Seq: 624, Ack: 86, Len: 42
2900 Source port: ftp (21)
2901 Destination port: 34549 (34549)
2902 [Stream index: 16]
2903 Sequence number: 624 (relative sequence number)
2904 [Next sequence number: 666 (relative sequence number)]
2905 Acknowledgment number: 86 (relative ack number)
2906 Header length: 20 bytes
2907 Flags: 0x018 (PSH, ACK)
2908 000. .... .... = Reserved: Not set
2909 ...0 .... .... = Nonce: Not set
2910 .... 0... .... = Congestion Window Reduced (CWR): Not set
2911 .... .0.. .... = ECN-Echo: Not set
2912 .... ..0. .... = Urgent: Not set
2913 .... ...1 .... = Acknowledgment: Set
2914 .... .... 1... = Push: Set
2915 .... .... .0.. = Reset: Not set
2916 .... .... ..0. = Syn: Not set
2917 .... .... ...0 = Fin: Not set
2918 Window size value: 65535
2919 [Calculated window size: 65535]
2920 [Window size scaling factor: -2 (no window scaling used)]
2921 Checksum: 0x4e3e [validation disabled]
2922 [Good Checksum: False]
2923 [Bad Checksum: False]
2924 [SEQ/ACK analysis]
2925 [This is an ACK to the segment in frame: 3163]
2926 [The RTT to ACK the segment was: 0.001722000 seconds]
2927 [Bytes in flight: 42]
2928File Transfer Protocol (FTP)
2929 150 Opening data connection for /bin/ls.\r\n
2930 Response code: File status okay; about to open data connection (150)
2931 Response arg: Opening data connection for /bin/ls.
2932
29330000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
29340010 00 52 e3 c3 40 00 3b 06 9f 95 0a f1 d1 c3 0a f1 .R..@.;.........
29350020 d4 97 00 15 86 f5 7c 61 ed 87 fc d5 9d 97 50 18 ......|a......P.
29360030 ff ff 4e 3e 00 00 31 35 30 20 4f 70 65 6e 69 6e ..N>..150 Openin
29370040 67 20 64 61 74 61 20 63 6f 6e 6e 65 63 74 69 6f g data connectio
29380050 6e 20 66 6f 72 20 2f 62 69 6e 2f 6c 73 2e 0d 0a n for /bin/ls...
2939
2940No. Time Source Destination Protocol Length Info
2941 3168 30.918853000 10.241.209.195 10.241.212.151 FTP-DATA 140 FTP Data: 86 bytes
2942
2943Frame 3168: 140 bytes on wire (1120 bits), 140 bytes captured (1120 bits) on interface 0
2944 Interface id: 0
2945 Encapsulation type: Ethernet (1)
2946 Arrival Time: Aug 17, 2015 08:01:10.619156000 Eastern Daylight Time
2947 [Time shift for this packet: 0.000000000 seconds]
2948 Epoch Time: 1439812870.619156000 seconds
2949 [Time delta from previous captured frame: 0.034095000 seconds]
2950 [Time delta from previous displayed frame: 0.034095000 seconds]
2951 [Time since reference or first frame: 30.918853000 seconds]
2952 Frame Number: 3168
2953 Frame Length: 140 bytes (1120 bits)
2954 Capture Length: 140 bytes (1120 bits)
2955 [Frame is marked: False]
2956 [Frame is ignored: False]
2957 [Protocols in frame: eth:ip:tcp:ftp-data]
2958 [Coloring Rule Name: TCP]
2959 [Coloring Rule String: tcp]
2960Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2961 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2962 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2963 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2964 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2965 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
2966 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
2967 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2968 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2969 Type: IP (0x0800)
2970Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
2971 Version: 4
2972 Header length: 20 bytes
2973 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
2974 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
2975 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
2976 Total Length: 126
2977 Identification: 0xe3c7 (58311)
2978 Flags: 0x02 (Don't Fragment)
2979 0... .... = Reserved bit: Not set
2980 .1.. .... = Don't fragment: Set
2981 ..0. .... = More fragments: Not set
2982 Fragment offset: 0
2983 Time to live: 59
2984 Protocol: TCP (6)
2985 Header checksum: 0x9f65 [correct]
2986 [Good: True]
2987 [Bad: False]
2988 Source: 10.241.209.195 (10.241.209.195)
2989 Destination: 10.241.212.151 (10.241.212.151)
2990 [Source GeoIP: Unknown]
2991 [Destination GeoIP: Unknown]
2992Transmission Control Protocol, Src Port: 35160 (35160), Dst Port: 34550 (34550), Seq: 1, Ack: 1, Len: 86
2993 Source port: 35160 (35160)
2994 Destination port: 34550 (34550)
2995 [Stream index: 17]
2996 Sequence number: 1 (relative sequence number)
2997 [Next sequence number: 87 (relative sequence number)]
2998 Acknowledgment number: 1 (relative ack number)
2999 Header length: 20 bytes
3000 Flags: 0x018 (PSH, ACK)
3001 000. .... .... = Reserved: Not set
3002 ...0 .... .... = Nonce: Not set
3003 .... 0... .... = Congestion Window Reduced (CWR): Not set
3004 .... .0.. .... = ECN-Echo: Not set
3005 .... ..0. .... = Urgent: Not set
3006 .... ...1 .... = Acknowledgment: Set
3007 .... .... 1... = Push: Set
3008 .... .... .0.. = Reset: Not set
3009 .... .... ..0. = Syn: Not set
3010 .... .... ...0 = Fin: Not set
3011 Window size value: 65535
3012 [Calculated window size: 65535]
3013 [Window size scaling factor: -2 (no window scaling used)]
3014 Checksum: 0x7b90 [validation disabled]
3015 [Good Checksum: False]
3016 [Bad Checksum: False]
3017 [SEQ/ACK analysis]
3018 [Bytes in flight: 86]
3019FTP Data (total 1915\r\ndrwxrwxr-x 2 root system 256 Oct 10 2013 .InstallAnywhere)
3020
30210000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
30220010 00 7e e3 c7 40 00 3b 06 9f 65 0a f1 d1 c3 0a f1 .~..@.;..e......
30230020 d4 97 89 58 86 f6 76 5c 2a 2b 7d 7f 3f ef 50 18 ...X..v\*+}.?.P.
30240030 ff ff 7b 90 00 00 74 6f 74 61 6c 20 31 39 31 35 ..{...total 1915
30250040 0d 0a 64 72 77 78 72 77 78 72 2d 78 20 20 20 20 ..drwxrwxr-x
30260050 32 20 72 6f 6f 74 20 20 20 20 20 73 79 73 74 65 2 root syste
30270060 6d 20 20 20 20 20 20 20 20 20 20 32 35 36 20 4f m 256 O
30280070 63 74 20 31 30 20 32 30 31 33 20 20 2e 49 6e 73 ct 10 2013 .Ins
30290080 74 61 6c 6c 41 6e 79 77 68 65 72 65 tallAnywhere
3030
3031No. Time Source Destination Protocol Length Info
3032 3169 30.920410000 10.241.209.195 10.241.212.151 FTP-DATA 1514 FTP Data: 1460 bytes
3033
3034Frame 3169: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits) on interface 0
3035 Interface id: 0
3036 Encapsulation type: Ethernet (1)
3037 Arrival Time: Aug 17, 2015 08:01:10.620713000 Eastern Daylight Time
3038 [Time shift for this packet: 0.000000000 seconds]
3039 Epoch Time: 1439812870.620713000 seconds
3040 [Time delta from previous captured frame: 0.001557000 seconds]
3041 [Time delta from previous displayed frame: 0.001557000 seconds]
3042 [Time since reference or first frame: 30.920410000 seconds]
3043 Frame Number: 3169
3044 Frame Length: 1514 bytes (12112 bits)
3045 Capture Length: 1514 bytes (12112 bits)
3046 [Frame is marked: False]
3047 [Frame is ignored: False]
3048 [Protocols in frame: eth:ip:tcp:ftp-data]
3049 [Coloring Rule Name: TCP]
3050 [Coloring Rule String: tcp]
3051Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3052 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3053 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3054 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
3055 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
3056 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
3057 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
3058 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
3059 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
3060 Type: IP (0x0800)
3061Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
3062 Version: 4
3063 Header length: 20 bytes
3064 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
3065 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
3066 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
3067 Total Length: 1500
3068 Identification: 0xe3c8 (58312)
3069 Flags: 0x02 (Don't Fragment)
3070 0... .... = Reserved bit: Not set
3071 .1.. .... = Don't fragment: Set
3072 ..0. .... = More fragments: Not set
3073 Fragment offset: 0
3074 Time to live: 59
3075 Protocol: TCP (6)
3076 Header checksum: 0x9a06 [correct]
3077 [Good: True]
3078 [Bad: False]
3079 Source: 10.241.209.195 (10.241.209.195)
3080 Destination: 10.241.212.151 (10.241.212.151)
3081 [Source GeoIP: Unknown]
3082 [Destination GeoIP: Unknown]
3083Transmission Control Protocol, Src Port: 35160 (35160), Dst Port: 34550 (34550), Seq: 87, Ack: 1, Len: 1460
3084 Source port: 35160 (35160)
3085 Destination port: 34550 (34550)
3086 [Stream index: 17]
3087 Sequence number: 87 (relative sequence number)
3088 [Next sequence number: 1547 (relative sequence number)]
3089 Acknowledgment number: 1 (relative ack number)
3090 Header length: 20 bytes
3091 Flags: 0x010 (ACK)
3092 000. .... .... = Reserved: Not set
3093 ...0 .... .... = Nonce: Not set
3094 .... 0... .... = Congestion Window Reduced (CWR): Not set
3095 .... .0.. .... = ECN-Echo: Not set
3096 .... ..0. .... = Urgent: Not set
3097 .... ...1 .... = Acknowledgment: Set
3098 .... .... 0... = Push: Not set
3099 .... .... .0.. = Reset: Not set
3100 .... .... ..0. = Syn: Not set
3101 .... .... ...0 = Fin: Not set
3102 Window size value: 65535
3103 [Calculated window size: 65535]
3104 [Window size scaling factor: -2 (no window scaling used)]
3105 Checksum: 0xff6c [validation disabled]
3106 [Good Checksum: False]
3107 [Bad Checksum: False]
3108 [SEQ/ACK analysis]
3109 [Bytes in flight: 1546]
3110FTP Data (1460 bytes data)
3111
31120000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
31130010 05 dc e3 c8 40 00 3b 06 9a 06 0a f1 d1 c3 0a f1 ....@.;.........
