Ticket #10624: filezilla-ftp-fail.txt

File filezilla-ftp-fail.txt, 109.0 KB (added by difazio, 6 years ago)

wire shark text output of failure using zilezilla

Line 
1No. Time Source Destination Protocol Length Info
2 1027 37.373191000 10.241.212.151 10.241.209.195 TCP 66 34461 > ftp [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
3
4Frame 1027: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
5 Interface id: 0
6 Encapsulation type: Ethernet (1)
7 Arrival Time: Aug 17, 2015 07:53:45.725901000 Eastern Daylight Time
8 [Time shift for this packet: 0.000000000 seconds]
9 Epoch Time: 1439812425.725901000 seconds
10 [Time delta from previous captured frame: 0.087564000 seconds]
11 [Time delta from previous displayed frame: 0.000000000 seconds]
12 [Time since reference or first frame: 37.373191000 seconds]
13 Frame Number: 1027
14 Frame Length: 66 bytes (528 bits)
15 Capture Length: 66 bytes (528 bits)
16 [Frame is marked: False]
17 [Frame is ignored: False]
18 [Protocols in frame: eth:ip:tcp]
19 [Coloring Rule Name: Checksum Errors]
20 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
21Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
22 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
23 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
24 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
25 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
26 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
27 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
28 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
29 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
30 Type: IP (0x0800)
31Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
32 Version: 4
33 Header length: 20 bytes
34 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
35 0000 00.. = Differentiated Services Codepoint: Default (0x00)
36 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
37 Total Length: 52
38 Identification: 0x6d9f (28063)
39 Flags: 0x02 (Don't Fragment)
40 0... .... = Reserved bit: Not set
41 .1.. .... = Don't fragment: Set
42 ..0. .... = More fragments: Not set
43 Fragment offset: 0
44 Time to live: 128
45 Protocol: TCP (6)
46 Header checksum: 0x0000 [incorrect, should be 0xd0e7 (may be caused by "IP checksum offload"?)]
47 [Good: False]
48 [Bad: True]
49 [Expert Info (Error/Checksum): Bad checksum]
50 [Message: Bad checksum]
51 [Severity level: Error]
52 [Group: Checksum]
53 Source: 10.241.212.151 (10.241.212.151)
54 Destination: 10.241.209.195 (10.241.209.195)
55 [Source GeoIP: Unknown]
56 [Destination GeoIP: Unknown]
57Transmission Control Protocol, Src Port: 34461 (34461), Dst Port: ftp (21), Seq: 0, Len: 0
58 Source port: 34461 (34461)
59 Destination port: ftp (21)
60 [Stream index: 20]
61 Sequence number: 0 (relative sequence number)
62 Header length: 32 bytes
63 Flags: 0x002 (SYN)
64 000. .... .... = Reserved: Not set
65 ...0 .... .... = Nonce: Not set
66 .... 0... .... = Congestion Window Reduced (CWR): Not set
67 .... .0.. .... = ECN-Echo: Not set
68 .... ..0. .... = Urgent: Not set
69 .... ...0 .... = Acknowledgment: Not set
70 .... .... 0... = Push: Not set
71 .... .... .0.. = Reset: Not set
72 .... .... ..1. = Syn: Set
73 [Expert Info (Chat/Sequence): Connection establish request (SYN): server port ftp]
74 [Message: Connection establish request (SYN): server port ftp]
75 [Severity level: Chat]
76 [Group: Sequence]
77 .... .... ...0 = Fin: Not set
78 Window size value: 8192
79 [Calculated window size: 8192]
80 Checksum: 0xbc63 [validation disabled]
81 [Good Checksum: False]
82 [Bad Checksum: False]
83 Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
84 Maximum segment size: 1460 bytes
85 Kind: MSS size (2)
86 Length: 4
87 MSS Value: 1460
88 No-Operation (NOP)
89 Type: 1
90 0... .... = Copy on fragmentation: No
91 .00. .... = Class: Control (0)
92 ...0 0001 = Number: No-Operation (NOP) (1)
93 Window scale: 2 (multiply by 4)
94 Kind: Window Scale (3)
95 Length: 3
96 Shift count: 2
97 [Multiplier: 4]
98 No-Operation (NOP)
99 Type: 1
100 0... .... = Copy on fragmentation: No
101 .00. .... = Class: Control (0)
102 ...0 0001 = Number: No-Operation (NOP) (1)
103 No-Operation (NOP)
104 Type: 1
105 0... .... = Copy on fragmentation: No
106 .00. .... = Class: Control (0)
107 ...0 0001 = Number: No-Operation (NOP) (1)
108 TCP SACK Permitted Option: True
109 Kind: SACK Permission (4)
110 Length: 2
111
1120000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
1130010 00 34 6d 9f 40 00 80 06 00 00 0a f1 d4 97 0a f1 .4m.@...........
1140020 d1 c3 86 9d 00 15 7d 0e 4d 91 00 00 00 00 80 02 ......}.M.......
1150030 20 00 bc 63 00 00 02 04 05 b4 01 03 03 02 01 01 ..c............
1160040 04 02 ..
117
118No. Time Source Destination Protocol Length Info
119 1028 37.373410000 10.241.209.195 10.241.212.151 TCP 60 ftp > 34461 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
120
121Frame 1028: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
122 Interface id: 0
123 Encapsulation type: Ethernet (1)
124 Arrival Time: Aug 17, 2015 07:53:45.726120000 Eastern Daylight Time
125 [Time shift for this packet: 0.000000000 seconds]
126 Epoch Time: 1439812425.726120000 seconds
127 [Time delta from previous captured frame: 0.000219000 seconds]
128 [Time delta from previous displayed frame: 0.000219000 seconds]
129 [Time since reference or first frame: 37.373410000 seconds]
130 Frame Number: 1028
131 Frame Length: 60 bytes (480 bits)
132 Capture Length: 60 bytes (480 bits)
133 [Frame is marked: False]
134 [Frame is ignored: False]
135 [Protocols in frame: eth:ip:tcp]
136 [Coloring Rule Name: TCP SYN/FIN]
137 [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
138Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
139 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
140 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
141 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
142 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
143 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
144 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
145 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
146 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
147 Type: IP (0x0800)
148 Padding: 0000
149Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
150 Version: 4
151 Header length: 20 bytes
152 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
153 0000 00.. = Differentiated Services Codepoint: Default (0x00)
154 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
155 Total Length: 44
156 Identification: 0xe2d5 (58069)
157 Flags: 0x02 (Don't Fragment)
158 0... .... = Reserved bit: Not set
159 .1.. .... = Don't fragment: Set
160 ..0. .... = More fragments: Not set
161 Fragment offset: 0
162 Time to live: 59
163 Protocol: TCP (6)
164 Header checksum: 0xa0b9 [correct]
165 [Good: True]
166 [Bad: False]
167 Source: 10.241.209.195 (10.241.209.195)
168 Destination: 10.241.212.151 (10.241.212.151)
169 [Source GeoIP: Unknown]
170 [Destination GeoIP: Unknown]
171Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34461 (34461), Seq: 0, Ack: 1, Len: 0
172 Source port: ftp (21)
173 Destination port: 34461 (34461)
174 [Stream index: 20]
175 Sequence number: 0 (relative sequence number)
176 Acknowledgment number: 1 (relative ack number)
177 Header length: 24 bytes
178 Flags: 0x012 (SYN, ACK)
179 000. .... .... = Reserved: Not set
180 ...0 .... .... = Nonce: Not set
181 .... 0... .... = Congestion Window Reduced (CWR): Not set
182 .... .0.. .... = ECN-Echo: Not set
183 .... ..0. .... = Urgent: Not set
184 .... ...1 .... = Acknowledgment: Set
185 .... .... 0... = Push: Not set
186 .... .... .0.. = Reset: Not set
187 .... .... ..1. = Syn: Set
188 [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port ftp]
189 [Message: Connection establish acknowledge (SYN+ACK): server port ftp]
190 [Severity level: Chat]
191 [Group: Sequence]
192 .... .... ...0 = Fin: Not set
193 Window size value: 65535
194 [Calculated window size: 65535]
195 Checksum: 0x42a3 [validation disabled]
196 [Good Checksum: False]
197 [Bad Checksum: False]
198 Options: (4 bytes), Maximum segment size
199 Maximum segment size: 1460 bytes
200 Kind: MSS size (2)
201 Length: 4
202 MSS Value: 1460
203 [SEQ/ACK analysis]
204 [This is an ACK to the segment in frame: 1027]
205 [The RTT to ACK the segment was: 0.000219000 seconds]
206
2070000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 00 .6.A.f.#......E.
2080010 00 2c e2 d5 40 00 3b 06 a0 b9 0a f1 d1 c3 0a f1 .,..@.;.........
2090020 d4 97 00 15 86 9d bb 25 8c bd 7d 0e 4d 92 60 12 .......%..}.M.`.
2100030 ff ff 42 a3 00 00 02 04 05 b4 00 00 ..B.........
211
212No. Time Source Destination Protocol Length Info
213 1029 37.373468000 10.241.212.151 10.241.209.195 TCP 54 34461 > ftp [ACK] Seq=1 Ack=1 Win=64240 Len=0
214
215Frame 1029: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
216 Interface id: 0
217 Encapsulation type: Ethernet (1)
218 Arrival Time: Aug 17, 2015 07:53:45.726178000 Eastern Daylight Time
219 [Time shift for this packet: 0.000000000 seconds]
220 Epoch Time: 1439812425.726178000 seconds
221 [Time delta from previous captured frame: 0.000058000 seconds]
222 [Time delta from previous displayed frame: 0.000058000 seconds]
223 [Time since reference or first frame: 37.373468000 seconds]
224 Frame Number: 1029
225 Frame Length: 54 bytes (432 bits)
226 Capture Length: 54 bytes (432 bits)
227 [Frame is marked: False]
228 [Frame is ignored: False]
229 [Protocols in frame: eth:ip:tcp]
230 [Coloring Rule Name: Checksum Errors]
231 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
232Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
233 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
234 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
235 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
236 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
237 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
238 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
239 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
240 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
241 Type: IP (0x0800)
242Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
243 Version: 4
244 Header length: 20 bytes
245 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
246 0000 00.. = Differentiated Services Codepoint: Default (0x00)
247 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
248 Total Length: 40
249 Identification: 0x6da0 (28064)
250 Flags: 0x02 (Don't Fragment)
251 0... .... = Reserved bit: Not set
252 .1.. .... = Don't fragment: Set
253 ..0. .... = More fragments: Not set
254 Fragment offset: 0
255 Time to live: 128
256 Protocol: TCP (6)
257 Header checksum: 0x0000 [incorrect, should be 0xd0f2 (may be caused by "IP checksum offload"?)]
258 [Good: False]
259 [Bad: True]
260 [Expert Info (Error/Checksum): Bad checksum]
261 [Message: Bad checksum]
262 [Severity level: Error]
263 [Group: Checksum]
264 Source: 10.241.212.151 (10.241.212.151)
265 Destination: 10.241.209.195 (10.241.209.195)
266 [Source GeoIP: Unknown]
267 [Destination GeoIP: Unknown]
268Transmission Control Protocol, Src Port: 34461 (34461), Dst Port: ftp (21), Seq: 1, Ack: 1, Len: 0
269 Source port: 34461 (34461)
270 Destination port: ftp (21)
271 [Stream index: 20]
272 Sequence number: 1 (relative sequence number)
273 Acknowledgment number: 1 (relative ack number)
274 Header length: 20 bytes
275 Flags: 0x010 (ACK)
276 000. .... .... = Reserved: Not set
277 ...0 .... .... = Nonce: Not set
278 .... 0... .... = Congestion Window Reduced (CWR): Not set
279 .... .0.. .... = ECN-Echo: Not set
280 .... ..0. .... = Urgent: Not set
281 .... ...1 .... = Acknowledgment: Set
282 .... .... 0... = Push: Not set
283 .... .... .0.. = Reset: Not set
284 .... .... ..0. = Syn: Not set
285 .... .... ...0 = Fin: Not set
286 Window size value: 64240
287 [Calculated window size: 64240]
288 [Window size scaling factor: -2 (no window scaling used)]
289 Checksum: 0xbc57 [validation disabled]
290 [Good Checksum: False]
291 [Bad Checksum: False]
292 [SEQ/ACK analysis]
293 [This is an ACK to the segment in frame: 1028]
294 [The RTT to ACK the segment was: 0.000058000 seconds]
295
2960000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
2970010 00 28 6d a0 40 00 80 06 00 00 0a f1 d4 97 0a f1 .(m.@...........
2980020 d1 c3 86 9d 00 15 7d 0e 4d 92 bb 25 8c be 50 10 ......}.M..%..P.
2990030 fa f0 bc 57 00 00 ...W..
300
301No. Time Source Destination Protocol Length Info
302 1030 37.386435000 10.241.209.195 10.241.212.151 FTP 125 Response: 220 bono FTP server (Version 4.2 Thu Apr 17 02:03:14 CDT 2008) ready.
