No. Time Source Destination Protocol Length Info 19 4.135747 192.168.101.14 80.70.173.20 TCP 54 9269 > https [ACK] Seq=693 Ack=4258 Win=65535 Len=0 Frame 19: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Ethernet II, Src: Vmware_ae:59:1c (00:0c:29:ae:59:1c), Dst: Avm_21:b1:7f (c0:25:06:21:b1:7f) Internet Protocol Version 4, Src: 192.168.101.14 (192.168.101.14), Dst: 80.70.173.20 (80.70.173.20) Transmission Control Protocol, Src Port: 9269 (9269), Dst Port: https (443), Seq: 693, Ack: 4258, Len: 0 Source port: 9269 (9269) Destination port: https (443) [Stream index: 0] Sequence number: 693 (relative sequence number) Acknowledgement number: 4258 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 65535 [Calculated window size: 65535] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0x232c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] No. Time Source Destination Protocol Length Info 20 4.152805 192.168.101.14 80.70.173.20 TCP 54 9269 > https [FIN, ACK] Seq=693 Ack=4258 Win=65535 Len=0 Frame 20: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Ethernet II, Src: Vmware_ae:59:1c (00:0c:29:ae:59:1c), Dst: Avm_21:b1:7f (c0:25:06:21:b1:7f) Internet Protocol Version 4, Src: 192.168.101.14 (192.168.101.14), Dst: 80.70.173.20 (80.70.173.20) Transmission Control Protocol, Src Port: 9269 (9269), Dst Port: https (443), Seq: 693, Ack: 4258, Len: 0 Source port: 9269 (9269) Destination port: https (443) [Stream index: 0] Sequence number: 693 (relative sequence number) Acknowledgement number: 4258 (relative ack number) Header length: 20 bytes Flags: 0x11 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Message: Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] Window size value: 65535 [Calculated window size: 65535] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0x232c [validation disabled] [Good Checksum: False] [Bad Checksum: False] No. Time Source Destination Protocol Length Info 21 4.178582 80.70.173.20 192.168.101.14 TCP 60 https > 9269 [ACK] Seq=4258 Ack=694 Win=64843 Len=0 Frame 21: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: Avm_21:b1:7f (c0:25:06:21:b1:7f), Dst: Vmware_ae:59:1c (00:0c:29:ae:59:1c) Internet Protocol Version 4, Src: 80.70.173.20 (80.70.173.20), Dst: 192.168.101.14 (192.168.101.14) Transmission Control Protocol, Src Port: https (443), Dst Port: 9269 (9269), Seq: 4258, Ack: 694, Len: 0 Source port: https (443) Destination port: 9269 (9269) [Stream index: 0] Sequence number: 4258 (relative sequence number) Acknowledgement number: 694 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 64843 [Calculated window size: 64843] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xc696 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] No. Time Source Destination Protocol Length Info 22 4.178746 80.70.173.20 192.168.101.14 TCP 60 https > 9269 [FIN, ACK] Seq=4258 Ack=694 Win=64843 Len=0 Frame 22: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: Avm_21:b1:7f (c0:25:06:21:b1:7f), Dst: Vmware_ae:59:1c (00:0c:29:ae:59:1c) Internet Protocol Version 4, Src: 80.70.173.20 (80.70.173.20), Dst: 192.168.101.14 (192.168.101.14) Transmission Control Protocol, Src Port: https (443), Dst Port: 9269 (9269), Seq: 4258, Ack: 694, Len: 0 Source port: https (443) Destination port: 9269 (9269) [Stream index: 0] Sequence number: 4258 (relative sequence number) Acknowledgement number: 694 (relative ack number) Header length: 20 bytes Flags: 0x11 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Message: Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] Window size value: 64843 [Calculated window size: 64843] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xc695 [validation disabled] [Good Checksum: False] [Bad Checksum: False] No. Time Source Destination Protocol Length Info 23 4.178765 192.168.101.14 80.70.173.20 TCP 54 9269 > https [ACK] Seq=694 Ack=4259 Win=65535 Len=0 Frame 23: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Ethernet II, Src: Vmware_ae:59:1c (00:0c:29:ae:59:1c), Dst: Avm_21:b1:7f (c0:25:06:21:b1:7f) Internet Protocol Version 4, Src: 192.168.101.14 (192.168.101.14), Dst: 80.70.173.20 (80.70.173.20) Transmission Control Protocol, Src Port: 9269 (9269), Dst Port: https (443), Seq: 694, Ack: 4259, Len: 0 Source port: 9269 (9269) Destination port: https (443) [Stream index: 0] Sequence number: 694 (relative sequence number) Acknowledgement number: 4259 