No. Time Source Destination Protocol Length Info 26 6.109743 192.168.101.14 80.70.173.20 TCP 54 8947 > https [ACK] Seq=747 Ack=3396 Win=64377 Len=0 Frame 26: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Ethernet II, Src: Vmware_ae:59:1c (00:0c:29:ae:59:1c), Dst: Avm_21:b1:7f (c0:25:06:21:b1:7f) Internet Protocol Version 4, Src: 192.168.101.14 (192.168.101.14), Dst: 80.70.173.20 (80.70.173.20) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 40 Identification: 0x5d4b (23883) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x0000 [incorrect, should be 0x7a73 (maybe caused by "IP checksum offload"?)] [Good: False] [Bad: True] Source: 192.168.101.14 (192.168.101.14) Destination: 80.70.173.20 (80.70.173.20) Transmission Control Protocol, Src Port: 8947 (8947), Dst Port: https (443), Seq: 747, Ack: 3396, Len: 0 Source port: 8947 (8947) Destination port: https (443) [Stream index: 3] Sequence number: 747 (relative sequence number) Acknowledgement number: 3396 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 64377 [Calculated window size: 64377] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0x232c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 25] [The RTT to ACK the segment was: 0.256299000 seconds] No. Time Source Destination Protocol Length Info 27 6.711155 Netronix_45:17:aa Broadcast ARP 60 Who has 192.168.101.100? Tell 192.168.101.233 Frame 27: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: Netronix_45:17:aa (00:08:54:45:17:aa), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Address Resolution Protocol (request) No. Time Source Destination Protocol Length Info 28 7.688361 10.0.0.0 224.0.0.1 IGMP 60 V3 Membership Query, general Frame 28: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: Vmware_ae:59:1c (00:0c:29:ae:59:1c) Internet Protocol Version 4, Src: 10.0.0.0 (10.0.0.0), Dst: 224.0.0.1 (224.0.0.1) Version: 4 Header length: 24 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 36 Identification: 0x0000 (0) Flags: 0x00 Fragment offset: 0 Time to live: 1 Protocol: IGMP (2) Header checksum: 0x3ad3 [correct] [Good: True] [Bad: False] Source: 10.0.0.0 (10.0.0.0) Destination: 224.0.0.1 (224.0.0.1) Options: (4 bytes) Internet Group Management Protocol No. Time Source Destination Protocol Length Info 29 9.149713 Netronix_a6:fd:09 Broadcast ARP 60 Who has 192.168.101.100? Tell 192.168.101.234 Frame 29: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: Netronix_a6:fd:09 (00:08:54:a6:fd:09), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Address Resolution Protocol (request) No. Time Source Destination Protocol Length Info 30 10.034290 Netronix_a6:fd:07 Broadcast ARP 60 Who has 192.168.101.100? Tell 192.168.101.235 Frame 30: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: Netronix_a6:fd:07 (00:08:54:a6:fd:07), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Address Resolution Protocol (request) No. Time Source Destination Protocol Length Info 31 11.727989 Netronix_45:17:aa Broadcast ARP 60 Who has 192.168.101.100? Tell 192.168.101.233 Frame 31: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: Netronix_45:17:aa (00:08:54:45:17:aa), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Address Resolution Protocol (request) No. Time Source Destination Protocol Length Info 32 14.166946 Netronix_a6:fd:09 Broadcast ARP 60 Who has 192.168.101.100? Tell 192.168.101.234 Frame 32: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: Netronix_a6:fd:09 (00:08:54:a6:fd:09), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Address Resolution Protocol (request) No. Time Source Destination Protocol Length Info 33 15.051572 Netronix_a6:fd:07 Broadcast ARP 60 Who has 192.168.101.100? Tell 192.168.101.235 Frame 33: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: Netronix_a6:fd:07 (00:08:54:a6:fd:07), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Address Resolution Protocol (request) No. Time Source Destination Protocol Length Info 34 16.745208 Netronix_45:17:aa Broadcast ARP 60 Who has 192.168.101.100? Tell 192.168.101.233 Frame 34: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: Netronix_45:17:aa (00:08:54:45:17:aa), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Address Resolution Protocol (request) No. Time Source Destination Protocol Length Info 35 17.637208 192.168.101.3 192.168.101.14 SMB 134 Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path: Frame 35: 134 bytes on wire (1072 bits), 134 bytes captured (1072 bits) Ethernet II, Src: D-Link_e7:9b:b5 (00:21:91:e7:9b:b5), Dst: Vmware_ae:59:1c (00:0c:29:ae:59:1c) Internet Protocol Version 4, Src: 192.168.101.3 (192.168.101.3), Dst: 192.168.101.14 (192.168.101.14) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 120 Identification: 0xc48a (50314) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xea92 [correct] [Good: True] [Bad: False] Source: 192.168.101.3 (192.168.101.3) Destination: 192.168.101.14 (192.168.101.14) Transmission Control Protocol, Src Port: fc-cli (1371), Dst Port: microsoft-ds (445), Seq: 1, Ack: 1, Len: 80 Source port: fc-cli (1371) Destination port: microsoft-ds (445) [Stream index: 4] Sequence number: 1 (relative sequence number) [Next sequence number: 81 (relative sequence number)] Acknowledgement number: 1 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 64228 [Calculated window size: 64228] [Window size scaling factor: -1 (unknown)] Checksum: 0x36ea [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 80] NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 36 17.637587 192.168.101.14 192.168.101.3 SMB 158 Trans2 Response, QUERY_PATH_INFO Frame 36: 158 bytes on wire (1264 bits), 158 bytes captured (1264 bits) Ethernet II, Src: Vmware_ae:59:1c (00:0c:29:ae:59:1c), Dst: D-Link_e7:9b:b5 (00:21:91:e7:9b:b5) Internet Protocol Version 4, Src: 192.168.101.14 (192.168.101.14), Dst: 192.168.101.3 (192.168.101.3) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 144 Identification: 0x5e6c (24172) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x0000 [incorrect, should be 0x5099 (maybe caused by "IP checksum offload"?)] [Good: False] [Bad: True] Source: 192.168.101.14 (192.168.101.14) Destination: 192.168.101.3 (192.168.101.3) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: fc-cli (1371), Seq: 1, Ack: 81, Len: 104 Source port: microsoft-ds (445) Destination port: fc-cli (1371) [Stream index: 4] Sequence number: 1 (relative sequence number) [Next sequence number: 105 (relative sequence number)] Acknowledgement number: 81 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 64425 [Calculated window size: 64425] [Window size scaling factor: -1 (unknown)] Checksum: 0x4be5 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 35] [The RTT to ACK the segment was: 0.000379000 seconds] [Bytes in flight: 104] NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 37 17.637963 192.168.101.3 192.168.101.14 SMB 128 Trans2 Request, QUERY_FS_INFO, Query FS Volume Info Frame 37: 128 bytes on wire (1024 bits), 128 bytes captured (1024 bits) Ethernet II, Src: D-Link_e7:9b:b5 (00:21:91:e7:9b:b5), Dst: Vmware_ae:59:1c (00:0c:29:ae:59:1c) Internet Protocol Version 4, Src: 192.168.101.3 (192.168.101.3), Dst: 192.168.101.14 (192.168.101.14) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 114 Identification: 0xc48b (50315) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xea97 [correct] [Good: True] [Bad: False] Source: 192.168.101.3 (192.168.101.3) Destination: 192.168.101.14 (192.168.101.14) Transmission Control Protocol, Src Port: fc-cli (1371), Dst Port: microsoft-ds (445), Seq: 81, Ack: 105, Len: 74 Source port: fc-cli (1371) Destination port: microsoft-ds (445) [Stream index: 4] Sequence number: 81 (relative sequence number) [Next sequence number: 155 (relative sequence number)] Acknowledgement number: 105 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 64124 [Calculated window size: 64124] [Window size scaling factor: -1 (unknown)] Checksum: 0xdeb6 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 36] [The RTT to ACK the segment was: 0.000376000 seconds] [Bytes in flight: 74] NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 38 17.638066 192.168.101.14 192.168.101.3 SMB 150 Trans2 Response, QUERY_FS_INFO Frame 38: 150 bytes on wire (1200 bits), 150 bytes captured (1200 bits) Ethernet II, Src: Vmware_ae:59:1c (00:0c:29:ae:59:1c), Dst: D-Link_e7:9b:b5 (00:21:91:e7:9b:b5) Internet Protocol Version 4, Src: 192.168.101.14 (192.168.101.14), Dst: 192.168.101.3 (192.168.101.3) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 136 Identification: 0x5e6d (24173) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x0000 [incorrect, should be 0x50a0 (maybe caused by "IP checksum offload"?)] [Good: False] [Bad: True] Source: 192.168.101.14 (192.168.101.14) Destination: 192.168.101.3 (192.168.101.3) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: fc-cli (1371), Seq: 105, Ack: 155, Len: 96 Source port: microsoft-ds (445) Destination port: fc-cli (1371) [Stream index: 4] Sequence number: 105 (relative sequence number) [Next sequence number: 201 (relative sequence number)] Acknowledgement number: 155 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 64351 [Calculated window size: 64351] [Window size scaling factor: -1 (unknown)] Checksum: 0x4bdd [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 37] [The RTT to ACK the segment was: 0.000103000 seconds] [Bytes in flight: 96] NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 39 17.638343 192.168.101.3 192.168.101.14 SMB 128 Trans2 Request, QUERY_FS_INFO, Query FS Attribute Info Frame 39: 128 bytes on wire (1024 bits), 128 bytes captured (1024 bits) Ethernet II, Src: D-Link_e7:9b:b5 (00:21:91:e7:9b:b5), Dst: Vmware_ae:59:1c (00:0c:29:ae:59:1c) Internet Protocol Version 4, Src: 192.168.101.3 (192.168.101.3), Dst: 192.168.101.14 (192.168.101.14) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 114 Identification: 0xc48c (50316) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xea96 [correct] [Good: True] [Bad: False] Source: 192.168.101.3 (192.168.101.3) Destination: 192.168.101.14 (192.168.101.14) Transmission Control Protocol, Src Port: fc-cli (1371), Dst Port: microsoft-ds (445), Seq: 155, Ack: 201, Len: 74 Source port: fc-cli (1371) Destination port: microsoft-ds (445) [Stream index: 4] Sequence number: 155 (relative sequence number) [Next sequence number: 229 (relative sequence number)] Acknowledgement number: 201 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 64028 [Calculated window size: 64028] [Window size scaling factor: -1 (unknown)] Checksum: 0x9b6c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 38] [The RTT to ACK the segment was: 0.000277000 seconds] [Bytes in flight: 74] NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 40 17.638413 192.168.101.14 192.168.101.3 SMB 134 Trans2 Response, QUERY_FS_INFO Frame 40: 134 bytes on wire (1072 bits), 134 bytes captured (1072 bits) Ethernet II, Src: Vmware_ae:59:1c (00:0c:29:ae:59:1c), Dst: D-Link_e7:9b:b5 (00:21:91:e7:9b:b5) Internet Protocol Version 4, Src: 192.168.101.14 (192.168.101.14), Dst: 192.168.101.3 (192.168.101.3) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 120 Identification: 0x5e6e (24174) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x0000 [incorrect, should be 0x50af (maybe caused by "IP checksum offload"?)] [Good: False] [Bad: True] Source: 192.168.101.14 (192.168.101.14) Destination: 192.168.101.3 (192.168.101.3) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: fc-cli (1371), Seq: 201, Ack: 229, Len: 80 Source port: microsoft-ds (445) Destination port: fc-cli (1371) [Stream index: 4] Sequence number: 201 (relative sequence number) [Next sequence number: 281 (relative sequence number)] Acknowledgement number: 229 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 64277 [Calculated window size: 64277] [Window size scaling factor: -1 (unknown)] Checksum: 0x4bcd [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 39] [The RTT to ACK the segment was: 0.000070000 seconds] [Bytes in flight: 80] NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 41 17.638858 192.168.101.3 192.168.101.14 SMB 128 Trans2 Request, QUERY_FS_INFO, Query FS Attribute Info Frame 41: 128 bytes on wire (1024 bits), 128 bytes captured (1024 bits) Ethernet II, Src: D-Link_e7:9b:b5 (00:21:91:e7:9b:b5), Dst: Vmware_ae:59:1c (00:0c:29:ae:59:1c) Internet Protocol Version 4, Src: 192.168.101.3 (192.168.101.3), Dst: 192.168.101.14 (192.168.101.14) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 114 Identification: 0xc48d (50317) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xea95 [correct] [Good: True] [Bad: False] Source: 192.168.101.3 (192.168.101.3) Destination: 192.168.101.14 (192.168.101.14) Transmission Control Protocol, Src Port: fc-cli (1371), Dst Port: microsoft-ds (445), Seq: 229, Ack: 281, Len: 74 Source port: fc-cli (1371) Destination port: microsoft-ds (445) [Stream index: 4] Sequence number: 229 (relative sequence number) [Next sequence number: 303 (relative sequence number)] Acknowledgement number: 281 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 63948 [Calculated window size: 63948] [Window size scaling factor: -1 (unknown)] Checksum: 0x5b22 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 40] [The RTT to ACK the segment was: 0.000445000 seconds] [Bytes in flight: 74] NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 42 17.638917 192.168.101.14 192.168.101.3 SMB 134 Trans2 Response, QUERY_FS_INFO Frame 42: 134 bytes on wire (1072 bits), 134 bytes captured (1072 bits) Ethernet II, Src: Vmware_ae:59:1c (00:0c:29:ae:59:1c), Dst: D-Link_e7:9b:b5 (00:21:91:e7:9b:b5) Internet Protocol Version 4, Src: 192.168.101.14 (192.168.101.14), Dst: 192.168.101.3 (192.168.101.3) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 120 Identification: 0x5e6f (24175) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x0000 [incorrect, should be 0x50ae (maybe caused by "IP checksum offload"?)] [Good: False] [Bad: True] Source: 192.168.101.14 (192.168.101.14) Destination: 192.168.101.3 (192.168.101.3) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: fc-cli (1371), Seq: 281, Ack: 303, Len: 80 Source port: microsoft-ds (445) Destination port: fc-cli (1371) [Stream index: 4] Sequence number: 281 (relative sequence number) [Next sequence number: 361 (relative sequence number)] Acknowledgement number: 303 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 64203 [Calculated window size: 64203] [Window size scaling factor: -1 (unknown)] Checksum: 0x4bcd [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 41] [The RTT to ACK the segment was: 0.000059000 seconds] [Bytes in flight: 80] NetBIOS Session Service SMB (Server Message Block Protocol) No. Time Source Destination Protocol Length Info 43 17.779237 192.168.101.3 192.168.101.14 TCP 60 fc-cli > microsoft-ds [ACK] Seq=303 Ack=361 Win=63868 Len=0 Frame 43: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: D-Link_e7:9b:b5 (00:21:91:e7:9b:b5), Dst: Vmware_ae:59:1c (00:0c:29:ae:59:1c) Internet Protocol Version 4, Src: 192.168.101.3 (192.168.101.3), Dst: 192.168.101.14 (192.168.101.14) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 40 Identification: 0xc4bd (50365) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0xeaaf [correct] [Good: True] [Bad: False] Source: 192.168.101.3 (192.168.101.3) Destination: 192.168.101.14 (192.168.101.14) Transmission Control Protocol, Src Port: fc-cli (1371), Dst Port: microsoft-ds (445), Seq: 303, Ack: 361, Len: 0 Source port: fc-cli (1371) Destination port: microsoft-ds (445) [Stream index: 4] Sequence number: 303 (relative sequence number) Acknowledgement number: 361 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 63868 [Calculated window size: 63868] [Window size scaling factor: -1 (unknown)] Checksum: 0xf8b8 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 42] [The RTT to ACK the segment was: 0.140320000 seconds] No. Time Source Destination Protocol Length Info 44 19.686305 Netronix_a6:fd:09 Broadcast ARP 60 Who has 192.168.101.100? Tell 192.168.101.234 Frame 44: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: Netronix_a6:fd:09 (00:08:54:a6:fd:09), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Address Resolution Protocol (request) No. Time Source Destination Protocol Length Info 45 20.068841 Netronix_a6:fd:07 Broadcast ARP 60 Who has 192.168.101.100? Tell 192.168.101.235 Frame 45: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: Netronix_a6:fd:07 (00:08:54:a6:fd:07), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Address Resolution Protocol (request) No. Time Source Destination