303
304Frame 1030: 125 bytes on wire (1000 bits), 125 bytes captured (1000 bits) on interface 0
305 Interface id: 0
306 Encapsulation type: Ethernet (1)
307 Arrival Time: Aug 17, 2015 07:53:45.739145000 Eastern Daylight Time
308 [Time shift for this packet: 0.000000000 seconds]
309 Epoch Time: 1439812425.739145000 seconds
310 [Time delta from previous captured frame: 0.012967000 seconds]
311 [Time delta from previous displayed frame: 0.012967000 seconds]
312 [Time since reference or first frame: 37.386435000 seconds]
313 Frame Number: 1030
314 Frame Length: 125 bytes (1000 bits)
315 Capture Length: 125 bytes (1000 bits)
316 [Frame is marked: False]
317 [Frame is ignored: False]
318 [Protocols in frame: eth:ip:tcp:ftp]
319 [Coloring Rule Name: TCP]
320 [Coloring Rule String: tcp]
321Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
322 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
323 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
324 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
325 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
326 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
327 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
328 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
329 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
330 Type: IP (0x0800)
331Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
332 Version: 4
333 Header length: 20 bytes
334 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
335 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
336 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
337 Total Length: 111
338 Identification: 0xe2d7 (58071)
339 Flags: 0x02 (Don't Fragment)
340 0... .... = Reserved bit: Not set
341 .1.. .... = Don't fragment: Set
342 ..0. .... = More fragments: Not set
343 Fragment offset: 0
344 Time to live: 59
345 Protocol: TCP (6)
346 Header checksum: 0xa064 [correct]
347 [Good: True]
348 [Bad: False]
349 Source: 10.241.209.195 (10.241.209.195)
350 Destination: 10.241.212.151 (10.241.212.151)
351 [Source GeoIP: Unknown]
352 [Destination GeoIP: Unknown]
353Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34461 (34461), Seq: 1, Ack: 1, Len: 71
354 Source port: ftp (21)
355 Destination port: 34461 (34461)
356 [Stream index: 20]
357 Sequence number: 1 (relative sequence number)
358 [Next sequence number: 72 (relative sequence number)]
359 Acknowledgment number: 1 (relative ack number)
360 Header length: 20 bytes
361 Flags: 0x018 (PSH, ACK)
362 000. .... .... = Reserved: Not set
363 ...0 .... .... = Nonce: Not set
364 .... 0... .... = Congestion Window Reduced (CWR): Not set
365 .... .0.. .... = ECN-Echo: Not set
366 .... ..0. .... = Urgent: Not set
367 .... ...1 .... = Acknowledgment: Set
368 .... .... 1... = Push: Set
369 .... .... .0.. = Reset: Not set
370 .... .... ..0. = Syn: Not set
371 .... .... ...0 = Fin: Not set
372 Window size value: 65535
373 [Calculated window size: 65535]
374 [Window size scaling factor: -2 (no window scaling used)]
375 Checksum: 0x35bb [validation disabled]
376 [Good Checksum: False]
377 [Bad Checksum: False]
378 [SEQ/ACK analysis]
379 [Bytes in flight: 71]
380File Transfer Protocol (FTP)
381 220 bono FTP server (Version 4.2 Thu Apr 17 02:03:14 CDT 2008) ready.\r\n
382 Response code: Service ready for new user (220)
383 Response arg: bono FTP server (Version 4.2 Thu Apr 17 02:03:14 CDT 2008) ready.
384
3850000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
3860010 00 6f e2 d7 40 00 3b 06 a0 64 0a f1 d1 c3 0a f1 .o..@.;..d......
3870020 d4 97 00 15 86 9d bb 25 8c be 7d 0e 4d 92 50 18 .......%..}.M.P.
3880030 ff ff 35 bb 00 00 32 32 30 20 62 6f 6e 6f 20 46 ..5...220 bono F
3890040 54 50 20 73 65 72 76 65 72 20 28 56 65 72 73 69 TP server (Versi
3900050 6f 6e 20 34 2e 32 20 54 68 75 20 41 70 72 20 31 on 4.2 Thu Apr 1
3910060 37 20 30 32 3a 30 33 3a 31 34 20 43 44 54 20 32 7 02:03:14 CDT 2
3920070 30 30 38 29 20 72 65 61 64 79 2e 0d 0a 008) ready...
393
394No. Time Source Destination Protocol Length Info
395 1031 37.387377000 10.241.212.151 10.241.209.195 FTP 64 Request: AUTH TLS
396
397Frame 1031: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) on interface 0
398 Interface id: 0
399 Encapsulation type: Ethernet (1)
400 Arrival Time: Aug 17, 2015 07:53:45.740087000 Eastern Daylight Time
401 [Time shift for this packet: 0.000000000 seconds]
402 Epoch Time: 1439812425.740087000 seconds
403 [Time delta from previous captured frame: 0.000942000 seconds]
404 [Time delta from previous displayed frame: 0.000942000 seconds]
405 [Time since reference or first frame: 37.387377000 seconds]
406 Frame Number: 1031
407 Frame Length: 64 bytes (512 bits)
408 Capture Length: 64 bytes (512 bits)
409 [Frame is marked: False]
410 [Frame is ignored: False]
411 [Protocols in frame: eth:ip:tcp:ftp]
412 [Coloring Rule Name: Checksum Errors]
413 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
414Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
415 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
416 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
417 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
418 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
419 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
420 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
421 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
422 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
423 Type: IP (0x0800)
424Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
425 Version: 4
426 Header length: 20 bytes
427 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
428 0000 00.. = Differentiated Services Codepoint: Default (0x00)
429 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
430 Total Length: 50
431 Identification: 0x6da1 (28065)
432 Flags: 0x02 (Don't Fragment)
433 0... .... = Reserved bit: Not set
434 .1.. .... = Don't fragment: Set
435 ..0. .... = More fragments: Not set
436 Fragment offset: 0
437 Time to live: 128
438 Protocol: TCP (6)
439 Header checksum: 0x0000 [incorrect, should be 0xd0e7 (may be caused by "IP checksum offload"?)]
440 [Good: False]
441 [Bad: True]
442 [Expert Info (Error/Checksum): Bad checksum]
443 [Message: Bad checksum]
444 [Severity level: Error]
445 [Group: Checksum]
446 Source: 10.241.212.151 (10.241.212.151)
447 Destination: 10.241.209.195 (10.241.209.195)
448 [Source GeoIP: Unknown]
449 [Destination GeoIP: Unknown]
450Transmission Control Protocol, Src Port: 34461 (34461), Dst Port: ftp (21), Seq: 1, Ack: 72, Len: 10
451 Source port: 34461 (34461)
452 Destination port: ftp (21)
453 [Stream index: 20]
454 Sequence number: 1 (relative sequence number)
455 [Next sequence number: 11 (relative sequence number)]
456 Acknowledgment number: 72 (relative ack number)
457 Header length: 20 bytes
458 Flags: 0x018 (PSH, ACK)
459 000. .... .... = Reserved: Not set
460 ...0 .... .... = Nonce: Not set
461 .... 0... .... = Congestion Window Reduced (CWR): Not set
462 .... .0.. .... = ECN-Echo: Not set
463 .... ..0. .... = Urgent: Not set
464 .... ...1 .... = Acknowledgment: Set
465 .... .... 1... = Push: Set
466 .... .... .0.. = Reset: Not set
467 .... .... ..0. = Syn: Not set
468 .... .... ...0 = Fin: Not set
469 Window size value: 64169
470 [Calculated window size: 64169]
471 [Window size scaling factor: -2 (no window scaling used)]
472 Checksum: 0xbc61 [validation disabled]
473 [Good Checksum: False]
474 [Bad Checksum: False]
475 [SEQ/ACK analysis]
476 [This is an ACK to the segment in frame: 1030]
477 [The RTT to ACK the segment was: 0.000942000 seconds]
478 [Bytes in flight: 10]
479File Transfer Protocol (FTP)
480 AUTH TLS\r\n
481 Request command: AUTH
482 Request arg: TLS
483
4840000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
4850010 00 32 6d a1 40 00 80 06 00 00 0a f1 d4 97 0a f1 .2m.@...........
4860020 d1 c3 86 9d 00 15 7d 0e 4d 92 bb 25 8d 05 50 18 ......}.M..%..P.
4870030 fa a9 bc 61 00 00 41 55 54 48 20 54 4c 53 0d 0a ...a..AUTH TLS..
488
489No. Time Source Destination Protocol Length Info
490 1033 37.399964000 10.241.209.195 10.241.212.151 FTP 91 Response: 234 Using authentication type TLSv1
491
492Frame 1033: 91 bytes on wire (728 bits), 91 bytes captured (728 bits) on interface 0
493 Interface id: 0
494 Encapsulation type: Ethernet (1)
495 Arrival Time: Aug 17, 2015 07:53:45.752674000 Eastern Daylight Time
496 [Time shift for this packet: 0.000000000 seconds]
497 Epoch Time: 1439812425.752674000 seconds
498 [Time delta from previous captured frame: 0.012283000 seconds]
499 [Time delta from previous displayed frame: 0.012587000 seconds]
500 [Time since reference or first frame: 37.399964000 seconds]
501 Frame Number: 1033
502 Frame Length: 91 bytes (728 bits)
503 Capture Length: 91 bytes (728 bits)
504 [Frame is marked: False]
505 [Frame is ignored: False]
506 [Protocols in frame: eth:ip:tcp:ftp]
507 [Coloring Rule Name: TCP]
508 [Coloring Rule String: tcp]
509Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
510 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
511 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
512 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
513 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
514 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
515 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
516 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
517 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
518 Type: IP (0x0800)
519Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
520 Version: 4
521 Header length: 20 bytes
522 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
523 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
524 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
525 Total Length: 77
526 Identification: 0xe2d8 (58072)
527 Flags: 0x02 (Don't Fragment)
528 0... .... = Reserved bit: Not set
529 .1.. .... = Don't fragment: Set
530 ..0. .... = More fragments: Not set
531 Fragment offset: 0
532 Time to live: 59
533 Protocol: TCP (6)
534 Header checksum: 0xa085 [correct]
535 [Good: True]
536 [Bad: False]
537 Source: 10.241.209.195 (10.241.209.195)
538 Destination: 10.241.212.151 (10.241.212.151)
539 [Source GeoIP: Unknown]
540 [Destination GeoIP: Unknown]
541Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34461 (34461), Seq: 72, Ack: 11, Len: 37
542 Source port: ftp (21)
543 Destination port: 34461 (34461)
544 [Stream index: 20]
545 Sequence number: 72 (relative sequence number)
546 [Next sequence number: 109 (relative sequence number)]
547 Acknowledgment number: 11 (relative ack number)
548 Header length: 20 bytes
549 Flags: 0x018 (PSH, ACK)
550 000. .... .... = Reserved: Not set
551 ...0 .... .... = Nonce: Not set
552 .... 0... .... = Congestion Window Reduced (CWR): Not set
553 .... .0.. .... = ECN-Echo: Not set
554 .... ..0. .... = Urgent: Not set
555 .... ...1 .... = Acknowledgment: Set
556 .... .... 1... = Push: Set
557 .... .... .0.. = Reset: Not set
558 .... .... ..0. = Syn: Not set
559 .... .... ...0 = Fin: Not set
560 Window size value: 65535
561 [Calculated window size: 65535]
562 [Window size scaling factor: -2 (no window scaling used)]
563 Checksum: 0xf4c8 [validation disabled]
564 [Good Checksum: False]
565 [Bad Checksum: False]
566 [SEQ/ACK analysis]
567 [This is an ACK to the segment in frame: 1031]
568 [The RTT to ACK the segment was: 0.012587000 seconds]
569 [Bytes in flight: 37]
570File Transfer Protocol (FTP)
571 234 Using authentication type TLSv1\r\n
572 Response code: Security data exchange complete (234)
573 Response arg: Using authentication type TLSv1
574
5750000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
5760010 00 4d e2 d8 40 00 3b 06 a0 85 0a f1 d1 c3 0a f1 .M..@.;.........
5770020 d4 97 00 15 86 9d bb 25 8d 05 7d 0e 4d 9c 50 18 .......%..}.M.P.
5780030 ff ff f4 c8 00 00 32 33 34 20 55 73 69 6e 67 20 ......234 Using
5790040 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 74 authentication t
5800050 79 70 65 20 54 4c 53 76 31 0d 0a ype TLSv1..