31140020 d4 97 89 58 86 f6 76 5c 2a 81 7d 7f 3f ef 50 10 ...X..v\*.}.?.P.
31150030 ff ff ff 6c 00 00 0d 0a 64 72 77 78 72 2d 78 72 ...l....drwxr-xr
31160040 2d 78 20 20 20 20 32 20 72 6f 6f 74 20 20 20 20 -x 2 root
31170050 20 73 79 73 74 65 6d 20 20 20 20 20 20 20 20 20 system
31180060 20 32 35 36 20 41 75 67 20 31 30 20 31 35 3a 34 256 Aug 10 15:4
31190070 36 20 2e 61 70 70 73 79 6e 63 0d 0a 2d 72 77 78 6 .appsync..-rwx
31200080 72 77 78 72 77 78 20 20 20 20 31 20 72 6f 6f 74 rwxrwx 1 root
31210090 20 20 20 20 20 73 79 73 74 65 6d 20 20 20 20 20 system
312200a0 20 20 20 31 30 37 32 33 20 41 75 67 20 31 37 20 10723 Aug 17
312300b0 30 30 3a 30 37 20 2e 61 73 6b 66 6f 72 6e 61 6d 00:07 .askfornam
312400c0 65 0d 0a 64 72 77 78 72 2d 78 72 2d 78 20 20 20 e..drwxr-xr-x
312500d0 20 36 20 72 6f 6f 74 20 20 20 20 20 73 79 73 74 6 root syst
312600e0 65 6d 20 20 20 20 20 20 20 20 20 20 32 35 36 20 em 256
312700f0 41 70 72 20 30 31 20 32 30 31 34 20 20 2e 63 70 Apr 01 2014 .cp
31280100 61 6e 0d 0a 2d 72 77 2d 2d 2d 2d 2d 2d 2d 20 20 an..-rw-------
31290110 20 20 31 20 72 6f 6f 74 20 20 20 20 20 73 79 73 1 root sys
31300120 74 65 6d 20 20 20 20 20 20 20 20 32 31 34 31 38 tem 21418
31310130 20 41 75 67 20 31 36 20 31 35 3a 32 34 20 2e 68 Aug 16 15:24 .h
31320140 69 73 74 6f 72 79 0d 0a 64 72 77 78 72 2d 78 72 istory..drwxr-xr
31330150 2d 78 20 20 20 20 33 20 72 6f 6f 74 20 20 20 20 -x 3 root
31340160 20 73 79 73 74 65 6d 20 20 20 20 20 20 20 20 20 system
31350170 20 32 35 36 20 46 65 62 20 30 36 20 32 30 31 31 256 Feb 06 2011
31360180 20 20 2e 6a 61 76 61 0d 0a 64 72 77 78 72 77 78 .java..drwxrwx
31370190 72 77 78 20 20 20 20 32 20 72 6f 6f 74 20 20 20 rwx 2 root
313801a0 20 20 73 79 73 74 65 6d 20 20 20 20 20 20 20 20 system
313901b0 20 34 30 39 36 20 41 75 67 20 31 36 20 31 35 3a 4096 Aug 16 15:
314001c0 32 36 20 2e 6c 61 62 0d 0a 2d 72 77 2d 72 2d 2d 26 .lab..-rw-r--
314101d0 72 2d 2d 20 20 20 20 31 20 72 6f 6f 74 20 20 20 r-- 1 root
314201e0 20 20 73 79 73 74 65 6d 20 20 20 20 20 20 20 20 system
314301f0 20 20 20 31 31 20 4a 75 6e 20 31 37 20 32 30 31 11 Jun 17 201
31440200 33 20 20 2e 6d 68 5f 70 72 6f 66 69 6c 65 0d 0a 3 .mh_profile..
31450210 2d 72 77 2d 72 2d 2d 2d 2d 2d 20 20 20 20 31 20 -rw-r----- 1
31460220 72 6f 6f 74 20 20 20 20 20 73 79 73 74 65 6d 20 root system
31470230 20 20 20 20 20 20 20 20 20 20 32 31 20 44 65 63 21 Dec
31480240 20 30 33 20 32 30 31 34 20 20 2e 6f 64 62 63 2e 03 2014 .odbc.
31490250 69 6e 69 0d 0a 2d 72 77 2d 72 2d 2d 72 2d 2d 20 ini..-rw-r--r--
31500260 20 20 20 31 20 72 6f 6f 74 20 20 20 20 20 73 79 1 root sy
31510270 73 74 65 6d 20 20 20 20 20 20 20 20 20 20 33 37 stem 37
31520280 31 20 4d 61 79 20 32 38 20 32 30 31 30 20 20 2e 1 May 28 2010 .
31530290 70 72 6f 66 69 6c 65 0d 0a 2d 72 77 2d 72 2d 2d profile..-rw-r--
315402a0 2d 2d 2d 20 20 20 20 31 20 72 6f 6f 74 20 20 20 --- 1 root
315502b0 20 20 73 79 73 74 65 6d 20 20 20 20 20 20 20 20 system
315602c0 20 20 20 36 33 20 4a 75 6e 20 30 32 20 32 30 30 63 Jun 02 200
315702d0 39 20 20 2e 72 68 6f 73 74 73 0d 0a 2d 72 77 2d 9 .rhosts..-rw-
315802e0 2d 2d 2d 2d 2d 2d 20 20 20 20 31 20 72 6f 6f 74 ------ 1 root
315902f0 20 20 20 20 20 73 79 73 74 65 6d 20 20 20 20 20 system
31600300 20 20 20 20 31 30 32 34 20 4a 61 6e 20 32 33 20 1024 Jan 23
31610310 32 30 31 32 20 20 2e 72 6e 64 0d 0a 2d 72 77 2d 2012 .rnd..-rw-
31620320 2d 2d 2d 2d 2d 2d 20 20 20 20 31 20 72 6f 6f 74 ------ 1 root
31630330 20 20 20 20 20 73 79 73 74 65 6d 20 20 20 20 20 system
31640340 20 20 20 20 20 33 39 36 20 4a 75 6e 20 30 32 20 396 Jun 02
31650350 32 30 30 39 20 20 2e 73 68 5f 68 69 73 74 6f 72 2009 .sh_histor
31660360 79 0d 0a 64 72 77 78 72 2d 78 72 2d 78 20 20 20 y..drwxr-xr-x
31670370 20 33 20 72 6f 6f 74 20 20 20 20 20 73 79 73 74 3 root syst
31680380 65 6d 20 20 20 20 20 20 20 20 20 20 32 35 36 20 em 256
31690390 4d 61 79 20 32 33 20 32 30 31 34 20 20 2e 73 71 May 23 2014 .sq
317003a0 6c 61 6e 79 77 68 65 72 65 31 32 0d 0a 64 72 77 lanywhere12..drw
317103b0 78 2d 2d 2d 2d 2d 2d 20 20 20 20 32 20 72 6f 6f x------ 2 roo
317203c0 74 20 20 20 20 20 73 79 73 74 65 6d 20 20 20 20 t system
317303d0 20 20 20 20 20 20 32 35 36 20 41 75 67 20 31 30 256 Aug 10
317403e0 20 31 36 3a 33 37 20 2e 73 73 68 0d 0a 2d 72 77 16:37 .ssh..-rw
317503f0 2d 72 2d 2d 72 2d 2d 20 20 20 20 31 20 72 6f 6f -r--r-- 1 roo
31760400 74 20 20 20 20 20 73 79 73 74 65 6d 20 20 20 20 t system
31770410 20 20 20 20 20 20 33 39 31 20 4d 61 72 20 31 33 391 Mar 13
31780420 20 32 30 31 33 20 20 2e 73 73 68 2e 61 75 74 68 2013 .ssh.auth
31790430 6f 72 69 7a 65 64 5f 6b 65 79 73 0d 0a 2d 72 77 orized_keys..-rw
31800440 2d 2d 2d 2d 2d 2d 2d 20 20 20 20 31 20 72 6f 6f ------- 1 roo
31810450 74 20 20 20 20 20 73 79 73 74 65 6d 20 20 20 20 t system
31820460 20 20 20 20 20 31 31 37 35 20 41 75 67 20 31 32 1175 Aug 12
31830470 20 31 30 3a 33 31 20 2e 76 69 5f 68 69 73 74 6f 10:31 .vi_histo
31840480 72 79 0d 0a 2d 72 77 78 72 2d 78 72 2d 78 20 20 ry..-rwxr-xr-x
31850490 20 20 31 20 72 6f 6f 74 20 20 20 20 20 73 79 73 1 root sys
318604a0 74 65 6d 20 20 20 20 20 20 20 20 20 20 33 34 31 tem 341
318704b0 20 4d 61 79 20 30 35 20 31 31 3a 30 33 20 33 32 May 05 11:03 32
318804c0 2e 70 6c 0d 0a 64 72 77 78 72 77 78 72 77 78 20 .pl..drwxrwxrwx
318904d0 20 20 20 32 20 72 6f 6f 74 20 20 20 20 20 73 79 2 root sy
319004e0 73 74 65 6d 20 20 20 20 20 20 20 20 20 20 32 35 stem 25
319104f0 36 20 41 75 67 20 31 33 20 31 30 3a 30 31 20 49 6 Aug 13 10:01 I
31920500 4e 51 48 4f 4c 44 0d 0a 64 72 77 78 2d 2d 78 2d NQHOLD..drwx--x-
31930510 2d 78 20 20 20 20 32 20 72 6f 6f 74 20 20 20 20 -x 2 root
31940520 20 73 79 73 74 65 6d 20 20 20 20 20 20 20 20 20 system
31950530 20 32 35 36 20 4a 75 6e 20 31 37 20 32 30 31 33 256 Jun 17 2013
31960540 20 20 4d 61 69 6c 0d 0a 2d 72 77 78 2d 2d 2d 2d Mail..-rwx----
31970550 2d 2d 20 20 20 20 31 20 72 6f 6f 74 20 20 20 20 -- 1 root
31980560 20 73 79 73 74 65 6d 20 20 20 20 20 20 20 20 20 system
31990570 32 34 36 39 20 46 65 62 20 31 39 20 30 36 3a 32 2469 Feb 19 06:2
32000580 32 20 50 65 72 66 4d 6f 6e 2e 70 6c 0d 0a 64 72 2 PerfMon.pl..dr
32010590 77 78 72 77 78 72 77 78 20 20 20 20 32 20 72 6f wxrwxrwx 2 ro
320205a0 6f 74 20 20 20 20 20 73 79 73 74 65 6d 20 20 20 ot system
320305b0 20 20 20 20 20 20 34 30 39 36 20 41 75 67 20 31 4096 Aug 1
320405c0 37 20 30 30 3a 30 37 20 57 45 42 73 63 72 69 70 7 00:07 WEBscrip
320505d0 74 73 0d 0a 64 72 77 78 72 2d 78 72 2d 78 20 20 ts..drwxr-xr-x
320605e0 20 20 32 20 72 6f 6f 74 20 20 2 root
3207
3208No. Time Source Destination Protocol Length Info
3209 3170 30.920431000 10.241.212.151 10.241.209.195 TCP 54 34550 > 35160 [ACK] Seq=1 Ack=1547 Win=64240 Len=0
3210
3211Frame 3170: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
3212 Interface id: 0
3213 Encapsulation type: Ethernet (1)
3214 Arrival Time: Aug 17, 2015 08:01:10.620734000 Eastern Daylight Time
3215 [Time shift for this packet: 0.000000000 seconds]
3216 Epoch Time: 1439812870.620734000 seconds
3217 [Time delta from previous captured frame: 0.000021000 seconds]
