[squid-users] Fwd: squid intercept config
Monah Baki
monahbaki at gmail.com
Fri Mar 6 16:38:09 UTC 2015
Windows Client - 10.0.0.23 MAC (9d:3a:96)
root at ISN-PHC-CACHE:/home/support # arp -a
(10.0.0.9) at 00:00:0c:07:ac:01 on bge0 THIS IS THE PHYSICAL INTERFACE ON
THE ROUTER
(10.0.0.10) at 88:5a:92:63:77:81 on bge0 THIS IS THE GATEWAY IP ON THE
DESKTOP AND SQUID SERVER
(10.0.0.24) at a0:d3:c1:06:a5:c4 on bge0 THIS IS THE SQUID SERVER
Frame 8 and 9 is where I get my access denied.
No. Time Source Destination Protocol
Length Info
7 0.508041 68.71.212.158 10.0.0.23 TCP
3902 80→42794 [PSH, ACK] Seq=412 Ack=401 Win=65664 Len=1460
Frame 7: 3902 bytes on wire (31216 bits), 1500 bytes captured (12000 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:41:41.453922000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425652901.453922000 seconds
[Time delta from previous captured frame: 0.000118000 seconds]
[Time delta from previous displayed frame: 0.000118000 seconds]
[Time since reference or first frame: 0.508041000 seconds]
Frame Number: 7
Frame Length: 3902 bytes (31216 bits)
Capture Length: 1500 bytes (12000 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4), Dst:
CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Destination: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Source: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 68.71.212.158 (68.71.212.158), Dst:
10.0.0.23 (10.0.0.23)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00:
Not-ECT (Not ECN-Capable Transport))
Total Length: 1500
Identification: 0x2222 (8738)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x0000 [validation disabled]
Source: 68.71.212.158 (68.71.212.158)
Destination: 10.0.0.23 (10.0.0.23)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 80 (80), Dst Port: 42794 (42794),
Seq: 412, Ack: 401, Len: 1460
No. Time Source Destination Protocol
Length Info
8 0.508073 68.71.212.158 10.0.0.23 TCP
170 [TCP Previous segment not captured] [TCP segment of a reassembled
PDU]
Frame 8: 170 bytes on wire (1360 bits), 170 bytes captured (1360 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:41:41.453954000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425652901.453954000 seconds
[Time delta from previous captured frame: 0.000032000 seconds]
[Time delta from previous displayed frame: 0.000032000 seconds]
[Time since reference or first frame: 0.508073000 seconds]
Frame Number: 8
Frame Length: 170 bytes (1360 bits)
Capture Length: 170 bytes (1360 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags &&
!tcp.analysis.window_update]
Ethernet II, Src: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4), Dst:
CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Destination: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Source: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 68.71.212.158 (68.71.212.158), Dst:
10.0.0.23 (10.0.0.23)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00:
Not-ECT (Not ECN-Capable Transport))
Total Length: 156
Identification: 0x2223 (8739)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x0000 [validation disabled]
Source: 68.71.212.158 (68.71.212.158)
Destination: 10.0.0.23 (10.0.0.23)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 80 (80), Dst Port: 42794 (42794),
Seq: 4260, Ack: 401, Len: 116
No. Time Source Destination Protocol
Length Info
9 0.508835 10.0.0.23 68.71.212.158 TCP
60 [TCP ACKed unseen segment] 42794→80 [ACK] Seq=401 Ack=3332 Win=65536
Len=0
Frame 9: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:41:41.454716000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425652901.454716000 seconds
[Time delta from previous captured frame: 0.000762000 seconds]
[Time delta from previous displayed frame: 0.000762000 seconds]
[Time since reference or first frame: 0.508835000 seconds]
Frame Number: 9
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags &&
!tcp.analysis.window_update]
Ethernet II, Src: Cisco_63:77:81 (88:5a:92:63:77:81), Dst:
HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Destination: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Source: Cisco_63:77:81 (88:5a:92:63:77:81)
Type: IP (0x0800)
Padding: aaaa0000aaaa
Internet Protocol Version 4, Src: 10.0.0.23 (10.0.0.23), Dst: 68.71.212.158
(68.71.212.158)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00:
Not-ECT (Not ECN-Capable Transport))
Total Length: 40
Identification: 0x572a (22314)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 127
Protocol: TCP (6)
Header checksum: 0x81a9 [validation disabled]
Source: 10.0.0.23 (10.0.0.23)
Destination: 68.71.212.158 (68.71.212.158)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 42794 (42794), Dst Port: 80 (80),
Seq: 401, Ack: 3332, Len: 0
On Fri, Mar 6, 2015 at 8:57 AM, Antony Stone <
Antony.Stone at squid.open.source.it> wrote:
> On Friday 06 March 2015 at 14:50:50 (EU time), Monah Baki wrote:
>
> > http://wiki.squid-cache.org/ConfigExamples/Intercept/FreeBsdPf
> >
> > So something else is missing?