581
582No. Time Source Destination Protocol Length Info
583 1034 37.414461000 10.241.212.151 10.241.209.195 FTP 274 Request: \026\003\001\000\327\001\000\000\323\003\003U\321\313\354\371\223p\031\246Q:\333D\271\267_$~T\030\306\334\206k\352lk\025\347\032\225\251\000\000d\300,\300\207\300$\300
584
585Frame 1034: 274 bytes on wire (2192 bits), 274 bytes captured (2192 bits) on interface 0
586 Interface id: 0
587 Encapsulation type: Ethernet (1)
588 Arrival Time: Aug 17, 2015 07:53:45.767171000 Eastern Daylight Time
589 [Time shift for this packet: 0.000000000 seconds]
590 Epoch Time: 1439812425.767171000 seconds
591 [Time delta from previous captured frame: 0.014497000 seconds]
592 [Time delta from previous displayed frame: 0.014497000 seconds]
593 [Time since reference or first frame: 37.414461000 seconds]
594 Frame Number: 1034
595 Frame Length: 274 bytes (2192 bits)
596 Capture Length: 274 bytes (2192 bits)
597 [Frame is marked: False]
598 [Frame is ignored: False]
599 [Protocols in frame: eth:ip:tcp:ftp]
600 [Coloring Rule Name: Checksum Errors]
601 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
602Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
603 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
604 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
605 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
606 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
607 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
608 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
609 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
610 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
611 Type: IP (0x0800)
612Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
613 Version: 4
614 Header length: 20 bytes
615 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
616 0000 00.. = Differentiated Services Codepoint: Default (0x00)
617 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
618 Total Length: 260
619 Identification: 0x6da2 (28066)
620 Flags: 0x02 (Don't Fragment)
621 0... .... = Reserved bit: Not set
622 .1.. .... = Don't fragment: Set
623 ..0. .... = More fragments: Not set
624 Fragment offset: 0
625 Time to live: 128
626 Protocol: TCP (6)
627 Header checksum: 0x0000 [incorrect, should be 0xd014 (may be caused by "IP checksum offload"?)]
628 [Good: False]
629 [Bad: True]
630 [Expert Info (Error/Checksum): Bad checksum]
631 [Message: Bad checksum]
632 [Severity level: Error]
633 [Group: Checksum]
634 Source: 10.241.212.151 (10.241.212.151)
635 Destination: 10.241.209.195 (10.241.209.195)
636 [Source GeoIP: Unknown]
637 [Destination GeoIP: Unknown]
638Transmission Control Protocol, Src Port: 34461 (34461), Dst Port: ftp (21), Seq: 11, Ack: 109, Len: 220
639 Source port: 34461 (34461)
640 Destination port: ftp (21)
641 [Stream index: 20]
642 Sequence number: 11 (relative sequence number)
643 [Next sequence number: 231 (relative sequence number)]
644 Acknowledgment number: 109 (relative ack number)
645 Header length: 20 bytes
646 Flags: 0x018 (PSH, ACK)
647 000. .... .... = Reserved: Not set
648 ...0 .... .... = Nonce: Not set
649 .... 0... .... = Congestion Window Reduced (CWR): Not set
650 .... .0.. .... = ECN-Echo: Not set
651 .... ..0. .... = Urgent: Not set
652 .... ...1 .... = Acknowledgment: Set
653 .... .... 1... = Push: Set
654 .... .... .0.. = Reset: Not set
655 .... .... ..0. = Syn: Not set
656 .... .... ...0 = Fin: Not set
657 Window size value: 64132
658 [Calculated window size: 64132]
659 [Window size scaling factor: -2 (no window scaling used)]
660 Checksum: 0xbd33 [validation disabled]
661 [Good Checksum: False]
662 [Bad Checksum: False]
663 [SEQ/ACK analysis]
664 [This is an ACK to the segment in frame: 1033]
665 [The RTT to ACK the segment was: 0.014497000 seconds]
666 [Bytes in flight: 220]
667File Transfer Protocol (FTP)
668 \026\003\001\000\327\001\000\000\323\003\003U\321\313\354\371\223p\031\246Q:\333D\271\267_$~T\030\306\334\206k\352lk\025\347\032\225\251\000\000d\300,\300\207\300$\300\n
669 Request command: \026\003\001
670 [truncated] \300s\300\255\300+\300\206\300#\300\t\300r\300\254\3000\300\213\300(\300\024\300w\300/\300\212\300'\300\023\300v\000\235\300{\000=\0005\000\300\000\204\300\235\000\234\300z\000<\000/\000\272\000A\300\234\000\237\300}\000k\0009\
671 \000\b\000\006\000\030\000\031\000\027\000\v\000\002\001\000\000\r
672 \000\026\000\024\005\001\005\003\006\001\006\003\004\001\004\003\003\001\003\003\002\001\002\003
673
6740000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
6750010 01 04 6d a2 40 00 80 06 00 00 0a f1 d4 97 0a f1 ..m.@...........
6760020 d1 c3 86 9d 00 15 7d 0e 4d 9c bb 25 8d 2a 50 18 ......}.M..%.*P.
6770030 fa 84 bd 33 00 00 16 03 01 00 d7 01 00 00 d3 03 ...3............
6780040 03 55 d1 cb ec f9 93 70 19 a6 51 3a db 44 b9 b7 .U.....p..Q:.D..
6790050 5f 24 7e 54 18 c6 dc 86 6b ea 6c 6b 15 e7 1a 95 _$~T....k.lk....
6800060 a9 00 00 64 c0 2c c0 87 c0 24 c0 0a c0 73 c0 ad ...d.,...$...s..
6810070 c0 2b c0 86 c0 23 c0 09 c0 72 c0 ac c0 30 c0 8b .+...#...r...0..
6820080 c0 28 c0 14 c0 77 c0 2f c0 8a c0 27 c0 13 c0 76 .(...w./...'...v
6830090 00 9d c0 7b 00 3d 00 35 00 c0 00 84 c0 9d 00 9c ...{.=.5........
68400a0 c0 7a 00 3c 00 2f 00 ba 00 41 c0 9c 00 9f c0 7d .z.<./...A.....}
68500b0 00 6b 00 39 00 c4 00 88 c0 9f 00 9e c0 7c 00 67 .k.9.........|.g
68600c0 00 33 00 be 00 45 c0 9e 01 00 00 46 00 17 00 00 .3...E.....F....
68700d0 00 16 00 00 00 05 00 05 01 00 00 00 00 ff 01 00 ................
68800e0 01 00 00 23 00 00 00 0a 00 08 00 06 00 18 00 19 ...#............
68900f0 00 17 00 0b 00 02 01 00 00 0d 00 16 00 14 05 01 ................
6900100 05 03 06 01 06 03 04 01 04 03 03 01 03 03 02 01 ................
6910110 02 03 ..
692
693No. Time Source Destination Protocol Length Info
694 1035 37.417683000 10.241.209.195 10.241.212.151 FTP 141 Response: 421 TLS negotiation failed during the TLS handshake. Server is closing the connection
695
696Frame 1035: 141 bytes on wire (1128 bits), 141 bytes captured (1128 bits) on interface 0
697 Interface id: 0
698 Encapsulation type: Ethernet (1)
699 Arrival Time: Aug 17, 2015 07:53:45.770393000 Eastern Daylight Time
700 [Time shift for this packet: 0.000000000 seconds]
701 Epoch Time: 1439812425.770393000 seconds
702 [Time delta from previous captured frame: 0.003222000 seconds]
703 [Time delta from previous displayed frame: 0.003222000 seconds]
704 [Time since reference or first frame: 37.417683000 seconds]
705 Frame Number: 1035
706 Frame Length: 141 bytes (1128 bits)
707 Capture Length: 141 bytes (1128 bits)
708 [Frame is marked: False]
709 [Frame is ignored: False]
710 [Protocols in frame: eth:ip:tcp:ftp]
711 [Coloring Rule Name: TCP]
712 [Coloring Rule String: tcp]
713Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
714 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
715 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
716 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
717 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
718 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
719 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
720 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
721 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
722 Type: IP (0x0800)
723Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
724 Version: 4
725 Header length: 20 bytes
726 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
727 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
728 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
729 Total Length: 127
730 Identification: 0xe2d9 (58073)
731 Flags: 0x02 (Don't Fragment)
732 0... .... = Reserved bit: Not set
733 .1.. .... = Don't fragment: Set
734 ..0. .... = More fragments: Not set
735 Fragment offset: 0
736 Time to live: 59
737 Protocol: TCP (6)
738 Header checksum: 0xa052 [correct]
739 [Good: True]
740 [Bad: False]
741 Source: 10.241.209.195 (10.241.209.195)
742 Destination: 10.241.212.151 (10.241.212.151)
743 [Source GeoIP: Unknown]
744 [Destination GeoIP: Unknown]
745Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34461 (34461), Seq: 109, Ack: 231, Len: 87
746 Source port: ftp (21)
747 Destination port: 34461 (34461)
748 [Stream index: 20]
749 Sequence number: 109 (relative sequence number)
750 [Next sequence number: 196 (relative sequence number)]
751 Acknowledgment number: 231 (relative ack number)
752 Header length: 20 bytes
753 Flags: 0x018 (PSH, ACK)
754 000. .... .... = Reserved: Not set
755 ...0 .... .... = Nonce: Not set
756 .... 0... .... = Congestion Window Reduced (CWR): Not set
757 .... .0.. .... = ECN-Echo: Not set
758 .... ..0. .... = Urgent: Not set
759 .... ...1 .... = Acknowledgment: Set
760 .... .... 1... = Push: Set
761 .... .... .0.. = Reset: Not set
762 .... .... ..0. = Syn: Not set
763 .... .... ...0 = Fin: Not set
764 Window size value: 65480
765 [Calculated window size: 65480]
766 [Window size scaling factor: -2 (no window scaling used)]
767 Checksum: 0x892b [validation disabled]
768 [Good Checksum: False]
769 [Bad Checksum: False]
770 [SEQ/ACK analysis]
771 [This is an ACK to the segment in frame: 1034]
772 [The RTT to ACK the segment was: 0.003222000 seconds]
773 [Bytes in flight: 87]
774File Transfer Protocol (FTP)
775 421 TLS negotiation failed during the TLS handshake. Server is closing the connection\r\n
776 Response code: Service not available, closing control connection (421)
777 Response arg: TLS negotiation failed during the TLS handshake. Server is closing the connection
778
7790000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
7800010 00 7f e2 d9 40 00 3b 06 a0 52 0a f1 d1 c3 0a f1 ....@.;..R......
7810020 d4 97 00 15 86 9d bb 25 8d 2a 7d 0e 4e 78 50 18 .......%.*}.NxP.
7820030 ff c8 89 2b 00 00 34 32 31 20 54 4c 53 20 6e 65 ...+..421 TLS ne
7830040 67 6f 74 69 61 74 69 6f 6e 20 66 61 69 6c 65 64 gotiation failed
7840050 20 64 75 72 69 6e 67 20 74 68 65 20 54 4c 53 20 during the TLS
7850060 68 61 6e 64 73 68 61 6b 65 2e 20 53 65 72 76 65 handshake. Serve
7860070 72 20 69 73 20 63 6c 6f 73 69 6e 67 20 74 68 65 r is closing the
7870080 20 63 6f 6e 6e 65 63 74 69 6f 6e 0d 0a connection..
788
789No. Time Source Destination Protocol Length Info
790 1036 37.417806000 10.241.209.195 10.241.212.151 TCP 60 ftp > 34461 [FIN, ACK] Seq=196 Ack=231 Win=65535 Len=0
791
792Frame 1036: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
793 Interface id: 0
794 Encapsulation type: Ethernet (1)
795 Arrival Time: Aug 17, 2015 07:53:45.770516000 Eastern Daylight Time
796 [Time shift for this packet: 0.000000000 seconds]
797 Epoch Time: 1439812425.770516000 seconds
798 [Time delta from previous captured frame: 0.000123000 seconds]
799 [Time delta from previous displayed frame: 0.000123000 seconds]
800 [Time since reference or first frame: 37.417806000 seconds]
801 Frame Number: 1036
802 Frame Length: 60 bytes (480 bits)
803 Capture Length: 60 bytes (480 bits)
804 [Frame is marked: False]
805 [Frame is ignored: False]
806 [Protocols in frame: eth:ip:tcp]
807 [Coloring Rule Name: TCP SYN/FIN]
808 [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
809Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
810 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
811 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
812 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
813 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
814 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
815 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
816 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
817 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
818 Type: IP (0x0800)
819 Padding: 000000000000
820Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
821 Version: 4
822 Header length: 20 bytes
823 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
824 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
825 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
826 Total Length: 40
827 Identification: 0xe2da (58074)
828 Flags: 0x02 (Don't Fragment)
829 0... .... = Reserved bit: Not set
830 .1.. .... = Don't fragment: Set
831 ..0. .... = More fragments: Not set
832 Fragment offset: 0
833 Time to live: 59
834 Protocol: TCP (6)
835 Header checksum: 0xa0a8 [correct]
836 [Good: True]
837 [Bad: False]
838 Source: 10.241.209.195 (10.241.209.195)
839 Destination: 10.241.212.151 (10.241.212.151)
840 [Source GeoIP: Unknown]
841 [Destination GeoIP: Unknown]
842Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34461 (34461), Seq: 196, Ack: 231, Len: 0
843 Source port: ftp (21)
844 Destination port: 34461 (34461)
845 [Stream index: 20]
846 Sequence number: 196 (relative sequence number)
847 Acknowledgment number: 231 (relative ack number)
848 Header length: 20 bytes
849 Flags: 0x011 (FIN, ACK)
850 000. .... .... = Reserved: Not set
851 ...0 .... .... = Nonce: Not set
852 .... 0... .... = Congestion Window Reduced (CWR): Not set
853 .... .0.. .... = ECN-Echo: Not set
854 .... ..0. .... = Urgent: Not set
855 .... ...1 .... = Acknowledgment: Set
856 .... .... 0... = Push: Not set
857 .... .... .0.. = Reset: Not set
858 .... .... ..0. = Syn: Not set
859 .... .... ...1 = Fin: Set
860 [Expert Info (Chat/Sequence): Connection finish (FIN)]
861 [Message: Connection finish (FIN)]
862 [Severity level: Chat]
863 [Group: Sequence]
864 Window size value: 65535
865 [Calculated window size: 65535]
866 [Window size scaling factor: -2 (no window scaling used)]
867 Checksum: 0x58b6 [validation disabled]
868 [Good Checksum: False]
869 [Bad Checksum: False]
870
8710000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
8720010 00 28 e2 da 40 00 3b 06 a0 a8 0a f1 d1 c3 0a f1 .(..@.;.........