3218 [Time delta from previous displayed frame: 0.000021000 seconds]
3219 [Time since reference or first frame: 30.920431000 seconds]
3220 Frame Number: 3170
3221 Frame Length: 54 bytes (432 bits)
3222 Capture Length: 54 bytes (432 bits)
3223 [Frame is marked: False]
3224 [Frame is ignored: False]
3225 [Protocols in frame: eth:ip:tcp]
3226 [Coloring Rule Name: Checksum Errors]
3227 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
3228Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
3229 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
3230 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
3231 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
3232 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
3233 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3234 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3235 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
3236 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
3237 Type: IP (0x0800)
3238Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
3239 Version: 4
3240 Header length: 20 bytes
3241 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
3242 0000 00.. = Differentiated Services Codepoint: Default (0x00)
3243 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
3244 Total Length: 40
3245 Identification: 0x089f (2207)
3246 Flags: 0x02 (Don't Fragment)
3247 0... .... = Reserved bit: Not set
3248 .1.. .... = Don't fragment: Set
3249 ..0. .... = More fragments: Not set
3250 Fragment offset: 0
3251 Time to live: 128
3252 Protocol: TCP (6)
3253 Header checksum: 0x0000 [incorrect, should be 0x35f4 (may be caused by "IP checksum offload"?)]
3254 [Good: False]
3255 [Bad: True]
3256 [Expert Info (Error/Checksum): Bad checksum]
3257 [Message: Bad checksum]
3258 [Severity level: Error]
3259 [Group: Checksum]
3260 Source: 10.241.212.151 (10.241.212.151)
3261 Destination: 10.241.209.195 (10.241.209.195)
3262 [Source GeoIP: Unknown]
3263 [Destination GeoIP: Unknown]
3264Transmission Control Protocol, Src Port: 34550 (34550), Dst Port: 35160 (35160), Seq: 1, Ack: 1547, Len: 0
3265 Source port: 34550 (34550)
3266 Destination port: 35160 (35160)
3267 [Stream index: 17]
3268 Sequence number: 1 (relative sequence number)
3269 Acknowledgment number: 1547 (relative ack number)
3270 Header length: 20 bytes
3271 Flags: 0x010 (ACK)
3272 000. .... .... = Reserved: Not set
3273 ...0 .... .... = Nonce: Not set
3274 .... 0... .... = Congestion Window Reduced (CWR): Not set
3275 .... .0.. .... = ECN-Echo: Not set
3276 .... ..0. .... = Urgent: Not set
3277 .... ...1 .... = Acknowledgment: Set
3278 .... .... 0... = Push: Not set
3279 .... .... .0.. = Reset: Not set
3280 .... .... ..0. = Syn: Not set
3281 .... .... ...0 = Fin: Not set
3282 Window size value: 64240
3283 [Calculated window size: 64240]
3284 [Window size scaling factor: -2 (no window scaling used)]
3285 Checksum: 0xbc57 [validation disabled]
3286 [Good Checksum: False]
3287 [Bad Checksum: False]
3288 [SEQ/ACK analysis]
3289 [This is an ACK to the segment in frame: 3169]
3290 [The RTT to ACK the segment was: 0.000021000 seconds]
3291
32920000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
32930010 00 28 08 9f 40 00 80 06 00 00 0a f1 d4 97 0a f1 .(..@...........
32940020 d1 c3 86 f6 89 58 7d 7f 3f ef 76 5c 30 35 50 10 .....X}.?.v\05P.
32950030 fa f0 bc 57 00 00 ...W..
3296
3297No. Time Source Destination Protocol Length Info
3298 3171 30.920586000 10.241.209.195 10.241.212.151 FTP-DATA 99 FTP Data: 45 bytes
3299
3300Frame 3171: 99 bytes on wire (792 bits), 99 bytes captured (792 bits) on interface 0
3301 Interface id: 0
3302 Encapsulation type: Ethernet (1)
3303 Arrival Time: Aug 17, 2015 08:01:10.620889000 Eastern Daylight Time
3304 [Time shift for this packet: 0.000000000 seconds]
3305 Epoch Time: 1439812870.620889000 seconds
3306 [Time delta from previous captured frame: 0.000155000 seconds]
3307 [Time delta from previous displayed frame: 0.000155000 seconds]
3308 [Time since reference or first frame: 30.920586000 seconds]
3309 Frame Number: 3171
3310 Frame Length: 99 bytes (792 bits)
3311 Capture Length: 99 bytes (792 bits)
3312 [Frame is marked: False]
3313 [Frame is ignored: False]
3314 [Protocols in frame: eth:ip:tcp:ftp-data]
3315 [Coloring Rule Name: TCP]
3316 [Coloring Rule String: tcp]
3317Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3318 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3319 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3320 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
3321 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
3322 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
3323 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
3324 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
3325 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
3326 Type: IP (0x0800)
3327Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
3328 Version: 4
3329 Header length: 20 bytes
3330 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
3331 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
3332 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
3333 Total Length: 85
3334 Identification: 0xe3c9 (58313)
3335 Flags: 0x02 (Don't Fragment)
3336 0... .... = Reserved bit: Not set
3337 .1.. .... = Don't fragment: Set
3338 ..0. .... = More fragments: Not set
3339 Fragment offset: 0
3340 Time to live: 59
3341 Protocol: TCP (6)
3342 Header checksum: 0x9f8c [correct]
3343 [Good: True]
3344 [Bad: False]
3345 Source: 10.241.209.195 (10.241.209.195)
3346 Destination: 10.241.212.151 (10.241.212.151)
3347 [Source GeoIP: Unknown]
3348 [Destination GeoIP: Unknown]
3349Transmission Control Protocol, Src Port: 35160 (35160), Dst Port: 34550 (34550), Seq: 1547, Ack: 1, Len: 45
3350 Source port: 35160 (35160)
3351 Destination port: 34550 (34550)
3352 [Stream index: 17]
3353 Sequence number: 1547 (relative sequence number)
3354 [Next sequence number: 1592 (relative sequence number)]
3355 Acknowledgment number: 1 (relative ack number)
3356 Header length: 20 bytes
3357 Flags: 0x018 (PSH, ACK)
3358 000. .... .... = Reserved: Not set
3359 ...0 .... .... = Nonce: Not set
3360 .... 0... .... = Congestion Window Reduced (CWR): Not set
3361 .... .0.. .... = ECN-Echo: Not set
3362 .... ..0. .... = Urgent: Not set
3363 .... ...1 .... = Acknowledgment: Set
3364 .... .... 1... = Push: Set
3365 .... .... .0.. = Reset: Not set
3366 .... .... ..0. = Syn: Not set
3367 .... .... ...0 = Fin: Not set
3368 Window size value: 65535
3369 [Calculated window size: 65535]
3370 [Window size scaling factor: -2 (no window scaling used)]
3371 Checksum: 0x30f6 [validation disabled]
3372 [Good Checksum: False]
3373 [Bad Checksum: False]
3374 [SEQ/ACK analysis]
3375 [Bytes in flight: 45]
3376FTP Data ( system 256 Dec 10 2010 WORKSPACE)
3377
33780000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
33790010 00 55 e3 c9 40 00 3b 06 9f 8c 0a f1 d1 c3 0a f1 .U..@.;.........
33800020 d4 97 89 58 86 f6 76 5c 30 35 7d 7f 3f ef 50 18 ...X..v\05}.?.P.