>
> Can you run a packet sniffer on the proxy, to see what packets come in
> (noting
> the MAC address of the previous hop), what packets go out (to what
> address/es), and whether they then seem to come back in again (and if so,
> from
> which MAC address)?
>
> That might give you a clue as to where the forwarding loop is being
> created.
>
>
> Regards,
>
>
> Antony.
>
> --
> How I want a drink, alcoholic of course, after the heavy chapters involving
> quantum mechanics.
>
> - mnemonic for 3.14159265358979
>
> Please reply to the
> list;
> please *don't* CC
> me.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150306/9550eaf1/attachment-0001.html>
-------------- next part --------------
No. Time Source Destination Protocol Length Info
1 0.000000 10.0.0.23 68.71.212.158 TCP 66 42794→80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
Frame 1: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:41:40.945881000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425652900.945881000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 66 bytes (528 bits)
Capture Length: 66 bytes (528 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: Cisco_63:77:81 (88:5a:92:63:77:81), Dst: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Destination: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Source: Cisco_63:77:81 (88:5a:92:63:77:81)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 10.0.0.23 (10.0.0.23), Dst: 68.71.212.158 (68.71.212.158)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 52
Identification: 0x5725 (22309)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 127
Protocol: TCP (6)
Header checksum: 0x81a2 [validation disabled]
Source: 10.0.0.23 (10.0.0.23)
Destination: 68.71.212.158 (68.71.212.158)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 42794 (42794), Dst Port: 80 (80), Seq: 0, Len: 0
No. Time Source Destination Protocol Length Info
2 0.000033 68.71.212.158 10.0.0.23 TCP 66 80→42794 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1460 WS=64 SACK_PERM=1
Frame 2: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:41:40.945914000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425652900.945914000 seconds
[Time delta from previous captured frame: 0.000033000 seconds]
[Time delta from previous displayed frame: 0.000033000 seconds]
[Time since reference or first frame: 0.000033000 seconds]
Frame Number: 2
Frame Length: 66 bytes (528 bits)
Capture Length: 66 bytes (528 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4), Dst: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Destination: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Source: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 68.71.212.158 (68.71.212.158), Dst: 10.0.0.23 (10.0.0.23)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 52
Identification: 0x2214 (8724)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x0000 [validation disabled]
Source: 68.71.212.158 (68.71.212.158)
Destination: 10.0.0.23 (10.0.0.23)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 80 (80), Dst Port: 42794 (42794), Seq: 0, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
3 0.000795 10.0.0.23 68.71.212.158 TCP 60 42794→80 [ACK] Seq=1 Ack=1 Win=65536 Len=0
Frame 3: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:41:40.946676000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425652900.946676000 seconds
[Time delta from previous captured frame: 0.000762000 seconds]
[Time delta from previous displayed frame: 0.000762000 seconds]
[Time since reference or first frame: 0.000795000 seconds]
Frame Number: 3
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: Cisco_63:77:81 (88:5a:92:63:77:81), Dst: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Destination: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Source: Cisco_63:77:81 (88:5a:92:63:77:81)
Type: IP (0x0800)
Padding: aaaa0000aaaa
Internet Protocol Version 4, Src: 10.0.0.23 (10.0.0.23), Dst: 68.71.212.158 (68.71.212.158)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 40
Identification: 0x5726 (22310)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 127
Protocol: TCP (6)
Header checksum: 0x81ad [validation disabled]
Source: 10.0.0.23 (10.0.0.23)
Destination: 68.71.212.158 (68.71.212.158)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 42794 (42794), Dst Port: 80 (80), Seq: 1, Ack: 1, Len: 0