Protocol Length Info 46 20.572511 192.168.101.14 80.70.173.20 TLSv1 682 Application Data Frame 46: 682 bytes on wire (5456 bits), 682 bytes captured (5456 bits) Ethernet II, Src: Vmware_ae:59:1c (00:0c:29:ae:59:1c), Dst: Avm_21:b1:7f (c0:25:06:21:b1:7f) Internet Protocol Version 4, Src: 192.168.101.14 (192.168.101.14), Dst: 80.70.173.20 (80.70.173.20) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 668 Identification: 0x5eef (24303) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x0000 [incorrect, should be 0x765b (maybe caused by "IP checksum offload"?)] [Good: False] [Bad: True] Source: 192.168.101.14 (192.168.101.14) Destination: 80.70.173.20 (80.70.173.20) Transmission Control Protocol, Src Port: 8947 (8947), Dst Port: https (443), Seq: 747, Ack: 3396, Len: 628 Source port: 8947 (8947) Destination port: https (443) [Stream index: 3] Sequence number: 747 (relative sequence number) [Next sequence number: 1375 (relative sequence number)] Acknowledgement number: 3396 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 64377 [Calculated window size: 64377] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0x25a0 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [Bytes in flight: 628] Secure Sockets Layer No. Time Source Destination Protocol Length Info 47 20.783962 80.70.173.20 192.168.101.14 TLSv1 1043 Application Data Frame 47: 1043 bytes on wire (8344 bits), 1043 bytes captured (8344 bits) Ethernet II, Src: Avm_21:b1:7f (c0:25:06:21:b1:7f), Dst: Vmware_ae:59:1c (00:0c:29:ae:59:1c) Internet Protocol Version 4, Src: 80.70.173.20 (80.70.173.20), Dst: 192.168.101.14 (192.168.101.14) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 1029 Identification: 0x6121 (24865) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 118 Protocol: TCP (6) Header checksum: 0x7cc0 [correct] [Good: True] [Bad: False] Source: 80.70.173.20 (80.70.173.20) Destination: 192.168.101.14 (192.168.101.14) Transmission Control Protocol, Src Port: https (443), Dst Port: 8947 (8947), Seq: 3396, Ack: 1375, Len: 989 Source port: https (443) Destination port: 8947 (8947) [Stream index: 3] Sequence number: 3396 (relative sequence number) [Next sequence number: 4385 (relative sequence number)] Acknowledgement number: 1375 (relative ack number) Header length: 20 bytes Flags: 0x18 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 64161 [Calculated window size: 64161] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0x4620 [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 46] [The RTT to ACK the segment was: 0.211451000 seconds] [Bytes in flight: 989] Secure Sockets Layer No. Time Source Destination Protocol Length Info 48 20.973078 192.168.101.14 80.70.173.20 TCP 54 8947 > https [ACK] Seq=1375 Ack=4385 Win=65535 Len=0 Frame 48: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Ethernet II, Src: Vmware_ae:59:1c (00:0c:29:ae:59:1c), Dst: Avm_21:b1:7f (c0:25:06:21:b1:7f) Internet Protocol Version 4, Src: 192.168.101.14 (192.168.101.14), Dst: 80.70.173.20 (80.70.173.20) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 40 Identification: 0x5f12 (24338) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x0000 [incorrect, should be 0x78ac (maybe caused by "IP checksum offload"?)] [Good: False] [Bad: True] Source: 192.168.101.14 (192.168.101.14) Destination: 80.70.173.20 (80.70.173.20) Transmission Control Protocol, Src Port: 8947 (8947), Dst Port: https (443), Seq: 1375, Ack: 4385, Len: 0 Source port: 8947 (8947) Destination port: https (443) [Stream index: 3] Sequence number: 1375 (relative sequence number) Acknowledgement number: 4385 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 65535 [Calculated window size: 65535] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0x232c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 47] [The RTT to ACK the segment was: 0.189116000 seconds] No. Time Source Destination Protocol Length Info 49 20.997618 80.70.173.20 192.168.101.14 TCP 60 https > 8947 [FIN, ACK] Seq=4385 Ack=1375 Win=64161 Len=0 Frame 49: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: Avm_21:b1:7f (c0:25:06:21:b1:7f), Dst: Vmware_ae:59:1c (00:0c:29:ae:59:1c) Internet