33810030 ff ff 30 f6 00 00 20 20 20 73 79 73 74 65 6d 20 ..0... system
33820040 20 20 20 20 20 20 20 20 20 32 35 36 20 44 65 63 256 Dec
33830050 20 31 30 20 32 30 31 30 20 20 57 4f 52 4b 53 50 10 2010 WORKSP
33840060 41 43 45 ACE
3385
3386No. Time Source Destination Protocol Length Info
3387 3172 30.922455000 10.241.209.195 10.241.212.151 FTP-DATA 1514 FTP Data: 1460 bytes
3388
3389Frame 3172: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits) on interface 0
3390 Interface id: 0
3391 Encapsulation type: Ethernet (1)
3392 Arrival Time: Aug 17, 2015 08:01:10.622758000 Eastern Daylight Time
3393 [Time shift for this packet: 0.000000000 seconds]
3394 Epoch Time: 1439812870.622758000 seconds
3395 [Time delta from previous captured frame: 0.001869000 seconds]
3396 [Time delta from previous displayed frame: 0.001869000 seconds]
3397 [Time since reference or first frame: 30.922455000 seconds]
3398 Frame Number: 3172
3399 Frame Length: 1514 bytes (12112 bits)
3400 Capture Length: 1514 bytes (12112 bits)
3401 [Frame is marked: False]
3402 [Frame is ignored: False]
3403 [Protocols in frame: eth:ip:tcp:ftp-data]
3404 [Coloring Rule Name: TCP]
3405 [Coloring Rule String: tcp]
3406Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3407 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3408 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3409 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
3410 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
3411 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
3412 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
3413 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
3414 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
3415 Type: IP (0x0800)
3416Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
3417 Version: 4
3418 Header length: 20 bytes
3419 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
3420 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
3421 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
3422 Total Length: 1500
3423 Identification: 0xe3ca (58314)
3424 Flags: 0x02 (Don't Fragment)
3425 0... .... = Reserved bit: Not set
3426 .1.. .... = Don't fragment: Set
3427 ..0. .... = More fragments: Not set
3428 Fragment offset: 0
3429 Time to live: 59
3430 Protocol: TCP (6)
3431 Header checksum: 0x9a04 [correct]
3432 [Good: True]
3433 [Bad: False]
3434 Source: 10.241.209.195 (10.241.209.195)
3435 Destination: 10.241.212.151 (10.241.212.151)
3436 [Source GeoIP: Unknown]
3437 [Destination GeoIP: Unknown]
3438Transmission Control Protocol, Src Port: 35160 (35160), Dst Port: 34550 (34550), Seq: 1592, Ack: 1, Len: 1460
3439 Source port: 35160 (35160)
3440 Destination port: 34550 (34550)
3441 [Stream index: 17]
3442 Sequence number: 1592 (relative sequence number)
3443 [Next sequence number: 3052 (relative sequence number)]
3444 Acknowledgment number: 1 (relative ack number)
3445 Header length: 20 bytes
3446 Flags: 0x010 (ACK)
3447 000. .... .... = Reserved: Not set
3448 ...0 .... .... = Nonce: Not set
3449 .... 0... .... = Congestion Window Reduced (CWR): Not set
3450 .... .0.. .... = ECN-Echo: Not set
3451 .... ..0. .... = Urgent: Not set
3452 .... ...1 .... = Acknowledgment: Set
3453 .... .... 0... = Push: Not set
3454 .... .... .0.. = Reset: Not set
3455 .... .... ..0. = Syn: Not set
3456 .... .... ...0 = Fin: Not set
3457 Window size value: 65535
3458 [Calculated window size: 65535]
3459 [Window size scaling factor: -2 (no window scaling used)]
3460 Checksum: 0xc7ef [validation disabled]
3461 [Good Checksum: False]
3462 [Bad Checksum: False]
3463 [SEQ/ACK analysis]
3464 [Bytes in flight: 1505]
3465FTP Data (1460 bytes data)
3466
34670000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
34680010 05 dc e3 ca 40 00 3b 06 9a 04 0a f1 d1 c3 0a f1 ....@.;.........
34690020 d4 97 89 58 86 f6 76 5c 30 62 7d 7f 3f ef 50 10 ...X..v\0b}.?.P.
34700030 ff ff c7 ef 00 00 0d 0a 64 72 77 78 72 2d 78 2d ........drwxr-x-
34710040 2d 2d 20 20 20 20 32 20 72 6f 6f 74 20 20 20 20 -- 2 root
34720050 20 61 75 64 69 74 20 20 20 20 20 20 20 20 20 20 audit
34730060 20 32 35 36 20 41 70 72 20 32 37 20 32 30 30 38 256 Apr 27 2008
34740070 20 20 61 75 64 69 74 0d 0a 6c 72 77 78 72 77 78 audit..lrwxrwx
34750080 72 77 78 20 20 20 20 31 20 62 69 6e 20 20 20 20 rwx 1 bin
34760090 20 20 62 69 6e 20 20 20 20 20 20 20 20 20 20 20 bin
347700a0 20 20 20 20 38 20 4a 75 6e 20 30 32 20 32 30 30 8 Jun 02 200
347800b0 39 20 20 62 69 6e 20 2d 3e 20 2f 75 73 72 2f 62 9 bin -> /usr/b
347900c0 69 6e 0d 0a 64 72 77 78 72 77 78 72 2d 78 20 20 in..drwxrwxr-x
348000d0 20 20 35 20 72 6f 6f 74 20 20 20 20 20 73 79 73 5 root sys
348100e0 74 65 6d 20 20 20 20 20 20 20 20 32 38 36 37 32 tem 28672
348200f0 20 41 75 67 20 31 36 20 31 35 3a 32 34 20 64 65 Aug 16 15:24 de
34830100 76 0d 0a 64 72 77 78 72 2d 78 72 2d 78 20 20 20 v..drwxr-xr-x
34840110 33 36 20 72 6f 6f 74 20 20 20 20 20 73 79 73 74 36 root syst
34850120 65 6d 20 20 20 20 20 20 20 20 20 38 31 39 32 20 em 8192
34860130 41 75 67 20 31 33 20 31 33 3a 31 35 20 65 74 63 Aug 13 13:15 etc
34870140 0d 0a 64 72 77 78 72 2d 78 72 2d 78 20 20 20 20 ..drwxr-xr-x
34880150 38 20 62 69 6e 20 20 20 20 20 20 62 69 6e 20 20 8 bin bin
34890160 20 20 20 20 20 20 20 20 20 20 34 30 39 36 20 4a 4096 J
34900170 75 6c 20 33 30 20 32 31 3a 30 30 20 68 6f 6d 65 ul 30 21:00 home
34910180 0d 0a 6c 72 77 78 72 77 78 72 77 78 20 20 20 20 ..lrwxrwxrwx
34920190 31 20 62 69 6e 20 20 20 20 20 20 62 69 6e 20 20 1 bin bin
349301a0 20 20 20 20 20 20 20 20 20 20 20 20 20 38 20 4a 8 J
349401b0 75 6e 20 30 32 20 32 30 30 39 20 20 6c 69 62 20 un 02 2009 lib
349501c0 2d 3e 20 2f 75 73 72 2f 6c 69 62 0d 0a 64 72 77 -> /usr/lib..drw
349601d0 78 2d 2d 2d 2d 2d 2d 20 20 20 20 32 20 72 6f 6f x------ 2 roo
349701e0 74 20 20 20 20 20 73 79 73 74 65 6d 20 20 20 20 t system
349801f0 20 20 20 20 20 20 32 35 36 20 4a 75 6e 20 30 32 256 Jun 02
34990200 20 32 30 30 39 20 20 6c 6f 73 74 2b 66 6f 75 6e 2009 lost+foun
35000210 64 0d 0a 64 72 77 78 72 2d 78 72 2d 78 20 20 31 d..drwxr-xr-x 1
35010220 33 39 20 62 69 6e 20 20 20 20 20 20 62 69 6e 20 39 bin bin
35020230 20 20 20 20 20 20 20 20 20 20 20 38 31 39 32 20 8192
35030240 41 75 67 20 31 33 20 31 33 3a 32 31 20 6c 70 70 Aug 13 13:21 lpp
35040250 0d 0a 64 72 77 78 72 2d 78 72 2d 78 20 20 20 31 ..drwxr-xr-x 1
35050260 35 20 62 69 6e 20 20 20 20 20 20 62 69 6e 20 20 5 bin bin
35060270 20 20 20 20 20 20 20 20 20 20 34 30 39 36 20 4a 4096 J
35070280 75 6e 20 32 32 20 31 34 3a 35 33 20 6d 6e 74 0d un 22 14:53 mnt.
35080290 0a 2d 72 77 2d 72 2d 2d 72 2d 2d 20 20 20 20 31 .-rw-r--r-- 1
350902a0 20 72 6f 6f 74 20 20 20 20 20 73 79 73 74 65 6d root system
351002b0 20 20 20 20 20 20 20 20 20 36 33 37 39 20 4d 61 6379 Ma
351102c0 79 20 30 35 20 31 35 3a 34 32 20 6d 79 70 63 61 y 05 15:42 mypca
351202d0 70 0d 0a 64 72 77 78 72 2d 78 72 2d 78 20 20 20 p..drwxr-xr-x
351302e0 20 39 20 72 6f 6f 74 20 20 20 20 20 73 79 73 74 9 root syst
351402f0 65 6d 20 20 20 20 20 20 20 20 20 20 32 35 36 20 em 256
35150300 41 75 67 20 31 33 20 31 32 3a 35 35 20 6e 73 72 Aug 13 12:55 nsr
35160310 0d 0a 64 72 77 78 72 2d 78 72 2d 78 20 20 20 32 ..drwxr-xr-x 2
35170320 34 20 72 6f 6f 74 20 20 20 20 20 73 79 73 74 65 4 root syste
35180330 6d 20 20 20 20 20 20 20 20 20 34 30 39 36 20 44 m 4096 D
35190340 65 63 20 30 33 20 32 30 31 34 20 20 6f 70 74 0d ec 03 2014 opt.