No. Time Source Destination Protocol Length Info
4 0.337285 10.0.0.23 68.71.212.158 HTTP 454 GET / HTTP/1.1
Frame 4: 454 bytes on wire (3632 bits), 454 bytes captured (3632 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:41:41.283166000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425652901.283166000 seconds
[Time delta from previous captured frame: 0.336490000 seconds]
[Time delta from previous displayed frame: 0.336490000 seconds]
[Time since reference or first frame: 0.337285000 seconds]
Frame Number: 4
Frame Length: 454 bytes (3632 bits)
Capture Length: 454 bytes (3632 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:http]
[Number of per-protocol-data: 1]
[Hypertext Transfer Protocol, key 0]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: Cisco_63:77:81 (88:5a:92:63:77:81), Dst: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Destination: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Source: Cisco_63:77:81 (88:5a:92:63:77:81)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 10.0.0.23 (10.0.0.23), Dst: 68.71.212.158 (68.71.212.158)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 440
Identification: 0x5729 (22313)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 127
Protocol: TCP (6)
Header checksum: 0x801a [validation disabled]
Source: 10.0.0.23 (10.0.0.23)
Destination: 68.71.212.158 (68.71.212.158)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 42794 (42794), Dst Port: 80 (80), Seq: 1, Ack: 1, Len: 400
Hypertext Transfer Protocol
No. Time Source Destination Protocol Length Info
5 0.443213 68.71.212.158 10.0.0.23 TCP 54 80→42794 [ACK] Seq=1 Ack=401 Win=65664 Len=0
Frame 5: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:41:41.389094000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425652901.389094000 seconds
[Time delta from previous captured frame: 0.105928000 seconds]
[Time delta from previous displayed frame: 0.105928000 seconds]
[Time since reference or first frame: 0.443213000 seconds]
Frame Number: 5
Frame Length: 54 bytes (432 bits)
Capture Length: 54 bytes (432 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4), Dst: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Destination: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Source: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 68.71.212.158 (68.71.212.158), Dst: 10.0.0.23 (10.0.0.23)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 40
Identification: 0x2219 (8729)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x0000 [validation disabled]
Source: 68.71.212.158 (68.71.212.158)
Destination: 10.0.0.23 (10.0.0.23)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 80 (80), Dst Port: 42794 (42794), Seq: 1, Ack: 401, Len: 0
No. Time Source Destination Protocol Length Info
6 0.507923 68.71.212.158 10.0.0.23 TCP 465 [TCP segment of a reassembled PDU]
Frame 6: 465 bytes on wire (3720 bits), 465 bytes captured (3720 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:41:41.453804000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425652901.453804000 seconds
[Time delta from previous captured frame: 0.064710000 seconds]
[Time delta from previous displayed frame: 0.064710000 seconds]
[Time since reference or first frame: 0.507923000 seconds]
Frame Number: 6
Frame Length: 465 bytes (3720 bits)
Capture Length: 465 bytes (3720 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4), Dst: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Destination: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Source: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 68.71.212.158 (68.71.212.158), Dst: 10.0.0.23 (10.0.0.23)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 451
Identification: 0x2221 (8737)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x0000 [validation disabled]
Source: 68.71.212.158 (68.71.212.158)
Destination: 10.0.0.23 (10.0.0.23)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 80 (80), Dst Port: 42794 (42794), Seq: 1, Ack: 401, Len: 411
No. Time Source Destination Protocol Length Info
7 0.508041 68.71.212.158 10.0.0.23 TCP 3902 80→42794 [PSH, ACK] Seq=412 Ack=401 Win=65664 Len=1460
Frame 7: 3902 bytes on wire (31216 bits), 1500 bytes captured (12000 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:41:41.453922000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425652901.453922000 seconds