8730020 d4 97 00 15 86 9d bb 25 8d 81 7d 0e 4e 78 50 11 .......%..}.NxP.
8740030 ff ff 58 b6 00 00 00 00 00 00 00 00 ..X.........
875
876No. Time Source Destination Protocol Length Info
877 1037 37.417820000 10.241.212.151 10.241.209.195 TCP 54 34461 > ftp [RST, ACK] Seq=231 Ack=196 Win=0 Len=0
878
879Frame 1037: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
880 Interface id: 0
881 Encapsulation type: Ethernet (1)
882 Arrival Time: Aug 17, 2015 07:53:45.770530000 Eastern Daylight Time
883 [Time shift for this packet: 0.000000000 seconds]
884 Epoch Time: 1439812425.770530000 seconds
885 [Time delta from previous captured frame: 0.000014000 seconds]
886 [Time delta from previous displayed frame: 0.000014000 seconds]
887 [Time since reference or first frame: 37.417820000 seconds]
888 Frame Number: 1037
889 Frame Length: 54 bytes (432 bits)
890 Capture Length: 54 bytes (432 bits)
891 [Frame is marked: False]
892 [Frame is ignored: False]
893 [Protocols in frame: eth:ip:tcp]
894 [Coloring Rule Name: TCP RST]
895 [Coloring Rule String: tcp.flags.reset eq 1]
896Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
897 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
898 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
899 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
900 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
901 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
902 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
903 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
904 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
905 Type: IP (0x0800)
906Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
907 Version: 4
908 Header length: 20 bytes
909 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
910 0000 00.. = Differentiated Services Codepoint: Default (0x00)
911 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
912 Total Length: 40
913 Identification: 0x6da3 (28067)
914 Flags: 0x02 (Don't Fragment)
915 0... .... = Reserved bit: Not set
916 .1.. .... = Don't fragment: Set
917 ..0. .... = More fragments: Not set
918 Fragment offset: 0
919 Time to live: 128
920 Protocol: TCP (6)
921 Header checksum: 0x0000 [incorrect, should be 0xd0ef (may be caused by "IP checksum offload"?)]
922 [Good: False]
923 [Bad: True]
924 [Expert Info (Error/Checksum): Bad checksum]
925 [Message: Bad checksum]
926 [Severity level: Error]
927 [Group: Checksum]
928 Source: 10.241.212.151 (10.241.212.151)
929 Destination: 10.241.209.195 (10.241.209.195)
930 [Source GeoIP: Unknown]
931 [Destination GeoIP: Unknown]
932Transmission Control Protocol, Src Port: 34461 (34461), Dst Port: ftp (21), Seq: 231, Ack: 196, Len: 0
933 Source port: 34461 (34461)
934 Destination port: ftp (21)
935 [Stream index: 20]
936 Sequence number: 231 (relative sequence number)
937 Acknowledgment number: 196 (relative ack number)
938 Header length: 20 bytes
939 Flags: 0x014 (RST, ACK)
940 000. .... .... = Reserved: Not set
941 ...0 .... .... = Nonce: Not set
942 .... 0... .... = Congestion Window Reduced (CWR): Not set
943 .... .0.. .... = ECN-Echo: Not set
944 .... ..0. .... = Urgent: Not set
945 .... ...1 .... = Acknowledgment: Set
946 .... .... 0... = Push: Not set
947 .... .... .1.. = Reset: Set
948 [Expert Info (Chat/Sequence): Connection reset (RST)]
949 [Message: Connection reset (RST)]
950 [Severity level: Chat]
951 [Group: Sequence]
952 .... .... ..0. = Syn: Not set
953 .... .... ...0 = Fin: Not set
954 Window size value: 0
955 [Calculated window size: 0]
956 [Window size scaling factor: -2 (no window scaling used)]
957 Checksum: 0xbc57 [validation disabled]
958 [Good Checksum: False]
959 [Bad Checksum: False]
960 [SEQ/ACK analysis]
961 [This is an ACK to the segment in frame: 1035]
962 [The RTT to ACK the segment was: 0.000137000 seconds]
963
9640000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
9650010 00 28 6d a3 40 00 80 06 00 00 0a f1 d4 97 0a f1 .(m.@...........
9660020 d1 c3 86 9d 00 15 7d 0e 4e 78 bb 25 8d 81 50 14 ......}.Nx.%..P.
9670030 00 00 bc 57 00 00 ...W..
968
969No. Time Source Destination Protocol Length Info
970 1038 37.417839000 10.241.212.151 10.241.209.195 TCP 54 34461 > ftp [RST] Seq=231 Win=0 Len=0
971
972Frame 1038: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
973 Interface id: 0
974 Encapsulation type: Ethernet (1)
975 Arrival Time: Aug 17, 2015 07:53:45.770549000 Eastern Daylight Time
976 [Time shift for this packet: 0.000000000 seconds]
977 Epoch Time: 1439812425.770549000 seconds
978 [Time delta from previous captured frame: 0.000019000 seconds]
979 [Time delta from previous displayed frame: 0.000019000 seconds]
980 [Time since reference or first frame: 37.417839000 seconds]
981 Frame Number: 1038
982 Frame Length: 54 bytes (432 bits)
983 Capture Length: 54 bytes (432 bits)
984 [Frame is marked: False]
985 [Frame is ignored: False]
986 [Protocols in frame: eth:ip:tcp]
987 [Coloring Rule Name: TCP RST]
988 [Coloring Rule String: tcp.flags.reset eq 1]
989Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
990 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
991 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
992 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
993 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
994 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
995 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
996 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
997 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
998 Type: IP (0x0800)
999Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
1000 Version: 4
1001 Header length: 20 bytes
1002 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1003 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1004 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1005 Total Length: 40
1006 Identification: 0x6da4 (28068)
1007 Flags: 0x02 (Don't Fragment)
1008 0... .... = Reserved bit: Not set
1009 .1.. .... = Don't fragment: Set
1010 ..0. .... = More fragments: Not set
1011 Fragment offset: 0
1012 Time to live: 128
1013 Protocol: TCP (6)
1014 Header checksum: 0x0000 [incorrect, should be 0xd0ee (may be caused by "IP checksum offload"?)]
1015 [Good: False]
1016 [Bad: True]
1017 [Expert Info (Error/Checksum): Bad checksum]
1018 [Message: Bad checksum]
1019 [Severity level: Error]
1020 [Group: Checksum]
1021 Source: 10.241.212.151 (10.241.212.151)
1022 Destination: 10.241.209.195 (10.241.209.195)
1023 [Source GeoIP: Unknown]
1024 [Destination GeoIP: Unknown]
1025Transmission Control Protocol, Src Port: 34461 (34461), Dst Port: ftp (21), Seq: 231, Len: 0
1026 Source port: 34461 (34461)
1027 Destination port: ftp (21)
1028 [Stream index: 20]
1029 Sequence number: 231 (relative sequence number)
1030 Acknowledgment Number: 0x7d0e4e78 [should be 0x00000000 because ACK flag is not set]
1031 [Expert Info (Warn/Protocol): Acknowledgment number: Broken TCP. The acknowledge field is nonzero while the ACK flag is not set]
1032 [Message: Acknowledgment number: Broken TCP. The acknowledge field is nonzero while the ACK flag is not set]
1033 [Severity level: Warn]
1034 [Group: Protocol]
1035 Header length: 20 bytes
1036 Flags: 0x004 (RST)
1037 000. .... .... = Reserved: Not set
1038 ...0 .... .... = Nonce: Not set
1039 .... 0... .... = Congestion Window Reduced (CWR): Not set
1040 .... .0.. .... = ECN-Echo: Not set
1041 .... ..0. .... = Urgent: Not set
1042 .... ...0 .... = Acknowledgment: Not set
1043 .... .... 0... = Push: Not set
1044 .... .... .1.. = Reset: Set
1045 [Expert Info (Chat/Sequence): Connection reset (RST)]
1046 [Message: Connection reset (RST)]
1047 [Severity level: Chat]
1048 [Group: Sequence]
1049 .... .... ..0. = Syn: Not set
1050 .... .... ...0 = Fin: Not set
1051 Window size value: 0
1052 [Calculated window size: 0]
1053 [Window size scaling factor: -2 (no window scaling used)]
1054 Checksum: 0xbc57 [validation disabled]
1055 [Good Checksum: False]
1056 [Bad Checksum: False]
1057
10580000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
10590010 00 28 6d a4 40 00 80 06 00 00 0a f1 d4 97 0a f1 .(m.@...........
10600020 d1 c3 86 9d 00 15 7d 0e 4e 78 7d 0e 4e 78 50 04 ......}.Nx}.NxP.
10610030 00 00 bc 57 00 00 ...W..
1062
1063No. Time Source Destination Protocol Length Info
1064 1159 42.424519000 10.241.212.151 10.241.209.195 TCP 66 34464 > ftp [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
1065
1066Frame 1159: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
1067 Interface id: 0
1068 Encapsulation type: Ethernet (1)
1069 Arrival Time: Aug 17, 2015 07:53:50.777229000 Eastern Daylight Time
1070 [Time shift for this packet: 0.000000000 seconds]
1071 Epoch Time: 1439812430.777229000 seconds
1072 [Time delta from previous captured frame: 0.000722000 seconds]
1073 [Time delta from previous displayed frame: 5.006680000 seconds]
1074 [Time since reference or first frame: 42.424519000 seconds]
1075 Frame Number: 1159
1076 Frame Length: 66 bytes (528 bits)
1077 Capture Length: 66 bytes (528 bits)
1078 [Frame is marked: False]
1079 [Frame is ignored: False]
1080 [Protocols in frame: eth:ip:tcp]
1081 [Coloring Rule Name: Checksum Errors]
1082 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
1083Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1084 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1085 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1086 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1087 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1088 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1089 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1090 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1091 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1092 Type: IP (0x0800)
1093Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
1094 Version: 4
1095 Header length: 20 bytes
1096 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1097 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1098 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1099 Total Length: 52
1100 Identification: 0x6dd2 (28114)
1101 Flags: 0x02 (Don't Fragment)
1102 0... .... = Reserved bit: Not set
1103 .1.. .... = Don't fragment: Set
1104 ..0. .... = More fragments: Not set
1105 Fragment offset: 0
1106 Time to live: 128
1107 Protocol: TCP (6)
1108 Header checksum: 0x0000 [incorrect, should be 0xd0b4 (may be caused by "IP checksum offload"?)]
1109 [Good: False]
1110 [Bad: True]
1111 [Expert Info (Error/Checksum): Bad checksum]
1112 [Message: Bad checksum]
1113 [Severity level: Error]
1114 [Group: Checksum]
1115 Source: 10.241.212.151 (10.241.212.151)
1116 Destination: 10.241.209.195 (10.241.209.195)
1117 [Source GeoIP: Unknown]
1118 [Destination GeoIP: Unknown]
1119Transmission Control Protocol, Src Port: 34464 (34464), Dst Port: ftp (21), Seq: 0, Len: 0
1120 Source port: 34464 (34464)
1121 Destination port: ftp (21)
1122 [Stream index: 25]
1123 Sequence number: 0 (relative sequence number)
1124 Header length: 32 bytes
1125 Flags: 0x002 (SYN)
1126 000. .... .... = Reserved: Not set
1127 ...0 .... .... = Nonce: Not set
1128 .... 0... .... = Congestion Window Reduced (CWR): Not set
1129 .... .0.. .... = ECN-Echo: Not set
1130 .... ..0. .... = Urgent: Not set
1131 .... ...0 .... = Acknowledgment: Not set
1132 .... .... 0... = Push: Not set
1133 .... .... .0.. = Reset: Not set
1134 .... .... ..1. = Syn: Set
1135 [Expert Info (Chat/Sequence): Connection establish request (SYN): server port ftp]
1136 [Message: Connection establish request (SYN): server port ftp]
1137 [Severity level: Chat]
1138 [Group: Sequence]
1139 .... .... ...0 = Fin: Not set
1140 Window size value: 8192
1141 [Calculated window size: 8192]
1142 Checksum: 0xbc63 [validation disabled]
1143 [Good Checksum: False]
1144 [Bad Checksum: False]
1145 Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
1146 Maximum segment size: 1460 bytes
1147 Kind: MSS size (2)
1148 Length: 4
1149 MSS Value: 1460
1150 No-Operation (NOP)
1151 Type: 1
1152 0... .... = Copy on fragmentation: No
1153 .00. .... = Class: Control (0)
1154 ...0 0001 = Number: No-Operation (NOP) (1)
1155 Window scale: 2 (multiply by 4)
1156 Kind: Window Scale (3)
1157 Length: 3
1158 Shift count: 2
1159 [Multiplier: 4]
1160 No-Operation (NOP)
1161 Type: 1
1162 0... .... = Copy on fragmentation: No
1163 .00. .... = Class: Control (0)
1164 ...0 0001 = Number: No-Operation (NOP) (1)
1165 No-Operation (NOP)
1166 Type: 1
1167 0... .... = Copy on fragmentation: No
1168 .00. .... = Class: Control (0)
1169 ...0 0001 = Number: No-Operation (NOP) (1)
1170 TCP SACK Permitted Option: True
1171 Kind: SACK Permission (4)
1172 Length: 2
1173
11740000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
11750010 00 34 6d d2 40 00 80 06 00 00 0a f1 d4 97 0a f1 .4m.@...........