35200350 0a 64 72 2d 78 72 2d 78 72 2d 78 20 20 20 20 31 .dr-xr-xr-x 1
35210360 20 72 6f 6f 74 20 20 20 20 20 73 79 73 74 65 6d root system
35220370 20 20 20 20 20 20 20 20 20 20 20 20 30 20 41 75 0 Au
35230380 67 20 31 37 20 30 37 3a 35 34 20 70 72 6f 63 0d g 17 07:54 proc.
35240390 0a 64 72 77 78 72 2d 78 72 2d 78 20 20 20 20 34 .drwxr-xr-x 4
352503a0 20 62 69 6e 20 20 20 20 20 20 62 69 6e 20 20 20 bin bin
352603b0 20 20 20 20 20 20 20 20 20 20 32 35 36 20 46 65 256 Fe
352703c0 62 20 30 39 20 32 30 31 32 20 20 73 62 69 6e 0d b 09 2012 sbin.
352803d0 0a 2d 72 77 2d 72 2d 2d 72 2d 2d 20 20 20 20 31 .-rw-r--r-- 1
352903e0 20 72 6f 6f 74 20 20 20 20 20 73 79 73 74 65 6d root system
353003f0 20 20 20 20 20 20 20 20 20 20 20 20 31 20 4a 75 1 Ju
35310400 6e 20 31 30 20 31 33 3a 35 37 20 73 63 72 69 70 n 10 13:57 scrip
35320410 74 0d 0a 2d 72 77 2d 72 2d 2d 72 2d 2d 20 20 20 t..-rw-r--r--
35330420 20 31 20 72 6f 6f 74 20 20 20 20 20 73 79 73 74 1 root syst
35340430 65 6d 20 20 20 20 20 20 20 36 36 33 34 37 36 20 em 663476
35350440 41 75 67 20 31 31 20 31 33 3a 31 31 20 73 6d 69 Aug 11 13:11 smi
35360450 74 2e 6c 6f 67 0d 0a 2d 72 77 2d 72 2d 2d 72 2d t.log..-rw-r--r-
35370460 2d 20 20 20 20 31 20 72 6f 6f 74 20 20 20 20 20 - 1 root
35380470 73 79 73 74 65 6d 20 20 20 20 20 20 20 20 33 38 system 38
35390480 33 34 34 20 41 75 67 20 31 31 20 31 33 3a 30 37 344 Aug 11 13:07
35400490 20 73 6d 69 74 2e 73 63 72 69 70 74 0d 0a 2d 72 smit.script..-r
354104a0 77 2d 72 2d 2d 72 2d 2d 20 20 20 20 31 20 72 6f w-r--r-- 1 ro
354204b0 6f 74 20 20 20 20 20 73 79 73 74 65 6d 20 20 20 ot system
354304c0 20 20 20 20 20 35 31 31 39 33 20 41 75 67 20 31 51193 Aug 1
354404d0 31 20 31 33 3a 30 37 20 73 6d 69 74 2e 74 72 61 1 13:07 smit.tra
354504e0 6e 73 61 63 74 69 6f 6e 0d 0a 64 72 77 78 72 77 nsaction..drwxrw
354604f0 78 72 77 78 20 20 33 31 33 20 72 6f 6f 74 20 20 xrwx 313 root
35470500 20 20 20 73 79 73 74 65 6d 20 20 20 20 20 20 20 system
35480510 20 20 20 33 33 31 20 4a 75 6c 20 32 37 20 30 39 331 Jul 27 09
35490520 3a 33 32 20 73 6f 66 74 77 61 72 65 0d 0a 64 72 :32 software..dr
35500530 77 78 72 2d 78 72 2d 78 20 20 20 20 32 20 72 6f wxr-xr-x 2 ro
35510540 6f 74 20 20 20 20 20 73 79 73 74 65 6d 20 20 20 ot system
35520550 20 20 20 20 20 20 20 32 35 36 20 4a 75 6e 20 30 256 Jun 0
35530560 33 20 30 38 3a 34 38 20 73 6f 75 72 63 65 0d 0a 3 08:48 source..
35540570 64 72 77 78 72 2d 78 72 2d 78 20 20 20 20 35 20 drwxr-xr-x 5
35550580 72 6f 6f 74 20 20 20 20 20 73 79 73 74 65 6d 20 root system
35560590 20 20 20 20 20 20 20 20 34 30 39 36 20 4a 75 6e 4096 Jun
355705a0 20 30 38 20 31 38 3a 34 38 20 74 65 6d 70 0d 0a 08 18:48 temp..
355805b0 64 72 77 78 72 77 78 72 2d 78 20 20 20 20 32 20 drwxrwxr-x 2
355905c0 72 6f 6f 74 20 20 20 20 20 73 79 73 74 65 6d 20 root system
356005d0 20 20 20 20 20 20 20 20 20 32 35 36 20 4a 75 6e 256 Jun
356105e0 20 30 32 20 32 30 30 39 20 20 02 2009
3562
3563No. Time Source Destination Protocol Length Info
3564 3173 30.922470000 10.241.212.151 10.241.209.195 TCP 54 34550 > 35160 [ACK] Seq=1 Ack=3052 Win=64240 Len=0
3565
3566Frame 3173: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
3567 Interface id: 0
3568 Encapsulation type: Ethernet (1)
3569 Arrival Time: Aug 17, 2015 08:01:10.622773000 Eastern Daylight Time
3570 [Time shift for this packet: 0.000000000 seconds]
3571 Epoch Time: 1439812870.622773000 seconds
3572 [Time delta from previous captured frame: 0.000015000 seconds]
3573 [Time delta from previous displayed frame: 0.000015000 seconds]
3574 [Time since reference or first frame: 30.922470000 seconds]
3575 Frame Number: 3173
3576 Frame Length: 54 bytes (432 bits)
3577 Capture Length: 54 bytes (432 bits)
3578 [Frame is marked: False]
3579 [Frame is ignored: False]
3580 [Protocols in frame: eth:ip:tcp]
3581 [Coloring Rule Name: Checksum Errors]
3582 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
3583Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
3584 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
3585 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
3586 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
3587 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
3588 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3589 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3590 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
3591 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
3592 Type: IP (0x0800)
3593Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
3594 Version: 4
3595 Header length: 20 bytes
3596 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
3597 0000 00.. = Differentiated Services Codepoint: Default (0x00)
3598 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
3599 Total Length: 40
3600 Identification: 0x08a0 (2208)
3601 Flags: 0x02 (Don't Fragment)
3602 0... .... = Reserved bit: Not set
3603 .1.. .... = Don't fragment: Set
3604 ..0. .... = More fragments: Not set
3605 Fragment offset: 0
3606 Time to live: 128
3607 Protocol: TCP (6)
3608 Header checksum: 0x0000 [incorrect, should be 0x35f3 (may be caused by "IP checksum offload"?)]
3609 [Good: False]
3610 [Bad: True]
3611 [Expert Info (Error/Checksum): Bad checksum]
3612 [Message: Bad checksum]
3613 [Severity level: Error]
3614 [Group: Checksum]
3615 Source: 10.241.212.151 (10.241.212.151)
3616 Destination: 10.241.209.195 (10.241.209.195)
3617 [Source GeoIP: Unknown]
3618 [Destination GeoIP: Unknown]
3619Transmission Control Protocol, Src Port: 34550 (34550), Dst Port: 35160 (35160), Seq: 1, Ack: 3052, Len: 0
3620 Source port: 34550 (34550)
3621 Destination port: 35160 (35160)
3622 [Stream index: 17]
3623 Sequence number: 1 (relative sequence number)
3624 Acknowledgment number: 3052 (relative ack number)
3625 Header length: 20 bytes
3626 Flags: 0x010 (ACK)
3627 000. .... .... = Reserved: Not set
3628 ...0 .... .... = Nonce: Not set
3629 .... 0... .... = Congestion Window Reduced (CWR): Not set
3630 .... .0.. .... = ECN-Echo: Not set
3631 .... ..0. .... = Urgent: Not set
3632 .... ...1 .... = Acknowledgment: Set
3633 .... .... 0... = Push: Not set
3634 .... .... .0.. = Reset: Not set
3635 .... .... ..0. = Syn: Not set
3636 .... .... ...0 = Fin: Not set
3637 Window size value: 64240
3638 [Calculated window size: 64240]
3639 [Window size scaling factor: -2 (no window scaling used)]
3640 Checksum: 0xbc57 [validation disabled]
3641 [Good Checksum: False]
3642 [Bad Checksum: False]
3643 [SEQ/ACK analysis]
3644 [This is an ACK to the segment in frame: 3172]
3645 [The RTT to ACK the segment was: 0.000015000 seconds]
3646
36470000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
36480010 00 28 08 a0 40 00 80 06 00 00 0a f1 d4 97 0a f1 .(..@...........
36490020 d1 c3 86 f6 89 58 7d 7f 3f ef 76 5c 36 16 50 10 .....X}.?.v\6.P.
36500030 fa f0 bc 57 00 00 ...W..
