Frame 1: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:04.536805000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117484.536805000 seconds [Time delta from previous captured frame: 0.000000000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.000000000 seconds] Frame Number: 1 Frame Length: 74 bytes (592 bits) Capture Length: 74 bytes (592 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd), Dst: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Destination: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.3.5.107, Dst: 195.225.218.179 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 60 Identification: 0x9654 (38484) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0xf664 [validation disabled] [Header checksum status: Unverified] Source: 10.3.5.107 Destination: 195.225.218.179 [Source GeoIP: Unknown] [Destination GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Destination GeoIP Country: United Kingdom] [Destination GeoIP AS Number: AS31220 Carrenza Ltd] [Destination GeoIP Latitude: 51.500000] [Destination GeoIP Longitude: -0.130000] Transmission Control Protocol, Src Port: 39760 (39760), Dst Port: https (443), Seq: 564469372, Len: 0 Source Port: 39760 (39760) Destination Port: https (443) [Stream index: 0] [TCP Segment Len: 0] Sequence number: 564469372 Acknowledgment number: 0 Header Length: 40 bytes Flags: 0x002 (SYN) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...0 .... = Acknowledgment: Not set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 443] [Connection establish request (SYN): server port 443] [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set [TCP Flags: ··········S·] Window size value: 29200 [Calculated window size: 29200] Checksum: 0xae31 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale Maximum segment size: 1460 bytes Kind: Maximum Segment Size (2) Length: 4 MSS Value: 1460 TCP SACK Permitted Option: True Kind: SACK Permitted (4) Length: 2 Timestamps: TSval 3301869608, TSecr 0 Kind: Time Stamp Option (8) Length: 10 Timestamp value: 3301869608 Timestamp echo reply: 0 No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Window scale: 7 (multiply by 128) Kind: Window Scale (3) Length: 3 Shift count: 7 [Multiplier: 128] Frame 2: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:04.691776000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117484.691776000 seconds [Time delta from previous captured frame: 0.154971000 seconds] [Time delta from previous displayed frame: 0.154971000 seconds] [Time since reference or first frame: 0.154971000 seconds] Frame Number: 2 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: Intel_5f:4c:d8 (00:04:23:5f:4c:d8), Dst: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Destination: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 0000 Internet Protocol Version 4, Src: 195.225.218.179, Dst: 10.3.5.107 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x20 (DSCP: CS1, ECN: Not-ECT) 0010 00.. = Differentiated Services Codepoint: Class Selector 1 (8) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 44 Identification: 0x6348 (25416) Flags: 0x00 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 119 Protocol: TCP (6) Header checksum: 0x3261 [validation disabled] [Header checksum status: Unverified] Source: 195.225.218.179 Destination: 10.3.5.107 [Source GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Source GeoIP Country: United Kingdom] [Source GeoIP AS Number: AS31220 Carrenza Ltd] [Source GeoIP Latitude: 51.500000] [Source GeoIP Longitude: -0.130000] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: https (443), Dst Port: 39760 (39760), Seq: 2768914129, Ack: 564469373, Len: 0 Source Port: https (443) Destination Port: 39760 (39760) [Stream index: 0] [TCP Segment Len: 0] Sequence number: 2768914129 Acknowledgment number: 564469373 Header Length: 24 bytes Flags: 0x012 (SYN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port 443] [Connection establish acknowledge (SYN+ACK): server port 443] [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set [TCP Flags: ·······A··S·] Window size value: 16384 [Calculated window size: 16384] Checksum: 0xe159 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 Options: (4 bytes), Maximum segment size Maximum segment size: 1380 bytes Kind: Maximum Segment Size (2) Length: 4 MSS Value: 1380 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 1] [The RTT to ACK the segment was: 0.154971000 seconds] Frame 3: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:04.691802000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117484.691802000 seconds [Time delta from previous captured frame: 0.000026000 seconds] [Time delta from previous displayed frame: 0.000026000 seconds] [Time since reference or first frame: 0.154997000 seconds] Frame Number: 3 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd), Dst: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Destination: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.3.5.107, Dst: 195.225.218.179 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x9655 (38485) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0xf677 [validation disabled] [Header checksum status: Unverified] Source: 10.3.5.107 Destination: 195.225.218.179 [Source GeoIP: Unknown] [Destination GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Destination GeoIP Country: United Kingdom] [Destination GeoIP AS Number: AS31220 Carrenza Ltd] [Destination GeoIP Latitude: 51.500000] [Destination GeoIP Longitude: -0.130000] Transmission Control Protocol, Src Port: 39760 (39760), Dst Port: https (443), Seq: 564469373, Ack: 2768914130, Len: 0 Source Port: 39760 (39760) Destination Port: https (443) [Stream index: 0] [TCP Segment Len: 0] Sequence number: 564469373 Acknowledgment number: 2768914130 Header Length: 20 bytes Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window size value: 29200 [Calculated window size: 29200] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xae1d [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 2] [The RTT to ACK the segment was: 0.000026000 seconds] [iRTT: 0.154997000 seconds] Frame 4: 230 bytes on wire (1840 bits), 230 bytes captured (1840 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:04.691954000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117484.691954000 seconds [Time delta from previous captured frame: 0.000152000 seconds] [Time delta from previous displayed frame: 0.000152000 seconds] [Time since reference or first frame: 0.155149000 seconds] Frame Number: 4 Frame Length: 230 bytes (1840 bits) Capture Length: 230 bytes (1840 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:ssl] Ethernet II, Src: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd), Dst: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Destination: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.3.5.107, Dst: 195.225.218.179 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 216 Identification: 0x9656 (38486) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0xf5c6 [validation disabled] [Header checksum status: Unverified] Source: 10.3.5.107 Destination: 195.225.218.179 [Source GeoIP: Unknown] [Destination GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Destination GeoIP Country: United Kingdom] [Destination GeoIP AS Number: AS31220 Carrenza Ltd] [Destination GeoIP Latitude: 51.500000] [Destination GeoIP Longitude: -0.130000] Transmission Control Protocol, Src Port: 39760 (39760), Dst Port: https (443), Seq: 564469373, Ack: 2768914130, Len: 176 Source Port: 39760 (39760) Destination Port: https (443) [Stream index: 0] [TCP Segment Len: 176] Sequence number: 564469373 [Next sequence number: 564469549] Acknowledgment number: 2768914130 Header Length: 20 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window size value: 29200 [Calculated window size: 29200] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xaecd [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [iRTT: 0.154997000 seconds] [Bytes in flight: 176] [Bytes sent since last PSH flag: 176] Secure Sockets Layer SSL Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 171 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 167 Version: TLS 1.2 (0x0303) Random GMT Unix Time: Sep 23, 2030 15:21:20.000000000 PDT Random Bytes: 4ce2a1ee6c8a111c13e2a90b958a51c5d1086bbee01b7ba3... Session ID Length: 0 Cipher Suites Length: 56 Cipher Suites (28 suites) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f) Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) Cipher Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xccaa) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d) Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) Compression Methods Length: 1 Compression Methods (1 method) Compression Method: null (0) Extensions Length: 70 Extension: ec_point_formats Type: ec_point_formats (0x000b) Length: 4 EC point formats Length: 3 Elliptic curves point formats (3) EC point format: uncompressed (0) EC point format: ansiX962_compressed_prime (1) EC point format: ansiX962_compressed_char2 (2) Extension: elliptic_curves Type: elliptic_curves (0x000a) Length: 10 Elliptic Curves Length: 8 Elliptic curves (4 curves) Elliptic curve: ecdh_x25519 (0x001d) Elliptic curve: secp256r1 (0x0017) Elliptic curve: secp521r1 (0x0019) Elliptic curve: secp384r1 (0x0018) Extension: SessionTicket TLS Type: SessionTicket TLS (0x0023) Length: 0 Data (0 bytes) Extension: signature_algorithms Type: signature_algorithms (0x000d) Length: 32 Signature Hash Algorithms Length: 30 Signature Hash Algorithms (15 algorithms) Signature Hash Algorithm: 0x0601 Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0602 Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: DSA (2) Signature Hash Algorithm: 0x0603 Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0501 Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0502 Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: DSA (2) Signature Hash Algorithm: 0x0503 Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0401 Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0402 Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: DSA (2) Signature Hash Algorithm: 0x0403 Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0301 Signature Hash Algorithm Hash: SHA224 (3) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0302 Signature Hash Algorithm Hash: SHA224 (3) Signature Hash Algorithm Signature: DSA (2) Signature Hash Algorithm: 0x0303 Signature Hash Algorithm Hash: SHA224 (3) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0201 Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0202 Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: DSA (2) Signature Hash Algorithm: 0x0203 Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: ECDSA (3) Extension: encrypt then mac Type: encrypt then mac (0x0016) Length: 0 Data (0 bytes) Extension: Extended Master Secret Type: Extended Master Secret (0x0017) Length: 0 Frame 5: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:04.857756000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117484.857756000 seconds [Time delta from previous captured frame: 0.165802000 seconds] [Time delta from previous displayed frame: 0.165802000 seconds] [Time since reference or first frame: 0.320951000 seconds] Frame Number: 5 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: Intel_5f:4c:d8 (00:04:23:5f:4c:d8), Dst: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Destination: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 195.225.218.179, Dst: 10.3.5.107 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x20 (DSCP: CS1, ECN: Not-ECT) 0010 00.. = Differentiated Services Codepoint: Class Selector 1 (8) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x6371 (25457) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 119 Protocol: TCP (6) Header checksum: 0xf23b [validation disabled] [Header checksum status: Unverified] Source: 195.225.218.179 Destination: 10.3.5.107 [Source GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Source GeoIP Country: United Kingdom] [Source GeoIP AS Number: AS31220 Carrenza Ltd] [Source GeoIP Latitude: 51.500000] [Source GeoIP Longitude: -0.130000] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: https (443), Dst Port: 39760 (39760), Seq: 2768914130, Ack: 564469549, Len: 0 Source Port: https (443) Destination Port: 39760 (39760) [Stream index: 0] [TCP Segment Len: 0] Sequence number: 2768914130 Acknowledgment number: 564469549 Header Length: 20 bytes Flags: 0x011 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] [TCP Flags: ·······A···F] Window size value: 65359 [Calculated window size: 65359] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0x38c6 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 4] [The RTT to ACK the segment was: 0.165802000 seconds] [iRTT: 0.154997000 seconds] Frame 6: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:04.857923000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117484.857923000 seconds [Time delta from previous captured frame: 0.000167000 seconds] [Time delta from previous displayed frame: 0.000167000 seconds] [Time since reference or first frame: 0.321118000 seconds] Frame Number: 6 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd), Dst: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Destination: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.3.5.107, Dst: 195.225.218.179 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x9657 (38487) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0xf675 [validation disabled] [Header checksum status: Unverified] Source: 10.3.5.107 Destination: 195.225.218.179 [Source GeoIP: Unknown] [Destination GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Destination GeoIP Country: United Kingdom] [Destination GeoIP AS Number: AS31220 Carrenza Ltd] [Destination GeoIP Latitude: 51.500000] [Destination GeoIP Longitude: -0.130000] Transmission Control Protocol, Src Port: 39760 (39760), Dst Port: https (443), Seq: 564469549, Ack: 2768914131, Len: 0 Source Port: 39760 (39760) Destination Port: https (443) [Stream index: 0] [TCP Segment Len: 0] Sequence number: 564469549 Acknowledgment number: 2768914131 Header Length: 20 bytes Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window size value: 29200 [Calculated window size: 29200] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xae1d [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 5] [The RTT to ACK the segment was: 0.000167000 seconds] [iRTT: 0.154997000 seconds] Frame 7: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:04.858110000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117484.858110000 seconds [Time delta from previous captured frame: 0.000187000 seconds] [Time delta from previous displayed frame: 0.000187000 seconds] [Time since reference or first frame: 0.321305000 seconds] Frame Number: 7 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd), Dst: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Destination: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.3.5.107, Dst: 195.225.218.179 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x9658 (38488) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0xf674 [validation disabled] [Header checksum status: Unverified] Source: 10.3.5.107 Destination: 195.225.218.179 [Source GeoIP: Unknown] [Destination GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Destination GeoIP Country: United Kingdom] [Destination GeoIP AS Number: AS31220 Carrenza Ltd] [Destination GeoIP Latitude: 51.500000] [Destination GeoIP Longitude: -0.130000] Transmission Control Protocol, Src Port: 39760 (39760), Dst Port: https (443), Seq: 564469549, Ack: 2768914131, Len: 0 Source Port: 39760 (39760) Destination Port: https (443) [Stream index: 0] [TCP Segment Len: 0] Sequence number: 564469549 Acknowledgment number: 2768914131 Header Length: 20 bytes Flags: 0x011 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] [TCP Flags: ·······A···F] Window size value: 29200 [Calculated window size: 29200] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xae1d [unverified] [Checksum Status: Unverified] Urgent pointer: 0 Frame 8: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:05.016374000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117485.016374000 seconds [Time delta from previous captured frame: 0.158264000 seconds] [Time delta from previous displayed frame: 0.158264000 seconds] [Time since reference or first frame: 0.479569000 seconds] Frame Number: 8 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: Intel_5f:4c:d8 (00:04:23:5f:4c:d8), Dst: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Destination: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 195.225.218.179, Dst: 10.3.5.107 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x20 (DSCP: CS1, ECN: Not-ECT) 0010 00.. = Differentiated Services Codepoint: Class Selector 1 (8) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x6391 (25489) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 119 Protocol: TCP (6) Header checksum: 0xf21b [validation disabled] [Header checksum status: Unverified] Source: 195.225.218.179 Destination: 10.3.5.107 [Source GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Source GeoIP Country: United Kingdom] [Source GeoIP AS Number: AS31220 Carrenza Ltd] [Source GeoIP Latitude: 51.500000] [Source GeoIP Longitude: -0.130000] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: https (443), Dst Port: 39760 (39760), Seq: 2768914131, Ack: 564469550, Len: 0 Source Port: https (443) Destination Port: 39760 (39760) [Stream index: 0] [TCP Segment Len: 0] Sequence number: 2768914131 Acknowledgment number: 564469550 Header Length: 20 bytes Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window size value: 65359 [Calculated window size: 65359] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0x38c5 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 7] [The RTT to ACK the segment was: 0.158264000 seconds] [iRTT: 0.154997000 seconds] Frame 9: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:13.130930000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117493.130930000 seconds [Time delta from previous captured frame: 8.114556000 seconds] [Time delta from previous displayed frame: 8.114556000 seconds] [Time since reference or first frame: 8.594125000 seconds] Frame Number: 9 Frame Length: 74 bytes (592 bits) Capture Length: 74 bytes (592 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd), Dst: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Destination: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.3.5.107, Dst: 195.225.218.179 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 60 Identification: 0xbf7c (49020) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0xcd3c [validation disabled] [Header checksum status: Unverified] Source: 10.3.5.107 Destination: 195.225.218.179 [Source GeoIP: Unknown] [Destination GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Destination GeoIP Country: United Kingdom] [Destination GeoIP AS Number: AS31220 Carrenza Ltd] [Destination GeoIP Latitude: 51.500000] [Destination GeoIP Longitude: -0.130000] Transmission Control Protocol, Src Port: 40050 (40050), Dst Port: https (443), Seq: 2215522289, Len: 0 Source Port: 40050 (40050) Destination Port: https (443) [Stream index: 1] [TCP Segment Len: 0] Sequence number: 2215522289 Acknowledgment number: 0 Header Length: 40 bytes Flags: 0x002 (SYN) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...0 .... = Acknowledgment: Not set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 443] [Connection establish request (SYN): server port 443] [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set [TCP Flags: ··········S·] Window size value: 29200 [Calculated window size: 29200] Checksum: 0xae31 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale Maximum segment size: 1460 bytes Kind: Maximum Segment Size (2) Length: 4 MSS Value: 1460 TCP SACK Permitted Option: True Kind: SACK Permitted (4) Length: 2 Timestamps: TSval 3301871757, TSecr 0 Kind: Time Stamp Option (8) Length: 10 Timestamp value: 3301871757 Timestamp echo reply: 0 No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Window scale: 7 (multiply by 128) Kind: Window Scale (3) Length: 3 Shift count: 7 [Multiplier: 128] Frame 10: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:13.288463000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117493.288463000 seconds [Time delta from previous captured frame: 0.157533000 seconds] [Time delta from previous displayed frame: 0.157533000 seconds] [Time since reference or first frame: 8.751658000 seconds] Frame Number: 10 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: Intel_5f:4c:d8 (00:04:23:5f:4c:d8), Dst: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Destination: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 0000 Internet Protocol Version 4, Src: 195.225.218.179, Dst: 10.3.5.107 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x20 (DSCP: CS1, ECN: Not-ECT) 0010 00.. = Differentiated Services Codepoint: Class Selector 1 (8) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 44 Identification: 0x66e2 (26338) Flags: 0x00 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 119 Protocol: TCP (6) Header checksum: 0x2ec7 [validation disabled] [Header checksum status: Unverified] Source: 195.225.218.179 Destination: 10.3.5.107 [Source GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Source GeoIP Country: United Kingdom] [Source GeoIP AS Number: AS31220 Carrenza Ltd] [Source GeoIP Latitude: 51.500000] [Source GeoIP Longitude: -0.130000] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: https (443), Dst Port: 40050 (40050), Seq: 741644224, Ack: 2215522290, Len: 0 Source Port: https (443) Destination Port: 40050 (40050) [Stream index: 1] [TCP Segment Len: 0] Sequence number: 741644224 Acknowledgment number: 2215522290 Header Length: 24 bytes Flags: 0x012 (SYN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port 443] [Connection establish acknowledge (SYN+ACK): server port 443] [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set [TCP Flags: ·······A··S·] Window size value: 16384 [Calculated window size: 16384] Checksum: 0x9440 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 Options: (4 bytes), Maximum segment size Maximum segment size: 1380 bytes Kind: Maximum Segment Size (2) Length: 4 MSS Value: 1380 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 9] [The RTT to ACK the segment was: 0.157533000 seconds] Frame 11: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:13.288489000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117493.288489000 seconds [Time delta from previous captured frame: 0.000026000 seconds] [Time delta from previous displayed frame: 0.000026000 seconds] [Time since reference or first frame: 8.751684000 seconds] Frame Number: 11 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd), Dst: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Destination: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.3.5.107, Dst: 195.225.218.179 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xbf7d (49021) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0xcd4f [validation disabled] [Header checksum status: Unverified] Source: 10.3.5.107 Destination: 195.225.218.179 [Source GeoIP: Unknown] [Destination GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Destination GeoIP Country: United Kingdom] [Destination GeoIP AS Number: AS31220 Carrenza Ltd] [Destination GeoIP Latitude: 51.500000] [Destination GeoIP Longitude: -0.130000] Transmission Control Protocol, Src Port: 40050 (40050), Dst Port: https (443), Seq: 