Protocol Version 4, Src: 80.70.173.20 (80.70.173.20), Dst: 192.168.101.14 (192.168.101.14) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 40 Identification: 0x615e (24926) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 118 Protocol: TCP (6) Header checksum: 0x8060 [correct] [Good: True] [Bad: False] Source: 80.70.173.20 (80.70.173.20) Destination: 192.168.101.14 (192.168.101.14) Transmission Control Protocol, Src Port: https (443), Dst Port: 8947 (8947), Seq: 4385, Ack: 1375, Len: 0 Source port: https (443) Destination port: 8947 (8947) [Stream index: 3] Sequence number: 4385 (relative sequence number) Acknowledgement number: 1375 (relative ack number) Header length: 20 bytes Flags: 0x11 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set Window size value: 64161 [Calculated window size: 64161] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xf8cb [validation disabled] [Good Checksum: False] [Bad Checksum: False] No. Time Source Destination Protocol Length Info 50 20.997693 192.168.101.14 80.70.173.20 TCP 54 8947 > https [ACK] Seq=1375 Ack=4386 Win=65535 Len=0 Frame 50: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Ethernet II, Src: Vmware_ae:59:1c (00:0c:29:ae:59:1c), Dst: Avm_21:b1:7f (c0:25:06:21:b1:7f) Internet Protocol Version 4, Src: 192.168.101.14 (192.168.101.14), Dst: 80.70.173.20 (80.70.173.20) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 40 Identification: 0x5f17 (24343) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x0000 [incorrect, should be 0x78a7 (maybe caused by "IP checksum offload"?)] [Good: False] [Bad: True] Source: 192.168.101.14 (192.168.101.14) Destination: 80.70.173.20 (80.70.173.20) Transmission Control Protocol, Src Port: 8947 (8947), Dst Port: https (443), Seq: 1375, Ack: 4386, Len: 0 Source port: 8947 (8947) Destination port: https (443) [Stream index: 3] Sequence number: 1375 (relative sequence number) Acknowledgement number: 4386 (relative ack number) Header length: 20 bytes Flags: 0x10 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgement: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set Window size value: 65535 [Calculated window size: 65535] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0x232c [validation disabled] [Good Checksum: False] [Bad Checksum: False] [SEQ/ACK analysis] [This is an ACK to the segment in frame: 49] [The RTT to ACK the segment was: 0.000075000 seconds] No. Time Source Destination Protocol Length Info 51 22.264196 Netronix_45:17:aa Broadcast ARP 60 Who has 192.168.101.100? Tell 192.168.101.233 Frame 51: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: Netronix_45:17:aa (00:08:54:45:17:aa), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Address Resolution Protocol (request) No. Time Source Destination Protocol Length Info 52 24.703613 Netronix_a6:fd:09 Broadcast ARP 60 Who has 192.168.101.100? Tell 192.168.101.234 Frame 52: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: Netronix_a6:fd:09 (00:08:54:a6:fd:09), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Address Resolution Protocol (request) No. Time Source Destination Protocol Length Info 53 25.587885 Netronix_a6:fd:07 Broadcast ARP 60 Who has 192.168.101.100? Tell 192.168.101.235 Frame 53: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Ethernet II, Src: Netronix_a6:fd:07 (00:08:54:a6:fd:07), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Address Resolution Protocol (request) No. Time Source Destination Protocol Length Info 54 25.767389 192.168.101.14 80.70.173.20 TCP 54 8947 > https [RST, ACK] Seq=1375 Ack=4386 Win=0 Len=0 Frame 54: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Ethernet II, Src: Vmware_ae:59:1c (00:0c:29:ae:59:1c), Dst: Avm_21:b1:7f (c0:25:06:21:b1:7f) Internet Protocol Version 4, Src: 192.168.101.14 (192.168.101.14), Dst: 80.70.173.20 (80.70.173.20) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport)) Total Length: 40 Identification: 0x5f66 (24422) Flags: 0x02 (Don't Fragment) Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x0000 [incorrect, should be 0x7858 (maybe caused by "IP checksum offload"?)] [Good: False] [Bad: True] Source: 192.168.101.14 (192.168.101.14)