Wireshark-users: Re: [Wireshark-users] Need Help Reading Capture
From: Chris Arnold <carnold@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 12 Feb 2013 15:26:25 -0500 (EST)
Hi Tom,
Thanks for the reply. Here is the complete capture from the host ip. This is coming from the internet 8.25.xx.xx to the sonicwall which forwards to 192.168.123.3 (this is an apache proxypass) then sends to 192.168.123.4. This was run on 192.168.123.3 (apache proxypass):
No. Time Source Destination Protocol Info
1 0.000000 8.25.230.32 192.168.123.3 TCP 49283 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1332 WS=8 SACK_PERM=1
No. Time Source Destination Protocol Info
2 0.000037 192.168.123.3 8.25.230.32 TCP https > 49283 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=6
No. Time Source Destination Protocol Info
5 0.033425 192.168.123.3 8.25.230.32 TCP https > 49283 [ACK] Seq=1 Ack=149 Win=15680 Len=0
No. Time Source Destination Protocol Info
6 0.034169 192.168.123.3 8.25.230.32 TLSv1 Server Hello, Certificate, Server Hello Done
No. Time Source Destination Protocol Info
7 0.073426 8.25.230.32 192.168.123.3 TLSv1 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
No. Time Source Destination Protocol Info
8 0.074918 192.168.123.3 8.25.230.32 TLSv1 Change Cipher Spec, Encrypted Handshake Message
No. Time Source Destination Protocol Info
9 0.109072 8.25.230.32 192.168.123.3 TLSv1 Application Data
(i started taking these out and then thought this may contain valuable data)
Frame 9: 411 bytes on wire (3288 bits), 411 bytes captured (3288 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49283 (49283), Dst Port: https (443), Seq: 347, Ack: 1157, Len: 357
Source port: 49283 (49283)
Destination port: https (443)
[Stream index: 0]
Sequence number: 347 (relative sequence number)
[Next sequence number: 704 (relative sequence number)]
Acknowledgement number: 1157 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65280 (scaled)
Checksum: 0x4c7d [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 8]
[The RTT to ACK the segment was: 0.034154000 seconds]
[Number of bytes in flight: 357]
Secure Socket Layer
No. Time Source Destination Protocol Info
10 0.109843 192.168.123.3 8.25.230.32 TLSv1 Application Data
Frame 10: 107 bytes on wire (856 bits), 107 bytes captured (856 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49283 (49283), Seq: 1157, Ack: 704, Len: 53
Source port: https (443)
Destination port: 49283 (49283)
[Stream index: 0]
Sequence number: 1157 (relative sequence number)
[Next sequence number: 1210 (relative sequence number)]
Acknowledgement number: 704 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 17856 (scaled)
Checksum: 0x2a35 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 9]
[The RTT to ACK the segment was: 0.000771000 seconds]
[Number of bytes in flight: 53]
Secure Socket Layer
No. Time Source Destination Protocol Info
11 0.142152 8.25.230.32 192.168.123.3 TLSv1 Application Data
Frame 11: 395 bytes on wire (3160 bits), 395 bytes captured (3160 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49283 (49283), Dst Port: https (443), Seq: 704, Ack: 1210, Len: 341
Source port: 49283 (49283)
Destination port: https (443)
[Stream index: 0]
Sequence number: 704 (relative sequence number)
[Next sequence number: 1045 (relative sequence number)]
Acknowledgement number: 1210 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65280 (scaled)
Checksum: 0x7997 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 10]
[The RTT to ACK the segment was: 0.032309000 seconds]
[Number of bytes in flight: 341]
Secure Socket Layer
No. Time Source Destination Protocol Info
12 0.175276 192.168.123.3 8.25.230.32 TLSv1 Application Data
Frame 12: 107 bytes on wire (856 bits), 107 bytes captured (856 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49283 (49283), Seq: 1210, Ack: 1045, Len: 53
Source port: https (443)
Destination port: 49283 (49283)
[Stream index: 0]
Sequence number: 1210 (relative sequence number)
[Next sequence number: 1263 (relative sequence number)]
Acknowledgement number: 1045 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 18944 (scaled)
Checksum: 0x2a35 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 11]
[The RTT to ACK the segment was: 0.033124000 seconds]
[Number of bytes in flight: 53]
Secure Socket Layer
No. Time Source Destination Protocol Info
13 0.180151 192.168.123.3 8.25.230.32 TLSv1 Application Data, Application Data
Frame 13: 816 bytes on wire (6528 bits), 816 bytes captured (6528 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49283 (49283), Seq: 1263, Ack: 1045, Len: 762
Source port: https (443)
Destination port: 49283 (49283)
[Stream index: 0]
Sequence number: 1263 (relative sequence number)
[Next sequence number: 2025 (relative sequence number)]
Acknowledgement number: 1045 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 18944 (scaled)
Checksum: 0x2cfa [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 815]
Secure Socket Layer
No. Time Source Destination Protocol Info
14 0.180254 192.168.123.3 8.25.230.32 TCP https > 49283 [FIN, ACK] Seq=2025 Ack=1045 Win=18944 Len=0
Frame 14: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49283 (49283), Seq: 2025, Ack: 1045, Len: 0
Source port: https (443)
Destination port: 49283 (49283)
[Stream index: 0]
Sequence number: 2025 (relative sequence number)
Acknowledgement number: 1045 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK)
Window size: 18944 (scaled)
Checksum: 0x2a00 [validation disabled]
No. Time Source Destination Protocol Info
15 0.220325 8.25.230.32 192.168.123.3 TCP 49283 > https [ACK] Seq=1045 Ack=2025 Win=66560 Len=0
Frame 15: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49283 (49283), Dst Port: https (443), Seq: 1045, Ack: 2025, Len: 0
Source port: 49283 (49283)
Destination port: https (443)
[Stream index: 0]
Sequence number: 1045 (relative sequence number)
Acknowledgement number: 2025 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 66560 (scaled)
Checksum: 0x2933 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 13]
[The RTT to ACK the segment was: 0.040174000 seconds]
No. Time Source Destination Protocol Info
16 0.220814 8.25.230.32 192.168.123.3 TCP 49283 > https [FIN, ACK] Seq=1045 Ack=2025 Win=66560 Len=0
Frame 16: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49283 (49283), Dst Port: https (443), Seq: 1045, Ack: 2025, Len: 0
Source port: 49283 (49283)
Destination port: https (443)
[Stream index: 0]
Sequence number: 1045 (relative sequence number)
Acknowledgement number: 2025 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK)
Window size: 66560 (scaled)
Checksum: 0x2932 [validation disabled]
No. Time Source Destination Protocol Info
17 0.220820 192.168.123.3 8.25.230.32 TCP https > 49283 [ACK] Seq=2026 Ack=1046 Win=18944 Len=0
Frame 17: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49283 (49283), Seq: 2026, Ack: 1046, Len: 0
Source port: https (443)
Destination port: 49283 (49283)
[Stream index: 0]
Sequence number: 2026 (relative sequence number)
Acknowledgement number: 1046 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 18944 (scaled)
Checksum: 0x2a00 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 16]
[The RTT to ACK the segment was: 0.000006000 seconds]
No. Time Source Destination Protocol Info
18 0.224668 8.25.230.32 192.168.123.3 TCP 49283 > https [ACK] Seq=1046 Ack=2026 Win=66560 Len=0
Frame 18: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49283 (49283), Dst Port: https (443), Seq: 1046, Ack: 2026, Len: 0