2215522290, Ack: 741644225, Len: 0 Source Port: 40050 (40050) Destination Port: https (443) [Stream index: 1] [TCP Segment Len: 0] Sequence number: 2215522290 Acknowledgment number: 741644225 Header Length: 20 bytes Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window size value: 29200 [Calculated window size: 29200] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xae1d [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 10] [The RTT to ACK the segment was: 0.000026000 seconds] [iRTT: 0.157559000 seconds] Frame 12: 307 bytes on wire (2456 bits), 307 bytes captured (2456 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:13.291026000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117493.291026000 seconds [Time delta from previous captured frame: 0.002537000 seconds] [Time delta from previous displayed frame: 0.002537000 seconds] [Time since reference or first frame: 8.754221000 seconds] Frame Number: 12 Frame Length: 307 bytes (2456 bits) Capture Length: 307 bytes (2456 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:ssl] Ethernet II, Src: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd), Dst: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Destination: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.3.5.107, Dst: 195.225.218.179 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 293 Identification: 0xbf7e (49022) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0xcc51 [validation disabled] [Header checksum status: Unverified] Source: 10.3.5.107 Destination: 195.225.218.179 [Source GeoIP: Unknown] [Destination GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Destination GeoIP Country: United Kingdom] [Destination GeoIP AS Number: AS31220 Carrenza Ltd] [Destination GeoIP Latitude: 51.500000] [Destination GeoIP Longitude: -0.130000] Transmission Control Protocol, Src Port: 40050 (40050), Dst Port: https (443), Seq: 2215522290, Ack: 741644225, Len: 253 Source Port: 40050 (40050) Destination Port: https (443) [Stream index: 1] [TCP Segment Len: 253] Sequence number: 2215522290 [Next sequence number: 2215522543] Acknowledgment number: 741644225 Header Length: 20 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window size value: 29200 [Calculated window size: 29200] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xaf1a [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [iRTT: 0.157559000 seconds] [Bytes in flight: 253] [Bytes sent since last PSH flag: 253] Secure Sockets Layer SSL Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 248 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 244 Version: TLS 1.2 (0x0303) Random GMT Unix Time: Sep 22, 2017 14:56:50.000000000 PDT Random Bytes: 5b3955c45f9e79f7b38f2d7b94ab33da9cd4113a8a155480... Session ID Length: 0 Cipher Suites Length: 114 Cipher Suites (57 suites) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Cipher Suite: TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc087) Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CCM (0xc0ad) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) Cipher Suite: TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 (0xc073) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Cipher Suite: TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc086) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM (0xc0ac) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) Cipher Suite: TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 (0xc072) Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Cipher Suite: TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc08b) Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) Cipher Suite: TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (0xc077) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Cipher Suite: TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc08a) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) Cipher Suite: TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0xc076) Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d) Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc07b) Cipher Suite: TLS_RSA_WITH_AES_256_CCM (0xc09d) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084) Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0x00c0) Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc07a) Cipher Suite: TLS_RSA_WITH_AES_128_CCM (0xc09c) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041) Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0x00ba) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f) Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc07d) Cipher Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xccaa) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CCM (0xc09f) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b) Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088) Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0x00c4) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e) Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc07c) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CCM (0xc09e) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067) Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045) Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0x00be) Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) Compression Methods Length: 1 Compression Methods (1 method) Compression Method: null (0) Extensions Length: 89 Extension: status_request Type: status_request (0x0005) Length: 5 Certificate Status Type: OCSP (1) Responder ID list Length: 0 Request Extensions Length: 0 Extension: server_name Type: server_name (0x0000) Length: 19 Server Name Indication extension Server Name list length: 17 Server Name Type: host_name (0) Server Name length: 14 Server Name: ws.fnbshop.com Extension: renegotiation_info Type: renegotiation_info (0xff01) Length: 1 Renegotiation Info extension Renegotiation info extension length: 0 Extension: SessionTicket TLS Type: SessionTicket TLS (0x0023) Length: 0 Data (0 bytes) Extension: elliptic_curves Type: elliptic_curves (0x000a) Length: 12 Elliptic Curves Length: 10 Elliptic curves (5 curves) Elliptic curve: secp256r1 (0x0017) Elliptic curve: secp384r1 (0x0018) Elliptic curve: secp521r1 (0x0019) Elliptic curve: secp224r1 (0x0015) Elliptic curve: secp192r1 (0x0013) Extension: ec_point_formats Type: ec_point_formats (0x000b) Length: 2 EC point formats Length: 1 Elliptic curves point formats (1) EC point format: uncompressed (0) Extension: signature_algorithms Type: signature_algorithms (0x000d) Length: 22 Signature Hash Algorithms Length: 20 Signature Hash Algorithms (10 algorithms) Signature Hash Algorithm: 0x0401 Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0403 Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0501 Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0503 Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0601 Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0603 Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0301 Signature Hash Algorithm Hash: SHA224 (3) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0303 Signature Hash Algorithm Hash: SHA224 (3) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0201 Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0203 Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: ECDSA (3) Frame 13: 1611 bytes on wire (12888 bits), 1611 bytes captured (12888 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:13.452364000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117493.452364000 seconds [Time delta from previous captured frame: 0.161338000 seconds] [Time delta from previous displayed frame: 0.161338000 seconds] [Time since reference or first frame: 8.915559000 seconds] Frame Number: 13 Frame Length: 1611 bytes (12888 bits) Capture Length: 1611 bytes (12888 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame [truncated]: eth:ethertype:ip:tcp:ssl:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:x509ce:x509ce:x509ce:x509ce:x509ce:x509ce:pkix1explicit:x509ce:p] Ethernet II, Src: Intel_5f:4c:d8 (00:04:23:5f:4c:d8), Dst: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Destination: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 195.225.218.179, Dst: 10.3.5.107 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x20 (DSCP: CS1, ECN: Not-ECT) 0010 00.. = Differentiated Services Codepoint: Class Selector 1 (8) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1597 Identification: 0x66e3 (26339) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 119 Protocol: TCP (6) Header checksum: 0xe8b4 [validation disabled] [Header checksum status: Unverified] Source: 195.225.218.179 Destination: 10.3.5.107 [Source GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Source GeoIP Country: United Kingdom] [Source GeoIP AS Number: AS31220 Carrenza Ltd] [Source GeoIP Latitude: 51.500000] [Source GeoIP Longitude: -0.130000] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: https (443), Dst Port: 40050 (40050), Seq: 741644225, Ack: 2215522543, Len: 1557 Source Port: https (443) Destination Port: 40050 (40050) [Stream index: 1] [TCP Segment Len: 1557] Sequence number: 741644225 [Next sequence number: 741645782] Acknowledgment number: 2215522543 Header Length: 20 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window size value: 65282 [Calculated window size: 65282] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xb432 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 12] [The RTT to ACK the segment was: 0.161338000 seconds] [iRTT: 0.157559000 seconds] [Bytes in flight: 1557] [Bytes sent since last PSH flag: 1557] Secure Sockets Layer TLSv1 Record Layer: Handshake Protocol: Multiple Handshake Messages Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 1552 Handshake Protocol: Server Hello Handshake Type: Server Hello (2) Length: 77 Version: TLS 1.0 (0x0301) Random GMT Unix Time: Sep 22, 2017 14:58:14.000000000 PDT Random Bytes: 9193ee6aca2024382768d07f149be9ccf543bb734d2b996e... Session ID Length: 32 Session ID: a9090000863c8a03e7ccda7924f61ae7f27291c83d23be34... Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Compression Method: null (0) Extensions Length: 5 Extension: renegotiation_info Type: renegotiation_info (0xff01) Length: 1 Renegotiation Info extension Renegotiation info extension length: 0 Handshake Protocol: Certificate Handshake Type: Certificate (11) Length: 1463 Certificates Length: 1460 Certificates (1460 bytes) Certificate Length: 1457 Certificate: 308205ad30820495a00302010202110081a011d492270cf2... (id-at-commonName=*.fnbshop.com,id-at-organizationalUnitName=PremiumSSL Wildcard,id-at-organizationName=Fourth Ltd,id-at-streetAddress=90 Long Acre,id-at-localityName=London, signedCertificate version: v3 (2) serialNumber: 0x0081a011d492270cf26821ad358534e28d signature (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) issuer: rdnSequence (0) rdnSequence: 5 items (id-at-commonName=COMODO RSA Organization Validation Secure Serv,id-at-organizationName=COMODO CA Limited,id-at-localityName=Salford,id-at-stateOrProvinceName=Greater Manchester,id-at-countryName=GB) RDNSequence item: 1 item (id-at-countryName=GB) RelativeDistinguishedName item (id-at-countryName=GB) Id: 2.5.4.6 (id-at-countryName) CountryName: GB RDNSequence item: 1 item (id-at-stateOrProvinceName=Greater Manchester) RelativeDistinguishedName item (id-at-stateOrProvinceName=Greater Manchester) Id: 2.5.4.8 (id-at-stateOrProvinceName) DirectoryString: printableString (1) printableString: Greater Manchester RDNSequence item: 1 item (id-at-localityName=Salford) RelativeDistinguishedName item (id-at-localityName=Salford) Id: 2.5.4.7 (id-at-localityName) DirectoryString: printableString (1) printableString: Salford RDNSequence item: 1 item (id-at-organizationName=COMODO CA Limited) RelativeDistinguishedName item (id-at-organizationName=COMODO CA Limited) Id: 2.5.4.10 (id-at-organizationName) DirectoryString: printableString (1) printableString: COMODO CA Limited RDNSequence item: 1 item (id-at-commonName=COMODO RSA Organization Validation Secure Serv) RelativeDistinguishedName item (id-at-commonName=COMODO RSA Organization Validation Secure Server CA) Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: COMODO RSA Organization Validation Secure Server CA validity notBefore: utcTime (0) utcTime: 16-05-09 00:00:00 (UTC) notAfter: utcTime (0) utcTime: 18-05-09 23:59:59 (UTC) subject: rdnSequence (0) rdnSequence: 8 items (id-at-commonName=*.fnbshop.com,id-at-organizationalUnitName=PremiumSSL Wildcard,id-at-organizationName=Fourth Ltd,id-at-streetAddress=90 Long Acre,id-at-localityName=London,id-at-stateOrProvinceName=London,id-at-posta RDNSequence item: 1 item (id-at-countryName=GB) RelativeDistinguishedName item (id-at-countryName=GB) Id: 2.5.4.6 (id-at-countryName) CountryName: GB RDNSequence item: 1 item (id-at-postalCode=WC2E 9RA) RelativeDistinguishedName item (id-at-postalCode=WC2E 9RA) Id: 2.5.4.17 (id-at-postalCode) DirectoryString: printableString (1) printableString: WC2E 9RA RDNSequence item: 1 item (id-at-stateOrProvinceName=London) RelativeDistinguishedName item (id-at-stateOrProvinceName=London) Id: 2.5.4.8 (id-at-stateOrProvinceName) DirectoryString: printableString (1) printableString: London RDNSequence item: 1 item (id-at-localityName=London) RelativeDistinguishedName item (id-at-localityName=London) Id: 2.5.4.7 (id-at-localityName) DirectoryString: printableString (1) printableString: London RDNSequence item: 1 item (id-at-streetAddress=90 Long Acre) RelativeDistinguishedName item (id-at-streetAddress=90 Long Acre) Id: 2.5.4.9 (id-at-streetAddress) DirectoryString: printableString (1) printableString: 90 Long Acre RDNSequence item: 1 item (id-at-organizationName=Fourth Ltd) RelativeDistinguishedName item (id-at-organizationName=Fourth Ltd) Id: 2.5.4.10 (id-at-organizationName) DirectoryString: printableString (1) printableString: Fourth Ltd RDNSequence item: 1 item (id-at-organizationalUnitName=PremiumSSL Wildcard) RelativeDistinguishedName item (id-at-organizationalUnitName=PremiumSSL Wildcard) Id: 2.5.4.11 (id-at-organizationalUnitName) DirectoryString: printableString (1) printableString: PremiumSSL Wildcard RDNSequence item: 1 item (id-at-commonName=*.fnbshop.com) RelativeDistinguishedName item (id-at-commonName=*.fnbshop.com) Id: 2.5.4.3 (id-at-commonName) DirectoryString: uTF8String (4) uTF8String: *.fnbshop.com subjectPublicKeyInfo algorithm (rsaEncryption) Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption) subjectPublicKey: 3082010a0282010100bfbd535aa934379bb41a873115ea70... modulus: 0x00bfbd535aa934379bb41a873115ea704102fb3ee91c6426... publicExponent: 65537 extensions: 9 items Extension (id-ce-authorityKeyIdentifier) Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier) AuthorityKeyIdentifier keyIdentifier: 9af32bdacfad4fb62fbb2a48482a12b71b42c124 Extension (id-ce-subjectKeyIdentifier) Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier) SubjectKeyIdentifier: 274f869b95ba4b53adcf28b15f63f299683d1703 Extension (id-ce-keyUsage) Extension Id: 2.5.29.15 (id-ce-keyUsage) critical: True Padding: 5 KeyUsage: a0 (digitalSignature, keyEncipherment) 1... .... = digitalSignature: True .0.. .... = contentCommitment: False ..1. .... = keyEncipherment: True ...0 .... = dataEncipherment: False .... 0... = keyAgreement: False .... .0.. = keyCertSign: False .... ..0. = cRLSign: False .... ...0 = encipherOnly: False 0... .... = decipherOnly: False Extension (id-ce-basicConstraints) Extension Id: 2.5.29.19 (id-ce-basicConstraints) critical: True BasicConstraintsSyntax [0 length] Extension (id-ce-extKeyUsage) Extension Id: 2.5.29.37 (id-ce-extKeyUsage) KeyPurposeIDs: 2 items KeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth) KeyPurposeId: 1.3.6.1.5.5.7.3.2 (id-kp-clientAuth) Extension (id-ce-certificatePolicies) Extension Id: 2.5.29.32 (id-ce-certificatePolicies) CertificatePoliciesSyntax: 2 items PolicyInformation policyIdentifier: 1.3.6.1.4.1.6449.1.2.1.3.4 (iso.3.6.1.4.1.6449.1.2.1.3.4) policyQualifiers: 1 item PolicyQualifierInfo Id: 1.3.6.1.5.5.7.2.1 (id-qt-cps) DirectoryString: https://secure.comodo.com/CPS PolicyInformation policyIdentifier: 2.23.140.1.2.2 (joint-iso-itu-t.23.140.1.2.2) Extension (id-ce-cRLDistributionPoints) Extension Id: 2.5.29.31 (id-ce-cRLDistributionPoints) CRLDistPointsSyntax: 1 item DistributionPoint distributionPoint: fullName (0) fullName: 1 item GeneralName: uniformResourceIdentifier (6) uniformResourceIdentifier: http://crl.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crl Extension (id-pe-authorityInfoAccessSyntax) Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccessSyntax) AuthorityInfoAccessSyntax: 2 items AccessDescription accessMethod: 1.3.6.1.5.5.7.48.2 (id-pkix.48.2) accessLocation: 6 uniformResourceIdentifier: http://crt.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crt AccessDescription accessMethod: 1.3.6.1.5.5.7.48.1 (id-pkix.48.1) accessLocation: 6 uniformResourceIdentifier: http://ocsp.comodoca.com Extension (id-ce-subjectAltName) Extension Id: 2.5.29.17 (id-ce-subjectAltName) GeneralNames: 2 items GeneralName: dNSName (2) dNSName: *.fnbshop.com GeneralName: dNSName (2) dNSName: fnbshop.com algorithmIdentifier (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) Padding: 0 encrypted: 43086832fdbc92bee29bb572dd01eae20c90964be6485129... Handshake Protocol: Server Hello Done Handshake Type: Server Hello Done (14) Length: 0 Frame 14: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:13.452416000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117493.452416000 seconds [Time delta from previous captured frame: 0.000052000 seconds] [Time delta from previous displayed frame: 0.000052000 seconds] [Time since reference or first frame: 8.915611000 seconds] Frame Number: 14 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd), Dst: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Destination: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.3.5.107, Dst: 195.225.218.179 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xbf7f (49023) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0xcd4d [validation disabled] [Header checksum status: Unverified] Source: 10.3.5.107 Destination: 195.225.218.179 [Source GeoIP: Unknown] [Destination GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Destination GeoIP Country: United Kingdom] [Destination GeoIP AS Number: AS31220 Carrenza Ltd] [Destination GeoIP Latitude: 51.500000] [Destination GeoIP Longitude: -0.130000] Transmission Control Protocol, Src Port: 40050 (40050), Dst Port: https (443), Seq: 2215522543, Ack: 741645782, Len: 0 Source Port: 40050 (40050) Destination Port: https (443) [Stream index: 1] [TCP Segment Len: 0] Sequence number: 2215522543 Acknowledgment number: 741645782 Header Length: 20 bytes Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window size value: 31740 [Calculated window size: 31740] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xae1d [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 13] [The RTT to ACK the segment was: 0.000052000 seconds] [iRTT: 0.157559000 seconds] Frame 15: 372 bytes on wire (2976 bits), 372 bytes captured (2976 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:13.453577000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117493.453577000 seconds [Time delta from previous captured frame: 0.001161000 seconds] [Time delta from previous displayed frame: 0.001161000 seconds] [Time since reference or first frame: 8.916772000 seconds] Frame Number: 15 Frame Length: 372 bytes (2976 bits) Capture Length: 372 bytes (2976 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:ssl] Ethernet II, Src: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd), Dst: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Destination: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.3.5.107, Dst: 195.225.218.179 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 358 Identification: 0xbf80 (49024) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0xcc0e [validation disabled] [Header checksum status: Unverified] Source: 10.3.5.107 Destination: 195.225.218.179 [Source GeoIP: Unknown] [Destination GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Destination GeoIP Country: United Kingdom] [Destination GeoIP AS Number: AS31220 Carrenza Ltd] [Destination GeoIP Latitude: 51.500000] [Destination GeoIP Longitude: -0.130000] Transmission Control Protocol, Src Port: 40050 (40050), Dst Port: https (443), Seq: 2215522543, Ack: 741645782, Len: 318 Source Port: 40050 (40050) Destination Port: https (443) [Stream index: 1] [TCP Segment Len: 318] Sequence number: 2215522543 [Next sequence number: 2215522861] Acknowledgment number: 741645782 Header Length: 20 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window size value: 31740 [Calculated window size: 31740] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xaf5b [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [iRTT: 0.157559000 seconds] [Bytes in flight: 318] [Bytes sent since last PSH flag: 318] Secure Sockets Layer TLSv1 Record Layer: Handshake Protocol: Client Key Exchange Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 262 Handshake Protocol: Client Key Exchange Handshake Type: Client Key Exchange (16) Length: 258 RSA Encrypted PreMaster Secret Encrypted PreMaster length: 256 Encrypted PreMaster: b2fe48e7c9e09cf4f87529cf0cc5d40bfe1d9c4458232bb6... TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec Content Type: Change Cipher Spec (20) Version: TLS 1.0 (0x0301) Length: 1 Change Cipher Spec Message TLSv1 Record Layer: Handshake Protocol: Encrypted Handshake Message Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 40 Handshake Protocol: Encrypted Handshake Message Frame 16: 105 bytes on wire (840 bits), 105 bytes captured (840 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:13.635413000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117493.635413000 seconds [Time delta from previous captured frame: 0.181836000 seconds] [Time delta from previous displayed frame: 0.181836000 seconds] [Time since reference or first frame: 9.098608000 seconds] Frame Number: 16 Frame Length: 105 bytes (840 bits) Capture Length: 105 bytes (840 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:ssl] Ethernet II, Src: Intel_5f:4c:d8 (00:04:23:5f:4c:d8), Dst: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Destination: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 195.225.218.179, Dst: 10.3.5.107 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x20 (DSCP: CS1, ECN: Not-ECT) 0010 00.. = Differentiated Services Codepoint: Class Selector 1 (8) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 91 Identification: 0x66e7 (26343) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 119 Protocol: TCP (6) Header checksum: 0xee92 [validation disabled] [Header checksum status: Unverified] Source: 195.225.218.179 Destination: 10.3.5.107 [Source GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Source GeoIP Country: United Kingdom] [Source GeoIP AS Number: AS31220 Carrenza Ltd] [Source GeoIP Latitude: 51.500000] [Source GeoIP Longitude: -0.130000] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: https (443), Dst Port: 40050 (40050), Seq: 741645782, Ack: 2215522861, Len: 51 Source Port: https (443) Destination Port: 40050 (40050) [Stream index: 1] [TCP Segment Len: 51] Sequence number: 741645782 [Next sequence number: 741645833] Acknowledgment number: 2215522861 Header Length: 20 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window size value: 64964 [Calculated window size: 64964] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0x22bf [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 15] [The RTT to ACK the segment was: 0.181836000 seconds] [iRTT: 0.157559000 seconds] [Bytes in flight: 51] [Bytes sent since last PSH flag: 51] Secure Sockets Layer TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec Content Type: Change Cipher Spec (20) Version: TLS 1.0 (0x0301) Length: 1 Change Cipher Spec Message TLSv1 Record Layer: Handshake Protocol: Encrypted Handshake Message Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 40 Handshake Protocol: Encrypted Handshake Message Frame 17: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:13.636010000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117493.636010000 seconds [Time delta from previous captured frame: 0.000597000 seconds] [Time delta from previous displayed frame: 0.000597000 seconds] [Time since reference or first frame: 9.099205000 seconds] Frame Number: 17 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd), Dst: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Destination: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.3.5.107, Dst: 195.225.218.179 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xbf81 (49025) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0xcd4b [validation disabled] [Header checksum status: Unverified] Source: 10.3.5.107 Destination: 195.225.218.179 [Source GeoIP: Unknown] [Destination GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Destination GeoIP Country: United Kingdom] [Destination GeoIP AS Number: AS31220 Carrenza Ltd] [Destination GeoIP Latitude: 51.500000] [Destination GeoIP Longitude: -0.130000] Transmission Control Protocol, Src Port: 40050 (40050), Dst Port: https (443), Seq: 2215522861, Ack: 741645833, Len: 0 Source Port: 40050 (40050) Destination Port: https (443) [Stream index: 1] [TCP Segment Len: 0] Sequence number: 2215522861 Acknowledgment number: 741645833 Header Length: 20 bytes Flags: 0x011 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] [TCP Flags: ·······A···F] Window size value: 31740 [Calculated window size: 31740] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xae1d [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 16] [The RTT to ACK the segment was: 0.000597000 seconds] [iRTT: 0.157559000 seconds] Frame 18: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:13.793600000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117493.793600000 seconds [Time delta from previous captured frame: 0.157590000 seconds] [Time delta from previous displayed frame: 0.157590000 seconds] [Time since reference or first frame: 9.256795000 seconds] Frame Number: 18 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: Intel_5f:4c:d8 (00:04:23:5f:4c:d8), Dst: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Destination: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 195.225.218.179, Dst: 10.3.5.107 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x20 (DSCP: CS1, ECN: Not-ECT) 0010 00.. = Differentiated Services Codepoint: Class Selector 1 (8) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x66f0 (26352) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 119 Protocol: TCP (6) Header checksum: 0xeebc [validation disabled] [Header checksum status: Unverified] Source: 195.225.218.179 Destination: 10.3.5.107 [Source GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Source GeoIP Country: United Kingdom] [Source GeoIP AS Number: AS31220 Carrenza Ltd] [Source GeoIP Latitude: 51.500000] [Source GeoIP Longitude: -0.130000] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: https (443), Dst Port: 40050 (40050), Seq: 741645833, Ack: 2215522862, Len: 0 Source Port: https (443) Destination Port: 40050 (40050) [Stream index: 1] [TCP Segment Len: 0] Sequence number: 741645833 Acknowledgment number: 2215522862 Header Length: 20 bytes Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window size value: 64964 [Calculated window size: 64964] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xe564 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 17] [The RTT to ACK the segment was: 0.157590000 seconds] [iRTT: 0.157559000 seconds] Frame 19: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:13.793622000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117493.793622000 seconds [Time delta from previous captured frame: 0.000022000 seconds] [Time delta from previous displayed frame: 0.000022000 seconds] [Time since reference or first frame: 9.256817000 seconds] Frame Number: 19 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: Intel_5f:4c:d8 (00:04:23:5f:4c:d8), Dst: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Destination: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 195.225.218.179, Dst: 10.3.5.107 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x20 (DSCP: CS1, ECN: Not-ECT) 0010 00.. = Differentiated Services Codepoint: Class Selector 1 (8) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x66f1 (26353) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 119 Protocol: TCP (6) Header checksum: 0xeebb [validation disabled] [Header checksum status: Unverified] Source: 195.225.218.179 Destination: 10.3.5.107 [Source GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Source GeoIP Country: United Kingdom] [Source GeoIP AS Number: AS31220 Carrenza Ltd] [Source GeoIP Latitude: 51.500000] [Source GeoIP Longitude: -0.130000] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: https (443), Dst Port: 40050 (40050), Seq: 741645833, Ack: 2215522862, Len: 0 Source Port: https (443) Destination Port: 40050 (40050) [Stream index: 1] [TCP Segment Len: 0] Sequence number: 741645833 Acknowledgment number: 2215522862 Header Length: 20 bytes Flags: 0x014 (RST, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .1.. = Reset: Set [Expert Info (Warning/Sequence): Connection reset (RST)] [Connection reset (RST)] [Severity level: Warning] [Group: Sequence] .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A·R··] Window size value: 0 [Calculated window size: 0] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xe325 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 Frame 20: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:19.685987000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117499.685987000 seconds [Time delta from previous captured frame: 5.892365000 seconds] [Time delta from previous displayed frame: 5.892365000 seconds] [Time since reference or first frame: 15.149182000 seconds] Frame Number: 20 Frame Length: 74 bytes (592 bits) Capture Length: 74 bytes (592 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd), Dst: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Destination: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.3.5.107, Dst: 195.225.218.179 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 60 Identification: 0xc29a (49818) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0xca1e [validation disabled] [Header checksum status: Unverified] Source: 10.3.5.107 Destination: 195.225.218.179 [Source GeoIP: Unknown] [Destination GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Destination GeoIP Country: United Kingdom] [Destination GeoIP AS Number: AS31220 Carrenza Ltd] [Destination GeoIP Latitude: 51.500000] [Destination GeoIP Longitude: -0.130000] Transmission Control Protocol, Src Port: 40278 (40278), Dst Port: https (443), Seq: 2182435950, Len: 0 Source Port: 40278 (40278) Destination Port: https (443) [Stream index: 2] [TCP Segment Len: 0] Sequence number: 2182435950 Acknowledgment number: 0 Header Length: 40 bytes Flags: 0x002 (SYN) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...0 .... = Acknowledgment: Not set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish request (SYN): server port 443] [Connection establish request (SYN): server port 443] [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set [TCP Flags: ··········S·] Window size value: 29200 [Calculated window size: 29200] Checksum: 0xae31 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale Maximum segment size: 1460 bytes Kind: Maximum Segment Size (2) Length: 4 MSS Value: 1460 TCP SACK Permitted Option: True Kind: SACK Permitted (4) Length: 2 Timestamps: TSval 3301873396, TSecr 0 Kind: Time Stamp Option (8) Length: 10 Timestamp value: 3301873396 Timestamp echo reply: 0 No-Operation (NOP) Type: 1 0... .... = Copy on fragmentation: No .00. .... = Class: Control (0) ...0 0001 = Number: No-Operation (NOP) (1) Window scale: 7 (multiply by 128) Kind: Window Scale (3) Length: 3 Shift count: 7 [Multiplier: 128] Frame 21: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:19.850422000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117499.850422000 seconds [Time delta from previous captured frame: 0.164435000 seconds] [Time delta from previous displayed frame: 0.164435000 seconds] [Time since reference or first frame: 15.313617000 seconds] Frame Number: 21 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: Intel_5f:4c:d8 (00:04:23:5f:4c:d8), Dst: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Destination: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 0000 Internet Protocol Version 4, Src: 195.225.218.179, Dst: 10.3.5.107 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x20 (DSCP: CS1, ECN: Not-ECT) 0010 00.. = Differentiated Services Codepoint: Class Selector 1 (8) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 44 Identification: 0x6a8d (27277) Flags: 0x00 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 119 Protocol: TCP (6) Header checksum: 0x2b1c [validation disabled] [Header checksum status: Unverified] Source: 195.225.218.179 Destination: 10.3.5.107 [Source GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Source GeoIP Country: United Kingdom] [Source GeoIP AS Number: AS31220 Carrenza Ltd] [Source GeoIP Latitude: 51.500000] [Source GeoIP Longitude: -0.130000] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: https (443), Dst Port: 40278 (40278), Seq: 979696713, Ack: 2182435951, Len: 0 Source Port: https (443) Destination Port: 40278 (40278) [Stream index: 2] [TCP Segment Len: 0] Sequence number: 979696713 Acknowledgment number: 2182435951 Header Length: 24 bytes Flags: 0x012 (SYN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..1. = Syn: Set [Expert Info (Chat/Sequence): Connection establish acknowledge (SYN+ACK): server port 443] [Connection establish acknowledge (SYN+ACK): server port 443] [Severity level: Chat] [Group: Sequence] .... .... ...0 = Fin: Not set [TCP Flags: ·······A··S·] Window size value: 16384 [Calculated window size: 16384] Checksum: 0xfe1e [unverified] [Checksum Status: Unverified] Urgent pointer: 0 Options: (4 bytes), Maximum segment size Maximum segment size: 1380 bytes Kind: Maximum Segment Size (2) Length: 4 MSS Value: 1380 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 20] [The RTT to ACK the segment was: 0.164435000 seconds] Frame 22: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:19.850443000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117499.850443000 seconds [Time delta from previous captured frame: 0.000021000 seconds] [Time delta from previous displayed frame: 0.000021000 seconds] [Time since reference or first frame: 15.313638000 seconds] Frame Number: 22 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd), Dst: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Destination: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.3.5.107, Dst: 195.225.218.179 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xc29b (49819) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0xca31 [validation disabled] [Header checksum status: Unverified] Source: 10.3.5.107 Destination: 195.225.218.179 [Source GeoIP: Unknown] [Destination GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Destination GeoIP Country: United Kingdom] [Destination GeoIP AS Number: AS31220 Carrenza