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 65535 [Calculated window size: 65535] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0x232c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] No. Time Source Destination Protocol Length Info 24 5.017017 Netronix_a6:fd:09 Broadcast ARP 60 Who has 192.168.101.100? Tell 192.168.101.234 Frame 24: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: Netronix_a6:fd:09 (00:08:54:a6:fd:09), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Address Resolution Protocol (request) No. Time Source Destination Protocol Length Info 25 6.321889 192.168.101.3 192.168.101.14 SMB 134 Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path: Frame 25: 134 bytes on wire (1072 bits), 134 bytes captured (1072 bits) Ethernet II, Src: D-Link_e7:9b:b5 (00:21:91:e7:9b:b5), Dst: Vmware_ae:59:1c (00:0c:29:ae:59:1c) Internet Protocol Version 4, Src: 192.168.101.3 (192.168.101.3), Dst: 192.168.101.14 (192.168.101.14) Transmission Control Protocol, Src Port: fc-cli (1371), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 80 Source port: fc-cli (1371) Destination port: microsoft-ds (445) [Stream index: 1] Sequence number: 1 (relative sequence number) [Next sequence number: 81 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 63595 [Calculated window size: 63595] [Window size scaling factor: -1 (unknown)] Checksum: 0x0aaf [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 26 6.322441 192.168.101.14 192.168.101.3 SMB 158 Trans2 Response, QUERY_PATH_INFO Frame 26: 158 bytes on wire (1264 bits), 158 bytes captured (1264 bits) Ethernet II, Src: Vmware_ae:59:1c (00:0c:29:ae:59:1c), Dst: D-Link_e7:9b:b5 (00:21:91:e7:9b:b5) Internet Protocol Version 4, Src: 192.168.101.14 (192.168.101.14), Dst: 192.168.101.3 (192.168.101.3) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: fc-cli (1371), Seq: 1, Ack: 81, Len: 104 Source port: microsoft-ds (445) Destination port: fc-cli (1371) [Stream index: 1] Sequence number: 1 (relative sequence number) [Next sequence number: 105 (relative sequence number)] Acknowledgement number: 81 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 64559 [Calculated window size: 64559] [Window size scaling factor: -1 (unknown)] Checksum: 0x4be5 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 27 6.322930 192.168.101.3 192.168.101.14 SMB 128 Trans2 Request, QUERY_FS_INFO, Query FS Volume Info Frame 27: 128 bytes on wire (1024 bits), 128 bytes captured (1024 bits) Ethernet II, Src: D-Link_e7:9b:b5 (00:21:91:e7:9b:b5), Dst: Vmware_ae:59:1c (00:0c:29:ae:59:1c) Internet Protocol Version 4, Src: 192.168.101.3 (192.168.101.3), Dst: 192.168.101.14 (192.168.101.14) Transmission Control Protocol, Src Port: fc-cli (1371), Dst Port: microsoft-ds (445), Seq: 81, Ack: 105, Len: 74 Source port: fc-cli (1371) Destination port: microsoft-ds (445) [Stream index: 1] Sequence number: 81 (relative sequence number) [Next sequence number: 155 (relative sequence number)] Acknowledgement number: 105 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 63491 [Calculated window size: 63491] [Window size scaling factor: -1 (unknown)] Checksum: 0xb27b [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 28 6.323018 192.168.101.14 192.168.101.3 SMB 150 Trans2 Response, QUERY_FS_INFO Frame 28: 150 bytes on wire (1200 bits), 150 bytes captured (1200 bits) Ethernet II, Src: Vmware_ae:59:1c (00:0c:29:ae:59:1c), Dst: D-Link_e7:9b:b5 (00:21:91:e7:9b:b5) Internet Protocol Version 4, Src: 192.168.101.14 (192.168.101.14), Dst: 192.168.101.3 (192.168.101.3) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: fc-cli (1371), Seq: 105, Ack: 155, Len: 96 Source port: microsoft-ds (445) Destination port: fc-cli (1371) [Stream index: 1] Sequence number: 105 (relative sequence number) [Next sequence number: 201 (relative sequence number)] Acknowledgement number: 155 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 64485 [Calculated window size: 64485] [Window size scaling factor: -1 (unknown)] Checksum: 0x4bdd [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 29 6.323272 192.168.101.3 192.168.101.14 SMB 128 Trans2 Request, QUERY_FS_INFO, Query FS Attribute Info Frame 29: 128 bytes on wire (1024 bits), 128 bytes captured (1024 bits) Ethernet II, Src: D-Link_e7:9b:b5 (00:21:91:e7:9b:b5), Dst: Vmware_ae:59:1c (00:0c:29:ae:59:1c) Internet Protocol Version 4, Src: 192.168.101.3 (192.168.101.3), Dst: 192.168.101.14 (192.168.101.14) Transmission Control Protocol, Src Port: fc-cli (1371), Dst Port: microsoft-ds (445), Seq: 155, Ack: 201, Len: 74 Source port: fc-cli (1371) Destination port: microsoft-ds (445) [Stream index: 1] Sequence number: 155 (relative sequence number) [Next sequence number: 229 (relative sequence number)] Acknowledgement number: 201 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 63395 [Calculated window size: 63395] [Window size scaling factor: -1 (unknown)] Checksum: 0x6f31 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 30 6.323330 192.168.101.14 192.168.101.3 SMB 134 Trans2 Response, QUERY_FS_INFO Frame 30: 134 bytes on wire (1072 bits), 134 bytes captured (1072 bits) Ethernet II, Src: Vmware_ae:59:1c (00:0c:29:ae:59:1c), Dst: D-Link_e7:9b:b5 (00:21:91:e7:9b:b5) Internet Protocol Version 4, Src: 192.168.101.14 (192.168.101.14), Dst: 192.168.101.3 (192.168.101.3) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: fc-cli (1371), Seq: 201, Ack: 229, Len: 80 Source port: microsoft-ds (445) Destination port: fc-cli (1371) [Stream index: 1] Sequence number: 201 (relative sequence number) [Next sequence number: 281 (relative sequence number)] Acknowledgement number: 229 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 64411 [Calculated window size: 64411] [Window size scaling factor: -1 (unknown)] Checksum: 0x4bcd [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 31 6.323766 192.168.101.3 192.168.101.14 SMB 128 Trans2 Request, QUERY_FS_INFO, Query FS Attribute Info Frame 31: 128 bytes on wire (1024 bits), 128 bytes captured (1024 bits) Ethernet II, Src: D-Link_e7:9b:b5 (00:21:91:e7:9b:b5), Dst: Vmware_ae:59:1c (00:0c:29:ae:59:1c) Internet Protocol Version 4, Src: 192.168.101.3 (192.168.101.3), Dst: 192.168.101.14 (192.168.101.14) Transmission Control Protocol, Src Port: fc-cli (1371), Dst Port: microsoft-ds (445), Seq: 229, Ack: 281, Len: 74 Source port: fc-cli (1371) Destination port: microsoft-ds (445) [Stream index: 1] Sequence number: 229 (relative sequence number) [Next sequence number: 303 (relative sequence number)] Acknowledgement number: 281 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 63315 [Calculated window size: 63315] [Window size scaling factor: -1 (unknown)] Checksum: 0x2ee7 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 32 6.323831 192.168.101.14 192.168.101.3 SMB 134 Trans2 Response, QUERY_FS_INFO Frame 32: 134 bytes on wire (1072 bits), 134 bytes captured (1072 bits) Ethernet II, Src: Vmware_ae:59:1c (00:0c:29:ae:59:1c), Dst: D-Link_e7:9b:b5 (00:21:91:e7:9b:b5) Internet Protocol Version 4, Src: 192.168.101.14 (192.168.101.14), Dst: 192.168.101.3 (192.168.101.3) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: fc-cli (1371), Seq: 281, Ack: 303, Len: 80 Source port: microsoft-ds (445) Destination port: fc-cli (1371) [Stream index: 1] Sequence number: 281 (relative sequence number) [Next sequence number: 361 (relative sequence number)] Acknowledgement number: 303 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 64337 [Calculated window size: 64337] [Window size scaling factor: -1 (unknown)] Checksum: 0x4bcd [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 33 6.600208 192.168.101.3 192.168.101.14 TCP 60 fc-cli > microsoft-ds [ACK] Seq=303 Ack=361 Win=63235 Len=0 Frame 33: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: D-Link_e7:9b:b5 (00:21:91:e7:9b:b5), Dst: Vmware_ae:59:1c (00:0c:29:ae:59:1c) Internet Protocol Version 4, Src: 192.168.101.3 (192.168.101.3), Dst: 192.168.101.14 (192.168.101.14) Transmission Control Protocol, Src Port: fc-cli (1371), Dst Port: microsoft-ds (445), Seq: 303, Ack: 361, Len: 0 Source port: fc-cli (1371) Destination port: microsoft-ds (445) [Stream index: 1] Sequence number: 303 (relative sequence number) Acknowledgement number: 361 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 63235 [Calculated window size: 63235] [Window size scaling factor: -1 (unknown)] Checksum: 0x8c9f [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] No. Time Source Destination Protocol Length Info 34 7.309953 Netronix_a6:fd:07 Broadcast ARP 60 Who has 192.168.101.100? Tell 192.168.101.235 Frame 34: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: Netronix_a6:fd:07 (00:08:54:a6:fd:07), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Address Resolution Protocol (request)