Source port: 49283 (49283)
Destination port: https (443)
[Stream index: 0]
Sequence number: 1046 (relative sequence number)
Acknowledgement number: 2026 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 66560 (scaled)
Checksum: 0x2931 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 14]
[The RTT to ACK the segment was: 0.044414000 seconds]
No. Time Source Destination Protocol Info
19 3.225850 8.25.230.32 192.168.123.3 TCP 49284 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1332 WS=8 SACK_PERM=1
Frame 19: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49284 (49284), Dst Port: https (443), Seq: 0, Len: 0
Source port: 49284 (49284)
Destination port: https (443)
[Stream index: 1]
Sequence number: 0 (relative sequence number)
Header length: 32 bytes
Flags: 0x02 (SYN)
Window size: 8192
Checksum: 0x5624 [validation disabled]
Options: (12 bytes)
No. Time Source Destination Protocol Info
20 3.225870 192.168.123.3 8.25.230.32 TCP https > 49284 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=6
Frame 20: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49284 (49284), Seq: 0, Ack: 1, Len: 0
Source port: https (443)
Destination port: 49284 (49284)
[Stream index: 1]
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x12 (SYN, ACK)
Window size: 14600
Checksum: 0x2a0c [validation disabled]
Options: (12 bytes)
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 19]
[The RTT to ACK the segment was: 0.000020000 seconds]
No. Time Source Destination Protocol Info
21 3.258433 8.25.230.32 192.168.123.3 TCP 49284 > https [ACK] Seq=1 Ack=1 Win=66560 Len=0
Frame 21: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49284 (49284), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0
Source port: 49284 (49284)
Destination port: https (443)
[Stream index: 1]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 66560 (scaled)
Checksum: 0x6f95 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 20]
[The RTT to ACK the segment was: 0.032563000 seconds]
No. Time Source Destination Protocol Info
22 3.258823 8.25.230.32 192.168.123.3 TLSv1 Client Hello
Frame 22: 202 bytes on wire (1616 bits), 202 bytes captured (1616 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49284 (49284), Dst Port: https (443), Seq: 1, Ack: 1, Len: 148
Source port: 49284 (49284)
Destination port: https (443)
[Stream index: 1]
Sequence number: 1 (relative sequence number)
[Next sequence number: 149 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66560 (scaled)
Checksum: 0x5266 [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 148]
Secure Socket Layer
No. Time Source Destination Protocol Info
23 3.258842 192.168.123.3 8.25.230.32 TCP https > 49284 [ACK] Seq=1 Ack=149 Win=15680 Len=0
Frame 23: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49284 (49284), Seq: 1, Ack: 149, Len: 0
Source port: https (443)
Destination port: 49284 (49284)
[Stream index: 1]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 149 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 15680 (scaled)
Checksum: 0x2a00 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 22]
[The RTT to ACK the segment was: 0.000019000 seconds]
No. Time Source Destination Protocol Info
24 3.259207 192.168.123.3 8.25.230.32 TLSv1 Server Hello, Change Cipher Spec, Encrypted Handshake Message
Frame 24: 199 bytes on wire (1592 bits), 199 bytes captured (1592 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49284 (49284), Seq: 1, Ack: 149, Len: 145
Source port: https (443)
Destination port: 49284 (49284)
[Stream index: 1]
Sequence number: 1 (relative sequence number)
[Next sequence number: 146 (relative sequence number)]
Acknowledgement number: 149 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 15680 (scaled)
Checksum: 0x2a91 [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 145]
Secure Socket Layer
No. Time Source Destination Protocol Info
25 3.298535 8.25.230.32 192.168.123.3 TLSv1 Change Cipher Spec, Encrypted Handshake Message, Application Data
Frame 25: 518 bytes on wire (4144 bits), 518 bytes captured (4144 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49284 (49284), Dst Port: https (443), Seq: 149, Ack: 146, Len: 464
Source port: 49284 (49284)
Destination port: https (443)
[Stream index: 1]
Sequence number: 149 (relative sequence number)
[Next sequence number: 613 (relative sequence number)]
Acknowledgement number: 146 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66304 (scaled)
Checksum: 0xd905 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 24]
[The RTT to ACK the segment was: 0.039328000 seconds]
[Number of bytes in flight: 464]
Secure Socket Layer
No. Time Source Destination Protocol Info
26 3.335825 192.168.123.3 8.25.230.32 TCP https > 49284 [ACK] Seq=146 Ack=613 Win=16768 Len=0
Frame 26: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49284 (49284), Seq: 146, Ack: 613, Len: 0
Source port: https (443)
Destination port: 49284 (49284)
[Stream index: 1]
Sequence number: 146 (relative sequence number)
Acknowledgement number: 613 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 16768 (scaled)
Checksum: 0x2a00 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 25]
[The RTT to ACK the segment was: 0.037290000 seconds]
No. Time Source Destination Protocol Info
27 3.418512 192.168.123.3 8.25.230.32 TLSv1 Application Data
Frame 27: 459 bytes on wire (3672 bits), 459 bytes captured (3672 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49284 (49284), Seq: 146, Ack: 613, Len: 405
Source port: https (443)
Destination port: 49284 (49284)
[Stream index: 1]
Sequence number: 146 (relative sequence number)
[Next sequence number: 551 (relative sequence number)]
Acknowledgement number: 613 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 16768 (scaled)
Checksum: 0x2b95 [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 405]
Secure Socket Layer
No. Time Source Destination Protocol Info
28 3.465330 8.25.230.32 192.168.123.3 TLSv1 Application Data
Frame 28: 523 bytes on wire (4184 bits), 523 bytes captured (4184 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49284 (49284), Dst Port: https (443), Seq: 613, Ack: 551, Len: 469
Source port: 49284 (49284)
Destination port: https (443)
[Stream index: 1]
Sequence number: 613 (relative sequence number)
[Next sequence number: 1082 (relative sequence number)]
Acknowledgement number: 551 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66048 (scaled)
Checksum: 0x76ab [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 27]
[The RTT to ACK the segment was: 0.046818000 seconds]
[Number of bytes in flight: 469]
Secure Socket Layer
No. Time Source Destination Protocol Info
29 3.465340 192.168.123.3 8.25.230.32 TCP https > 49284 [ACK] Seq=551 Ack=1082 Win=17856 Len=0
Frame 29: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49284 (49284), Seq: 551, Ack: 1082, Len: 0
Source port: https (443)
Destination port: 49284 (49284)
[Stream index: 1]
Sequence number: 551 (relative sequence number)
Acknowledgement number: 1082 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 17856 (scaled)
Checksum: 0x2a00 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 28]
[The RTT to ACK the segment was: 0.000010000 seconds]
No. Time Source Destination Protocol Info
30 3.465473 192.168.123.3 8.25.230.32 TLSv1 Application Data
Frame 30: 107 bytes on wire (856 bits), 107 bytes captured (856 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49284 (49284), Seq: 551, Ack: 1082, Len: 53