Ltd] [Destination GeoIP Latitude: 51.500000] [Destination GeoIP Longitude: -0.130000] Transmission Control Protocol, Src Port: 40278 (40278), Dst Port: https (443), Seq: 2182435951, Ack: 979696714, Len: 0 Source Port: 40278 (40278) Destination Port: https (443) [Stream index: 2] [TCP Segment Len: 0] Sequence number: 2182435951 Acknowledgment number: 979696714 Header Length: 20 bytes Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window size value: 29200 [Calculated window size: 29200] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xae1d [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 21] [The RTT to ACK the segment was: 0.000021000 seconds] [iRTT: 0.164456000 seconds] Frame 23: 307 bytes on wire (2456 bits), 307 bytes captured (2456 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:19.851632000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117499.851632000 seconds [Time delta from previous captured frame: 0.001189000 seconds] [Time delta from previous displayed frame: 0.001189000 seconds] [Time since reference or first frame: 15.314827000 seconds] Frame Number: 23 Frame Length: 307 bytes (2456 bits) Capture Length: 307 bytes (2456 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:ssl] Ethernet II, Src: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd), Dst: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Destination: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.3.5.107, Dst: 195.225.218.179 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 293 Identification: 0xc29c (49820) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0xc933 [validation disabled] [Header checksum status: Unverified] Source: 10.3.5.107 Destination: 195.225.218.179 [Source GeoIP: Unknown] [Destination GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Destination GeoIP Country: United Kingdom] [Destination GeoIP AS Number: AS31220 Carrenza Ltd] [Destination GeoIP Latitude: 51.500000] [Destination GeoIP Longitude: -0.130000] Transmission Control Protocol, Src Port: 40278 (40278), Dst Port: https (443), Seq: 2182435951, Ack: 979696714, Len: 253 Source Port: 40278 (40278) Destination Port: https (443) [Stream index: 2] [TCP Segment Len: 253] Sequence number: 2182435951 [Next sequence number: 2182436204] Acknowledgment number: 979696714 Header Length: 20 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window size value: 29200 [Calculated window size: 29200] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xaf1a [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [iRTT: 0.164456000 seconds] [Bytes in flight: 253] [Bytes sent since last PSH flag: 253] Secure Sockets Layer SSL Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 248 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 244 Version: TLS 1.2 (0x0303) Random GMT Unix Time: Sep 22, 2017 14:59:42.000000000 PDT Random Bytes: d80e603d625791a4a3eb14956cb6aecad7a1861477ee033c... Session ID Length: 0 Cipher Suites Length: 114 Cipher Suites (57 suites) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Cipher Suite: TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc087) Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CCM (0xc0ad) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) Cipher Suite: TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 (0xc073) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Cipher Suite: TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc086) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CCM (0xc0ac) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) Cipher Suite: TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 (0xc072) Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Cipher Suite: TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc08b) Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) Cipher Suite: TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (0xc077) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Cipher Suite: TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc08a) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) Cipher Suite: TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0xc076) Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d) Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc07b) Cipher Suite: TLS_RSA_WITH_AES_256_CCM (0xc09d) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084) Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0x00c0) Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c) Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc07a) Cipher Suite: TLS_RSA_WITH_AES_128_CCM (0xc09c) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c) Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041) Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0x00ba) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f) Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc07d) Cipher Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xccaa) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CCM (0xc09f) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b) Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088) Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0x00c4) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e) Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc07c) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CCM (0xc09e) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067) Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045) Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0x00be) Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) Compression Methods Length: 1 Compression Methods (1 method) Compression Method: null (0) Extensions Length: 89 Extension: status_request Type: status_request (0x0005) Length: 5 Certificate Status Type: OCSP (1) Responder ID list Length: 0 Request Extensions Length: 0 Extension: server_name Type: server_name (0x0000) Length: 19 Server Name Indication extension Server Name list length: 17 Server Name Type: host_name (0) Server Name length: 14 Server Name: ws.fnbshop.com Extension: renegotiation_info Type: renegotiation_info (0xff01) Length: 1 Renegotiation Info extension Renegotiation info extension length: 0 Extension: SessionTicket TLS Type: SessionTicket TLS (0x0023) Length: 0 Data (0 bytes) Extension: elliptic_curves Type: elliptic_curves (0x000a) Length: 12 Elliptic Curves Length: 10 Elliptic curves (5 curves) Elliptic curve: secp256r1 (0x0017) Elliptic curve: secp384r1 (0x0018) Elliptic curve: secp521r1 (0x0019) Elliptic curve: secp224r1 (0x0015) Elliptic curve: secp192r1 (0x0013) Extension: ec_point_formats Type: ec_point_formats (0x000b) Length: 2 EC point formats Length: 1 Elliptic curves point formats (1) EC point format: uncompressed (0) Extension: signature_algorithms Type: signature_algorithms (0x000d) Length: 22 Signature Hash Algorithms Length: 20 Signature Hash Algorithms (10 algorithms) Signature Hash Algorithm: 0x0401 Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0403 Signature Hash Algorithm Hash: SHA256 (4) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0501 Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0503 Signature Hash Algorithm Hash: SHA384 (5) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0601 Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0603 Signature Hash Algorithm Hash: SHA512 (6) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0301 Signature Hash Algorithm Hash: SHA224 (3) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0303 Signature Hash Algorithm Hash: SHA224 (3) Signature Hash Algorithm Signature: ECDSA (3) Signature Hash Algorithm: 0x0201 Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: RSA (1) Signature Hash Algorithm: 0x0203 Signature Hash Algorithm Hash: SHA1 (2) Signature Hash Algorithm Signature: ECDSA (3) Frame 24: 1611 bytes on wire (12888 bits), 1611 bytes captured (12888 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:20.020376000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117500.020376000 seconds [Time delta from previous captured frame: 0.168744000 seconds] [Time delta from previous displayed frame: 0.168744000 seconds] [Time since reference or first frame: 15.483571000 seconds] Frame Number: 24 Frame Length: 1611 bytes (12888 bits) Capture Length: 1611 bytes (12888 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame [truncated]: eth:ethertype:ip:tcp:ssl:pkcs-1:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:pkcs-1:x509ce:x509ce:x509ce:x509ce:x509ce:x509ce:pkix1explicit:x509ce:p] Ethernet II, Src: Intel_5f:4c:d8 (00:04:23:5f:4c:d8), Dst: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Destination: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 195.225.218.179, Dst: 10.3.5.107 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x20 (DSCP: CS1, ECN: Not-ECT) 0010 00.. = Differentiated Services Codepoint: Class Selector 1 (8) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1597 Identification: 0x6a8e (27278) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 119 Protocol: TCP (6) Header checksum: 0xe509 [validation disabled] [Header checksum status: Unverified] Source: 195.225.218.179 Destination: 10.3.5.107 [Source GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Source GeoIP Country: United Kingdom] [Source GeoIP AS Number: AS31220 Carrenza Ltd] [Source GeoIP Latitude: 51.500000] [Source GeoIP Longitude: -0.130000] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: https (443), Dst Port: 40278 (40278), Seq: 979696714, Ack: 2182436204, Len: 1557 Source Port: https (443) Destination Port: 40278 (40278) [Stream index: 2] [TCP Segment Len: 1557] Sequence number: 979696714 [Next sequence number: 979698271] Acknowledgment number: 2182436204 Header Length: 20 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window size value: 65282 [Calculated window size: 65282] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xb432 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 23] [The RTT to ACK the segment was: 0.168744000 seconds] [iRTT: 0.164456000 seconds] [Bytes in flight: 1557] [Bytes sent since last PSH flag: 1557] Secure Sockets Layer TLSv1 Record Layer: Handshake Protocol: Multiple Handshake Messages Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 1552 Handshake Protocol: Server Hello Handshake Type: Server Hello (2) Length: 77 Version: TLS 1.0 (0x0301) Random GMT Unix Time: Sep 22, 2017 14:58:20.000000000 PDT Random Bytes: 39455768206d2b7c6d233612806e116fc168eceeda39e859... Session ID Length: 32 Session ID: b9060000db87fc862b7fc2ed6e620fb4d6fb6bb3017279d3... Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Compression Method: null (0) Extensions Length: 5 Extension: renegotiation_info Type: renegotiation_info (0xff01) Length: 1 Renegotiation Info extension Renegotiation info extension length: 0 Handshake Protocol: Certificate Handshake Type: Certificate (11) Length: 1463 Certificates Length: 1460 Certificates (1460 bytes) Certificate Length: 1457 Certificate: 308205ad30820495a00302010202110081a011d492270cf2... (id-at-commonName=*.fnbshop.com,id-at-organizationalUnitName=PremiumSSL Wildcard,id-at-organizationName=Fourth Ltd,id-at-streetAddress=90 Long Acre,id-at-localityName=London, signedCertificate version: v3 (2) serialNumber: 0x0081a011d492270cf26821ad358534e28d signature (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) issuer: rdnSequence (0) rdnSequence: 5 items (id-at-commonName=COMODO RSA Organization Validation Secure Serv,id-at-organizationName=COMODO CA Limited,id-at-localityName=Salford,id-at-stateOrProvinceName=Greater Manchester,id-at-countryName=GB) RDNSequence item: 1 item (id-at-countryName=GB) RelativeDistinguishedName item (id-at-countryName=GB) Id: 2.5.4.6 (id-at-countryName) CountryName: GB RDNSequence item: 1 item (id-at-stateOrProvinceName=Greater Manchester) RelativeDistinguishedName item (id-at-stateOrProvinceName=Greater Manchester) Id: 2.5.4.8 (id-at-stateOrProvinceName) DirectoryString: printableString (1) printableString: Greater Manchester RDNSequence item: 1 item (id-at-localityName=Salford) RelativeDistinguishedName item (id-at-localityName=Salford) Id: 2.5.4.7 (id-at-localityName) DirectoryString: printableString (1) printableString: Salford RDNSequence item: 1 item (id-at-organizationName=COMODO CA Limited) RelativeDistinguishedName item (id-at-organizationName=COMODO CA Limited) Id: 2.5.4.10 (id-at-organizationName) DirectoryString: printableString (1) printableString: COMODO CA Limited RDNSequence item: 1 item (id-at-commonName=COMODO RSA Organization Validation Secure Serv) RelativeDistinguishedName item (id-at-commonName=COMODO RSA Organization Validation Secure Server CA) Id: 2.5.4.3 (id-at-commonName) DirectoryString: printableString (1) printableString: COMODO RSA Organization Validation Secure Server CA validity notBefore: utcTime (0) utcTime: 16-05-09 00:00:00 (UTC) notAfter: utcTime (0) utcTime: 18-05-09 23:59:59 (UTC) subject: rdnSequence (0) rdnSequence: 8 items (id-at-commonName=*.fnbshop.com,id-at-organizationalUnitName=PremiumSSL Wildcard,id-at-organizationName=Fourth Ltd,id-at-streetAddress=90 Long Acre,id-at-localityName=London,id-at-stateOrProvinceName=London,id-at-posta RDNSequence item: 1 item (id-at-countryName=GB) RelativeDistinguishedName item (id-at-countryName=GB) Id: 2.5.4.6 (id-at-countryName) CountryName: GB RDNSequence item: 1 item (id-at-postalCode=WC2E 9RA) RelativeDistinguishedName item (id-at-postalCode=WC2E 9RA) Id: 2.5.4.17 (id-at-postalCode) DirectoryString: printableString (1) printableString: WC2E 9RA RDNSequence item: 1 item (id-at-stateOrProvinceName=London) RelativeDistinguishedName item (id-at-stateOrProvinceName=London) Id: 2.5.4.8 (id-at-stateOrProvinceName) DirectoryString: printableString (1) printableString: London RDNSequence item: 1 item (id-at-localityName=London) RelativeDistinguishedName item (id-at-localityName=London) Id: 2.5.4.7 (id-at-localityName) DirectoryString: printableString (1) printableString: London RDNSequence item: 1 item (id-at-streetAddress=90 Long Acre) RelativeDistinguishedName item (id-at-streetAddress=90 Long Acre) Id: 2.5.4.9 (id-at-streetAddress) DirectoryString: printableString (1) printableString: 90 Long Acre RDNSequence item: 1 item (id-at-organizationName=Fourth Ltd) RelativeDistinguishedName item (id-at-organizationName=Fourth Ltd) Id: 2.5.4.10 (id-at-organizationName) DirectoryString: printableString (1) printableString: Fourth Ltd RDNSequence item: 1 item (id-at-organizationalUnitName=PremiumSSL Wildcard) RelativeDistinguishedName item (id-at-organizationalUnitName=PremiumSSL Wildcard) Id: 2.5.4.11 (id-at-organizationalUnitName) DirectoryString: printableString (1) printableString: PremiumSSL Wildcard RDNSequence item: 1 item (id-at-commonName=*.fnbshop.com) RelativeDistinguishedName item (id-at-commonName=*.fnbshop.com) Id: 2.5.4.3 (id-at-commonName) DirectoryString: uTF8String (4) uTF8String: *.fnbshop.com subjectPublicKeyInfo algorithm (rsaEncryption) Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption) subjectPublicKey: 3082010a0282010100bfbd535aa934379bb41a873115ea70... modulus: 0x00bfbd535aa934379bb41a873115ea704102fb3ee91c6426... publicExponent: 65537 extensions: 9 items Extension (id-ce-authorityKeyIdentifier) Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier) AuthorityKeyIdentifier keyIdentifier: 9af32bdacfad4fb62fbb2a48482a12b71b42c124 Extension (id-ce-subjectKeyIdentifier) Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier) SubjectKeyIdentifier: 274f869b95ba4b53adcf28b15f63f299683d1703 Extension (id-ce-keyUsage) Extension Id: 2.5.29.15 (id-ce-keyUsage) critical: True Padding: 5 KeyUsage: a0 (digitalSignature, keyEncipherment) 1... .... = digitalSignature: True .0.. .... = contentCommitment: False ..1. .... = keyEncipherment: True ...0 .... = dataEncipherment: False .... 0... = keyAgreement: False .... .0.. = keyCertSign: False .... ..0. = cRLSign: False .... ...0 = encipherOnly: False 0... .... = decipherOnly: False Extension (id-ce-basicConstraints) Extension Id: 2.5.29.19 (id-ce-basicConstraints) critical: True BasicConstraintsSyntax [0 length] Extension (id-ce-extKeyUsage) Extension Id: 2.5.29.37 (id-ce-extKeyUsage) KeyPurposeIDs: 2 items KeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth) KeyPurposeId: 1.3.6.1.5.5.7.3.2 (id-kp-clientAuth) Extension (id-ce-certificatePolicies) Extension Id: 2.5.29.32 (id-ce-certificatePolicies) CertificatePoliciesSyntax: 2 items PolicyInformation policyIdentifier: 1.3.6.1.4.1.6449.1.2.1.3.4 (iso.3.6.1.4.1.6449.1.2.1.3.4) policyQualifiers: 1 item PolicyQualifierInfo Id: 1.3.6.1.5.5.7.2.1 (id-qt-cps) DirectoryString: https://secure.comodo.com/CPS PolicyInformation policyIdentifier: 2.23.140.1.2.2 (joint-iso-itu-t.23.140.1.2.2) Extension (id-ce-cRLDistributionPoints) Extension Id: 2.5.29.31 (id-ce-cRLDistributionPoints) CRLDistPointsSyntax: 1 item DistributionPoint distributionPoint: fullName (0) fullName: 1 item GeneralName: uniformResourceIdentifier (6) uniformResourceIdentifier: http://crl.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crl Extension (id-pe-authorityInfoAccessSyntax) Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccessSyntax) AuthorityInfoAccessSyntax: 2 items AccessDescription accessMethod: 1.3.6.1.5.5.7.48.2 (id-pkix.48.2) accessLocation: 6 uniformResourceIdentifier: http://crt.comodoca.com/COMODORSAOrganizationValidationSecureServerCA.crt AccessDescription accessMethod: 1.3.6.1.5.5.7.48.1 (id-pkix.48.1) accessLocation: 6 uniformResourceIdentifier: http://ocsp.comodoca.com Extension (id-ce-subjectAltName) Extension Id: 2.5.29.17 (id-ce-subjectAltName) GeneralNames: 2 items GeneralName: dNSName (2) dNSName: *.fnbshop.com GeneralName: dNSName (2) dNSName: fnbshop.com algorithmIdentifier (sha256WithRSAEncryption) Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) Padding: 0 encrypted: 43086832fdbc92bee29bb572dd01eae20c90964be6485129... Handshake Protocol: Server Hello Done Handshake Type: Server Hello Done (14) Length: 0 Frame 25: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:20.020419000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117500.020419000 seconds [Time delta from previous captured frame: 0.000043000 seconds] [Time delta from previous displayed frame: 0.000043000 seconds] [Time since reference or first frame: 15.483614000 seconds] Frame Number: 25 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd), Dst: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Destination: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.3.5.107, Dst: 195.225.218.179 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xc29d (49821) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0xca2f [validation disabled] [Header checksum status: Unverified] Source: 10.3.5.107 Destination: 195.225.218.179 [Source GeoIP: Unknown] [Destination GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Destination GeoIP Country: United Kingdom] [Destination GeoIP AS Number: AS31220 Carrenza Ltd] [Destination GeoIP Latitude: 51.500000] [Destination GeoIP Longitude: -0.130000] Transmission Control Protocol, Src Port: 40278 (40278), Dst Port: https (443), Seq: 2182436204, Ack: 979698271, Len: 0 Source Port: 40278 (40278) Destination Port: https (443) [Stream index: 2] [TCP Segment Len: 0] Sequence number: 2182436204 Acknowledgment number: 979698271 Header Length: 20 bytes Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window size value: 31740 [Calculated window size: 31740] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xae1d [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 24] [The RTT to ACK the segment was: 0.000043000 seconds] [iRTT: 0.164456000 seconds] Frame 26: 372 bytes on wire (2976 bits), 372 bytes captured (2976 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:20.021615000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117500.021615000 seconds [Time delta from previous captured frame: 0.001196000 seconds] [Time delta from previous displayed frame: 0.001196000 seconds] [Time since reference or first frame: 15.484810000 seconds] Frame Number: 26 Frame Length: 372 bytes (2976 bits) Capture Length: 372 bytes (2976 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:ssl] Ethernet II, Src: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd), Dst: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Destination: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.3.5.107, Dst: 195.225.218.179 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 358 Identification: 0xc29e (49822) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0xc8f0 [validation disabled] [Header checksum status: Unverified] Source: 10.3.5.107 Destination: 195.225.218.179 [Source GeoIP: Unknown] [Destination GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Destination GeoIP Country: United Kingdom] [Destination GeoIP AS Number: AS31220 Carrenza Ltd] [Destination GeoIP Latitude: 51.500000] [Destination GeoIP Longitude: -0.130000] Transmission Control Protocol, Src Port: 40278 (40278), Dst Port: https (443), Seq: 2182436204, Ack: 979698271, Len: 318 Source Port: 40278 (40278) Destination Port: https (443) [Stream index: 2] [TCP Segment Len: 318] Sequence number: 2182436204 [Next sequence number: 2182436522] Acknowledgment number: 979698271 Header Length: 20 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window size value: 31740 [Calculated window size: 31740] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xaf5b [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [iRTT: 0.164456000 seconds] [Bytes in flight: 318] [Bytes sent since last PSH flag: 318] Secure Sockets Layer TLSv1 Record Layer: Handshake Protocol: Client Key Exchange Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 262 Handshake Protocol: Client Key Exchange Handshake Type: Client Key Exchange (16) Length: 258 RSA Encrypted PreMaster Secret Encrypted PreMaster length: 256 Encrypted PreMaster: b722eb13e5cfda30efc085d60fddd1a39be861050817250f... TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec Content Type: Change Cipher Spec (20) Version: TLS 1.0 (0x0301) Length: 1 Change Cipher Spec Message TLSv1 Record Layer: Handshake Protocol: Encrypted Handshake Message Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 40 Handshake Protocol: Encrypted Handshake Message Frame 27: 105 bytes on wire (840 bits), 105 bytes captured (840 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:20.204699000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117500.204699000 seconds [Time delta from previous captured frame: 0.183084000 seconds] [Time delta from previous displayed frame: 0.183084000 seconds] [Time since reference or first frame: 15.667894000 seconds] Frame Number: 27 Frame Length: 105 bytes (840 bits) Capture Length: 105 bytes (840 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:ssl] Ethernet II, Src: Intel_5f:4c:d8 (00:04:23:5f:4c:d8), Dst: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Destination: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 195.225.218.179, Dst: 10.3.5.107 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x20 (DSCP: CS1, ECN: Not-ECT) 0010 00.. = Differentiated Services Codepoint: Class Selector 1 (8) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 91 Identification: 0x6a91 (27281) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 119 Protocol: TCP (6) Header checksum: 0xeae8 [validation disabled] [Header checksum status: Unverified] Source: 195.225.218.179 Destination: 10.3.5.107 [Source GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Source GeoIP Country: United Kingdom] [Source GeoIP AS Number: AS31220 Carrenza Ltd] [Source GeoIP Latitude: 51.500000] [Source GeoIP