3651
3652No. Time Source Destination Protocol Length Info
3653 3174 30.922731000 10.241.209.195 10.241.212.151 FTP-DATA 277 FTP Data: 223 bytes
3654
3655Frame 3174: 277 bytes on wire (2216 bits), 277 bytes captured (2216 bits) on interface 0
3656 Interface id: 0
3657 Encapsulation type: Ethernet (1)
3658 Arrival Time: Aug 17, 2015 08:01:10.623034000 Eastern Daylight Time
3659 [Time shift for this packet: 0.000000000 seconds]
3660 Epoch Time: 1439812870.623034000 seconds
3661 [Time delta from previous captured frame: 0.000261000 seconds]
3662 [Time delta from previous displayed frame: 0.000261000 seconds]
3663 [Time since reference or first frame: 30.922731000 seconds]
3664 Frame Number: 3174
3665 Frame Length: 277 bytes (2216 bits)
3666 Capture Length: 277 bytes (2216 bits)
3667 [Frame is marked: False]
3668 [Frame is ignored: False]
3669 [Protocols in frame: eth:ip:tcp:ftp-data]
3670 [Coloring Rule Name: TCP]
3671 [Coloring Rule String: tcp]
3672Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3673 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3674 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3675 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
3676 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
3677 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
3678 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
3679 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
3680 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
3681 Type: IP (0x0800)
3682Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
3683 Version: 4
3684 Header length: 20 bytes
3685 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
3686 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
3687 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
3688 Total Length: 263
3689 Identification: 0xe3cb (58315)
3690 Flags: 0x02 (Don't Fragment)
3691 0... .... = Reserved bit: Not set
3692 .1.. .... = Don't fragment: Set
3693 ..0. .... = More fragments: Not set
3694 Fragment offset: 0
3695 Time to live: 59
3696 Protocol: TCP (6)
3697 Header checksum: 0x9ed8 [correct]
3698 [Good: True]
3699 [Bad: False]
3700 Source: 10.241.209.195 (10.241.209.195)
3701 Destination: 10.241.212.151 (10.241.212.151)
3702 [Source GeoIP: Unknown]
3703 [Destination GeoIP: Unknown]
3704Transmission Control Protocol, Src Port: 35160 (35160), Dst Port: 34550 (34550), Seq: 3052, Ack: 1, Len: 223
3705 Source port: 35160 (35160)
3706 Destination port: 34550 (34550)
3707 [Stream index: 17]
3708 Sequence number: 3052 (relative sequence number)
3709 [Next sequence number: 3275 (relative sequence number)]
3710 Acknowledgment number: 1 (relative ack number)
3711 Header length: 20 bytes
3712 Flags: 0x018 (PSH, ACK)
3713 000. .... .... = Reserved: Not set
3714 ...0 .... .... = Nonce: Not set
3715 .... 0... .... = Congestion Window Reduced (CWR): Not set
3716 .... .0.. .... = ECN-Echo: Not set
3717 .... ..0. .... = Urgent: Not set
3718 .... ...1 .... = Acknowledgment: Set
3719 .... .... 1... = Push: Set
3720 .... .... .0.. = Reset: Not set
3721 .... .... ..0. = Syn: Not set
3722 .... .... ...0 = Fin: Not set
3723 Window size value: 65535
3724 [Calculated window size: 65535]
3725 [Window size scaling factor: -2 (no window scaling used)]
3726 Checksum: 0xa2a2 [validation disabled]
3727 [Good Checksum: False]
3728 [Bad Checksum: False]
3729 [SEQ/ACK analysis]
3730 [Bytes in flight: 223]
3731FTP Data (223 bytes data)
3732
37330000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
37340010 01 07 e3 cb 40 00 3b 06 9e d8 0a f1 d1 c3 0a f1 ....@.;.........
37350020 d4 97 89 58 86 f6 76 5c 36 16 7d 7f 3f ef 50 18 ...X..v\6.}.?.P.
37360030 ff ff a2 a2 00 00 74 66 74 70 62 6f 6f 74 0d 0a ......tftpboot..
37370040 64 72 77 78 72 77 78 72 77 78 20 20 20 37 36 20 drwxrwxrwx 76
37380050 62 69 6e 20 20 20 20 20 20 62 69 6e 20 20 20 20 bin bin
37390060 20 20 20 20 20 20 20 31 32 32 38 38 20 41 75 67 12288 Aug
37400070 20 31 37 20 30 37 3a 35 30 20 74 6d 70 0d 0a 6c 17 07:50 tmp..l
37410080 72 77 78 72 77 78 72 77 78 20 20 20 20 31 20 72 rwxrwxrwx 1 r
37420090 6f 6f 74 20 20 20 20 20 73 79 73 74 65 6d 20 20 oot system
374300a0 20 20 20 20 20 20 20 20 20 32 31 20 4a 75 6e 20 21 Jun
374400b0 30 32 20 32 30 30 39 20 20 75 6e 69 78 20 2d 3e 02 2009 unix ->
374500c0 20 2f 75 73 72 2f 6c 69 62 2f 62 6f 6f 74 2f 75 /usr/lib/boot/u
374600d0 6e 69 78 5f 36 34 0d 0a 64 72 77 78 72 2d 78 72 nix_64..drwxr-xr
374700e0 2d 78 20 20 20 34 35 20 72 6f 6f 74 20 20 20 20 -x 45 root
374800f0 20 73 79 73 74 65 6d 20 20 20 20 20 20 20 20 20 system
37490100 34 30 39 36 20 41 75 67 20 31 33 20 31 33 3a 31 4096 Aug 13 13:1
37500110 34 20 75 73 72 4 usr
3751
3752No. Time Source Destination Protocol Length Info
3753 3175 30.922745000 10.241.209.195 10.241.212.151 FTP 78 Response: 226 Transfer complete.
3754
3755Frame 3175: 78 bytes on wire (624 bits), 78 bytes captured (624 bits) on interface 0
3756 Interface id: 0
3757 Encapsulation type: Ethernet (1)
3758 Arrival Time: Aug 17, 2015 08:01:10.623048000 Eastern Daylight Time
3759 [Time shift for this packet: 0.000000000 seconds]
3760 Epoch Time: 1439812870.623048000 seconds
3761 [Time delta from previous captured frame: 0.000014000 seconds]
3762 [Time delta from previous displayed frame: 0.000014000 seconds]
3763 [Time since reference or first frame: 30.922745000 seconds]
3764 Frame Number: 3175
3765 Frame Length: 78 bytes (624 bits)
3766 Capture Length: 78 bytes (624 bits)
3767 [Frame is marked: False]
3768 [Frame is ignored: False]
3769 [Protocols in frame: eth:ip:tcp:ftp]
3770 [Coloring Rule Name: TCP]
3771 [Coloring Rule String: tcp]
3772Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3773 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3774 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3775 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
3776 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
3777 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
3778 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
3779 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
3780 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
3781 Type: IP (0x0800)
3782Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
3783 Version: 4
3784 Header length: 20 bytes
3785 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
3786 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
3787 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
3788 Total Length: 64
3789 Identification: 0xe3cc (58316)
3790 Flags: 0x02 (Don't Fragment)
3791 0... .... = Reserved bit: Not set
3792 .1.. .... = Don't fragment: Set
3793 ..0. .... = More fragments: Not set
3794 Fragment offset: 0
3795 Time to live: 59
3796 Protocol: TCP (6)
3797 Header checksum: 0x9f9e [correct]
3798 [Good: True]
3799 [Bad: False]
3800 Source: 10.241.209.195 (10.241.209.195)
3801 Destination: 10.241.212.151 (10.241.212.151)
3802 [Source GeoIP: Unknown]
3803 [Destination GeoIP: Unknown]
3804Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34549 (34549), Seq: 666, Ack: 86, Len: 24
3805 Source port: ftp (21)
3806 Destination port: 34549 (34549)
3807 [Stream index: 16]
3808 Sequence number: 666 (relative sequence number)
3809 [Next sequence number: 690 (relative sequence number)]
3810 Acknowledgment number: 86 (relative ack number)
3811 Header length: 20 bytes
3812 Flags: 0x018 (PSH, ACK)
3813 000. .... .... = Reserved: Not set
3814 ...0 .... .... = Nonce: Not set
3815 .... 0... .... = Congestion Window Reduced (CWR): Not set
3816 .... .0.. .... = ECN-Echo: Not set
3817 .... ..0. .... = Urgent: Not set
3818 .... ...1 .... = Acknowledgment: Set
3819 .... .... 1... = Push: Set
3820 .... .... .0.. = Reset: Not set
3821 .... .... ..0. = Syn: Not set
3822 .... .... ...0 = Fin: Not set
3823 Window size value: 65535
3824 [Calculated window size: 65535]
3825 [Window size scaling factor: -2 (no window scaling used)]
3826 Checksum: 0x98f6 [validation disabled]
3827 [Good Checksum: False]
3828 [Bad Checksum: False]
3829 [SEQ/ACK analysis]
3830 [Bytes in flight: 66]
3831File Transfer Protocol (FTP)
3832 226 Transfer complete.\r\n
3833 Response code: Closing data connection (226)
3834 Response arg: Transfer complete.
3835
38360000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
38370010 00 40 e3 cc 40 00 3b 06 9f 9e 0a f1 d1 c3 0a f1 .@..@.;.........
38380020 d4 97 00 15 86 f5 7c 61 ed b1 fc d5 9d 97 50 18 ......|a......P.
38390030 ff ff 98 f6 00 00 32 32 36 20 54 72 61 6e 73 66 ......226 Transf
38400040 65 72 20 63 6f 6d 70 6c 65 74 65 2e 0d 0a er complete...