Source port: https (443)
Destination port: 49284 (49284)
[Stream index: 1]
Sequence number: 551 (relative sequence number)
[Next sequence number: 604 (relative sequence number)]
Acknowledgement number: 1082 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 17856 (scaled)
Checksum: 0x2a35 [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 53]
Secure Socket Layer
No. Time Source Destination Protocol Info
31 3.498599 8.25.230.32 192.168.123.3 TLSv1 Application Data
Frame 31: 427 bytes on wire (3416 bits), 427 bytes captured (3416 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49284 (49284), Dst Port: https (443), Seq: 1082, Ack: 551, Len: 373
Source port: 49284 (49284)
Destination port: https (443)
[Stream index: 1]
Sequence number: 1082 (relative sequence number)
[Next sequence number: 1455 (relative sequence number)]
Acknowledgement number: 551 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66048 (scaled)
Checksum: 0xffa6 [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 373]
Secure Socket Layer
No. Time Source Destination Protocol Info
32 3.501027 192.168.123.3 8.25.230.32 TLSv1 Application Data
Frame 32: 107 bytes on wire (856 bits), 107 bytes captured (856 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49284 (49284), Seq: 604, Ack: 1455, Len: 53
Source port: https (443)
Destination port: 49284 (49284)
[Stream index: 1]
Sequence number: 604 (relative sequence number)
[Next sequence number: 657 (relative sequence number)]
Acknowledgement number: 1455 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 18944 (scaled)
Checksum: 0x2a35 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 31]
[The RTT to ACK the segment was: 0.002428000 seconds]
[Number of bytes in flight: 106]
Secure Socket Layer
No. Time Source Destination Protocol Info
33 3.533265 8.25.230.32 192.168.123.3 TCP 49284 > https [ACK] Seq=1455 Ack=657 Win=65792 Len=0
Frame 33: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49284 (49284), Dst Port: https (443), Seq: 1455, Ack: 657, Len: 0
Source port: 49284 (49284)
Destination port: https (443)
[Stream index: 1]
Sequence number: 1455 (relative sequence number)
Acknowledgement number: 657 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 65792 (scaled)
Checksum: 0x675a [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 32]
[The RTT to ACK the segment was: 0.032238000 seconds]
No. Time Source Destination Protocol Info
34 4.050309 192.168.123.3 8.25.230.32 TLSv1 Application Data
Frame 34: 411 bytes on wire (3288 bits), 411 bytes captured (3288 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49284 (49284), Seq: 657, Ack: 1455, Len: 357
Source port: https (443)
Destination port: 49284 (49284)
[Stream index: 1]
Sequence number: 657 (relative sequence number)
[Next sequence number: 1014 (relative sequence number)]
Acknowledgement number: 1455 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 18944 (scaled)
Checksum: 0x2b65 [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 357]
Secure Socket Layer
No. Time Source Destination Protocol Info
35 4.050392 192.168.123.3 8.25.230.32 TLSv1 Encrypted Alert
Frame 35: 91 bytes on wire (728 bits), 91 bytes captured (728 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49284 (49284), Seq: 1014, Ack: 1455, Len: 37
Source port: https (443)
Destination port: 49284 (49284)
[Stream index: 1]
Sequence number: 1014 (relative sequence number)
[Next sequence number: 1051 (relative sequence number)]
Acknowledgement number: 1455 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 18944 (scaled)
Checksum: 0x2a25 [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 394]
Secure Socket Layer
No. Time Source Destination Protocol Info
36 4.050429 192.168.123.3 8.25.230.32 TCP https > 49284 [FIN, ACK] Seq=1051 Ack=1455 Win=18944 Len=0
Frame 36: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49284 (49284), Seq: 1051, Ack: 1455, Len: 0
Source port: https (443)
Destination port: 49284 (49284)
[Stream index: 1]
Sequence number: 1051 (relative sequence number)
Acknowledgement number: 1455 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK)
Window size: 18944 (scaled)
Checksum: 0x2a00 [validation disabled]
No. Time Source Destination Protocol Info
37 4.081456 8.25.230.32 192.168.123.3 TCP 49284 > https [FIN, ACK] Seq=1455 Ack=1014 Win=65536 Len=0
Frame 37: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49284 (49284), Dst Port: https (443), Seq: 1455, Ack: 1014, Len: 0
Source port: 49284 (49284)
Destination port: https (443)
[Stream index: 1]
Sequence number: 1455 (relative sequence number)
Acknowledgement number: 1014 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK)
Window size: 65536 (scaled)
Checksum: 0x65f5 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 34]
[The RTT to ACK the segment was: 0.031147000 seconds]
No. Time Source Destination Protocol Info
38 4.081467 192.168.123.3 8.25.230.32 TCP https > 49284 [ACK] Seq=1052 Ack=1456 Win=18944 Len=0
Frame 38: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49284 (49284), Seq: 1052, Ack: 1456, Len: 0
Source port: https (443)
Destination port: 49284 (49284)
[Stream index: 1]
Sequence number: 1052 (relative sequence number)
Acknowledgement number: 1456 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 18944 (scaled)
Checksum: 0x2a00 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 37]
[The RTT to ACK the segment was: 0.000011000 seconds]
No. Time Source Destination Protocol Info
39 4.083337 8.25.230.32 192.168.123.3 TCP 49285 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1332 WS=8 SACK_PERM=1
Frame 39: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49285 (49285), Dst Port: https (443), Seq: 0, Len: 0
Source port: 49285 (49285)
Destination port: https (443)
[Stream index: 2]
Sequence number: 0 (relative sequence number)
Header length: 32 bytes
Flags: 0x02 (SYN)
Window size: 8192
Checksum: 0xa5a1 [validation disabled]
Options: (12 bytes)
No. Time Source Destination Protocol Info
40 4.083356 192.168.123.3 8.25.230.32 TCP https > 49285 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=6
Frame 40: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49285 (49285), Seq: 0, Ack: 1, Len: 0
Source port: https (443)
Destination port: 49285 (49285)
[Stream index: 2]
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x12 (SYN, ACK)
Window size: 14600
Checksum: 0x2a0c [validation disabled]
Options: (12 bytes)
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 39]
[The RTT to ACK the segment was: 0.000019000 seconds]
No. Time Source Destination Protocol Info
41 4.087378 8.25.230.32 192.168.123.3 TCP 49284 > https [RST, ACK] Seq=1456 Ack=1051 Win=0 Len=0
Frame 41: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49284 (49284), Dst Port: https (443), Seq: 1456, Ack: 1051, Len: 0
Source port: 49284 (49284)
Destination port: https (443)
[Stream index: 1]
Sequence number: 1456 (relative sequence number)
Acknowledgement number: 1051 (relative ack number)
Header length: 20 bytes
Flags: 0x14 (RST, ACK)
Window size: 0
Checksum: 0x66cc [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 35]
[The RTT to ACK the segment was: 0.036986000 seconds]
No. Time Source Destination Protocol Info
42 4.119244 8.25.230.32 192.168.123.3 TCP 49285 > https [ACK] Seq=1 Ack=1 Win=66560 Len=0
Frame 42: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49285 (49285), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0
Source port: 49285 (49285)
Destination port: https (443)