Longitude: -0.130000] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: https (443), Dst Port: 40278 (40278), Seq: 979698271, Ack: 2182436522, Len: 51 Source Port: https (443) Destination Port: 40278 (40278) [Stream index: 2] [TCP Segment Len: 51] Sequence number: 979698271 [Next sequence number: 979698322] Acknowledgment number: 2182436522 Header Length: 20 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window size value: 64964 [Calculated window size: 64964] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0x82b5 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 26] [The RTT to ACK the segment was: 0.183084000 seconds] [iRTT: 0.164456000 seconds] [Bytes in flight: 51] [Bytes sent since last PSH flag: 51] Secure Sockets Layer TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec Content Type: Change Cipher Spec (20) Version: TLS 1.0 (0x0301) Length: 1 Change Cipher Spec Message TLSv1 Record Layer: Handshake Protocol: Encrypted Handshake Message Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 40 Handshake Protocol: Encrypted Handshake Message Frame 28: 219 bytes on wire (1752 bits), 219 bytes captured (1752 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:20.205301000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117500.205301000 seconds [Time delta from previous captured frame: 0.000602000 seconds] [Time delta from previous displayed frame: 0.000602000 seconds] [Time since reference or first frame: 15.668496000 seconds] Frame Number: 28 Frame Length: 219 bytes (1752 bits) Capture Length: 219 bytes (1752 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:ssl] Ethernet II, Src: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd), Dst: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Destination: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.3.5.107, Dst: 195.225.218.179 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 205 Identification: 0xc29f (49823) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0xc988 [validation disabled] [Header checksum status: Unverified] Source: 10.3.5.107 Destination: 195.225.218.179 [Source GeoIP: Unknown] [Destination GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Destination GeoIP Country: United Kingdom] [Destination GeoIP AS Number: AS31220 Carrenza Ltd] [Destination GeoIP Latitude: 51.500000] [Destination GeoIP Longitude: -0.130000] Transmission Control Protocol, Src Port: 40278 (40278), Dst Port: https (443), Seq: 2182436522, Ack: 979698322, Len: 165 Source Port: 40278 (40278) Destination Port: https (443) [Stream index: 2] [TCP Segment Len: 165] Sequence number: 2182436522 [Next sequence number: 2182436687] Acknowledgment number: 979698322 Header Length: 20 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window size value: 31740 [Calculated window size: 31740] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xaec2 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 27] [The RTT to ACK the segment was: 0.000602000 seconds] [iRTT: 0.164456000 seconds] [Bytes in flight: 165] [Bytes sent since last PSH flag: 165] Secure Sockets Layer TLSv1 Record Layer: Application Data Protocol: http-over-tls Content Type: Application Data (23) Version: TLS 1.0 (0x0301) Length: 160 Encrypted Application Data: 6d5ded7296bec8cef230e4ee5c2d9b2ca1d67d40b7d93fa9... Frame 29: 483 bytes on wire (3864 bits), 483 bytes captured (3864 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:20.363609000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117500.363609000 seconds [Time delta from previous captured frame: 0.158308000 seconds] [Time delta from previous displayed frame: 0.158308000 seconds] [Time since reference or first frame: 15.826804000 seconds] Frame Number: 29 Frame Length: 483 bytes (3864 bits) Capture Length: 483 bytes (3864 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:ssl] Ethernet II, Src: Intel_5f:4c:d8 (00:04:23:5f:4c:d8), Dst: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Destination: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 195.225.218.179, Dst: 10.3.5.107 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x20 (DSCP: CS1, ECN: Not-ECT) 0010 00.. = Differentiated Services Codepoint: Class Selector 1 (8) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 469 Identification: 0x6aab (27307) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 119 Protocol: TCP (6) Header checksum: 0xe954 [validation disabled] [Header checksum status: Unverified] Source: 195.225.218.179 Destination: 10.3.5.107 [Source GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Source GeoIP Country: United Kingdom] [Source GeoIP AS Number: AS31220 Carrenza Ltd] [Source GeoIP Latitude: 51.500000] [Source GeoIP Longitude: -0.130000] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: https (443), Dst Port: 40278 (40278), Seq: 979698322, Ack: 2182436687, Len: 429 Source Port: https (443) Destination Port: 40278 (40278) [Stream index: 2] [TCP Segment Len: 429] Sequence number: 979698322 [Next sequence number: 979698751] Acknowledgment number: 2182436687 Header Length: 20 bytes Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window size value: 64799 [Calculated window size: 64799] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0x6f45 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 28] [The RTT to ACK the segment was: 0.158308000 seconds] [iRTT: 0.164456000 seconds] [Bytes in flight: 429] [Bytes sent since last PSH flag: 429] Secure Sockets Layer TLSv1 Record Layer: Application Data Protocol: http-over-tls Content Type: Application Data (23) Version: TLS 1.0 (0x0301) Length: 424 Encrypted Application Data: 0c7c97779a5dd7bb6282818daf8e32a06bf2350dbd606b37... Frame 30: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:20.363630000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117500.363630000 seconds [Time delta from previous captured frame: 0.000021000 seconds] [Time delta from previous displayed frame: 0.000021000 seconds] [Time since reference or first frame: 15.826825000 seconds] Frame Number: 30 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: Intel_5f:4c:d8 (00:04:23:5f:4c:d8), Dst: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Destination: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 195.225.218.179, Dst: 10.3.5.107 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x20 (DSCP: CS1, ECN: Not-ECT) 0010 00.. = Differentiated Services Codepoint: Class Selector 1 (8) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x6aac (27308) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 119 Protocol: TCP (6) Header checksum: 0xeb00 [validation disabled] [Header checksum status: Unverified] Source: 195.225.218.179 Destination: 10.3.5.107 [Source GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Source GeoIP Country: United Kingdom] [Source GeoIP AS Number: AS31220 Carrenza Ltd] [Source GeoIP Latitude: 51.500000] [Source GeoIP Longitude: -0.130000] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: https (443), Dst Port: 40278 (40278), Seq: 979698751, Ack: 2182436687, Len: 0 Source Port: https (443) Destination Port: 40278 (40278) [Stream index: 2] [TCP Segment Len: 0] Sequence number: 979698751 Acknowledgment number: 2182436687 Header Length: 20 bytes Flags: 0x011 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] [TCP Flags: ·······A···F] Window size value: 64799 [Calculated window size: 64799] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0x4d96 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 Frame 31: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:20.363757000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117500.363757000 seconds [Time delta from previous captured frame: 0.000127000 seconds] [Time delta from previous displayed frame: 0.000127000 seconds] [Time since reference or first frame: 15.826952000 seconds] Frame Number: 31 Frame Length: 54 bytes (432 bits) Capture Length: 54 bytes (432 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd), Dst: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Destination: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 10.3.5.107, Dst: 195.225.218.179 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0xc2a0 (49824) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (6) Header checksum: 0xca2c [validation disabled] [Header checksum status: Unverified] Source: 10.3.5.107 Destination: 195.225.218.179 [Source GeoIP: Unknown] [Destination GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Destination GeoIP Country: United Kingdom] [Destination GeoIP AS Number: AS31220 Carrenza Ltd] [Destination GeoIP Latitude: 51.500000] [Destination GeoIP Longitude: -0.130000] Transmission Control Protocol, Src Port: 40278 (40278), Dst Port: https (443), Seq: 2182436687, Ack: 979698752, Len: 0 Source Port: 40278 (40278) Destination Port: https (443) [Stream index: 2] [TCP Segment Len: 0] Sequence number: 2182436687 Acknowledgment number: 979698752 Header Length: 20 bytes Flags: 0x011 (FIN, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...1 = Fin: Set [Expert Info (Chat/Sequence): Connection finish (FIN)] [Connection finish (FIN)] [Severity level: Chat] [Group: Sequence] [TCP Flags: ·······A···F] Window size value: 34500 [Calculated window size: 34500] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0xae1d [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 30] [The RTT to ACK the segment was: 0.000127000 seconds] [iRTT: 0.164456000 seconds] Frame 32: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) Encapsulation type: Ethernet (1) Arrival Time: Sep 22, 2017 14:58:20.521617000 PDT [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1506117500.521617000 seconds [Time delta from previous captured frame: 0.157860000 seconds] [Time delta from previous displayed frame: 0.157860000 seconds] [Time since reference or first frame: 15.984812000 seconds] Frame Number: 32 Frame Length: 60 bytes (480 bits) Capture Length: 60 bytes (480 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp] Ethernet II, Src: Intel_5f:4c:d8 (00:04:23:5f:4c:d8), Dst: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Destination: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) Address: IntelCor_b2:8d:bd (00:1c:c0:b2:8d:bd) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) Address: Intel_5f:4c:d8 (00:04:23:5f:4c:d8) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Padding: 000000000000 Internet Protocol Version 4, Src: 195.225.218.179, Dst: 10.3.5.107 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x20 (DSCP: CS1, ECN: Not-ECT) 0010 00.. = Differentiated Services Codepoint: Class Selector 1 (8) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 40 Identification: 0x6aad (27309) Flags: 0x02 (Don't Fragment) 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 119 Protocol: TCP (6) Header checksum: 0xeaff [validation disabled] [Header checksum status: Unverified] Source: 195.225.218.179 Destination: 10.3.5.107 [Source GeoIP: United Kingdom, AS31220 Carrenza Ltd, 51.500000, -0.130000] [Source GeoIP Country: United Kingdom] [Source GeoIP AS Number: AS31220 Carrenza Ltd] [Source GeoIP Latitude: 51.500000] [Source GeoIP Longitude: -0.130000] [Destination GeoIP: Unknown] Transmission Control Protocol, Src Port: https (443), Dst Port: 40278 (40278), Seq: 979698752, Ack: 2182436688, Len: 0 Source Port: https (443) Destination Port: 40278 (40278) [Stream index: 2] [TCP Segment Len: 0] Sequence number: 979698752 Acknowledgment number: 2182436688 Header Length: 20 bytes Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window size value: 64799 [Calculated window size: 64799] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0x4d95 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [This is an ACK to the segment in frame: 31] [The RTT to ACK the segment was: 0.157860000 seconds] [iRTT: 0.164456000 seconds]