[Time delta from previous captured frame: 0.000118000 seconds]
[Time delta from previous displayed frame: 0.000118000 seconds]
[Time since reference or first frame: 0.508041000 seconds]
Frame Number: 7
Frame Length: 3902 bytes (31216 bits)
Capture Length: 1500 bytes (12000 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4), Dst: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Destination: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Source: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 68.71.212.158 (68.71.212.158), Dst: 10.0.0.23 (10.0.0.23)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 1500
Identification: 0x2222 (8738)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x0000 [validation disabled]
Source: 68.71.212.158 (68.71.212.158)
Destination: 10.0.0.23 (10.0.0.23)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 80 (80), Dst Port: 42794 (42794), Seq: 412, Ack: 401, Len: 1460
No. Time Source Destination Protocol Length Info
8 0.508073 68.71.212.158 10.0.0.23 TCP 170 [TCP Previous segment not captured] [TCP segment of a reassembled PDU]
Frame 8: 170 bytes on wire (1360 bits), 170 bytes captured (1360 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:41:41.453954000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425652901.453954000 seconds
[Time delta from previous captured frame: 0.000032000 seconds]
[Time delta from previous displayed frame: 0.000032000 seconds]
[Time since reference or first frame: 0.508073000 seconds]
Frame Number: 8
Frame Length: 170 bytes (1360 bits)
Capture Length: 170 bytes (1360 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags && !tcp.analysis.window_update]
Ethernet II, Src: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4), Dst: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Destination: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Source: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 68.71.212.158 (68.71.212.158), Dst: 10.0.0.23 (10.0.0.23)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 156
Identification: 0x2223 (8739)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x0000 [validation disabled]
Source: 68.71.212.158 (68.71.212.158)
Destination: 10.0.0.23 (10.0.0.23)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 80 (80), Dst Port: 42794 (42794), Seq: 4260, Ack: 401, Len: 116
No. Time Source Destination Protocol Length Info
9 0.508835 10.0.0.23 68.71.212.158 TCP 60 [TCP ACKed unseen segment] 42794→80 [ACK] Seq=401 Ack=3332 Win=65536 Len=0
Frame 9: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:41:41.454716000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425652901.454716000 seconds
[Time delta from previous captured frame: 0.000762000 seconds]
[Time delta from previous displayed frame: 0.000762000 seconds]
[Time since reference or first frame: 0.508835000 seconds]
Frame Number: 9
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags && !tcp.analysis.window_update]
Ethernet II, Src: Cisco_63:77:81 (88:5a:92:63:77:81), Dst: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Destination: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Source: Cisco_63:77:81 (88:5a:92:63:77:81)
Type: IP (0x0800)
Padding: aaaa0000aaaa
Internet Protocol Version 4, Src: 10.0.0.23 (10.0.0.23), Dst: 68.71.212.158 (68.71.212.158)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 40
Identification: 0x572a (22314)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 127
Protocol: TCP (6)
Header checksum: 0x81a9 [validation disabled]
Source: 10.0.0.23 (10.0.0.23)
Destination: 68.71.212.158 (68.71.212.158)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 42794 (42794), Dst Port: 80 (80), Seq: 401, Ack: 3332, Len: 0
No. Time Source Destination Protocol Length Info
10 0.509139 10.0.0.23 68.71.212.158 TCP 60 42794→80 [ACK] Seq=401 Ack=4376 Win=64512 Len=0
Frame 10: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:41:41.455020000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425652901.455020000 seconds
[Time delta from previous captured frame: 0.000304000 seconds]
[Time delta from previous displayed frame: 0.000304000 seconds]
[Time since reference or first frame: 0.509139000 seconds]
Frame Number: 10