[Stream index: 2]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 66560 (scaled)
Checksum: 0xa7d3 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 40]
[The RTT to ACK the segment was: 0.035888000 seconds]
No. Time Source Destination Protocol Info
43 4.119761 8.25.230.32 192.168.123.3 TLSv1 Client Hello
Frame 43: 202 bytes on wire (1616 bits), 202 bytes captured (1616 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49285 (49285), Dst Port: https (443), Seq: 1, Ack: 1, Len: 148
Source port: 49285 (49285)
Destination port: https (443)
[Stream index: 2]
Sequence number: 1 (relative sequence number)
[Next sequence number: 149 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66560 (scaled)
Checksum: 0x2d94 [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 148]
Secure Socket Layer
No. Time Source Destination Protocol Info
44 4.119778 192.168.123.3 8.25.230.32 TCP https > 49285 [ACK] Seq=1 Ack=149 Win=15680 Len=0
Frame 44: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49285 (49285), Seq: 1, Ack: 149, Len: 0
Source port: https (443)
Destination port: 49285 (49285)
[Stream index: 2]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 149 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 15680 (scaled)
Checksum: 0x2a00 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 43]
[The RTT to ACK the segment was: 0.000017000 seconds]
No. Time Source Destination Protocol Info
45 4.120485 192.168.123.3 8.25.230.32 TLSv1 Server Hello, Change Cipher Spec, Encrypted Handshake Message
Frame 45: 199 bytes on wire (1592 bits), 199 bytes captured (1592 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49285 (49285), Seq: 1, Ack: 149, Len: 145
Source port: https (443)
Destination port: 49285 (49285)
[Stream index: 2]
Sequence number: 1 (relative sequence number)
[Next sequence number: 146 (relative sequence number)]
Acknowledgement number: 149 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 15680 (scaled)
Checksum: 0x2a91 [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 145]
Secure Socket Layer
No. Time Source Destination Protocol Info
46 4.159101 8.25.230.32 192.168.123.3 TLSv1 Change Cipher Spec, Encrypted Handshake Message, Application Data
Frame 46: 582 bytes on wire (4656 bits), 582 bytes captured (4656 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49285 (49285), Dst Port: https (443), Seq: 149, Ack: 146, Len: 528
Source port: 49285 (49285)
Destination port: https (443)
[Stream index: 2]
Sequence number: 149 (relative sequence number)
[Next sequence number: 677 (relative sequence number)]
Acknowledgement number: 146 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66304 (scaled)
Checksum: 0xea30 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 45]
[The RTT to ACK the segment was: 0.038616000 seconds]
[Number of bytes in flight: 528]
Secure Socket Layer
No. Time Source Destination Protocol Info
47 4.159859 192.168.123.3 8.25.230.32 TLSv1 Application Data
Frame 47: 107 bytes on wire (856 bits), 107 bytes captured (856 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49285 (49285), Seq: 146, Ack: 677, Len: 53
Source port: https (443)
Destination port: 49285 (49285)
[Stream index: 2]
Sequence number: 146 (relative sequence number)
[Next sequence number: 199 (relative sequence number)]
Acknowledgement number: 677 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 16768 (scaled)
Checksum: 0x2a35 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 46]
[The RTT to ACK the segment was: 0.000758000 seconds]
[Number of bytes in flight: 53]
Secure Socket Layer
No. Time Source Destination Protocol Info
48 4.192718 8.25.230.32 192.168.123.3 TLSv1 Application Data
Frame 48: 427 bytes on wire (3416 bits), 427 bytes captured (3416 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49285 (49285), Dst Port: https (443), Seq: 677, Ack: 199, Len: 373
Source port: 49285 (49285)
Destination port: https (443)
[Stream index: 2]
Sequence number: 677 (relative sequence number)
[Next sequence number: 1050 (relative sequence number)]
Acknowledgement number: 199 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66304 (scaled)
Checksum: 0xe67b [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 47]
[The RTT to ACK the segment was: 0.032859000 seconds]
[Number of bytes in flight: 373]
Secure Socket Layer
No. Time Source Destination Protocol Info
49 4.217464 192.168.123.3 8.25.230.32 TLSv1 Application Data
Frame 49: 107 bytes on wire (856 bits), 107 bytes captured (856 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49285 (49285), Seq: 199, Ack: 1050, Len: 53
Source port: https (443)
Destination port: 49285 (49285)
[Stream index: 2]
Sequence number: 199 (relative sequence number)
[Next sequence number: 252 (relative sequence number)]
Acknowledgement number: 1050 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 17856 (scaled)
Checksum: 0x2a35 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 48]
[The RTT to ACK the segment was: 0.024746000 seconds]
[Number of bytes in flight: 53]
Secure Socket Layer
No. Time Source Destination Protocol Info
50 4.335620 192.168.123.3 8.25.230.32 TLSv1 Application Data, Application Data
Frame 50: 1328 bytes on wire (10624 bits), 1328 bytes captured (10624 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49285 (49285), Seq: 252, Ack: 1050, Len: 1274
Source port: https (443)
Destination port: 49285 (49285)
[Stream index: 2]
Sequence number: 252 (relative sequence number)
[Next sequence number: 1526 (relative sequence number)]
Acknowledgement number: 1050 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 17856 (scaled)
Checksum: 0x2efa [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 1327]
Secure Socket Layer
No. Time Source Destination Protocol Info
51 4.335694 192.168.123.3 8.25.230.32 TCP https > 49285 [FIN, ACK] Seq=1526 Ack=1050 Win=17856 Len=0
Frame 51: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49285 (49285), Seq: 1526, Ack: 1050, Len: 0
Source port: https (443)
Destination port: 49285 (49285)
[Stream index: 2]
Sequence number: 1526 (relative sequence number)
Acknowledgement number: 1050 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK)
Window size: 17856 (scaled)
Checksum: 0x2a00 [validation disabled]
No. Time Source Destination Protocol Info
52 4.369698 8.25.230.32 192.168.123.3 TCP 49285 > https [ACK] Seq=1050 Ack=1526 Win=66560 Len=0
Frame 52: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49285 (49285), Dst Port: https (443), Seq: 1050, Ack: 1526, Len: 0
Source port: 49285 (49285)
Destination port: https (443)
[Stream index: 2]
Sequence number: 1050 (relative sequence number)
Acknowledgement number: 1526 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 66560 (scaled)
Checksum: 0x9dc5 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 50]
[The RTT to ACK the segment was: 0.034078000 seconds]
No. Time Source Destination Protocol Info
53 4.370544 8.25.230.32 192.168.123.3 TCP 49285 > https [FIN, ACK] Seq=1050 Ack=1526 Win=66560 Len=0
Frame 53: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49285 (49285), Dst Port: https (443), Seq: 1050, Ack: 1526, Len: 0
Source port: 49285 (49285)
Destination port: https (443)
[Stream index: 2]
Sequence number: 1050 (relative sequence number)
Acknowledgement number: 1526 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK)
Window size: 66560 (scaled)
Checksum: 0x9dc4 [validation disabled]
No. Time Source Destination Protocol Info