11760020 d1 c3 86 a0 00 15 66 9a 14 a6 00 00 00 00 80 02 ......f.........
11770030 20 00 bc 63 00 00 02 04 05 b4 01 03 03 02 01 01 ..c............
11780040 04 02 ..
1179
1180No. Time Source Destination Protocol Length Info
1181 1160 42.424733000 10.241.209.195 10.241.212.151 TCP 60 ftp > 34464 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460
1182
1183Frame 1160: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
1184 Interface id: 0
1185 Encapsulation type: Ethernet (1)
1186 Arrival Time: Aug 17, 2015 07:53:50.777443000 Eastern Daylight Time
1187 [Time shift for this packet: 0.000000000 seconds]
1188 Epoch Time: 1439812430.777443000 seconds
1189 [Time delta from previous captured frame: 0.000214000 seconds]
1190 [Time delta from previous displayed frame: 0.000214000 seconds]
1191 [Time since reference or first frame: 42.424733000 seconds]
1192 Frame Number: 1160
1193 Frame Length: 60 bytes (480 bits)
1194 Capture Length: 60 bytes (480 bits)
1195 [Frame is marked: False]
1196 [Frame is ignored: False]
1197 [Protocols in frame: eth:ip:tcp]
1198 [Coloring Rule Name: TCP SYN/FIN]
1199 [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
1200Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1201 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1202 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1203 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1204 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1205 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
1206 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
1207 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1208 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1209 Type: IP (0x0800)
1210 Padding: 0000
1211Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
1212 Version: 4
1213 Header length: 20 bytes
1214 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1215 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1216 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1217 Total Length: 44
1218 Identification: 0xe2de (58078)
1219 Flags: 0x02 (Don't Fragment)
1220 0... .... = Reserved bit: Not set
1221 .1.. .... = Don't fragment: Set
1222 ..0. .... = More fragments: Not set
1223 Fragment offset: 0
1224 Time to live: 59
1225 Protocol: TCP (6)
1226 Header checksum: 0xa0b0 [correct]
1227 [Good: True]
1228 [Bad: False]
1229 Source: 10.241.209.195 (10.241.209.195)
1230 Destination: 10.241.212.151 (10.241.212.151)
1231 [Source GeoIP: Unknown]
1232 [Destination GeoIP: Unknown]
1233Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34464 (34464), Seq: 0, Ack: 1, Len: 0
1234 Source port: ftp (21)
1235 Destination port: 34464 (34464)
1236 [Stream index: 25]
1237 Sequence number: 0 (relative sequence number)
1238 Acknowledgment number: 1 (relative ack number)
1239 Header length: 24 bytes
1240 Flags: 0x012 (SYN, ACK)
1241 000. .... .... = Reserved: Not set
1242 ...0 .... .... = Nonce: Not set
1243 .... 0... .... = Congestion Window Reduced (CWR): Not set
1244 .... .0.. .... = ECN-Echo: Not set
1245 .... ..0. .... = Urgent: Not set
1246 .... ...1 .... = Acknowledgment: Set
1247 .... .... 0... = Push: Not set
1248 .... .... .0.. = Reset: Not set
1249 .... .... ..1. = Syn: Set
1250 [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port ftp]
1251 [Message: Connection establish acknowledge (SYN+ACK): server port ftp]
1252 [Severity level: Chat]
1253 [Group: Sequence]
1254 .... .... ...0 = Fin: Not set
1255 Window size value: 65535
1256 [Calculated window size: 65535]
1257 Checksum: 0xa7d3 [validation disabled]
1258 [Good Checksum: False]
1259 [Bad Checksum: False]
1260 Options: (4 bytes), Maximum segment size
1261 Maximum segment size: 1460 bytes
1262 Kind: MSS size (2)
1263 Length: 4
1264 MSS Value: 1460
1265 [SEQ/ACK analysis]
1266 [This is an ACK to the segment in frame: 1159]
1267 [The RTT to ACK the segment was: 0.000214000 seconds]
1268
12690000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 00 .6.A.f.#......E.
12700010 00 2c e2 de 40 00 3b 06 a0 b0 0a f1 d1 c3 0a f1 .,..@.;.........
12710020 d4 97 00 15 86 a0 12 55 1f ba 66 9a 14 a7 60 12 .......U..f...`.
12720030 ff ff a7 d3 00 00 02 04 05 b4 00 00 ............
1273
1274No. Time Source Destination Protocol Length Info
1275 1161 42.424787000 10.241.212.151 10.241.209.195 TCP 54 34464 > ftp [ACK] Seq=1 Ack=1 Win=64240 Len=0
1276
1277Frame 1161: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
1278 Interface id: 0
1279 Encapsulation type: Ethernet (1)
1280 Arrival Time: Aug 17, 2015 07:53:50.777497000 Eastern Daylight Time
1281 [Time shift for this packet: 0.000000000 seconds]
1282 Epoch Time: 1439812430.777497000 seconds
1283 [Time delta from previous captured frame: 0.000054000 seconds]
1284 [Time delta from previous displayed frame: 0.000054000 seconds]
1285 [Time since reference or first frame: 42.424787000 seconds]
1286 Frame Number: 1161
1287 Frame Length: 54 bytes (432 bits)
1288 Capture Length: 54 bytes (432 bits)
1289 [Frame is marked: False]
1290 [Frame is ignored: False]
1291 [Protocols in frame: eth:ip:tcp]
1292 [Coloring Rule Name: Checksum Errors]
1293 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
1294Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1295 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1296 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1297 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1298 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1299 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1300 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1301 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1302 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1303 Type: IP (0x0800)
1304Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
1305 Version: 4
1306 Header length: 20 bytes
1307 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1308 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1309 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1310 Total Length: 40
1311 Identification: 0x6dd3 (28115)
1312 Flags: 0x02 (Don't Fragment)
1313 0... .... = Reserved bit: Not set
1314 .1.. .... = Don't fragment: Set
1315 ..0. .... = More fragments: Not set
1316 Fragment offset: 0
1317 Time to live: 128
1318 Protocol: TCP (6)
1319 Header checksum: 0x0000 [incorrect, should be 0xd0bf (may be caused by "IP checksum offload"?)]
1320 [Good: False]
1321 [Bad: True]
1322 [Expert Info (Error/Checksum): Bad checksum]
1323 [Message: Bad checksum]
1324 [Severity level: Error]
1325 [Group: Checksum]
1326 Source: 10.241.212.151 (10.241.212.151)
1327 Destination: 10.241.209.195 (10.241.209.195)
1328 [Source GeoIP: Unknown]
1329 [Destination GeoIP: Unknown]
1330Transmission Control Protocol, Src Port: 34464 (34464), Dst Port: ftp (21), Seq: 1, Ack: 1, Len: 0
1331 Source port: 34464 (34464)
1332 Destination port: ftp (21)
1333 [Stream index: 25]
1334 Sequence number: 1 (relative sequence number)
1335 Acknowledgment number: 1 (relative ack number)
1336 Header length: 20 bytes
1337 Flags: 0x010 (ACK)
1338 000. .... .... = Reserved: Not set
1339 ...0 .... .... = Nonce: Not set
1340 .... 0... .... = Congestion Window Reduced (CWR): Not set
1341 .... .0.. .... = ECN-Echo: Not set
1342 .... ..0. .... = Urgent: Not set
1343 .... ...1 .... = Acknowledgment: Set
1344 .... .... 0... = Push: Not set
1345 .... .... .0.. = Reset: Not set
1346 .... .... ..0. = Syn: Not set
1347 .... .... ...0 = Fin: Not set
1348 Window size value: 64240
1349 [Calculated window size: 64240]
1350 [Window size scaling factor: -2 (no window scaling used)]
1351 Checksum: 0xbc57 [validation disabled]
1352 [Good Checksum: False]
1353 [Bad Checksum: False]
1354 [SEQ/ACK analysis]
1355 [This is an ACK to the segment in frame: 1160]
1356 [The RTT to ACK the segment was: 0.000054000 seconds]
1357
13580000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
13590010 00 28 6d d3 40 00 80 06 00 00 0a f1 d4 97 0a f1 .(m.@...........
13600020 d1 c3 86 a0 00 15 66 9a 14 a7 12 55 1f bb 50 10 ......f....U..P.
13610030 fa f0 bc 57 00 00 ...W..
1362
1363No. Time Source Destination Protocol Length Info
1364 1162 42.435742000 10.241.209.195 10.241.212.151 FTP 125 Response: 220 bono FTP server (Version 4.2 Thu Apr 17 02:03:14 CDT 2008) ready.
1365
1366Frame 1162: 125 bytes on wire (1000 bits), 125 bytes captured (1000 bits) on interface 0
1367 Interface id: 0
1368 Encapsulation type: Ethernet (1)
1369 Arrival Time: Aug 17, 2015 07:53:50.788452000 Eastern Daylight Time
1370 [Time shift for this packet: 0.000000000 seconds]
1371 Epoch Time: 1439812430.788452000 seconds
1372 [Time delta from previous captured frame: 0.010955000 seconds]
1373 [Time delta from previous displayed frame: 0.010955000 seconds]
1374 [Time since reference or first frame: 42.435742000 seconds]
1375 Frame Number: 1162
1376 Frame Length: 125 bytes (1000 bits)
1377 Capture Length: 125 bytes (1000 bits)
1378 [Frame is marked: False]
1379 [Frame is ignored: False]
1380 [Protocols in frame: eth:ip:tcp:ftp]
1381 [Coloring Rule Name: TCP]
1382 [Coloring Rule String: tcp]
1383Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1384 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1385 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1386 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1387 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1388 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
1389 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
1390 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1391 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1392 Type: IP (0x0800)
1393Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
1394 Version: 4
1395 Header length: 20 bytes
1396 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1397 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
1398 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1399 Total Length: 111
1400 Identification: 0xe2e0 (58080)
1401 Flags: 0x02 (Don't Fragment)
1402 0... .... = Reserved bit: Not set
1403 .1.. .... = Don't fragment: Set
1404 ..0. .... = More fragments: Not set
1405 Fragment offset: 0
1406 Time to live: 59
1407 Protocol: TCP (6)
1408 Header checksum: 0xa05b [correct]
1409 [Good: True]
1410 [Bad: False]
1411 Source: 10.241.209.195 (10.241.209.195)
1412 Destination: 10.241.212.151 (10.241.212.151)
1413 [Source GeoIP: Unknown]
1414 [Destination GeoIP: Unknown]
1415Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34464 (34464), Seq: 1, Ack: 1, Len: 71
1416 Source port: ftp (21)
1417 Destination port: 34464 (34464)
1418 [Stream index: 25]
1419 Sequence number: 1 (relative sequence number)
1420 [Next sequence number: 72 (relative sequence number)]
1421 Acknowledgment number: 1 (relative ack number)
1422 Header length: 20 bytes
1423 Flags: 0x018 (PSH, ACK)
1424 000. .... .... = Reserved: Not set
1425 ...0 .... .... = Nonce: Not set
1426 .... 0... .... = Congestion Window Reduced (CWR): Not set
1427 .... .0.. .... = ECN-Echo: Not set
1428 .... ..0. .... = Urgent: Not set
1429 .... ...1 .... = Acknowledgment: Set
1430 .... .... 1... = Push: Set
1431 .... .... .0.. = Reset: Not set
1432 .... .... ..0. = Syn: Not set
1433 .... .... ...0 = Fin: Not set
1434 Window size value: 65535
1435 [Calculated window size: 65535]
1436 [Window size scaling factor: -2 (no window scaling used)]
1437 Checksum: 0x9aeb [validation disabled]
1438 [Good Checksum: False]
1439 [Bad Checksum: False]
1440 [SEQ/ACK analysis]
1441 [Bytes in flight: 71]
1442File Transfer Protocol (FTP)
1443 220 bono FTP server (Version 4.2 Thu Apr 17 02:03:14 CDT 2008) ready.\r\n
1444 Response code: Service ready for new user (220)
1445 Response arg: bono FTP server (Version 4.2 Thu Apr 17 02:03:14 CDT 2008) ready.
1446
14470000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
14480010 00 6f e2 e0 40 00 3b 06 a0 5b 0a f1 d1 c3 0a f1 .o..@.;..[......