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: Cisco_63:77:81 (88:5a:92:63:77:81), Dst: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Destination: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Source: Cisco_63:77:81 (88:5a:92:63:77:81)
Type: IP (0x0800)
Padding: aaaa0000aaaa
Internet Protocol Version 4, Src: 10.0.0.23 (10.0.0.23), Dst: 68.71.212.158 (68.71.212.158)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 40
Identification: 0x572b (22315)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 127
Protocol: TCP (6)
Header checksum: 0x81a8 [validation disabled]
Source: 10.0.0.23 (10.0.0.23)
Destination: 68.71.212.158 (68.71.212.158)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 42794 (42794), Dst Port: 80 (80), Seq: 401, Ack: 4376, Len: 0
No. Time Source Destination Protocol Length Info
11 1.002814 10.0.0.23 68.71.212.158 HTTP 394 GET /favicon.ico HTTP/1.1
Frame 11: 394 bytes on wire (3152 bits), 394 bytes captured (3152 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:41:41.948695000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425652901.948695000 seconds
[Time delta from previous captured frame: 0.493675000 seconds]
[Time delta from previous displayed frame: 0.493675000 seconds]
[Time since reference or first frame: 1.002814000 seconds]
Frame Number: 11
Frame Length: 394 bytes (3152 bits)
Capture Length: 394 bytes (3152 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:http]
[Number of per-protocol-data: 1]
[Hypertext Transfer Protocol, key 0]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: Cisco_63:77:81 (88:5a:92:63:77:81), Dst: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Destination: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Source: Cisco_63:77:81 (88:5a:92:63:77:81)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 10.0.0.23 (10.0.0.23), Dst: 68.71.212.158 (68.71.212.158)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 380
Identification: 0x572c (22316)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 127
Protocol: TCP (6)
Header checksum: 0x8053 [validation disabled]
Source: 10.0.0.23 (10.0.0.23)
Destination: 68.71.212.158 (68.71.212.158)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 42794 (42794), Dst Port: 80 (80), Seq: 401, Ack: 4376, Len: 340
Hypertext Transfer Protocol
No. Time Source Destination Protocol Length Info
12 1.004457 68.71.212.158 10.0.0.23 TCP 465 [TCP segment of a reassembled PDU]
Frame 12: 465 bytes on wire (3720 bits), 465 bytes captured (3720 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:41:41.950338000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425652901.950338000 seconds
[Time delta from previous captured frame: 0.001643000 seconds]
[Time delta from previous displayed frame: 0.001643000 seconds]
[Time since reference or first frame: 1.004457000 seconds]
Frame Number: 12
Frame Length: 465 bytes (3720 bits)
Capture Length: 465 bytes (3720 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4), Dst: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Destination: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Source: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 68.71.212.158 (68.71.212.158), Dst: 10.0.0.23 (10.0.0.23)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 451
Identification: 0x222f (8751)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x0000 [validation disabled]
Source: 68.71.212.158 (68.71.212.158)
Destination: 10.0.0.23 (10.0.0.23)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 80 (80), Dst Port: 42794 (42794), Seq: 4376, Ack: 741, Len: 411
No. Time Source Destination Protocol Length Info
13 1.004557 68.71.212.158 10.0.0.23 TCP 3902 80→42794 [PSH, ACK] Seq=4787 Ack=741 Win=65664 Len=1460
Frame 13: 3902 bytes on wire (31216 bits), 1500 bytes captured (12000 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:41:41.950438000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425652901.950438000 seconds
[Time delta from previous captured frame: 0.000100000 seconds]
[Time delta from previous displayed frame: 0.000100000 seconds]
[Time since reference or first frame: 1.004557000 seconds]
Frame Number: 13
Frame Length: 3902 bytes (31216 bits)