54 4.370551 192.168.123.3 8.25.230.32 TCP https > 49285 [ACK] Seq=1527 Ack=1051 Win=17856 Len=0
Frame 54: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49285 (49285), Seq: 1527, Ack: 1051, Len: 0
Source port: https (443)
Destination port: 49285 (49285)
[Stream index: 2]
Sequence number: 1527 (relative sequence number)
Acknowledgement number: 1051 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 17856 (scaled)
Checksum: 0x2a00 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 53]
[The RTT to ACK the segment was: 0.000007000 seconds]
No. Time Source Destination Protocol Info
55 4.375518 8.25.230.32 192.168.123.3 TCP 49285 > https [ACK] Seq=1051 Ack=1527 Win=66560 Len=0
Frame 55: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49285 (49285), Dst Port: https (443), Seq: 1051, Ack: 1527, Len: 0
Source port: 49285 (49285)
Destination port: https (443)
[Stream index: 2]
Sequence number: 1051 (relative sequence number)
Acknowledgement number: 1527 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 66560 (scaled)
Checksum: 0x9dc3 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 51]
[The RTT to ACK the segment was: 0.039824000 seconds]
No. Time Source Destination Protocol Info
56 1290.467974 8.25.230.32 192.168.123.3 TCP 49606 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1332 WS=8 SACK_PERM=1
Frame 56: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49606 (49606), Dst Port: https (443), Seq: 0, Len: 0
Source port: 49606 (49606)
Destination port: https (443)
[Stream index: 3]
Sequence number: 0 (relative sequence number)
Header length: 32 bytes
Flags: 0x02 (SYN)
Window size: 8192
Checksum: 0x5d06 [validation disabled]
Options: (12 bytes)
No. Time Source Destination Protocol Info
57 1290.468014 192.168.123.3 8.25.230.32 TCP https > 49606 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=6
Frame 57: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49606 (49606), Seq: 0, Ack: 1, Len: 0
Source port: https (443)
Destination port: 49606 (49606)
[Stream index: 3]
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x12 (SYN, ACK)
Window size: 14600
Checksum: 0x2a0c [validation disabled]
Options: (12 bytes)
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 56]
[The RTT to ACK the segment was: 0.000040000 seconds]
No. Time Source Destination Protocol Info
58 1290.499570 8.25.230.32 192.168.123.3 TCP 49606 > https [ACK] Seq=1 Ack=1 Win=66560 Len=0
Frame 58: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49606 (49606), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0
Source port: 49606 (49606)
Destination port: https (443)
[Stream index: 3]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 66560 (scaled)
Checksum: 0x24f6 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 57]
[The RTT to ACK the segment was: 0.031556000 seconds]
No. Time Source Destination Protocol Info
59 1290.500089 8.25.230.32 192.168.123.3 TLSv1 Client Hello
Frame 59: 202 bytes on wire (1616 bits), 202 bytes captured (1616 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49606 (49606), Dst Port: https (443), Seq: 1, Ack: 1, Len: 148
Source port: 49606 (49606)
Destination port: https (443)
[Stream index: 3]
Sequence number: 1 (relative sequence number)
[Next sequence number: 149 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66560 (scaled)
Checksum: 0x9962 [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 148]
Secure Socket Layer
No. Time Source Destination Protocol Info
60 1290.500109 192.168.123.3 8.25.230.32 TCP https > 49606 [ACK] Seq=1 Ack=149 Win=15680 Len=0
Frame 60: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49606 (49606), Seq: 1, Ack: 149, Len: 0
Source port: https (443)
Destination port: 49606 (49606)
[Stream index: 3]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 149 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 15680 (scaled)
Checksum: 0x2a00 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 59]
[The RTT to ACK the segment was: 0.000020000 seconds]
No. Time Source Destination Protocol Info
61 1290.500925 192.168.123.3 8.25.230.32 TLSv1 Server Hello, Certificate, Server Hello Done
Frame 61: 1151 bytes on wire (9208 bits), 1151 bytes captured (9208 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49606 (49606), Seq: 1, Ack: 149, Len: 1097
Source port: https (443)
Destination port: 49606 (49606)
[Stream index: 3]
Sequence number: 1 (relative sequence number)
[Next sequence number: 1098 (relative sequence number)]
Acknowledgement number: 149 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 15680 (scaled)
Checksum: 0x2e49 [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 1097]
Secure Socket Layer
No. Time Source Destination Protocol Info
62 1290.544997 8.25.230.32 192.168.123.3 TLSv1 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
Frame 62: 252 bytes on wire (2016 bits), 252 bytes captured (2016 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49606 (49606), Dst Port: https (443), Seq: 149, Ack: 1098, Len: 198
Source port: 49606 (49606)
Destination port: https (443)
[Stream index: 3]
Sequence number: 149 (relative sequence number)
[Next sequence number: 347 (relative sequence number)]
Acknowledgement number: 1098 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65280 (scaled)
Checksum: 0x82f3 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 61]
[The RTT to ACK the segment was: 0.044072000 seconds]
[Number of bytes in flight: 198]
Secure Socket Layer
No. Time Source Destination Protocol Info
63 1290.546590 192.168.123.3 8.25.230.32 TLSv1 Change Cipher Spec, Encrypted Handshake Message
Frame 63: 113 bytes on wire (904 bits), 113 bytes captured (904 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49606 (49606), Seq: 1098, Ack: 347, Len: 59
Source port: https (443)
Destination port: 49606 (49606)
[Stream index: 3]
Sequence number: 1098 (relative sequence number)
[Next sequence number: 1157 (relative sequence number)]
Acknowledgement number: 347 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 16768 (scaled)
Checksum: 0x2a3b [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 62]
[The RTT to ACK the segment was: 0.001593000 seconds]
[Number of bytes in flight: 59]
Secure Socket Layer
No. Time Source Destination Protocol Info
64 1290.578502 8.25.230.32 192.168.123.3 TLSv1 Application Data
Frame 64: 411 bytes on wire (3288 bits), 411 bytes captured (3288 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49606 (49606), Dst Port: https (443), Seq: 347, Ack: 1157, Len: 357
Source port: 49606 (49606)
Destination port: https (443)
[Stream index: 3]
Sequence number: 347 (relative sequence number)
[Next sequence number: 704 (relative sequence number)]
Acknowledgement number: 1157 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65280 (scaled)
Checksum: 0x92cd [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 63]
[The RTT to ACK the segment was: 0.031912000 seconds]
[Number of bytes in flight: 357]
Secure Socket Layer
No. Time Source Destination Protocol Info
65 1290.579350 192.168.123.3 8.25.230.32 TLSv1 Application Data
Frame 65: 107 bytes on wire (856 bits), 107 bytes captured (856 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49606 (49606), Seq: 1157, Ack: 704, Len: 53
Source port: https (443)
Destination port: 49606 (49606)
[Stream index: 3]
Sequence number: 1157 (relative sequence number)
[Next sequence number: 1210 (relative sequence number)]
Acknowledgement number: 704 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 17856 (scaled)