3841
3842No. Time Source Destination Protocol Length Info
3843 3176 30.922765000 10.241.212.151 10.241.209.195 TCP 54 34549 > ftp [ACK] Seq=86 Ack=690 Win=63551 Len=0
3844
3845Frame 3176: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
3846 Interface id: 0
3847 Encapsulation type: Ethernet (1)
3848 Arrival Time: Aug 17, 2015 08:01:10.623068000 Eastern Daylight Time
3849 [Time shift for this packet: 0.000000000 seconds]
3850 Epoch Time: 1439812870.623068000 seconds
3851 [Time delta from previous captured frame: 0.000020000 seconds]
3852 [Time delta from previous displayed frame: 0.000020000 seconds]
3853 [Time since reference or first frame: 30.922765000 seconds]
3854 Frame Number: 3176
3855 Frame Length: 54 bytes (432 bits)
3856 Capture Length: 54 bytes (432 bits)
3857 [Frame is marked: False]
3858 [Frame is ignored: False]
3859 [Protocols in frame: eth:ip:tcp]
3860 [Coloring Rule Name: Checksum Errors]
3861 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
3862Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
3863 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
3864 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
3865 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
3866 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
3867 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3868 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3869 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
3870 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
3871 Type: IP (0x0800)
3872Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
3873 Version: 4
3874 Header length: 20 bytes
3875 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
3876 0000 00.. = Differentiated Services Codepoint: Default (0x00)
3877 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
3878 Total Length: 40
3879 Identification: 0x08a1 (2209)
3880 Flags: 0x02 (Don't Fragment)
3881 0... .... = Reserved bit: Not set
3882 .1.. .... = Don't fragment: Set
3883 ..0. .... = More fragments: Not set
3884 Fragment offset: 0
3885 Time to live: 128
3886 Protocol: TCP (6)
3887 Header checksum: 0x0000 [incorrect, should be 0x35f2 (may be caused by "IP checksum offload"?)]
3888 [Good: False]
3889 [Bad: True]
3890 [Expert Info (Error/Checksum): Bad checksum]
3891 [Message: Bad checksum]
3892 [Severity level: Error]
3893 [Group: Checksum]
3894 Source: 10.241.212.151 (10.241.212.151)
3895 Destination: 10.241.209.195 (10.241.209.195)
3896 [Source GeoIP: Unknown]
3897 [Destination GeoIP: Unknown]
3898Transmission Control Protocol, Src Port: 34549 (34549), Dst Port: ftp (21), Seq: 86, Ack: 690, Len: 0
3899 Source port: 34549 (34549)
3900 Destination port: ftp (21)
3901 [Stream index: 16]
3902 Sequence number: 86 (relative sequence number)
3903 Acknowledgment number: 690 (relative ack number)
3904 Header length: 20 bytes
3905 Flags: 0x010 (ACK)
3906 000. .... .... = Reserved: Not set
3907 ...0 .... .... = Nonce: Not set
3908 .... 0... .... = Congestion Window Reduced (CWR): Not set
3909 .... .0.. .... = ECN-Echo: Not set
3910 .... ..0. .... = Urgent: Not set
3911 .... ...1 .... = Acknowledgment: Set
3912 .... .... 0... = Push: Not set
3913 .... .... .0.. = Reset: Not set
3914 .... .... ..0. = Syn: Not set
3915 .... .... ...0 = Fin: Not set
3916 Window size value: 63551
3917 [Calculated window size: 63551]
3918 [Window size scaling factor: -2 (no window scaling used)]
3919 Checksum: 0xbc57 [validation disabled]
3920 [Good Checksum: False]
3921 [Bad Checksum: False]
3922 [SEQ/ACK analysis]
3923 [This is an ACK to the segment in frame: 3175]
3924 [The RTT to ACK the segment was: 0.000020000 seconds]
3925
39260000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
39270010 00 28 08 a1 40 00 80 06 00 00 0a f1 d4 97 0a f1 .(..@...........
39280020 d1 c3 86 f5 00 15 fc d5 9d 97 7c 61 ed c9 50 10 ..........|a..P.
39290030 f8 3f bc 57 00 00 .?.W..
3930
3931No. Time Source Destination Protocol Length Info
3932 3177 30.922887000 10.241.209.195 10.241.212.151 FTP-DATA 119 FTP Data: 65 bytes
3933
3934Frame 3177: 119 bytes on wire (952 bits), 119 bytes captured (952 bits) on interface 0
3935 Interface id: 0
3936 Encapsulation type: Ethernet (1)
3937 Arrival Time: Aug 17, 2015 08:01:10.623190000 Eastern Daylight Time
3938 [Time shift for this packet: 0.000000000 seconds]
3939 Epoch Time: 1439812870.623190000 seconds
3940 [Time delta from previous captured frame: 0.000122000 seconds]
3941 [Time delta from previous displayed frame: 0.000122000 seconds]
3942 [Time since reference or first frame: 30.922887000 seconds]
3943 Frame Number: 3177
3944 Frame Length: 119 bytes (952 bits)
3945 Capture Length: 119 bytes (952 bits)
3946 [Frame is marked: False]
3947 [Frame is ignored: False]
3948 [Protocols in frame: eth:ip:tcp:ftp-data]
3949 [Coloring Rule Name: TCP SYN/FIN]
3950 [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
3951Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3952 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3953 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
3954 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
3955 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
3956 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
3957 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
3958 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
3959 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
3960 Type: IP (0x0800)
3961Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
3962 Version: 4
3963 Header length: 20 bytes
3964 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
3965 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
3966 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
3967 Total Length: 105
3968 Identification: 0xe3cd (58317)
3969 Flags: 0x02 (Don't Fragment)
3970 0... .... = Reserved bit: Not set
3971 .1.. .... = Don't fragment: Set
3972 ..0. .... = More fragments: Not set
3973 Fragment offset: 0
3974 Time to live: 59
3975 Protocol: TCP (6)
3976 Header checksum: 0x9f74 [correct]
3977 [Good: True]
3978 [Bad: False]
3979 Source: 10.241.209.195 (10.241.209.195)
3980 Destination: 10.241.212.151 (10.241.212.151)
3981 [Source GeoIP: Unknown]
3982 [Destination GeoIP: Unknown]
3983Transmission Control Protocol, Src Port: 35160 (35160), Dst Port: 34550 (34550), Seq: 3275, Ack: 1, Len: 65
3984 Source port: 35160 (35160)
3985 Destination port: 34550 (34550)
3986 [Stream index: 17]
3987 Sequence number: 3275 (relative sequence number)
3988 [Next sequence number: 3340 (relative sequence number)]
3989 Acknowledgment number: 1 (relative ack number)
3990 Header length: 20 bytes
3991 Flags: 0x019 (FIN, PSH, ACK)
3992 000. .... .... = Reserved: Not set
3993 ...0 .... .... = Nonce: Not set
3994 .... 0... .... = Congestion Window Reduced (CWR): Not set
3995 .... .0.. .... = ECN-Echo: Not set
3996 .... ..0. .... = Urgent: Not set
3997 .... ...1 .... = Acknowledgment: Set
3998 .... .... 1... = Push: Set
3999 .... .... .0.. = Reset: Not set
4000 .... .... ..0. = Syn: Not set
4001 .... .... ...1 = Fin: Set
4002 [Expert Info (Chat/Sequence): Connection finish (FIN)]
4003 [Message: Connection finish (FIN)]
4004 [Severity level: Chat]
4005 [Group: Sequence]
4006 Window size value: 65535
4007 [Calculated window size: 65535]
4008 [Window size scaling factor: -2 (no window scaling used)]
4009 Checksum: 0xfd58 [validation disabled]
4010 [Good Checksum: False]
4011 [Bad Checksum: False]
4012 [SEQ/ACK analysis]
4013 [Bytes in flight: 289]
4014FTP Data (65 bytes data)
4015
40160000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
40170010 00 69 e3 cd 40 00 3b 06 9f 74 0a f1 d1 c3 0a f1 .i..@.;..t......
40180020 d4 97 89 58 86 f6 76 5c 36 f5 7d 7f 3f ef 50 19 ...X..v\6.}.?.P.
40190030 ff ff fd 58 00 00 0d 0a 64 72 77 78 72 2d 78 72 ...X....drwxr-xr
40200040 2d 78 20 20 20 33 33 20 72 6f 6f 74 20 20 20 20 -x 33 root
40210050 20 73 79 73 74 65 6d 20 20 20 20 20 20 20 20 20 system
40220060 34 30 39 36 20 41 75 67 20 31 33 20 31 33 3a 31 4096 Aug 13 13:1
40230070 34 20 76 61 72 0d 0a 4 var..
4024
4025No. Time Source Destination Protocol Length Info
4026 3178 30.922908000 10.241.212.151 10.241.209.195 TCP 54 34550 > 35160 [ACK] Seq=1 Ack=3341 Win=63952 Len=0
4027
4028Frame 3178: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
4029 Interface id: 0
4030 Encapsulation type: Ethernet (1)
4031 Arrival Time: Aug 17, 2015 08:01:10.623211000 Eastern Daylight Time
4032 [Time shift for this packet: 0.000000000 seconds]
4033 Epoch Time: 1439812870.623211000 seconds
4034 [Time delta from previous captured frame: 0.000021000 seconds]
4035 [Time delta from previous displayed frame: 0.000021000 seconds]
4036 [Time since reference or first frame: 30.922908000 seconds]
4037 Frame Number: 3178
4038 Frame Length: 54 bytes (432 bits)
4039 Capture Length: 54 bytes (432 bits)
4040 [Frame is marked: False]
4041 [Frame is ignored: False]
4042 [Protocols in frame: eth:ip:tcp]
4043 [Coloring Rule Name: Checksum Errors]
4044 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
4045Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
4046 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
4047 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
4048 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
4049 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
4050 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
4051 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
4052 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
4053 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
4054 Type: IP (0x0800)
4055Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
4056 Version: 4
4057 Header length: 20 bytes
4058 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
4059 0000 00.. = Differentiated Services Codepoint: Default (0x00)