14490020 d4 97 00 15 86 a0 12 55 1f bb 66 9a 14 a7 50 18 .......U..f...P.
14500030 ff ff 9a eb 00 00 32 32 30 20 62 6f 6e 6f 20 46 ......220 bono F
14510040 54 50 20 73 65 72 76 65 72 20 28 56 65 72 73 69 TP server (Versi
14520050 6f 6e 20 34 2e 32 20 54 68 75 20 41 70 72 20 31 on 4.2 Thu Apr 1
14530060 37 20 30 32 3a 30 33 3a 31 34 20 43 44 54 20 32 7 02:03:14 CDT 2
14540070 30 30 38 29 20 72 65 61 64 79 2e 0d 0a 008) ready...
1455
1456No. Time Source Destination Protocol Length Info
1457 1163 42.435873000 10.241.212.151 10.241.209.195 FTP 64 Request: AUTH TLS
1458
1459Frame 1163: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) on interface 0
1460 Interface id: 0
1461 Encapsulation type: Ethernet (1)
1462 Arrival Time: Aug 17, 2015 07:53:50.788583000 Eastern Daylight Time
1463 [Time shift for this packet: 0.000000000 seconds]
1464 Epoch Time: 1439812430.788583000 seconds
1465 [Time delta from previous captured frame: 0.000131000 seconds]
1466 [Time delta from previous displayed frame: 0.000131000 seconds]
1467 [Time since reference or first frame: 42.435873000 seconds]
1468 Frame Number: 1163
1469 Frame Length: 64 bytes (512 bits)
1470 Capture Length: 64 bytes (512 bits)
1471 [Frame is marked: False]
1472 [Frame is ignored: False]
1473 [Protocols in frame: eth:ip:tcp:ftp]
1474 [Coloring Rule Name: Checksum Errors]
1475 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
1476Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1477 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1478 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1479 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1480 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1481 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1482 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1483 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1484 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1485 Type: IP (0x0800)
1486Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
1487 Version: 4
1488 Header length: 20 bytes
1489 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1490 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1491 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1492 Total Length: 50
1493 Identification: 0x6dd4 (28116)
1494 Flags: 0x02 (Don't Fragment)
1495 0... .... = Reserved bit: Not set
1496 .1.. .... = Don't fragment: Set
1497 ..0. .... = More fragments: Not set
1498 Fragment offset: 0
1499 Time to live: 128
1500 Protocol: TCP (6)
1501 Header checksum: 0x0000 [incorrect, should be 0xd0b4 (may be caused by "IP checksum offload"?)]
1502 [Good: False]
1503 [Bad: True]
1504 [Expert Info (Error/Checksum): Bad checksum]
1505 [Message: Bad checksum]
1506 [Severity level: Error]
1507 [Group: Checksum]
1508 Source: 10.241.212.151 (10.241.212.151)
1509 Destination: 10.241.209.195 (10.241.209.195)
1510 [Source GeoIP: Unknown]
1511 [Destination GeoIP: Unknown]
1512Transmission Control Protocol, Src Port: 34464 (34464), Dst Port: ftp (21), Seq: 1, Ack: 72, Len: 10
1513 Source port: 34464 (34464)
1514 Destination port: ftp (21)
1515 [Stream index: 25]
1516 Sequence number: 1 (relative sequence number)
1517 [Next sequence number: 11 (relative sequence number)]
1518 Acknowledgment number: 72 (relative ack number)
1519 Header length: 20 bytes
1520 Flags: 0x018 (PSH, ACK)
1521 000. .... .... = Reserved: Not set
1522 ...0 .... .... = Nonce: Not set
1523 .... 0... .... = Congestion Window Reduced (CWR): Not set
1524 .... .0.. .... = ECN-Echo: Not set
1525 .... ..0. .... = Urgent: Not set
1526 .... ...1 .... = Acknowledgment: Set
1527 .... .... 1... = Push: Set
1528 .... .... .0.. = Reset: Not set
1529 .... .... ..0. = Syn: Not set
1530 .... .... ...0 = Fin: Not set
1531 Window size value: 64169
1532 [Calculated window size: 64169]
1533 [Window size scaling factor: -2 (no window scaling used)]
1534 Checksum: 0xbc61 [validation disabled]
1535 [Good Checksum: False]
1536 [Bad Checksum: False]
1537 [SEQ/ACK analysis]
1538 [This is an ACK to the segment in frame: 1162]
1539 [The RTT to ACK the segment was: 0.000131000 seconds]
1540 [Bytes in flight: 10]
1541File Transfer Protocol (FTP)
1542 AUTH TLS\r\n
1543 Request command: AUTH
1544 Request arg: TLS
1545
15460000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
15470010 00 32 6d d4 40 00 80 06 00 00 0a f1 d4 97 0a f1 .2m.@...........
15480020 d1 c3 86 a0 00 15 66 9a 14 a7 12 55 20 02 50 18 ......f....U .P.
15490030 fa a9 bc 61 00 00 41 55 54 48 20 54 4c 53 0d 0a ...a..AUTH TLS..
1550
1551No. Time Source Destination Protocol Length Info
1552 1164 42.448129000 10.241.209.195 10.241.212.151 FTP 91 Response: 234 Using authentication type TLSv1
1553
1554Frame 1164: 91 bytes on wire (728 bits), 91 bytes captured (728 bits) on interface 0
1555 Interface id: 0
1556 Encapsulation type: Ethernet (1)
1557 Arrival Time: Aug 17, 2015 07:53:50.800839000 Eastern Daylight Time
1558 [Time shift for this packet: 0.000000000 seconds]
1559 Epoch Time: 1439812430.800839000 seconds
1560 [Time delta from previous captured frame: 0.012256000 seconds]
1561 [Time delta from previous displayed frame: 0.012256000 seconds]
1562 [Time since reference or first frame: 42.448129000 seconds]
1563 Frame Number: 1164
1564 Frame Length: 91 bytes (728 bits)
1565 Capture Length: 91 bytes (728 bits)
1566 [Frame is marked: False]
1567 [Frame is ignored: False]
1568 [Protocols in frame: eth:ip:tcp:ftp]
1569 [Coloring Rule Name: TCP]
1570 [Coloring Rule String: tcp]
1571Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1572 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1573 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1574 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1575 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1576 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
1577 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
1578 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1579 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1580 Type: IP (0x0800)
1581Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
1582 Version: 4
1583 Header length: 20 bytes
1584 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1585 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
1586 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1587 Total Length: 77
1588 Identification: 0xe2e1 (58081)
1589 Flags: 0x02 (Don't Fragment)
1590 0... .... = Reserved bit: Not set
1591 .1.. .... = Don't fragment: Set
1592 ..0. .... = More fragments: Not set
1593 Fragment offset: 0
1594 Time to live: 59
1595 Protocol: TCP (6)
1596 Header checksum: 0xa07c [correct]
1597 [Good: True]
1598 [Bad: False]
1599 Source: 10.241.209.195 (10.241.209.195)
1600 Destination: 10.241.212.151 (10.241.212.151)
1601 [Source GeoIP: Unknown]
1602 [Destination GeoIP: Unknown]
1603Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34464 (34464), Seq: 72, Ack: 11, Len: 37
1604 Source port: ftp (21)
1605 Destination port: 34464 (34464)
1606 [Stream index: 25]
1607 Sequence number: 72 (relative sequence number)
1608 [Next sequence number: 109 (relative sequence number)]
1609 Acknowledgment number: 11 (relative ack number)
1610 Header length: 20 bytes
1611 Flags: 0x018 (PSH, ACK)
1612 000. .... .... = Reserved: Not set
1613 ...0 .... .... = Nonce: Not set
1614 .... 0... .... = Congestion Window Reduced (CWR): Not set
1615 .... .0.. .... = ECN-Echo: Not set
1616 .... ..0. .... = Urgent: Not set
1617 .... ...1 .... = Acknowledgment: Set
1618 .... .... 1... = Push: Set
1619 .... .... .0.. = Reset: Not set
1620 .... .... ..0. = Syn: Not set
1621 .... .... ...0 = Fin: Not set
1622 Window size value: 65535
1623 [Calculated window size: 65535]
1624 [Window size scaling factor: -2 (no window scaling used)]
1625 Checksum: 0x59f9 [validation disabled]
1626 [Good Checksum: False]
1627 [Bad Checksum: False]
1628 [SEQ/ACK analysis]
1629 [This is an ACK to the segment in frame: 1163]
1630 [The RTT to ACK the segment was: 0.012256000 seconds]
1631 [Bytes in flight: 37]
1632File Transfer Protocol (FTP)
1633 234 Using authentication type TLSv1\r\n
1634 Response code: Security data exchange complete (234)
1635 Response arg: Using authentication type TLSv1
1636
16370000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
16380010 00 4d e2 e1 40 00 3b 06 a0 7c 0a f1 d1 c3 0a f1 .M..@.;..|......
16390020 d4 97 00 15 86 a0 12 55 20 02 66 9a 14 b1 50 18 .......U .f...P.
16400030 ff ff 59 f9 00 00 32 33 34 20 55 73 69 6e 67 20 ..Y...234 Using
16410040 61 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 74 authentication t
16420050 79 70 65 20 54 4c 53 76 31 0d 0a ype TLSv1..
1643
1644No. Time Source Destination Protocol Length Info
1645 1165 42.448510000 10.241.212.151 10.241.209.195 FTP 274 Request: \026\003\001\000\327\001\000\000\323\003\003U\321\313\201~\333\037wo\025\243\026\370s\303\v\371\212x\301\307;\351\352\254\326\023\242\353F\324|\000\000d\300,\300\207\300$\300
1646
1647Frame 1165: 274 bytes on wire (2192 bits), 274 bytes captured (2192 bits) on interface 0
1648 Interface id: 0
1649 Encapsulation type: Ethernet (1)
1650 Arrival Time: Aug 17, 2015 07:53:50.801220000 Eastern Daylight Time
1651 [Time shift for this packet: 0.000000000 seconds]
1652 Epoch Time: 1439812430.801220000 seconds
1653 [Time delta from previous captured frame: 0.000381000 seconds]
1654 [Time delta from previous displayed frame: 0.000381000 seconds]
1655 [Time since reference or first frame: 42.448510000 seconds]
1656 Frame Number: 1165
1657 Frame Length: 274 bytes (2192 bits)
1658 Capture Length: 274 bytes (2192 bits)
1659 [Frame is marked: False]
1660 [Frame is ignored: False]
1661 [Protocols in frame: eth:ip:tcp:ftp]
1662 [Coloring Rule Name: Checksum Errors]
1663 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
1664Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1665 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1666 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
1667 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1668 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1669 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1670 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1671 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1672 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1673 Type: IP (0x0800)
1674Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
1675 Version: 4
1676 Header length: 20 bytes
1677 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1678 0000 00.. = Differentiated Services Codepoint: Default (0x00)