Checksum: 0x2a35 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 64]
[The RTT to ACK the segment was: 0.000848000 seconds]
[Number of bytes in flight: 53]
Secure Socket Layer
No. Time Source Destination Protocol Info
66 1290.612056 8.25.230.32 192.168.123.3 TLSv1 Application Data
Frame 66: 395 bytes on wire (3160 bits), 395 bytes captured (3160 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49606 (49606), Dst Port: https (443), Seq: 704, Ack: 1210, Len: 341
Source port: 49606 (49606)
Destination port: https (443)
[Stream index: 3]
Sequence number: 704 (relative sequence number)
[Next sequence number: 1045 (relative sequence number)]
Acknowledgement number: 1210 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 65280 (scaled)
Checksum: 0x11e3 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 65]
[The RTT to ACK the segment was: 0.032706000 seconds]
[Number of bytes in flight: 341]
Secure Socket Layer
No. Time Source Destination Protocol Info
67 1290.636782 192.168.123.3 8.25.230.32 TLSv1 Application Data
Frame 67: 107 bytes on wire (856 bits), 107 bytes captured (856 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49606 (49606), Seq: 1210, Ack: 1045, Len: 53
Source port: https (443)
Destination port: 49606 (49606)
[Stream index: 3]
Sequence number: 1210 (relative sequence number)
[Next sequence number: 1263 (relative sequence number)]
Acknowledgement number: 1045 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 18944 (scaled)
Checksum: 0x2a35 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 66]
[The RTT to ACK the segment was: 0.024726000 seconds]
[Number of bytes in flight: 53]
Secure Socket Layer
No. Time Source Destination Protocol Info
68 1290.641475 192.168.123.3 8.25.230.32 TLSv1 Application Data, Application Data
Frame 68: 816 bytes on wire (6528 bits), 816 bytes captured (6528 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49606 (49606), Seq: 1263, Ack: 1045, Len: 762
Source port: https (443)
Destination port: 49606 (49606)
[Stream index: 3]
Sequence number: 1263 (relative sequence number)
[Next sequence number: 2025 (relative sequence number)]
Acknowledgement number: 1045 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 18944 (scaled)
Checksum: 0x2cfa [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 815]
Secure Socket Layer
No. Time Source Destination Protocol Info
69 1290.641579 192.168.123.3 8.25.230.32 TCP https > 49606 [FIN, ACK] Seq=2025 Ack=1045 Win=18944 Len=0
Frame 69: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49606 (49606), Seq: 2025, Ack: 1045, Len: 0
Source port: https (443)
Destination port: 49606 (49606)
[Stream index: 3]
Sequence number: 2025 (relative sequence number)
Acknowledgement number: 1045 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK)
Window size: 18944 (scaled)
Checksum: 0x2a00 [validation disabled]
No. Time Source Destination Protocol Info
70 1290.682981 8.25.230.32 192.168.123.3 TCP 49606 > https [ACK] Seq=1045 Ack=2026 Win=66560 Len=0
Frame 70: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49606 (49606), Dst Port: https (443), Seq: 1045, Ack: 2026, Len: 0
Source port: 49606 (49606)
Destination port: https (443)
[Stream index: 3]
Sequence number: 1045 (relative sequence number)
Acknowledgement number: 2026 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 66560 (scaled)
Checksum: 0x18f9 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 69]
[The RTT to ACK the segment was: 0.041402000 seconds]
No. Time Source Destination Protocol Info
71 1290.683455 8.25.230.32 192.168.123.3 TCP 49606 > https [FIN, ACK] Seq=1045 Ack=2026 Win=66560 Len=0
Frame 71: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49606 (49606), Dst Port: https (443), Seq: 1045, Ack: 2026, Len: 0
Source port: 49606 (49606)
Destination port: https (443)
[Stream index: 3]
Sequence number: 1045 (relative sequence number)
Acknowledgement number: 2026 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK)
Window size: 66560 (scaled)
Checksum: 0x18f8 [validation disabled]
No. Time Source Destination Protocol Info
72 1290.683461 192.168.123.3 8.25.230.32 TCP https > 49606 [ACK] Seq=2026 Ack=1046 Win=18944 Len=0
Frame 72: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49606 (49606), Seq: 2026, Ack: 1046, Len: 0
Source port: https (443)
Destination port: 49606 (49606)
[Stream index: 3]
Sequence number: 2026 (relative sequence number)
Acknowledgement number: 1046 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 18944 (scaled)
Checksum: 0x2a00 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 71]
[The RTT to ACK the segment was: 0.000006000 seconds]
No. Time Source Destination Protocol Info
73 1293.695077 8.25.230.32 192.168.123.3 TCP 49607 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1332 WS=8 SACK_PERM=1
Frame 73: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49607 (49607), Dst Port: https (443), Seq: 0, Len: 0
Source port: 49607 (49607)
Destination port: https (443)
[Stream index: 4]
Sequence number: 0 (relative sequence number)
Header length: 32 bytes
Flags: 0x02 (SYN)
Window size: 8192
Checksum: 0x3ee2 [validation disabled]
Options: (12 bytes)
No. Time Source Destination Protocol Info
74 1293.695090 192.168.123.3 8.25.230.32 TCP https > 49607 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=6
Frame 74: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49607 (49607), Seq: 0, Ack: 1, Len: 0
Source port: https (443)
Destination port: 49607 (49607)
[Stream index: 4]
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 32 bytes
Flags: 0x12 (SYN, ACK)
Window size: 14600
Checksum: 0x2a0c [validation disabled]
Options: (12 bytes)
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 73]
[The RTT to ACK the segment was: 0.000013000 seconds]
No. Time Source Destination Protocol Info
75 1293.724754 8.25.230.32 192.168.123.3 TCP 49607 > https [ACK] Seq=1 Ack=1 Win=66560 Len=0
Frame 75: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49607 (49607), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0
Source port: 49607 (49607)
Destination port: https (443)
[Stream index: 4]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 66560 (scaled)
Checksum: 0x7a59 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 74]
[The RTT to ACK the segment was: 0.029664000 seconds]
No. Time Source Destination Protocol Info
76 1293.725277 8.25.230.32 192.168.123.3 TLSv1 Client Hello
Frame 76: 202 bytes on wire (1616 bits), 202 bytes captured (1616 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49607 (49607), Dst Port: https (443), Seq: 1, Ack: 1, Len: 148
Source port: 49607 (49607)
Destination port: https (443)
[Stream index: 4]
Sequence number: 1 (relative sequence number)
[Next sequence number: 149 (relative sequence number)]
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66560 (scaled)
Checksum: 0x3cd0 [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 148]
Secure Socket Layer
No. Time Source Destination Protocol Info
77 1293.725290 192.168.123.3 8.25.230.32 TCP https > 49607 [ACK] Seq=1 Ack=149 Win=15680 Len=0
Frame 77: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49607 (49607), Seq: 1, Ack: 149, Len: 0
Source port: https (443)
Destination port: 49607 (49607)
[Stream index: 4]
Sequence number: 1 (relative sequence number)
Acknowledgement number: 149 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 15680 (scaled)
Checksum: 0x2a00 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 76]
[The RTT to ACK the segment was: 0.000013000 seconds]