4060 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
4061 Total Length: 40
4062 Identification: 0x08a2 (2210)
4063 Flags: 0x02 (Don't Fragment)
4064 0... .... = Reserved bit: Not set
4065 .1.. .... = Don't fragment: Set
4066 ..0. .... = More fragments: Not set
4067 Fragment offset: 0
4068 Time to live: 128
4069 Protocol: TCP (6)
4070 Header checksum: 0x0000 [incorrect, should be 0x35f1 (may be caused by "IP checksum offload"?)]
4071 [Good: False]
4072 [Bad: True]
4073 [Expert Info (Error/Checksum): Bad checksum]
4074 [Message: Bad checksum]
4075 [Severity level: Error]
4076 [Group: Checksum]
4077 Source: 10.241.212.151 (10.241.212.151)
4078 Destination: 10.241.209.195 (10.241.209.195)
4079 [Source GeoIP: Unknown]
4080 [Destination GeoIP: Unknown]
4081Transmission Control Protocol, Src Port: 34550 (34550), Dst Port: 35160 (35160), Seq: 1, Ack: 3341, Len: 0
4082 Source port: 34550 (34550)
4083 Destination port: 35160 (35160)
4084 [Stream index: 17]
4085 Sequence number: 1 (relative sequence number)
4086 Acknowledgment number: 3341 (relative ack number)
4087 Header length: 20 bytes
4088 Flags: 0x010 (ACK)
4089 000. .... .... = Reserved: Not set
4090 ...0 .... .... = Nonce: Not set
4091 .... 0... .... = Congestion Window Reduced (CWR): Not set
4092 .... .0.. .... = ECN-Echo: Not set
4093 .... ..0. .... = Urgent: Not set
4094 .... ...1 .... = Acknowledgment: Set
4095 .... .... 0... = Push: Not set
4096 .... .... .0.. = Reset: Not set
4097 .... .... ..0. = Syn: Not set
4098 .... .... ...0 = Fin: Not set
4099 Window size value: 63952
4100 [Calculated window size: 63952]
4101 [Window size scaling factor: -2 (no window scaling used)]
4102 Checksum: 0xbc57 [validation disabled]
4103 [Good Checksum: False]
4104 [Bad Checksum: False]
4105 [SEQ/ACK analysis]
4106 [This is an ACK to the segment in frame: 3177]
4107 [The RTT to ACK the segment was: 0.000021000 seconds]
4108
41090000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
41100010 00 28 08 a2 40 00 80 06 00 00 0a f1 d4 97 0a f1 .(..@...........
41110020 d1 c3 86 f6 89 58 7d 7f 3f ef 76 5c 37 37 50 10 .....X}.?.v\77P.
41120030 f9 d0 bc 57 00 00 ...W..
4113
4114No. Time Source Destination Protocol Length Info
4115 3179 30.922954000 10.241.212.151 10.241.209.195 TCP 54 34550 > 35160 [FIN, ACK] Seq=1 Ack=3341 Win=63952 Len=0
4116
4117Frame 3179: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
4118 Interface id: 0
4119 Encapsulation type: Ethernet (1)
4120 Arrival Time: Aug 17, 2015 08:01:10.623257000 Eastern Daylight Time
4121 [Time shift for this packet: 0.000000000 seconds]
4122 Epoch Time: 1439812870.623257000 seconds
4123 [Time delta from previous captured frame: 0.000046000 seconds]
4124 [Time delta from previous displayed frame: 0.000046000 seconds]
4125 [Time since reference or first frame: 30.922954000 seconds]
4126 Frame Number: 3179
4127 Frame Length: 54 bytes (432 bits)
4128 Capture Length: 54 bytes (432 bits)
4129 [Frame is marked: False]
4130 [Frame is ignored: False]
4131 [Protocols in frame: eth:ip:tcp]
4132 [Coloring Rule Name: Checksum Errors]
4133 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
4134Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
4135 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
4136 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
4137 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
4138 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
4139 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
4140 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
4141 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
4142 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
4143 Type: IP (0x0800)
4144Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
4145 Version: 4
4146 Header length: 20 bytes
4147 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
4148 0000 00.. = Differentiated Services Codepoint: Default (0x00)
4149 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
4150 Total Length: 40
4151 Identification: 0x08a3 (2211)
4152 Flags: 0x02 (Don't Fragment)
4153 0... .... = Reserved bit: Not set
4154 .1.. .... = Don't fragment: Set
4155 ..0. .... = More fragments: Not set
4156 Fragment offset: 0
4157 Time to live: 128
4158 Protocol: TCP (6)
4159 Header checksum: 0x0000 [incorrect, should be 0x35f0 (may be caused by "IP checksum offload"?)]
4160 [Good: False]
4161 [Bad: True]
4162 [Expert Info (Error/Checksum): Bad checksum]
4163 [Message: Bad checksum]
4164 [Severity level: Error]
4165 [Group: Checksum]
4166 Source: 10.241.212.151 (10.241.212.151)
4167 Destination: 10.241.209.195 (10.241.209.195)
4168 [Source GeoIP: Unknown]
4169 [Destination GeoIP: Unknown]
4170Transmission Control Protocol, Src Port: 34550 (34550), Dst Port: 35160 (35160), Seq: 1, Ack: 3341, Len: 0
4171 Source port: 34550 (34550)
4172 Destination port: 35160 (35160)
4173 [Stream index: 17]
4174 Sequence number: 1 (relative sequence number)
4175 Acknowledgment number: 3341 (relative ack number)
4176 Header length: 20 bytes
4177 Flags: 0x011 (FIN, ACK)
4178 000. .... .... = Reserved: Not set
4179 ...0 .... .... = Nonce: Not set
4180 .... 0... .... = Congestion Window Reduced (CWR): Not set
4181 .... .0.. .... = ECN-Echo: Not set
4182 .... ..0. .... = Urgent: Not set
4183 .... ...1 .... = Acknowledgment: Set
4184 .... .... 0... = Push: Not set
4185 .... .... .0.. = Reset: Not set
4186 .... .... ..0. = Syn: Not set
4187 .... .... ...1 = Fin: Set
4188 [Expert Info (Chat/Sequence): Connection finish (FIN)]
4189 [Message: Connection finish (FIN)]
4190 [Severity level: Chat]
4191 [Group: Sequence]
4192 Window size value: 63952
4193 [Calculated window size: 63952]
4194 [Window size scaling factor: -2 (no window scaling used)]
4195 Checksum: 0xbc57 [validation disabled]
4196 [Good Checksum: False]
4197 [Bad Checksum: False]
4198
41990000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
42000010 00 28 08 a3 40 00 80 06 00 00 0a f1 d4 97 0a f1 .(..@...........
42010020 d1 c3 86 f6 89 58 7d 7f 3f ef 76 5c 37 37 50 11 .....X}.?.v\77P.
42020030 f9 d0 bc 57 00 00 ...W..
4203
4204No. Time Source Destination Protocol Length Info
4205 3180 30.923162000 10.241.209.195 10.241.212.151 TCP 60 35160 > 34550 [ACK] Seq=3341 Ack=2 Win=65535 Len=0
4206
4207Frame 3180: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
4208 Interface id: 0
4209 Encapsulation type: Ethernet (1)
4210 Arrival Time: Aug 17, 2015 08:01:10.623465000 Eastern Daylight Time
4211 [Time shift for this packet: 0.000000000 seconds]
4212 Epoch Time: 1439812870.623465000 seconds
4213 [Time delta from previous captured frame: 0.000208000 seconds]
4214 [Time delta from previous displayed frame: 0.000208000 seconds]
4215 [Time since reference or first frame: 30.923162000 seconds]
4216 Frame Number: 3180
4217 Frame Length: 60 bytes (480 bits)
4218 Capture Length: 60 bytes (480 bits)
4219 [Frame is marked: False]
4220 [Frame is ignored: False]
4221 [Protocols in frame: eth:ip:tcp]
4222 [Coloring Rule Name: TCP]
4223 [Coloring Rule String: tcp]
4224Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
4225 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
4226 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
4227 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
4228 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
4229 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
4230 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
4231 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
4232 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
4233 Type: IP (0x0800)
4234 Padding: 000000000000
4235Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
4236 Version: 4
4237 Header length: 20 bytes
4238 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
4239 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
4240 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
4241 Total Length: 40
4242 Identification: 0xe3ce (58318)
4243 Flags: 0x02 (Don't Fragment)
4244 0... .... = Reserved bit: Not set
4245 .1.. .... = Don't fragment: Set
4246 ..0. .... = More fragments: Not set
4247 Fragment offset: 0
4248 Time to live: 59
4249 Protocol: TCP (6)
4250 Header checksum: 0x9fb4 [correct]
4251 [Good: True]
4252 [Bad: False]
4253 Source: 10.241.209.195 (10.241.209.195)
4254 Destination: 10.241.212.151 (10.241.212.151)
4255 [Source GeoIP: Unknown]
4256 [Destination GeoIP: Unknown]
4257Transmission Control Protocol, Src Port: 35160 (35160), Dst Port: 34550 (34550), Seq: 3341, Ack: 2, Len: 0
4258 Source port: 35160 (35160)
4259 Destination port: 34550 (34550)
4260 [Stream index: 17]
4261 Sequence number: 3341 (relative sequence number)
4262 Acknowledgment number: 2 (relative ack number)
4263 Header length: 20 bytes
4264 Flags: 0x010 (ACK)
4265 000. .... .... = Reserved: Not set
4266 ...0 .... .... = Nonce: Not set
4267 .... 0... .... = Congestion Window Reduced (CWR): Not set
4268 .... .0.. .... = ECN-Echo: Not set
4269 .... ..0. .... = Urgent: Not set
4270 .... ...1 .... = Acknowledgment: Set
4271 .... .... 0... = Push: Not set
4272 .... .... .0.. = Reset: Not set
4273 .... .... ..0. = Syn: Not set
4274 .... .... ...0 = Fin: Not set
4275 Window size value: 65535
4276 [Calculated window size: 65535]
4277 [Window size scaling factor: -2 (no window scaling used)]
4278 Checksum: 0x7845 [validation disabled]
4279 [Good Checksum: False]
4280 [Bad Checksum: False]
4281 [SEQ/ACK analysis]
4282 [This is an ACK to the segment in frame: 3179]
4283 [The RTT to ACK the segment was: 0.000208000 seconds]
4284
42850000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
42860010 00 28 e3 ce 40 00 3b 06 9f b4 0a f1 d1 c3 0a f1 .(..@.;.........
42870020 d4 97 89 58 86 f6 76 5c 37 37 7d 7f 3f f0 50 10 ...X..v\77}.?.P.
42880030 ff ff 78 45 00 00 00 00 00 00 00 00 ..xE........