Capture Length: 1500 bytes (12000 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp:http]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4), Dst: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Destination: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Source: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 68.71.212.158 (68.71.212.158), Dst: 10.0.0.23 (10.0.0.23)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 1500
Identification: 0x2230 (8752)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x0000 [validation disabled]
Source: 68.71.212.158 (68.71.212.158)
Destination: 10.0.0.23 (10.0.0.23)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 80 (80), Dst Port: 42794 (42794), Seq: 4787, Ack: 741, Len: 1460
No. Time Source Destination Protocol Length Info
14 1.004588 68.71.212.158 10.0.0.23 TCP 116 [TCP Previous segment not captured] [TCP segment of a reassembled PDU]
Frame 14: 116 bytes on wire (928 bits), 116 bytes captured (928 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:41:41.950469000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425652901.950469000 seconds
[Time delta from previous captured frame: 0.000031000 seconds]
[Time delta from previous displayed frame: 0.000031000 seconds]
[Time since reference or first frame: 1.004588000 seconds]
Frame Number: 14
Frame Length: 116 bytes (928 bits)
Capture Length: 116 bytes (928 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags && !tcp.analysis.window_update]
Ethernet II, Src: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4), Dst: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Destination: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Source: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 68.71.212.158 (68.71.212.158), Dst: 10.0.0.23 (10.0.0.23)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 102
Identification: 0x2231 (8753)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x0000 [validation disabled]
Source: 68.71.212.158 (68.71.212.158)
Destination: 10.0.0.23 (10.0.0.23)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 80 (80), Dst Port: 42794 (42794), Seq: 8635, Ack: 741, Len: 62
No. Time Source Destination Protocol Length Info
15 1.008653 10.0.0.23 68.71.212.158 TCP 60 [TCP ACKed unseen segment] 42794→80 [ACK] Seq=741 Ack=8697 Win=65536 Len=0
Frame 15: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:41:41.954534000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425652901.954534000 seconds
[Time delta from previous captured frame: 0.004065000 seconds]
[Time delta from previous displayed frame: 0.004065000 seconds]
[Time since reference or first frame: 1.008653000 seconds]
Frame Number: 15
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: Bad TCP]
[Coloring Rule String: tcp.analysis.flags && !tcp.analysis.window_update]
Ethernet II, Src: Cisco_63:77:81 (88:5a:92:63:77:81), Dst: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Destination: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Source: Cisco_63:77:81 (88:5a:92:63:77:81)
Type: IP (0x0800)
Padding: aaaa0000aaaa
Internet Protocol Version 4, Src: 10.0.0.23 (10.0.0.23), Dst: 68.71.212.158 (68.71.212.158)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 40
Identification: 0x572d (22317)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 127
Protocol: TCP (6)
Header checksum: 0x81a6 [validation disabled]
Source: 10.0.0.23 (10.0.0.23)
Destination: 68.71.212.158 (68.71.212.158)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 42794 (42794), Dst Port: 80 (80), Seq: 741, Ack: 8697, Len: 0
No. Time Source Destination Protocol Length Info
16 120.557393 68.71.212.158 10.0.0.23 TCP 54 80→42794 [FIN, ACK] Seq=8697 Ack=741 Win=65664 Len=0
Frame 16: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:43:41.503274000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425653021.503274000 seconds
[Time delta from previous captured frame: 119.548740000 seconds]
[Time delta from previous displayed frame: 119.548740000 seconds]
[Time since reference or first frame: 120.557393000 seconds]
Frame Number: 16
Frame Length: 54 bytes (432 bits)
Capture Length: 54 bytes (432 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4), Dst: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Destination: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Source: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 68.71.212.158 (68.71.212.158), Dst: 10.0.0.23 (10.0.0.23)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 40