No. Time Source Destination Protocol Info
78 1293.725915 192.168.123.3 8.25.230.32 TLSv1 Server Hello, Change Cipher Spec, Encrypted Handshake Message
Frame 78: 199 bytes on wire (1592 bits), 199 bytes captured (1592 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49607 (49607), Seq: 1, Ack: 149, Len: 145
Source port: https (443)
Destination port: 49607 (49607)
[Stream index: 4]
Sequence number: 1 (relative sequence number)
[Next sequence number: 146 (relative sequence number)]
Acknowledgement number: 149 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 15680 (scaled)
Checksum: 0x2a91 [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 145]
Secure Socket Layer
No. Time Source Destination Protocol Info
79 1293.765306 8.25.230.32 192.168.123.3 TLSv1 Change Cipher Spec, Encrypted Handshake Message, Application Data
Frame 79: 518 bytes on wire (4144 bits), 518 bytes captured (4144 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49607 (49607), Dst Port: https (443), Seq: 149, Ack: 146, Len: 464
Source port: 49607 (49607)
Destination port: https (443)
[Stream index: 4]
Sequence number: 149 (relative sequence number)
[Next sequence number: 613 (relative sequence number)]
Acknowledgement number: 146 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66304 (scaled)
Checksum: 0x1608 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 78]
[The RTT to ACK the segment was: 0.039391000 seconds]
[Number of bytes in flight: 464]
Secure Socket Layer
No. Time Source Destination Protocol Info
80 1293.803826 192.168.123.3 8.25.230.32 TCP https > 49607 [ACK] Seq=146 Ack=613 Win=16768 Len=0
Frame 80: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49607 (49607), Seq: 146, Ack: 613, Len: 0
Source port: https (443)
Destination port: 49607 (49607)
[Stream index: 4]
Sequence number: 146 (relative sequence number)
Acknowledgement number: 613 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 16768 (scaled)
Checksum: 0x2a00 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 79]
[The RTT to ACK the segment was: 0.038520000 seconds]
No. Time Source Destination Protocol Info
81 1293.915589 192.168.123.3 8.25.230.32 TLSv1 Application Data
Frame 81: 459 bytes on wire (3672 bits), 459 bytes captured (3672 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49607 (49607), Seq: 146, Ack: 613, Len: 405
Source port: https (443)
Destination port: 49607 (49607)
[Stream index: 4]
Sequence number: 146 (relative sequence number)
[Next sequence number: 551 (relative sequence number)]
Acknowledgement number: 613 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 16768 (scaled)
Checksum: 0x2b95 [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 405]
Secure Socket Layer
No. Time Source Destination Protocol Info
82 1293.947399 8.25.230.32 192.168.123.3 TLSv1 Application Data
Frame 82: 523 bytes on wire (4184 bits), 523 bytes captured (4184 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49607 (49607), Dst Port: https (443), Seq: 613, Ack: 551, Len: 469
Source port: 49607 (49607)
Destination port: https (443)
[Stream index: 4]
Sequence number: 613 (relative sequence number)
[Next sequence number: 1082 (relative sequence number)]
Acknowledgement number: 551 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66048 (scaled)
Checksum: 0xb5da [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 81]
[The RTT to ACK the segment was: 0.031810000 seconds]
[Number of bytes in flight: 469]
Secure Socket Layer
No. Time Source Destination Protocol Info
83 1293.947410 192.168.123.3 8.25.230.32 TCP https > 49607 [ACK] Seq=551 Ack=1082 Win=17856 Len=0
Frame 83: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49607 (49607), Seq: 551, Ack: 1082, Len: 0
Source port: https (443)
Destination port: 49607 (49607)
[Stream index: 4]
Sequence number: 551 (relative sequence number)
Acknowledgement number: 1082 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 17856 (scaled)
Checksum: 0x2a00 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 82]
[The RTT to ACK the segment was: 0.000011000 seconds]
No. Time Source Destination Protocol Info
84 1293.947547 192.168.123.3 8.25.230.32 TLSv1 Application Data
Frame 84: 107 bytes on wire (856 bits), 107 bytes captured (856 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49607 (49607), Seq: 551, Ack: 1082, Len: 53
Source port: https (443)
Destination port: 49607 (49607)
[Stream index: 4]
Sequence number: 551 (relative sequence number)
[Next sequence number: 604 (relative sequence number)]
Acknowledgement number: 1082 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 17856 (scaled)
Checksum: 0x2a35 [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 53]
Secure Socket Layer
No. Time Source Destination Protocol Info
85 1293.978321 8.25.230.32 192.168.123.3 TLSv1 Application Data
Frame 85: 427 bytes on wire (3416 bits), 427 bytes captured (3416 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49607 (49607), Dst Port: https (443), Seq: 1082, Ack: 551, Len: 373
Source port: 49607 (49607)
Destination port: https (443)
[Stream index: 4]
Sequence number: 1082 (relative sequence number)
[Next sequence number: 1455 (relative sequence number)]
Acknowledgement number: 551 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 66048 (scaled)
Checksum: 0x320f [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 373]
Secure Socket Layer
No. Time Source Destination Protocol Info
86 1293.980611 192.168.123.3 8.25.230.32 TLSv1 Application Data
Frame 86: 107 bytes on wire (856 bits), 107 bytes captured (856 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49607 (49607), Seq: 604, Ack: 1455, Len: 53
Source port: https (443)
Destination port: 49607 (49607)
[Stream index: 4]
Sequence number: 604 (relative sequence number)
[Next sequence number: 657 (relative sequence number)]
Acknowledgement number: 1455 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 18944 (scaled)
Checksum: 0x2a35 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 85]
[The RTT to ACK the segment was: 0.002290000 seconds]
[Number of bytes in flight: 106]
Secure Socket Layer
No. Time Source Destination Protocol Info
87 1294.012989 8.25.230.32 192.168.123.3 TCP 49607 > https [ACK] Seq=1455 Ack=657 Win=65792 Len=0
Frame 87: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49607 (49607), Dst Port: https (443), Seq: 1455, Ack: 657, Len: 0
Source port: 49607 (49607)
Destination port: https (443)
[Stream index: 4]
Sequence number: 1455 (relative sequence number)
Acknowledgement number: 657 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 65792 (scaled)
Checksum: 0x721e [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 86]
[The RTT to ACK the segment was: 0.032378000 seconds]
No. Time Source Destination Protocol Info
88 1294.090450 192.168.123.3 8.25.230.32 TLSv1 Application Data, Application Data
Frame 88: 1328 bytes on wire (10624 bits), 1328 bytes captured (10624 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49607 (49607), Seq: 657, Ack: 1455, Len: 1274
Source port: https (443)
Destination port: 49607 (49607)
[Stream index: 4]
Sequence number: 657 (relative sequence number)
[Next sequence number: 1931 (relative sequence number)]
Acknowledgement number: 1455 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 18944 (scaled)
Checksum: 0x2efa [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 1274]
Secure Socket Layer
No. Time Source Destination Protocol Info
89 1294.090488 192.168.123.3 8.25.230.32 TLSv1 Encrypted Alert