1679 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1680 Total Length: 260
1681 Identification: 0x6dd5 (28117)
1682 Flags: 0x02 (Don't Fragment)
1683 0... .... = Reserved bit: Not set
1684 .1.. .... = Don't fragment: Set
1685 ..0. .... = More fragments: Not set
1686 Fragment offset: 0
1687 Time to live: 128
1688 Protocol: TCP (6)
1689 Header checksum: 0x0000 [incorrect, should be 0xcfe1 (may be caused by "IP checksum offload"?)]
1690 [Good: False]
1691 [Bad: True]
1692 [Expert Info (Error/Checksum): Bad checksum]
1693 [Message: Bad checksum]
1694 [Severity level: Error]
1695 [Group: Checksum]
1696 Source: 10.241.212.151 (10.241.212.151)
1697 Destination: 10.241.209.195 (10.241.209.195)
1698 [Source GeoIP: Unknown]
1699 [Destination GeoIP: Unknown]
1700Transmission Control Protocol, Src Port: 34464 (34464), Dst Port: ftp (21), Seq: 11, Ack: 109, Len: 220
1701 Source port: 34464 (34464)
1702 Destination port: ftp (21)
1703 [Stream index: 25]
1704 Sequence number: 11 (relative sequence number)
1705 [Next sequence number: 231 (relative sequence number)]
1706 Acknowledgment number: 109 (relative ack number)
1707 Header length: 20 bytes
1708 Flags: 0x018 (PSH, ACK)
1709 000. .... .... = Reserved: Not set
1710 ...0 .... .... = Nonce: Not set
1711 .... 0... .... = Congestion Window Reduced (CWR): Not set
1712 .... .0.. .... = ECN-Echo: Not set
1713 .... ..0. .... = Urgent: Not set
1714 .... ...1 .... = Acknowledgment: Set
1715 .... .... 1... = Push: Set
1716 .... .... .0.. = Reset: Not set
1717 .... .... ..0. = Syn: Not set
1718 .... .... ...0 = Fin: Not set
1719 Window size value: 64132
1720 [Calculated window size: 64132]
1721 [Window size scaling factor: -2 (no window scaling used)]
1722 Checksum: 0xbd33 [validation disabled]
1723 [Good Checksum: False]
1724 [Bad Checksum: False]
1725 [SEQ/ACK analysis]
1726 [This is an ACK to the segment in frame: 1164]
1727 [The RTT to ACK the segment was: 0.000381000 seconds]
1728 [Bytes in flight: 220]
1729File Transfer Protocol (FTP)
1730 \026\003\001\000\327\001\000\000\323\003\003U\321\313\201~\333\037wo\025\243\026\370s\303\v\371\212x\301\307;\351\352\254\326\023\242\353F\324|\000\000d\300,\300\207\300$\300\n
1731 Request command: \026\003\001
1732 [truncated] \300s\300\255\300+\300\206\300#\300\t\300r\300\254\3000\300\213\300(\300\024\300w\300/\300\212\300'\300\023\300v\000\235\300{\000=\0005\000\300\000\204\300\235\000\234\300z\000<\000/\000\272\000A\300\234\000\237\300}\000k\0009\
1733 \000\b\000\006\000\030\000\031\000\027\000\v\000\002\001\000\000\r
1734 \000\026\000\024\005\001\005\003\006\001\006\003\004\001\004\003\003\001\003\003\002\001\002\003
1735
17360000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
17370010 01 04 6d d5 40 00 80 06 00 00 0a f1 d4 97 0a f1 ..m.@...........
17380020 d1 c3 86 a0 00 15 66 9a 14 b1 12 55 20 27 50 18 ......f....U 'P.
17390030 fa 84 bd 33 00 00 16 03 01 00 d7 01 00 00 d3 03 ...3............
17400040 03 55 d1 cb 81 7e db 1f 77 6f 15 a3 16 f8 73 c3 .U...~..wo....s.
17410050 0b f9 8a 78 c1 c7 3b e9 ea ac d6 13 a2 eb 46 d4 ...x..;.......F.
17420060 7c 00 00 64 c0 2c c0 87 c0 24 c0 0a c0 73 c0 ad |..d.,...$...s..
17430070 c0 2b c0 86 c0 23 c0 09 c0 72 c0 ac c0 30 c0 8b .+...#...r...0..
17440080 c0 28 c0 14 c0 77 c0 2f c0 8a c0 27 c0 13 c0 76 .(...w./...'...v
17450090 00 9d c0 7b 00 3d 00 35 00 c0 00 84 c0 9d 00 9c ...{.=.5........
174600a0 c0 7a 00 3c 00 2f 00 ba 00 41 c0 9c 00 9f c0 7d .z.<./...A.....}
174700b0 00 6b 00 39 00 c4 00 88 c0 9f 00 9e c0 7c 00 67 .k.9.........|.g
174800c0 00 33 00 be 00 45 c0 9e 01 00 00 46 00 17 00 00 .3...E.....F....
174900d0 00 16 00 00 00 05 00 05 01 00 00 00 00 ff 01 00 ................
175000e0 01 00 00 23 00 00 00 0a 00 08 00 06 00 18 00 19 ...#............
175100f0 00 17 00 0b 00 02 01 00 00 0d 00 16 00 14 05 01 ................
17520100 05 03 06 01 06 03 04 01 04 03 03 01 03 03 02 01 ................
17530110 02 03 ..
1754
1755No. Time Source Destination Protocol Length Info
1756 1166 42.458744000 10.241.209.195 10.241.212.151 TCP 60 ftp > 34464 [ACK] Seq=109 Ack=231 Win=65480 Len=0
1757
1758Frame 1166: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
1759 Interface id: 0
1760 Encapsulation type: Ethernet (1)
1761 Arrival Time: Aug 17, 2015 07:53:50.811454000 Eastern Daylight Time
1762 [Time shift for this packet: 0.000000000 seconds]
1763 Epoch Time: 1439812430.811454000 seconds
1764 [Time delta from previous captured frame: 0.010234000 seconds]
1765 [Time delta from previous displayed frame: 0.010234000 seconds]
1766 [Time since reference or first frame: 42.458744000 seconds]
1767 Frame Number: 1166
1768 Frame Length: 60 bytes (480 bits)
1769 Capture Length: 60 bytes (480 bits)
1770 [Frame is marked: False]
1771 [Frame is ignored: False]
1772 [Protocols in frame: eth:ip:tcp]
1773 [Coloring Rule Name: TCP]
1774 [Coloring Rule String: tcp]
1775Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1776 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1777 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1778 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1779 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1780 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
1781 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
1782 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1783 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1784 Type: IP (0x0800)
1785 Padding: 000000000000
1786Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
1787 Version: 4
1788 Header length: 20 bytes
1789 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1790 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
1791 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1792 Total Length: 40
1793 Identification: 0xe2e2 (58082)
1794 Flags: 0x02 (Don't Fragment)
1795 0... .... = Reserved bit: Not set
1796 .1.. .... = Don't fragment: Set
1797 ..0. .... = More fragments: Not set
1798 Fragment offset: 0
1799 Time to live: 59
1800 Protocol: TCP (6)
1801 Header checksum: 0xa0a0 [correct]
1802 [Good: True]
1803 [Bad: False]
1804 Source: 10.241.209.195 (10.241.209.195)
1805 Destination: 10.241.212.151 (10.241.212.151)
1806 [Source GeoIP: Unknown]
1807 [Destination GeoIP: Unknown]
1808Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34464 (34464), Seq: 109, Ack: 231, Len: 0
1809 Source port: ftp (21)
1810 Destination port: 34464 (34464)
1811 [Stream index: 25]
1812 Sequence number: 109 (relative sequence number)
1813 Acknowledgment number: 231 (relative ack number)
1814 Header length: 20 bytes
1815 Flags: 0x010 (ACK)
1816 000. .... .... = Reserved: Not set
1817 ...0 .... .... = Nonce: Not set
1818 .... 0... .... = Congestion Window Reduced (CWR): Not set
1819 .... .0.. .... = ECN-Echo: Not set
1820 .... ..0. .... = Urgent: Not set
1821 .... ...1 .... = Acknowledgment: Set
1822 .... .... 0... = Push: Not set
1823 .... .... .0.. = Reset: Not set
1824 .... .... ..0. = Syn: Not set
1825 .... .... ...0 = Fin: Not set
1826 Window size value: 65480
1827 [Calculated window size: 65480]
1828 [Window size scaling factor: -2 (no window scaling used)]
1829 Checksum: 0xbe75 [validation disabled]
1830 [Good Checksum: False]
1831 [Bad Checksum: False]
1832 [SEQ/ACK analysis]
1833 [This is an ACK to the segment in frame: 1165]
1834 [The RTT to ACK the segment was: 0.010234000 seconds]
1835
18360000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
18370010 00 28 e2 e2 40 00 3b 06 a0 a0 0a f1 d1 c3 0a f1 .(..@.;.........
18380020 d4 97 00 15 86 a0 12 55 20 27 66 9a 15 8d 50 10 .......U 'f...P.
18390030 ff c8 be 75 00 00 00 00 00 00 00 00 ...u........
1840
1841No. Time Source Destination Protocol Length Info
1842 1167 42.464980000 10.241.209.195 10.241.212.151 FTP 141 Response: 421 TLS negotiation failed during the TLS handshake. Server is closing the connection
1843
1844Frame 1167: 141 bytes on wire (1128 bits), 141 bytes captured (1128 bits) on interface 0
1845 Interface id: 0
1846 Encapsulation type: Ethernet (1)
1847 Arrival Time: Aug 17, 2015 07:53:50.817690000 Eastern Daylight Time
1848 [Time shift for this packet: 0.000000000 seconds]
1849 Epoch Time: 1439812430.817690000 seconds
1850 [Time delta from previous captured frame: 0.006236000 seconds]
1851 [Time delta from previous displayed frame: 0.006236000 seconds]
1852 [Time since reference or first frame: 42.464980000 seconds]
1853 Frame Number: 1167
1854 Frame Length: 141 bytes (1128 bits)
1855 Capture Length: 141 bytes (1128 bits)
1856 [Frame is marked: False]
1857 [Frame is ignored: False]
1858 [Protocols in frame: eth:ip:tcp:ftp]
1859 [Coloring Rule Name: TCP]
1860 [Coloring Rule String: tcp]
1861Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1862 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1863 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1864 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1865 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1866 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
1867 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
1868 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1869 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1870 Type: IP (0x0800)
1871Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
1872 Version: 4
1873 Header length: 20 bytes
1874 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1875 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
1876 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1877 Total Length: 127
1878 Identification: 0xe2e3 (58083)
1879 Flags: 0x02 (Don't Fragment)
1880 0... .... = Reserved bit: Not set
1881 .1.. .... = Don't fragment: Set
1882 ..0. .... = More fragments: Not set
1883 Fragment offset: 0
1884 Time to live: 59
1885 Protocol: TCP (6)
1886 Header checksum: 0xa048 [correct]
1887 [Good: True]
1888 [Bad: False]
1889 Source: 10.241.209.195 (10.241.209.195)
1890 Destination: 10.241.212.151 (10.241.212.151)
1891 [Source GeoIP: Unknown]
1892 [Destination GeoIP: Unknown]
1893Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34464 (34464), Seq: 109, Ack: 231, Len: 87
1894 Source port: ftp (21)
1895 Destination port: 34464 (34464)
1896 [Stream index: 25]
1897 Sequence number: 109 (relative sequence number)
1898 [Next sequence number: 196 (relative sequence number)]
1899 Acknowledgment number: 231 (relative ack number)
1900 Header length: 20 bytes
1901 Flags: 0x018 (PSH, ACK)
1902 000. .... .... = Reserved: Not set
1903 ...0 .... .... = Nonce: Not set
1904 .... 0... .... = Congestion Window Reduced (CWR): Not set
1905 .... .0.. .... = ECN-Echo: Not set
1906 .... ..0. .... = Urgent: Not set
1907 .... ...1 .... = Acknowledgment: Set
1908 .... .... 1... = Push: Set
1909 .... .... .0.. = Reset: Not set
1910 .... .... ..0. = Syn: Not set
1911 .... .... ...0 = Fin: Not set
1912 Window size value: 65480
1913 [Calculated window size: 65480]
1914 [Window size scaling factor: -2 (no window scaling used)]
1915 Checksum: 0xee5b [validation disabled]
1916 [Good Checksum: False]
1917 [Bad Checksum: False]
1918 [SEQ/ACK analysis]
1919 [Bytes in flight: 87]
1920File Transfer Protocol (FTP)
1921 421 TLS negotiation failed during the TLS handshake. Server is closing the connection\r\n
1922 Response code: Service not available, closing control connection (421)
1923 Response arg: TLS negotiation failed during the TLS handshake. Server is closing the connection
1924
19250000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
19260010 00 7f e2 e3 40 00 3b 06 a0 48 0a f1 d1 c3 0a f1 ....@.;..H......
19270020 d4 97 00 15 86 a0 12 55 20 27 66 9a 15 8d 50 18 .......U 'f...P.
19280030 ff c8 ee 5b 00 00 34 32 31 20 54 4c 53 20 6e 65 ...[..421 TLS ne
19290040 67 6f 74 69 61 74 69 6f 6e 20 66 61 69 6c 65 64 gotiation failed
19300050 20 64 75 72 69 6e 67 20 74 68 65 20 54 4c 53 20 during the TLS
19310060 68 61 6e 64 73 68 61 6b 65 2e 20 53 65 72 76 65 handshake. Serve
19320070 72 20 69 73 20 63 6c 6f 73 69 6e 67 20 74 68 65 r is closing the
19330080 20 63 6f 6e 6e 65 63 74 69 6f 6e 0d 0a connection..