Identification: 0x24c6 (9414)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x0000 [validation disabled]
Source: 68.71.212.158 (68.71.212.158)
Destination: 10.0.0.23 (10.0.0.23)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 80 (80), Dst Port: 42794 (42794), Seq: 8697, Ack: 741, Len: 0
No. Time Source Destination Protocol Length Info
17 120.557857 10.0.0.23 68.71.212.158 TCP 60 42794→80 [ACK] Seq=741 Ack=8698 Win=65536 Len=0
Frame 17: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:43:41.503738000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425653021.503738000 seconds
[Time delta from previous captured frame: 0.000464000 seconds]
[Time delta from previous displayed frame: 0.000464000 seconds]
[Time since reference or first frame: 120.557857000 seconds]
Frame Number: 17
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: Cisco_63:77:81 (88:5a:92:63:77:81), Dst: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Destination: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Source: Cisco_63:77:81 (88:5a:92:63:77:81)
Type: IP (0x0800)
Padding: aaaa0000aaaa
Internet Protocol Version 4, Src: 10.0.0.23 (10.0.0.23), Dst: 68.71.212.158 (68.71.212.158)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 40
Identification: 0x5730 (22320)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 127
Protocol: TCP (6)
Header checksum: 0x81a3 [validation disabled]
Source: 10.0.0.23 (10.0.0.23)
Destination: 68.71.212.158 (68.71.212.158)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 42794 (42794), Dst Port: 80 (80), Seq: 741, Ack: 8698, Len: 0
No. Time Source Destination Protocol Length Info
18 125.054542 10.0.0.23 68.71.212.158 TCP 60 42794→80 [FIN, ACK] Seq=741 Ack=8698 Win=65536 Len=0
Frame 18: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:43:46.000423000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425653026.000423000 seconds
[Time delta from previous captured frame: 4.496685000 seconds]
[Time delta from previous displayed frame: 4.496685000 seconds]
[Time since reference or first frame: 125.054542000 seconds]
Frame Number: 18
Frame Length: 60 bytes (480 bits)
Capture Length: 60 bytes (480 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: Cisco_63:77:81 (88:5a:92:63:77:81), Dst: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Destination: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Source: Cisco_63:77:81 (88:5a:92:63:77:81)
Type: IP (0x0800)
Padding: aaaa0000aaaa
Internet Protocol Version 4, Src: 10.0.0.23 (10.0.0.23), Dst: 68.71.212.158 (68.71.212.158)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 40
Identification: 0x5731 (22321)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 127
Protocol: TCP (6)
Header checksum: 0x81a2 [validation disabled]
Source: 10.0.0.23 (10.0.0.23)
Destination: 68.71.212.158 (68.71.212.158)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 42794 (42794), Dst Port: 80 (80), Seq: 741, Ack: 8698, Len: 0
No. Time Source Destination Protocol Length Info
19 125.054560 68.71.212.158 10.0.0.23 TCP 54 80→42794 [ACK] Seq=8698 Ack=742 Win=65664 Len=0
Frame 19: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 6, 2015 09:43:46.000441000 Eastern Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1425653026.000441000 seconds
[Time delta from previous captured frame: 0.000018000 seconds]
[Time delta from previous displayed frame: 0.000018000 seconds]
[Time since reference or first frame: 125.054560000 seconds]
Frame Number: 19
Frame Length: 54 bytes (432 bits)
Capture Length: 54 bytes (432 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: HTTP]
[Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4), Dst: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Destination: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
Source: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 68.71.212.158 (68.71.212.158), Dst: 10.0.0.23 (10.0.0.23)
Version: 4
Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
Total Length: 40
Identification: 0x252e (9518)
Flags: 0x02 (Don't Fragment)
Fragment offset: 0
Time to live: 64
Protocol: TCP (6)
Header checksum: 0x0000 [validation disabled]
Source: 68.71.212.158 (68.71.212.158)
Destination: 10.0.0.23 (10.0.0.23)
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 80 (80), Dst Port: 42794 (42794), Seq: 8698, Ack: 742, Len: 0
More information about the squid-users
mailing list