Frame 89: 91 bytes on wire (728 bits), 91 bytes captured (728 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49607 (49607), Seq: 1931, Ack: 1455, Len: 37
Source port: https (443)
Destination port: 49607 (49607)
[Stream index: 4]
Sequence number: 1931 (relative sequence number)
[Next sequence number: 1968 (relative sequence number)]
Acknowledgement number: 1455 (relative ack number)
Header length: 20 bytes
Flags: 0x18 (PSH, ACK)
Window size: 18944 (scaled)
Checksum: 0x2a25 [validation disabled]
[SEQ/ACK analysis]
[Number of bytes in flight: 1311]
Secure Socket Layer
No. Time Source Destination Protocol Info
90 1294.090507 192.168.123.3 8.25.230.32 TCP https > 49607 [FIN, ACK] Seq=1968 Ack=1455 Win=18944 Len=0
Frame 90: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49607 (49607), Seq: 1968, Ack: 1455, Len: 0
Source port: https (443)
Destination port: 49607 (49607)
[Stream index: 4]
Sequence number: 1968 (relative sequence number)
Acknowledgement number: 1455 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK)
Window size: 18944 (scaled)
Checksum: 0x2a00 [validation disabled]
No. Time Source Destination Protocol Info
91 1294.123735 8.25.230.32 192.168.123.3 TCP 49607 > https [FIN, ACK] Seq=1455 Ack=1931 Win=66560 Len=0
Frame 91: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49607 (49607), Dst Port: https (443), Seq: 1455, Ack: 1931, Len: 0
Source port: 49607 (49607)
Destination port: https (443)
[Stream index: 4]
Sequence number: 1455 (relative sequence number)
Acknowledgement number: 1931 (relative ack number)
Header length: 20 bytes
Flags: 0x11 (FIN, ACK)
Window size: 66560 (scaled)
Checksum: 0x6d20 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 88]
[The RTT to ACK the segment was: 0.033285000 seconds]
No. Time Source Destination Protocol Info
92 1294.123744 192.168.123.3 8.25.230.32 TCP https > 49607 [ACK] Seq=1969 Ack=1456 Win=18944 Len=0
Frame 92: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Dell_8b:34:13 (00:21:9b:8b:34:13), Dst: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4)
Internet Protocol, Src: 192.168.123.3 (192.168.123.3), Dst: 8.25.230.32 (8.25.230.32)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49607 (49607), Seq: 1969, Ack: 1456, Len: 0
Source port: https (443)
Destination port: 49607 (49607)
[Stream index: 4]
Sequence number: 1969 (relative sequence number)
Acknowledgement number: 1456 (relative ack number)
Header length: 20 bytes
Flags: 0x10 (ACK)
Window size: 18944 (scaled)
Checksum: 0x2a00 [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 91]
[The RTT to ACK the segment was: 0.000009000 seconds]
No. Time Source Destination Protocol Info
93 1294.128718 8.25.230.32 192.168.123.3 TCP 49607 > https [RST, ACK] Seq=1456 Ack=1968 Win=0 Len=0
Frame 93: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Sonicwal_31:d5:a4 (00:06:b1:31:d5:a4), Dst: Dell_8b:34:13 (00:21:9b:8b:34:13)
Internet Protocol, Src: 8.25.230.32 (8.25.230.32), Dst: 192.168.123.3 (192.168.123.3)
Transmission Control Protocol, Src Port: 49607 (49607), Dst Port: https (443), Seq: 1456, Ack: 1968, Len: 0
Source port: 49607 (49607)
Destination port: https (443)
[Stream index: 4]
Sequence number: 1456 (relative sequence number)
Acknowledgement number: 1968 (relative ack number)
Header length: 20 bytes
Flags: 0x14 (RST, ACK)
Window size: 0
Checksum: 0x6dfb [validation disabled]
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 89]
[The RTT to ACK the segment was: 0.038230000 seconds]
----- Original Message -----
From: "Tim Poth" <Tim.Poth@xxxxxxxxxxx>
To: wireshark-users@xxxxxxxxxxxxx
Sent: Tuesday, February 12, 2013 3:11:01 PM
Subject: Re: [Wireshark-users] Need Help Reading Capture
Hi Chris,
I assume publicip is the sonicwall? I don't see a reset going to the sonicwall in what you have here, but then there are other unseen things so maybe the snip is too small?
The device that generated the reset is listed in the source column so the reset in frame 66 is sent by .4 to .3 BUT it seems like the reset is in response to a FIN ACK from .3 (frame 64). I have no way of knowing if the activity in frames 64 / 66 are related to frame 60 ~ 63. (I guess no but...) IF it is related than I would think there is something amiss with the SSL handshake, you could try to turn off SSL and see if the problem goes away or check out the logs on .3. As I don't see a reset going to publicip it could be the reset is not happening on your network but rather on the internet. Again this could go back to a SSL handshake issue and it could be the client resetting the connection. It could be frame 66 isnt the reset your looking for.
Hope that helps
tim
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Chris Arnold
Sent: Monday, February 11, 2013 4:47 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Need Help Reading Capture
Hello all! New to the list and wireshark. I am having problems with a client connection from the internet (my sonicwall tells me:
02/11/2013 14:11:29.576 Debug Network TCP connection abort received; TCP connection dropped 8.25.230.32, 49333, WAN 192.168.123.3, 443, LAN TCP Flag(s): ACK RST). So i ran wireshark and captured https traffic. I need help in determining which device (pc or sonicwall) is generating ACK RST. Can someone help me do that? Here is the start of the trouble connection and line 66 is the RST:
57 12.403536 pu.bl.ic.ip 192.168.123.3 TCP 49386 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1332 WS=8 SACK_PERM=1
58 12.403560 192.168.123.3 pu.bl.ic.ip TCP https > 49386 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=6
59 12.448002 pu.bl.ic.ip 192.168.123.3 TCP 49386 > https [ACK] Seq=1 Ack=1 Win=66560 Len=0
60 12.448387 pu.bl.ic.ip 192.168.123.3 TLSv1 Client Hello
61 12.448409 192.168.123.3 pu.bl.ic.ip TCP https > 49386 [ACK] Seq=1 Ack=149 Win=15680 Len=0
62 12.448795 192.168.123.3 pu.bl.ic.ip TLSv1 Server Hello, Change Cipher Spec, Encrypted Handshake Message
63 12.496943 pu.bl.ic.ip 192.168.123.3 TLSv1 Change Cipher Spec, Encrypted Handshake Message, Application Data
64 12.497212 192.168.123.3 192.168.123.4 TCP 47533 > https [FIN, ACK] Seq=1 Ack=1 Win=364 Len=0 TSV=73368246 TSER=1862090175
65 12.497255 192.168.123.3 192.168.123.4 TCP 47715 > https [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSV=73368246 TSER=0 WS=6
66 12.497404 192.168.123.4 192.168.123.3 TCP HTTPS > 47533 [RST] SEQ=1 WIN=0 LEN=0
67 12.497430 192.168.123.4 192.168.123.3 TCP https > 47715 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSV=1863224474 TSER=73368246 WS=6
Basically whats happening here is a connection from the internet to the sonicwall. Sonicwall passes to 192.168.123.3 and 192.168.123.3 proxies to 192.168.123.4.
My question is how do i find out what device is generating the ACK RST (line 66)?
I would be happy to send the complete log for further inspection.
- Follow-Ups:
- Re: [Wireshark-users] Need Help Reading Capture
- From: Tim.Poth
- Re: [Wireshark-users] Need Help Reading Capture
- References:
- [Wireshark-users] Need Help Reading Capture
- From: Chris Arnold
- Re: [Wireshark-users] Need Help Reading Capture
- From: Tim.Poth
- [Wireshark-users] Need Help Reading Capture
- Prev by Date: Re: [Wireshark-users] Need Help Reading Capture
- Next by Date: Re: [Wireshark-users] A Wireshark plugin providing a simple interface for writing dissectors in Python.
- Previous by thread: Re: [Wireshark-users] Need Help Reading Capture
- Next by thread: Re: [Wireshark-users] Need Help Reading Capture
- Index(es):