1934
1935No. Time Source Destination Protocol Length Info
1936 1168 42.465079000 10.241.209.195 10.241.212.151 TCP 60 ftp > 34464 [FIN, ACK] Seq=196 Ack=231 Win=65535 Len=0
1937
1938Frame 1168: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
1939 Interface id: 0
1940 Encapsulation type: Ethernet (1)
1941 Arrival Time: Aug 17, 2015 07:53:50.817789000 Eastern Daylight Time
1942 [Time shift for this packet: 0.000000000 seconds]
1943 Epoch Time: 1439812430.817789000 seconds
1944 [Time delta from previous captured frame: 0.000099000 seconds]
1945 [Time delta from previous displayed frame: 0.000099000 seconds]
1946 [Time since reference or first frame: 42.465079000 seconds]
1947 Frame Number: 1168
1948 Frame Length: 60 bytes (480 bits)
1949 Capture Length: 60 bytes (480 bits)
1950 [Frame is marked: False]
1951 [Frame is ignored: False]
1952 [Protocols in frame: eth:ip:tcp]
1953 [Coloring Rule Name: TCP SYN/FIN]
1954 [Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
1955Ethernet II, Src: Cisco_88:04:00 (00:23:ac:88:04:00), Dst: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1956 Destination: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1957 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
1958 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1959 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1960 Source: Cisco_88:04:00 (00:23:ac:88:04:00)
1961 Address: Cisco_88:04:00 (00:23:ac:88:04:00)
1962 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
1963 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
1964 Type: IP (0x0800)
1965 Padding: 000000000000
1966Internet Protocol Version 4, Src: 10.241.209.195 (10.241.209.195), Dst: 10.241.212.151 (10.241.212.151)
1967 Version: 4
1968 Header length: 20 bytes
1969 Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1970 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
1971 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
1972 Total Length: 40
1973 Identification: 0xe2e4 (58084)
1974 Flags: 0x02 (Don't Fragment)
1975 0... .... = Reserved bit: Not set
1976 .1.. .... = Don't fragment: Set
1977 ..0. .... = More fragments: Not set
1978 Fragment offset: 0
1979 Time to live: 59
1980 Protocol: TCP (6)
1981 Header checksum: 0xa09e [correct]
1982 [Good: True]
1983 [Bad: False]
1984 Source: 10.241.209.195 (10.241.209.195)
1985 Destination: 10.241.212.151 (10.241.212.151)
1986 [Source GeoIP: Unknown]
1987 [Destination GeoIP: Unknown]
1988Transmission Control Protocol, Src Port: ftp (21), Dst Port: 34464 (34464), Seq: 196, Ack: 231, Len: 0
1989 Source port: ftp (21)
1990 Destination port: 34464 (34464)
1991 [Stream index: 25]
1992 Sequence number: 196 (relative sequence number)
1993 Acknowledgment number: 231 (relative ack number)
1994 Header length: 20 bytes
1995 Flags: 0x011 (FIN, ACK)
1996 000. .... .... = Reserved: Not set
1997 ...0 .... .... = Nonce: Not set
1998 .... 0... .... = Congestion Window Reduced (CWR): Not set
1999 .... .0.. .... = ECN-Echo: Not set
2000 .... ..0. .... = Urgent: Not set
2001 .... ...1 .... = Acknowledgment: Set
2002 .... .... 0... = Push: Not set
2003 .... .... .0.. = Reset: Not set
2004 .... .... ..0. = Syn: Not set
2005 .... .... ...1 = Fin: Set
2006 [Expert Info (Chat/Sequence): Connection finish (FIN)]
2007 [Message: Connection finish (FIN)]
2008 [Severity level: Chat]
2009 [Group: Sequence]
2010 Window size value: 65535
2011 [Calculated window size: 65535]
2012 [Window size scaling factor: -2 (no window scaling used)]
2013 Checksum: 0xbde6 [validation disabled]
2014 [Good Checksum: False]
2015 [Bad Checksum: False]
2016
20170000 a0 36 9f 41 cf 66 00 23 ac 88 04 00 08 00 45 10 .6.A.f.#......E.
20180010 00 28 e2 e4 40 00 3b 06 a0 9e 0a f1 d1 c3 0a f1 .(..@.;.........
20190020 d4 97 00 15 86 a0 12 55 20 7e 66 9a 15 8d 50 11 .......U ~f...P.
20200030 ff ff bd e6 00 00 00 00 00 00 00 00 ............
2021
2022No. Time Source Destination Protocol Length Info
2023 1169 42.465105000 10.241.212.151 10.241.209.195 TCP 54 34464 > ftp [ACK] Seq=231 Ack=197 Win=64045 Len=0
2024
2025Frame 1169: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
2026 Interface id: 0
2027 Encapsulation type: Ethernet (1)
2028 Arrival Time: Aug 17, 2015 07:53:50.817815000 Eastern Daylight Time
2029 [Time shift for this packet: 0.000000000 seconds]
2030 Epoch Time: 1439812430.817815000 seconds
2031 [Time delta from previous captured frame: 0.000026000 seconds]
2032 [Time delta from previous displayed frame: 0.000026000 seconds]
2033 [Time since reference or first frame: 42.465105000 seconds]
2034 Frame Number: 1169
2035 Frame Length: 54 bytes (432 bits)
2036 Capture Length: 54 bytes (432 bits)
2037 [Frame is marked: False]
2038 [Frame is ignored: False]
2039 [Protocols in frame: eth:ip:tcp]
2040 [Coloring Rule Name: Checksum Errors]
2041 [Coloring Rule String: eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1]
2042Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2043 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2044 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2045 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2046 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2047 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2048 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2049 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2050 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2051 Type: IP (0x0800)
2052Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
2053 Version: 4
2054 Header length: 20 bytes
2055 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
2056 0000 00.. = Differentiated Services Codepoint: Default (0x00)
2057 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
2058 Total Length: 40
2059 Identification: 0x6dd6 (28118)
2060 Flags: 0x02 (Don't Fragment)
2061 0... .... = Reserved bit: Not set
2062 .1.. .... = Don't fragment: Set
2063 ..0. .... = More fragments: Not set
2064 Fragment offset: 0
2065 Time to live: 128
2066 Protocol: TCP (6)
2067 Header checksum: 0x0000 [incorrect, should be 0xd0bc (may be caused by "IP checksum offload"?)]
2068 [Good: False]
2069 [Bad: True]
2070 [Expert Info (Error/Checksum): Bad checksum]
2071 [Message: Bad checksum]
2072 [Severity level: Error]
2073 [Group: Checksum]
2074 Source: 10.241.212.151 (10.241.212.151)
2075 Destination: 10.241.209.195 (10.241.209.195)
2076 [Source GeoIP: Unknown]
2077 [Destination GeoIP: Unknown]
2078Transmission Control Protocol, Src Port: 34464 (34464), Dst Port: ftp (21), Seq: 231, Ack: 197, Len: 0
2079 Source port: 34464 (34464)
2080 Destination port: ftp (21)
2081 [Stream index: 25]
2082 Sequence number: 231 (relative sequence number)
2083 Acknowledgment number: 197 (relative ack number)
2084 Header length: 20 bytes
2085 Flags: 0x010 (ACK)
2086 000. .... .... = Reserved: Not set
2087 ...0 .... .... = Nonce: Not set
2088 .... 0... .... = Congestion Window Reduced (CWR): Not set
2089 .... .0.. .... = ECN-Echo: Not set
2090 .... ..0. .... = Urgent: Not set
2091 .... ...1 .... = Acknowledgment: Set
2092 .... .... 0... = Push: Not set
2093 .... .... .0.. = Reset: Not set
2094 .... .... ..0. = Syn: Not set
2095 .... .... ...0 = Fin: Not set
2096 Window size value: 64045
2097 [Calculated window size: 64045]
2098 [Window size scaling factor: -2 (no window scaling used)]
2099 Checksum: 0xbc57 [validation disabled]
2100 [Good Checksum: False]
2101 [Bad Checksum: False]
2102 [SEQ/ACK analysis]
2103 [This is an ACK to the segment in frame: 1168]
2104 [The RTT to ACK the segment was: 0.000026000 seconds]
2105
21060000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
21070010 00 28 6d d6 40 00 80 06 00 00 0a f1 d4 97 0a f1 .(m.@...........
21080020 d1 c3 86 a0 00 15 66 9a 15 8d 12 55 20 7f 50 10 ......f....U .P.
21090030 fa 2d bc 57 00 00 .-.W..
2110
2111No. Time Source Destination Protocol Length Info
2112 1170 42.465169000 10.241.212.151 10.241.209.195 TCP 54 34464 > ftp [RST, ACK] Seq=231 Ack=197 Win=0 Len=0
2113
2114Frame 1170: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
2115 Interface id: 0
2116 Encapsulation type: Ethernet (1)
2117 Arrival Time: Aug 17, 2015 07:53:50.817879000 Eastern Daylight Time
2118 [Time shift for this packet: 0.000000000 seconds]
2119 Epoch Time: 1439812430.817879000 seconds
2120 [Time delta from previous captured frame: 0.000064000 seconds]
2121 [Time delta from previous displayed frame: 0.000064000 seconds]
2122 [Time since reference or first frame: 42.465169000 seconds]
2123 Frame Number: 1170
2124 Frame Length: 54 bytes (432 bits)
2125 Capture Length: 54 bytes (432 bits)
2126 [Frame is marked: False]
2127 [Frame is ignored: False]
2128 [Protocols in frame: eth:ip:tcp]
2129 [Coloring Rule Name: TCP RST]
2130 [Coloring Rule String: tcp.flags.reset eq 1]
2131Ethernet II, Src: IntelCor_41:cf:66 (a0:36:9f:41:cf:66), Dst: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2132 Destination: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2133 Address: All-HSRP-routers_01 (00:00:0c:07:ac:01)
2134 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2135 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2136 Source: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2137 Address: IntelCor_41:cf:66 (a0:36:9f:41:cf:66)
2138 .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
2139 .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
2140 Type: IP (0x0800)
2141Internet Protocol Version 4, Src: 10.241.212.151 (10.241.212.151), Dst: 10.241.209.195 (10.241.209.195)
2142 Version: 4
2143 Header length: 20 bytes
2144 Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
2145 0000 00.. = Differentiated Services Codepoint: Default (0x00)
2146 .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
2147 Total Length: 40
2148 Identification: 0x6dd7 (28119)
2149 Flags: 0x02 (Don't Fragment)
2150 0... .... = Reserved bit: Not set
2151 .1.. .... = Don't fragment: Set
2152 ..0. .... = More fragments: Not set
2153 Fragment offset: 0
2154 Time to live: 128
2155 Protocol: TCP (6)
2156 Header checksum: 0x0000 [incorrect, should be 0xd0bb (may be caused by "IP checksum offload"?)]
2157 [Good: False]
2158 [Bad: True]
2159 [Expert Info (Error/Checksum): Bad checksum]
2160 [Message: Bad checksum]
2161 [Severity level: Error]
2162 [Group: Checksum]
2163 Source: 10.241.212.151 (10.241.212.151)
2164 Destination: 10.241.209.195 (10.241.209.195)
2165 [Source GeoIP: Unknown]
2166 [Destination GeoIP: Unknown]
2167Transmission Control Protocol, Src Port: 34464 (34464), Dst Port: ftp (21), Seq: 231, Ack: 197, Len: 0
2168 Source port: 34464 (34464)
2169 Destination port: ftp (21)
2170 [Stream index: 25]
2171 Sequence number: 231 (relative sequence number)
2172 Acknowledgment number: 197 (relative ack number)
2173 Header length: 20 bytes
2174 Flags: 0x014 (RST, ACK)
2175 000. .... .... = Reserved: Not set
2176 ...0 .... .... = Nonce: Not set
2177 .... 0... .... = Congestion Window Reduced (CWR): Not set
2178 .... .0.. .... = ECN-Echo: Not set
2179 .... ..0. .... = Urgent: Not set
2180 .... ...1 .... = Acknowledgment: Set
2181 .... .... 0... = Push: Not set
2182 .... .... .1.. = Reset: Set
2183 [Expert Info (Chat/Sequence): Connection reset (RST)]
2184 [Message: Connection reset (RST)]
2185 [Severity level: Chat]
2186 [Group: Sequence]
2187 .... .... ..0. = Syn: Not set
2188 .... .... ...0 = Fin: Not set
2189 Window size value: 0
2190 [Calculated window size: 0]
2191 [Window size scaling factor: -2 (no window scaling used)]
2192 Checksum: 0xbc57 [validation disabled]
2193 [Good Checksum: False]
2194 [Bad Checksum: False]
2195
21960000 00 00 0c 07 ac 01 a0 36 9f 41 cf 66 08 00 45 00 .......6.A.f..E.
21970010 00 28 6d d7 40 00 80 06 00 00 0a f1 d4 97 0a f1 .(m.@...........
21980020 d1 c3 86 a0 00 15 66 9a 15 8d 12 55 20 7f 50 14 ......f....U .P.
21990030 00 00 bc 57 00 00 ...W..